The ILOVEYOU Worm, A Global Crisis
The ILOVEYOU worm is known as one of the farthest reaching occurrences of malware to date, having affected around 45 million users in only 10 days. The worm caused around $10 billion in damages, and it was estimated that 10% of Internet-connected computers had in some way been disrupted by the worm. It appeared in 2000, originating from a message generated in the Philippines. As it began to spread it didn’t stay contained to just personal devices, the worm managed to take down the services of Ford Motor Company, AT&T, the Pentagon, and many others. In the first day it had spread across North America, Europe, and Asia. This was because, unlike the past worms we have discussed, the ILOVEYOU worm was spread via email.
Anyone with an email address for Microsoft Outlook was at risk. The worm was disguised as an attachment in emails with the subject line “ILOVEYOU”. The attachment itself was titled “LOVE-LETTER-FOR-YOU.TXT.vbs”. Who could resist opening such an enticing and possibly confusing email? The answer was not many. The possibility of a secret love interest was just the thing to trick users into opening the attachment, thinking it might contain some sort of explanation on who their secret admirer is. Upon opening the attachment, the worm proceeded to overwrite files and destroy them. It would go after all kinds of files, including photos, audio files, and documents. It was also made to send the passwords for e-mail and internet access to the malware’s creator. The worm spread so fast because once the attachment was opened, it would resend the email to everyone in the user's Outlook address book. You can imagine how devastating this was once it reached users working in office settings. The email could quickly spread across an entire company in a matter of hours, and it did. Many companies and government agencies completely shut down their email services until some sort of resolution was reached.
The race to find the worm's source began immediately as millions lost important files and, for some, entire computers. Because the stolen passwords were being emailed to the malware’s creator, investigators had an email address. The address was registered in the Philippines and local police were able to trace it one apartment in all of Manila. The apartment was home to Onel de Guzman, a computer science student at AMA Computer College. Not only did police find copies of the virus on several of Guzman’s floppy disks, but there was another piece of incriminating evidence in the virus itself, “grammersoft.” This phrase was traced back to an underground hacking group of AMA students, of which Guzman was a member.
As soon as the identity of the creator was confirmed, everyone wanted their questions answered. What was the reason for all of this? How could someone create such a damaging program? But none of these questions were answered. There was only one press conference in which Guzman provided little to no explanation for the worm. The only piece of useful information that came out of the press conference was that this might have all been an accident, a bug that had grown out of his control. At the time, the underground hacking group that Guzman was a part of believed that internet access was not only a need but a human right. This program originated as a way for him and his group to gain more access to the internet, because their geographical and financial situation meant limited computer time.
Guzman never actually admitted to writing the code until an interview with a journalist for Wired in 2015. In the interview, he argued that the only reason he made the Trojan was to get internet passwords. He had no idea that it would spread so far. It was pure curiosity that led him to take off the location restrictions and write the code so that a copy of the email would be sent out to each person in the users address book. He had originally only sent the email to a friend from Singapore whom he has met online. He went out for the night and by the time he got back, the worm was already out of control. Guzman was never charged with any crime because the Philippines had no law against creating malware. That quickly changed after this incident. In fact, a lot of things changed.
There were no immediate prevention measures that could have been taken. All anyone could do was spread the news not to open the email or turn off their systems all together. A fix didn’t appear until a month later when Microsoft released a security update for Outlook. The update put restrictions on running scripts. For example, when a user tried to open an attachment, they would have to approve any suspicious activity. If the attachment wanted to access the user’s stored email addresses, it would need approval. If the attachment wanted to send emails on the user's behalf, it would also need approval.
This is just one of the many security measures that were implemented as a result of the ILOVEYOU worm. People became, in general, more aware of their vulnerabilities. The worm had proved that it wasn’t just the systems that were flawed, it was the users too.
