The LoveBug worm: Ten years later

Ten years ago today, on May 4, 2000, a security team with MessageLabs, a provider of messaging security services, came in to work and discovered the number of viruses its system had intercepted in the last several hours was off the charts.

“It was higher than it normally was in an entire day,” recalls Paul Fletcher, part of that team and now chief software architect with Symantec Hosted Services, which later acquired MessageLabs. “That was our first indication that something was up.”

What was up was the LoveBug. Millions of recipients around the world received an infected message from email contacts with the subject line “ILoveYou”. Inside was a malicious attachment titled “LOVE-LETTER-FOR-YOU.TXT.vbs”. The virus had the ability to overwrite other documents on a recipient’s computer, such as jpg files. It sent itself to all of the recipients’ email contacts, racking up approximately 45 million victims in just days.

Also see Why Some Classic Viruses May Come Back to Haunt a Corporate Network Near You

“We hadn’t seen anything like it before,” said Fletcher. “We didn’t know we were going to stop that virus that day; no one even knew it existed.”

The LoveBug virus was an old-style cyber-crime attempt, the kind done more for attention than for financial gain.

It was a notoriety type of virus, it wanted to be noticed. The LoveBug was more about vandalism than any serious crime ”

But it set the stage for today’s threat landscape, explained Fletcher. While today’s attacks typically involve malware installation that hides on a computer in order to gain sensitive information, criminals often use sophisticated social engineering attacks to snare users, which is what the LoveBug did in 2000 when email was still early in its development into an important business tool.

“It was a very simply message. A very short message but it was very effective in terms of peaking the interest of the recipient,” noted Fletcher. “Criminals started realizing the potential for email and the Internet as a means to conduct their criminal activities from. What you started to see after that was a spread of malware as a means to an ends of distributing other things; Trojans, malware, etc.”

Today’s threats now go beyond email as a way to find victims, said Fletcher. Attacks now use the web, as well, making it necessary not only to scan email, but web traffic.

“Now what we see are the blended threats,” he said. “You’ll receive an email that doesn’t have anything in it, but in it has a link where you go somewhere and download malware. They come together to deliver the final payload.”