May 2000 was a month that most Windows’ users of the time probably would like to forget. Why? Because of LoveBug. LoveBug – also known as ILOVEYOU – was (is) a worm that infected 45 million users worldwide, and pushed cyberspace into chaos (and not the good kind of chaos). On the day that LoveBug started it’s invasion – May 4, 2000 – the number of viruses increased exponentially, from 1 virus in every 1000 emails to 1 virus in every 28~29 emails; an astounding accomplishment, by any standards. In fact, LoveBug caused so much damage, it has been classified as one of the 10 worst virus attacks of all time by ITSecurity.
How LoveBug worked was users would receive an e-mail with a subject line of “I love you”. In the e-mail would be a .vbs script attachment named LOVE-LETTER-FOR-YOU.txt.vbs:
The virus took advantage of a bug in Microsoft’s code, so the .vbs extension was hidden and the file appeared to be just a text file; a love letter (the fact that .vbs file icons look like a scroll parchment didn’t help). If users opened the attachment, the worm would
- Search the user’s PC for email addresses and automatically email itself to these email addresses.
- Make modifications to the files on the user’s computer such as deleting all JPG/JPEG images files.
- Force the computer to download a password stealing virus, WIN-BUGSFIX.EXE.
The attack originated from the Philippines (two Filipino computer science students created it… and they got away with it too since the Philippines had no law at the time for Internet crime), and through Hong Kong it spread quickly to most countries around the world. Fortunately, Symantec’s MessageLabs quickly found a solution to the problem, otherwise the economical damage caused would be even larger than the estimated $5.5 billion.
Although computer security today is much more sophisticated than it was when LoveBug hit (LoveBug was the first “major” malware attack and can be credited with helping revolutionize the anti-malware industry), the hackers and scumbags are also more sophisticated; they rely on more cunning methods to gain access to your PC – and your financial information – so infections still often occur. So, aside from being well protected, when you are using the Internet, just follow a simple three-step procedure to stay malware free:
- Stop
- Think
- Click
(Don’t spend too much time stopping and thinking, though, because otherwise you may never get anything done.)
[via ITSecurity, WSWS, and Am730 (a Hong Kong newspaper)]