ILOVEYOU bug: Is the love still spreading 15 years later?

The infamous Love Bug worm, a mass-mailing worm, was first released on 4 May 2000 and was later understood to have infected a whopping 45 million computer users worldwide.

However, it's now 15 years later and email is still the gateway into many organisations with the Verizon's Data Breach and Incident report recently confirming that 23 per cent of recipients open phishing messages; 11 per cent of recipients click on attachments; and it takes just 82 seconds from start of campaign to first bite.

On this anniversary, various industry experts have offered their thoughts.

James Moore, senior consultant of MWR InfoSecurity:

"It’s been 20 years since phishing first originated, and 15 years since the ILOVEYOU bug wormed its way into mailboxes on May 4, yet still criminals use these methods to gain access to organisations. Why? Because, remarkably, they still work.

"It’s only human nature to connect with others, to open letters, to click on attachments – but such cyber-urges can, and have, lead to catastrophic consequences. The recent Baltimore health system exploit is just the latest in a long line of breaches that can be traced back to a phishing message.

"Organisations need to understand that a multi-layered approach to security is needed to reduce the risk from attacks targeting employees. However, technology alone isn't enough. A well-crafted and targeted email, sent from a 'clean' mail server, will almost certainly get through spam and anti-phishing filters, at which point it's down to employees to identify and report the attack.

"Whilst it is a fact that untrained, uninformed, unaware human beings are a liability and a dangerous gap in your defences, conversely staff who have been trained can be a very effective complement to the technical protection that your system provides. It is vital that organisations recognise, nurture and empower that potential within their people in order to create a security culture that supports the detection of targeted attacks."

Fred Touchette, manager security research at web and email security company AppRiver:

“The Love Bug originated in May 2000 and was a self-propagating worm that attached itself to emails with the subject line, “ILOVEYOU” and an attachment labelled “LOVE-LETTER-FOR-YOU”.

"The attachment was made to look as if it were a simple .txt file though it actuality was a .vbs (Visual Basic Scripting) file that ran when the file was opened. The fact that the file had a hidden double extension was due to how Windows operating systems interpreted the filenames at the time of reading them (from left to right and stopping after the first period it came across), thereby hiding the rest of the filename and its true file type.

"Once executed, The Love Bug would replace the majority of files on its new host computer with copies of itself and would then go as far as to place itself in the Windows Registry to make sure it ran at every startup. The worm would also propagate by sending its malicious payload to every contact in the infected machine’s contact list, which allowed it to travel quickly and spread across borders in a matter of hours.

"In the end, it was said that ‘ILOVEYOU’ spread to at least 20 countries and caused more than $15 billion dollars in damages.

[full_width_ad]

“The Internet worm has evolved since its early inception as a self-propagating concept. In the past, worms like The Love Bug relied on email to get from machine to machine, but nowadays, that’s just one of the arrows in their quiver of tricks. Now an Internet worm can seek out attached media devices or traverse network shares. Or in the case of Stuxnet, even jump onto an air-gapped network and make its way through very specific industrial control systems.

“We still see these types of cyber tricks that attempt to manipulate users’ heart strings and encourage rash decisions. Such attacks can - and do - propagate quickly over social media as well as other, more traditional methods such as email and infected websites. When The Love Bug made its initial rounds in 2000, there were an estimated 361 million people using the internet. Today, there are about 1.23 billion active monthly users on Facebook alone and an estimated 3.1 billion Internet users. That is a huge target demographic primed and ready to click on the first love letter that appears in their inbox.

"Whilst we still see these attacks today, the security landscape has changed. Enterprises and homes are more equipped than ever before and yet there are still warning signs to look out for.

“It’s amazing to think of the leap in technology in just the last 15 years and the dangers that have evolved alongside it. Back in 2000, Anti-virus and Firewalls were a foreign concept to many computer users. Now they’re both considered baseline security measures and come pre-installed and run alongside the most common operating system.

“Malware authors are always looking for a chance to leverage a newly-discovered vulnerability. That’s why it is so important for users to remain vigilant. If it looks too good to be true, it is. If you don’t recognise the sender or you weren’t expecting a piece of mail that shows up in the inbox, it’s best to air on the side of caution and just delete it.

"Stay informed and in touch with potential pitfalls. If we all use a little more caution we can make a great impact in IT security so that everyone can enjoy this holiday with loved ones rather than formatting hard drives and monitoring bank accounts for illicit activity.”