In May of 2000, a new virus ripped across the world in record time, infecting over 50 million computers within the first two weeks. The virus spread by email and relied on a combination of social engineering, a barely known but powerful Windows scripting engine, and the Windows setting that hid file extensions by default.
Launched by two young computer programmers in the Philippines, the virus came attached to an email with the subject “ILOVEYOU” and LOVE-LETTER-FOR-YOU.TXT as an attached file. In reality, the attached file was actually a VBS script but, because of the way Windows parses file names when the computer is set to hide the extensions, it didn’t show the full file name with the .TXT.VBS at the end—only if you had changed the default settings in Windows to always show file extensions would you see what type of file the love letter really was.
Once clicked, the ILOVEYOU virus took advantage of a very powerful scripting engine tucked away within Windows that very few people were even aware of. Many recipients, who would be hesitant to open a strange file, thought it was a harmless text file and opened it. Because the virus spread itself using the address book of the previously infected host, the lover letter would come from a person you actually knew—the temptation to open and read a love letter from someone you had a personal relationship with and that was addressed to you was simply too strong. People, by the hundreds of thousands, opened the email.
It was a perfect storm: end users’ deep curiosity about the love letter combined with the powerful and vulnerable scripting engine. The virus swept westward around the world as offices in each time zone opened for business. Major corporations and government offices had to take their mail servers down just to protect themselves. The total damages were estimated at 5.5-8.7 billion dollars worldwide and another 15 billion dollars to remove it from infected machines.
Unlike other earlier computer worms that just replicated themselves, the ILOVEYOU virus would replicate itself by overwriting files with JPG, JPEG, VBS, VBE, JS, JSE, CSS, WSH, SCT, DOC, HTA, MP2, and MP3 extensions on the host machine and replace them with copies of itself, appending the additional VBS file extension and making the user’s computer unbootable. Until the rapid spread of the Mydoom virus in 2004, ILOVEYOU held the record for the fasted email-propagated virus in history.
Image courtesy of the Computer Virus Wiki.