May 4, 2000. Ten years ago today, newspapers, reporters, even now-defunct blogs, warned that too much love could hurt you. In a way, the hype was spot on, because at the time the ILOVEYOU Worm, or Love Bug, had infected 45 million computers. Sometimes love truly does hurt.
Today, when you look at the threats online, the Love Bug seems like nothing compared to the Storm Worm or Conficker. But in its day, it was a big deal. It spread faster than the Melissa Virus, attaching itself to one out of every twenty-eight emails. Many industry veterans who were at the frontlines working to track the Love Bug’s author or mount a massive cleanup effort can attest to the seriousness of the problem.
As a first year IT Help Desk staffer, I remember personally taking tons of calls, each one reporting an email outage or massive amounts of I Love You emails. I’m almost positive the phone kept ringing even after I unplugged it, and despite the number of times I begged people to do nothing but delete the emails, they opened the attachments anyway. Ah, the joys of end user support.
Considering that Love Bug replaced audio and picture files with its own code, reactivating itself when they were accessed, people were unknowingly blasting out declarations of love for weeks.
The replication processes made it a nightmare to clean by hand, and while TrendMicro, Symantec, and F-Secure were some of the first to push detections to their products, it wasn’t until May 17, 2000, that Microsoft pushed security fixes for Outlook 98 and Outlook 2000.
However, at the time, those patches caused headaches of their own, including functionality issues, and sync issues between Palm and Windows CE devices. (Does anyone still have one of those old school handhelds?)
The headlines, looking back, tell a tale of mass chaos, as administrators watched helplessly when the Worm clogged their emails systems. The BBC reported that ten-percent of UK businesses were hit on May 4 alone, while the USA Today called it the “computer virus that jammed e-mail systems…from Asia to California.”
Another interesting bit of trivia from the time comes from NASA. May 4, 2000 marked the first time since NASA started using email in the 80’s that they had to shut things down. Only the Kennedy Space Center caught the Worm fast enough to limit the damage.
Security industry veteran Graham Cluley, who ten-years later is still the public face of Sophos, found himself caught in the media circus thanks to Love Bug. He wasn’t even off the plane as it taxied the runway at Heathrow Airport when he found himself being paged.
“I had the unusual experience of hearing my name being announced by an air hostess over the tannoy. Apparently someone was waiting for me to arrive, and I should make myself known to the crew. It turned out that a TV news station [was] waiting at the airport for me, in order to whisk me to their studios,” he recalled in a blog post on the Worm.
We caught up with Graham, who gave us a little more detail about his week back in 2000.
“In those days viruses were a big deal. Now we’re seeing 50,000 of them a day,” he told us in a phone interview from Sophos’ UK office.
As he mentioned, he wasn’t even off the plane and people were calling, so we asked what it was like to be in the middle of the storm and dealing with the press that week.
“In my world, I went from camera crew to camera crew, as I was the face of the company,” Cluley explained.
He added that most of the press had the same request, namely, requests to see the Sophos lab and the ensuing chaos. “But the lab was the eye of the storm, for them it was just another virus,” Cluley said.
Translation – no chaos, just another day at the office for the crew writing detection rules. “In the support area, it was a different story,” Cluley told us. “Thousands of people were flooding us with questions, even those using competing products.”
Once the investigation moved forward, the media coverage and questions continued for the next year. In the Philippines, Onel de Guzman was arrested in connection to the creation and release of the Love Bug Worm.
Cluley found himself in the Philippines a year or so later, and met with the arresting officers. Despite the fact that de Guzman was not charged for Love Bug, as there were no laws at the time to convict him on, “they were still trying to nail him,” he said. To this day, de Guzman remains a free man.
Going into detail on the Love Bug, Cluley told us that there were some interesting notes to the Love Bug. “The interesting aspect is the intention behind it. It was designed to steal user names and passwords. A distant echo to the Malware you see today.”
At the same time, email messages and tags left in the Worm’s source code is a stark contrast to the professional criminal ethos that drives many malicious applications online. Clearly Love Bug was amateur hour when compared to the coding of the Zeus Trojan, but it was clever.
“It wasn’t a clever Virus in terms of technology,” Cluley said, “but it was a clever Virus in terms of Social Engineering. Everyone wants a love letter. People still think with their trousers. We’re ten years on and we are still seeing sex as an enticement to open links and attachments.”
Yep. Love, or in some cases lust, can definitely be painful.
Think back. What were you doing and where were you at when Love Bug hit email systems world wide? Share your stories from the trenches below.