Twenty years ago, a dangerous virus emerged from Asia and made its way across the globe. The world had never seen anything like it before. People panicked, businesses closed, and governments tried and failed to stop the spread. Over one million were infected in a matter of hours. How, you may ask, did this virus spread so rapidly?
The ILOVEYOU virus, also referred to as the “Love Bug,” was a computer virus unlike any other at the time. An innocuous subject line, “ILOVEYOU,” seemingly sent by a contact. A short message: “kindly check the attached LOVELETTER coming from me.” A file titled “LOVE-LETTER-FOR-YOU.TXT.” Many opened this file, expecting a heartfelt message from a relative, or possibly an awkward romantic gesture from a coworker.
What they didn’t realize was that the file wasn’t a text file at all—it was a Visual Basic script file, its .vbs extension hidden from view. The document, once opened, unleashed a worm that wreaked havoc on the system, seeking out and replacing media files with copies of itself. The worm then accessed the user’s Outlook address book and sent an identical email to every contact, many of whom would go on to open the file themselves, repeating the vicious cycle.
Although the United States had prior warning, it failed to protect its government and businesses from infection. The virus hit the Pentagon, nearly every major military base, AT&T, Ford, and other corporations throughout the country, overloading mail servers and shutting down vital operations.
Worldwide, the virus infected over 45 million computers and caused around $10 billion worth of damage. After an investigation, the man believed to be responsible was Onel de Guzman, a college student from the Philippines who had submitted a similar code for his final thesis. Although there was plenty of evidence against de Guzman, he ultimately faced no charges, as the Philippines had no laws at the time concerning cybercrimes.
The ILOVEYOU virus may not have gotten very far had it been sent out today; automatic spam filters and antivirus software often catch such emails before they ever reach a person’s inbox, especially in corporate settings. But that is no reason to become complacent. In fact, users need to be vigilant, because as protections become stronger, hackers become craftier.
Computer “viruses” earned their name for a reason—much like human viruses, one person’s actions have the potential to infect thousands. To further the analogy, antivirus software is like a mask, shielding yourself and others from transmitting the virus; running frequent scans and keeping your software up-to-date is like washing your hands, ensuring threats are eliminated before infection occurs; and practicing common sense cybersecurity habits is like social distancing, avoiding situations where you put yourself and others at risk. This includes not opening attachments—even from people you know—that you are not expecting, not clicking on strange links, and never giving your password to anyone. Just as it is important to protect your physical health, you must also keep yourself safe from threats to your virtual security.
Edit 7/14/2020: This blog post made the mistaken claim that de Guzman was arrested after the virus was released, when in reality, he was never arrested for the crime. This detail has been amended.