My van was built 15 years ago by Mazda in Japan as a multi-purpose 'people carrier' vehicle with the unlikely name of a Bongo. It has survived the years well, and I have now converted it into a camper van. Another 15 year old that travelled across the globe has not survived the passage time, and we can be thankful for that because I'm talking about the Love Bug. No, not Herbie the talking VW Beetle from those candy-sweet Disney films but rather a computer worm that spread like wildfire in May 2000. Also known as 'ILOVEYOU' thanks to the subject line of the emails it used as a distribution method, and 'Love Letter' because it self-propagated through the use of a Visual Basic Scripting (.vbs) file attachment with the name of LOVE-LETTER-FOR-YOU.txt.vbs, this particular malware threat was incredibly successful.
How successful you ask? Well how does more than half a million infected computers across twenty countries and damages exceeding $15 billion grab you? Just to confirm, that was no typo: $15 billion. The BBC first reported the Love Bug arriving in the UK on May 4th 2000 with estimates of one in ten UK businesses already being hit by the thing at that point. Even the House of Commons got disconnected from the outside world when the parliamentary network was switched off to prevent further infection. Security researchers at MessageLabs (which would later become part of Symantec) put the spread into context by comparing it to the Melissa worm from the year before which had been generally regarded as one of the worst ever. Melissa had generated 200 copies of itself in the first day it was spotted, Love Bug infected 1200 computers in the first three hours.
Fred Touchette, manager security research at web and email security company AppRiver looks back and reflects that "the fact that the file had a hidden double extension was due to how Windows operating systems interpreted the filenames at the time of reading them (from left to right and stopping after the first period it came across), thereby hiding the rest of the filename and its true file type." This was partly responsible for the huge success of the propagation of the worm, along with the human curse of curiosity when faced with something purporting to be a love letter. "Once executed, The Love Bug would replace the majority of files on its new host computer with copies of itself and would then go as far as to place itself in the Windows Registry to make sure it ran at every startup" Touchette continues "the worm would also propagate by sending its malicious payload to every contact in the infected machine’s contact list, which allowed it to travel quickly and spread across borders in a matter of hours."
One of the things that we noticed pretty quickly about the Love Bug was that while the security industry was struggling to keep a lid on the thing, variants soon started to appear. These were essentially copycat versions that had been tweaked a little and re-written in the local language. Love Bug really heralded the dawn of the malware family, and that has not changed since. What has changed is the way that threats are now distributed. Reliance upon malware remains within the phishing and advanced persistent threat zones, but as Touchette explains that is just one of the arrows in the threat quiver. "Internet worm can seek out attached media devices or traverse network shares. Or in the case of Stuxnet, even jump onto an air-gapped network and make its way through very specific industrial control systems" he says, continuing we still see these types of cyber tricks that attempt to manipulate users’ heart strings and encourage rash decisions. Such attacks can –and do- propagate quickly over social media as well as other, more traditional methods such as email and infected websites."
Perhaps the most worrying change between then and now is that when Love Bug hit the headlines there were only around 350 million people on the Internet whereas now there are at well over a billion regular users just on Facebook alone. The total number of Internet users varies depending on which stats you believe, but more than 3 billion is a generally accepted figure. That's an awful lot of opportunities for malware to exploit. Thankfully the security landscape has matured just as the threatscape has evolved, and there are much more advanced methods in place to stop the spread of another Love Bug. Unfortunately, the most effective method of preventing infection remains a moving target that always appears to be just out of reach; namely user education.
