Looking back at the 15 year old Love Bug worm

happygeek 3 Tallied Votes 432 Views Share

My van was built 15 years ago by Mazda in Japan as a multi-purpose 'people carrier' vehicle with the unlikely name of a Bongo. It has survived the years well, and I have now converted it into a camper van. Another 15 year old that travelled across the globe has not survived the passage time, and we can be thankful for that because I'm talking about the Love Bug. No, not Herbie the talking VW Beetle from those candy-sweet Disney films but rather a computer worm that spread like wildfire in May 2000. Also known as 'ILOVEYOU' thanks to the subject line of the emails it used as a distribution method, and 'Love Letter' because it self-propagated through the use of a Visual Basic Scripting (.vbs) file attachment with the name of LOVE-LETTER-FOR-YOU.txt.vbs, this particular malware threat was incredibly successful.

How successful you ask? Well how does more than half a million infected computers across twenty countries and damages exceeding $15 billion grab you? Just to confirm, that was no typo: $15 billion. The BBC first reported the Love Bug arriving in the UK on May 4th 2000 with estimates of one in ten UK businesses already being hit by the thing at that point. Even the House of Commons got disconnected from the outside world when the parliamentary network was switched off to prevent further infection. Security researchers at MessageLabs (which would later become part of Symantec) put the spread into context by comparing it to the Melissa worm from the year before which had been generally regarded as one of the worst ever. Melissa had generated 200 copies of itself in the first day it was spotted, Love Bug infected 1200 computers in the first three hours.

Fred Touchette, manager security research at web and email security company AppRiver looks back and reflects that "the fact that the file had a hidden double extension was due to how Windows operating systems interpreted the filenames at the time of reading them (from left to right and stopping after the first period it came across), thereby hiding the rest of the filename and its true file type." This was partly responsible for the huge success of the propagation of the worm, along with the human curse of curiosity when faced with something purporting to be a love letter. "Once executed, The Love Bug would replace the majority of files on its new host computer with copies of itself and would then go as far as to place itself in the Windows Registry to make sure it ran at every startup" Touchette continues "the worm would also propagate by sending its malicious payload to every contact in the infected machine’s contact list, which allowed it to travel quickly and spread across borders in a matter of hours."

One of the things that we noticed pretty quickly about the Love Bug was that while the security industry was struggling to keep a lid on the thing, variants soon started to appear. These were essentially copycat versions that had been tweaked a little and re-written in the local language. Love Bug really heralded the dawn of the malware family, and that has not changed since. What has changed is the way that threats are now distributed. Reliance upon malware remains within the phishing and advanced persistent threat zones, but as Touchette explains that is just one of the arrows in the threat quiver. "Internet worm can seek out attached media devices or traverse network shares. Or in the case of Stuxnet, even jump onto an air-gapped network and make its way through very specific industrial control systems" he says, continuing we still see these types of cyber tricks that attempt to manipulate users’ heart strings and encourage rash decisions. Such attacks can –and do- propagate quickly over social media as well as other, more traditional methods such as email and infected websites."

Perhaps the most worrying change between then and now is that when Love Bug hit the headlines there were only around 350 million people on the Internet whereas now there are at well over a billion regular users just on Facebook alone. The total number of Internet users varies depending on which stats you believe, but more than 3 billion is a generally accepted figure. That's an awful lot of opportunities for malware to exploit. Thankfully the security landscape has matured just as the threatscape has evolved, and there are much more advanced methods in place to stop the spread of another Love Bug. Unfortunately, the most effective method of preventing infection remains a moving target that always appears to be just out of reach; namely user education.

XP78USER 30 Posting Whiz in Training

I was reading an article about that 3 months ago its variant is known as (Email-Worm.Win32.Loveletter and that it attacked 45 million Windows Personal PC's on the 5th of May 2000. It was activated by the person opening it thinking it's just a harmless .txt file but it's too late when a person opening an unknown .txt file to be infected. It Originated in the Pandacan neighborhood of Manila (Philippines) the amount to remove it toppled over $15 billion. Even the Pentagon, CIA and British Parliament were told to shut down their mailing systems as they could've been infected.

JOSheaIV 119 C# Addict

Always love learning about past massive attacks. One of my personal favorites was I think SQL Slammer that used buffer overflowing to spread. I just find it interesting because of how easy it was to do

However, now a days I don't think we have massive viruses like we used to. The last one I remember was W32 Blasterworm, which I remember helping a family friend with when I was working on their farm (on a 56k modem, fixing it a day before it hit the news).

But now-a-days a big focus for attacks is quickly becoming DDoSing. It's becoming more and more common (including groups like DerpTrolling and LizardSquad). I also have read when it comes to items like viruses, randomsomeware is become the big one (pulled Nortan's latest viruses list about a week back, and they were all over the top)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

DDoS is also increasingly being used as a diversionary tactic to cover a breach in action.

IntegratedTweak 16 Junior Poster in Training

The Blaster Worm caused catastrophy to a lot of people and it costed a lot of people their computers too. Now the worm is just a mere infection that can easily be avoided.

aileenwitts 0 Newbie Poster

Also I faced that. Then tried to clean with multiple anti-virus.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.