What is the ILOVEYOU virus?
The ILOVEYOU virus comes in an email with “ILOVEYOU” in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient’s Microsoft Outlook address book. Perhaps more seriously, it results in the loss of every JPEG, MP3 and certain other files on all recipients’ hard disks.
Since Microsoft Outlook is widely installed as the default email management application in corporate networks worldwide, the ILOVEYOU virus can spread rapidly within a corporation. In fact, this is exactly what happened on May 4, 2000. In just about 10 days, ILOVEYOU reached an estimated 45 million users and caused about $10 billion in damages.
It spread so quickly that many major enterprises like the Ford Motor Company, AT&T and Microsoft, as well as government organizations like the Pentagon, CIA, U.S. Army, and parliaments in Denmark and the U.K., had to completely shut down their email services as they tried to bring the virus under control and mitigate its damage.
ILOVEYOU is also known as the “love letter virus” and the “love bug worm.” Although commonly referred to as a computer virus, ILOVEYOU is actually a worm.
While a virus is malicious code that replicates itself following human intervention, a worm is a type of malware that can replicate itself and spread from system to system without human interaction or intervention. It doesn’t even need to attach itself to software. ILOVEYOU works via email, specifically via a malicious email attachment. When the affected user opens the attachment, their action instantly downloads the worm into their system without their knowledge and starts spreading it across the network.
The email consisted of the subject line “ILOVEYOU” and a simple message: “kindly check the attached LOVELETTER coming from me.” When a recipient opened their email, the virus sent copies of itself to everyone in their address book. These recipients assumed the email was a genuine declaration of love or a funny joke, opened it out of curiosity and inadvertently helped spread it further.
How does the ILOVEYOU virus work and spread?
The attachment in the ILOVEYOU virus is a VBScript program that recipients at the time mistook for a simple text file because the extension .vbs was hidden from view on Windows machines. When the file is opened, it finds the recipient’s Outlook address book and re-sends the note to everyone in it. It then overwrites — and thus destroys — all files of types:
- JPEG
- MP3
- VPOS
- JS
- JSE
- CSS
- WSH
- SCT
- HTA
ILOVEYOU could — and did — destroy all kinds of files including photographs, audio files and documents. Affected users who didn’t have backup copies lost them permanently. In March 1999, similar to ILOVEYOU, the Melissa virus also replicated itself by using Outlook address books. However, it only infected about 1 million computers and wasn’t as successful as ILOVEYOU at destroying user files.
ILOVEYOU also resets the recipient’s Internet Explorer start page in a way that may cause further trouble, changing certain Windows registry settings and spreading itself through Internet Relay Chat.
[embedded content]
How did affected companies react to ILOVEYOU?
To ward off ILOVEYOU, one of the first things affected companies did at the time was to screen out emails with “ILOVEYOU” in the subject line. However, this strategy was only moderately successful. Hackers quickly introduced copycat variations with subject lines including “JOKE” and “Mother’s Day!” as the content but containing the same or similar VBScript code as the ILOVEYOU worm.
One of the most sinister mutations was a version with the subject line containing “VIRUS ALERT!!!” This email posed as a virus fix from Symantec and started out with the greeting, “Dear Symantec Customer.” The attachment, which contains the same VBS format file as ILOVEYOU, is called “protect.vbs.”
Despite its innocent-sounding name, this file is as dangerous as the ILOVEYOU file and should not be opened.
How to stay safe from ILOVEYOU and similar attacks
Since ILOVEYOU, thousands of other viruses and worms have impacted organizations all over the world. The problem is not going away, so companies should take proactive steps to protect themselves.
Most importantly, they should install antivirus software on their systems to continuously screen for ILOVEYOU and other kinds of viruses. Antivirus software can also remove these viruses from infected systems and protect systems from future viruses. To make sure the antivirus works well, it’s crucial to regularly update it. Users should never open any email attachment without screening it first with antivirus software, especially if the sender or attachment type are unknown or unfamiliar.
If a system is already infected, the organization should immediately run a virus scan. Starting it in Safe Mode can help handle malicious files. It’s also critical to disconnect all affected systems from the internet to prevent the virus from spreading.
Long-term impact of ILOVEYOU virus
ILOVEYOU was one of the first real-world examples of the use of social engineering to perpetrate a cybercrime. In the 20+ years since ILOVEYOU was created and unleashed, social engineering has become a common attack vector, particularly following the COVID-19 pandemic. ILOVEYOU was also one of the first serious malware incidents to demonstrate the potentially dangerous impact of spam email.
On a positive note, the virus created a fundamental shift in the cybersecurity landscape by shining a light on how bad actors leverage human emotions and needs (e.g., the need to be loved or a propensity to fall for flattery) to launch attacks. It also forced companies and security professionals to start thinking more seriously about enterprise security as well as user security awareness and education, especially around social engineering, spam and phishing.
[embedded content]