The “I Love You” virus (also known as the Love Bug) is a worm that infected more than 10 million computers worldwide in May 2000. It spread through email disguised as a “love letter” with a Visual Basic attachment, tempting the recipient to open the file and trigger the infection. The worm exploited the vulnerabilities of Microsoft Outlook and the leading Operating System, Microsoft Windows, to replicate itself without user interference. Furthermore, it executes email sending to spread itself to other computers.
What is the nature of the I LOVE YOU Virus?
The “I Love You” virus is a Microsoft Visual Basic script that looked like a normal file or document at the time it spread. It uses the file extension .vbs, which most computer users did not know in the early 2000s.. The worm is like a text file with instructions for computers to execute and bypass the cybersecurity at that time. It is a self-replicating worm and non-host-dependent, which means it can run in any compatible system. Also, being a non-host-dependent meant that the virus itself carries all the code it needs to execute its destructive payload.
The engaging message in an email, “kindly check the attached LOVELETTER coming from me,” tempted many to open the file. This action led to the execution of the “ILOVEYOU” virus. This disabled the computer’s scripting host timeouts and writes to paths to ensure auto-execution. It also changed the homepage of Internet Explorer to download malware (WIN-BUGSFIX.exe) from malicious URLs.
The worm adds itself to the startup registry keys to persist across reboots. And finally, it hides the original virus file by changing the attributes to hidden. For educational purposes, you can see the original source code in the CERT Advisory on ILOVEYOU Virus (archived).
Who Created the I LOVE YOU Virus?
The creator of the “ILOVEYOU” virus is Onel de Guzman, a simple Filipino college student at AMA Computer College in Manila. He was a gifted student in the field of programming and understanding computer networks. Onel de Guzman was born approximately in 1980 and was 24 years old when he created the virus.
In 1999, he proposed a project that allowed users to steal internet access passwords to get online for free. At this time, the Philippines had a limited and expensive internet connection. This is a frustrating situation for most of the college students, which leads to the ambition of Onel de Guzman for free internet. The AMA Computer College rejected his project proposal, but the rejection didn’t stop him. The project is part of his undergraduate thesis and led to the so-called “I Love You” virus.
How did the Virus Spread Globally?
The virus spread rapidly through email around the world. It used Outlook MAPI to access the address book and mass-mail itself. The worm drops the script.ini file in the computer’s mlRC folders to auto-send itself to users who joined IRC channels via DCC (Direct Client Connection). Due Microsoft Outlook didn’t block sending email with .vbs attachment, the spread continued, infecting almost 10 million computer systems.
ILOVEYOU virus destroys and overwrites media files like .jpg, .jpeg, .mp3, .mp2, and others. Thus, it corrupts the file system of the infected local machine. In the infected machine, the original media files are deleted and replaced with a .vbs version. Furthermore, the virus infects subfolders and all script- or system-related files. The first appearance of the virus is traced to a Dial-up IP range assigned to Sky Internet, Inc. (Philippines), according to early forensic investigations. The geolocation reveals that it originated from a personal computer in an apartment in Paco, Manila, Philippines.
What was the Global Impact?
On the morning of May 4, 2000, the first computer infected by the virus was traced locally in Manila. It spread fast across computer networks in Hong Kong, Japan, South Korea, and Singapore in a few hours after it first appeared in Manila. It conquers many computers in the said Asian countries due to strong internet connectivity in these places.
By mid-morning of the same day, the “ILOVEYOU” virus started spreading in Europe, countries like the United Kingdom, Germany, France, Netherlands. Sweden and Italy. This led to many large corporations and government systems being disrupted, like the U.K. Parliament. Then, it found a way to infect major U.S. government entities such as the Pentagon, the CIA, and other agencies. At the peak of its spread, 10% of global internet-connected computers were affected.
The total financial damages caused by the virus were estimated to be $10 billion. These damages are the computed costs of doing the file restoration, system recovery, and network shutdowns around the globe. It also included the indirect costs due to business disruption and reputational damage in major entities. The notable victims of this worm are Ford, the CIA, the Pentagon, and Microsoft itself.
The spread of the “Love Bug” or the “I Love You” virus resulted in the arrest of its main perpetrator, Onel de Guzman, by the Philippine authorities. However, the country, at the time, had no law for cybercrime. In that sense, Onel has never been imprisoned for his role in this global cyberattack.
Why It’s still relevant Today?
This infamous virus exposed the vulnerabilities of the Internet. Many companies and corporations, after the spread, work hard to improve their cybersecurity. First, Microsoft Outlook changed its protocols in sending email with attachments, which led to the capture of suspicious mail. The destructive effects of this virus compelled many tech companies to rethink their cybersecurity.
Particularly, improving anti-virus and detecting threats in behavior-based attacks. Computers are also configured to disable autorun features for scripts. The “I Love You” virus is no longer active today, but it remains a major case study in cybersecurity history. The “Love Bug” legacy as “First computer virus in the Philippines” will also remain unbeatable.
Furthermore, it opens up a legal loophole, particularly in the Philippines. This motivates the enactment of the E-Commerce Act of 2000, which penalizes the unlawful use of electronic devices. The “Love Bug” virus shifted the focus of cybersecurity toward user education and awareness as a critical defense. It showed how social engineering could be powerful as a digital threat. Demonstrating how human emotions and curiosity can be used for cyberattacks. Just like today, many scammers use dating sites or take advantage of the love of their victims.
Final Thoughts: A Filipino-made Digital Phenomenon
The digital world today is perceived to have more cyber attackers than ever before. As our technologies advance, we must be careful in using them, ensuring they serve a good purpose. We are always encouraged to be innovative and think of new ideas to progress in any field. Like Onel de Guzman, he just wanted to create ways for free internet in the Philippines.
The intentions are good and beneficial, but we also need to be cautious in our actions. As Onel de Guzman clearly stated, ‘I don’t intend to spread it over the internet,’ yet his creation resulted in the most costly cyberattack of all time. We must be responsible for our actions when using the internet, fully aware of what we are doing.
The biggest lesson we can learned here is that “awareness and cybersecurity education are the protection we have against cyber attackers”. As an internet user, you must think twice before clicking links and attachments in emails, websites, and other digital forms of communication. Investing in cybersecurity is important, as digital threats can be just as destructive as physical or emotional harm.
FAQs about the I LOVE YOU Virus
The “I Love You” virus (also known as the Love Bug) is a worm that infected more than 10 million computers worldwide in May 2000.
The creator of the “ILOVEYOU” virus is Onel de Guzman, a simple Filipino college student at AMA Computer College in Manila.
The virus spread rapidly through email around the world. It used Outlook MAPI to access the address book and mass-mail itself.
The total financial damages caused by the virus were estimated to be $10 billion.
The “I Love You” virus is no longer active today, but it remains a major case study in cybersecurity history.
