LoveBug – the worm that changed the IT security landscape – is ten years old today

Though simple in its approach, LoveBug was quite virulent in its attack methodology and, as reports of the time noted, hit several million users of the internet in its first 24 hours.

According to anti-virus reports of the time, the `virus rate' – which was normally averaging around 1.1 per 1000 emails – soared to an amazing 1 in 28 before tier 1 ISPs starting filtering the infected messages out on their own networks.

The subject line of `ILOVEYOU' attracted the attention of the recipients, but the real problems for users began when they opened the message, as it immediately replicated itself to all of the email addresses in the infected users' address book.

The Skeptic malware analysis service – now part of Symantec – spotted the first LoveBug emails shortly after 00:00 on May 4, 2000, and other anti-virus/IT security vendors quickly issued their own alerts.

History shows that the worm had started in the Philippines earlier in the day and spread quickly to Hong Kong and Europe, and then on the US, causing an estimated $5 billion damage to computer systems in its wake, with reports of around 50 million infections in its first 10 days of propagation.

Most of the damage costs were associated with removing the worm, which required IT managers to shut down their email systems. Affected systems reportedly included the Houses of Parliament and the Pentagon plus CIA computer networks in the US.

Infosecurity notes that, because the code was written in visual basic and interfaced with the Outlook Windows Address Book, the worm only affected Windows computers.

Typical threat of the time

According to MessageLabs – also now part of Symantec – LoveBug was typical of the security threats of the time, in that it was created by individual hackers and distributed by email, internet relay chat and general chat rooms.

Today, however, MessageLabs says that such workings are the operations of criminal enterprises and distributed via email, web and instant messaging - and typically using converged methodologies.

In 2000, the most dangerous threats were mass mailer worms with executable attachments like LoveBug. In 2010, however, MessageLabs says that the most dangerous attacks are targetted attacks that demonstrate sophisticated social engineering.

Interestingly, MessageLabs says that threats like LoveBug were distributed by the computers that they compromised in 2000 with the purpose of destroying data housed on the machine.

Threats today, however, are most often distributed by botnets, which can distribute any desired payload on demand looking to steal data or to recruit the compromised machine to a botnet.

Legal implications

Paul Wood, a senior analyst with MessageLabs, said that LoveBug was operating in the wake of the Melissa virus, a similarly destructive worm from the previous year.

"Back then users were less savvy regarding the dangers posed by suspicious email attachments and emails from unknown senders. The general public was also less aware of issues such as spam and denial of service attacks", he said.

Infosecurity notes that, since there were no laws in the Philippines against coding malware at the time, the two originators of LoveBug were arrested and then released, with all charges against them dropped.

The government of the Philippines then created a new piece of legislation known as the e-commerce law, in July 2000, around three months after the LoveBug worm started to hit.

What’s Hot on Infosecurity Magazine?