Because it was written in Visual Basic Script and interfaced with the Outlook Windows Address Book, this particular worm only affected computers running the Microsoft Windows operating system. It also sent the worm to the first fifty people in the Windows Address Book, the system contact list. The worm overwrote important files - music files, multimedia files, and more - with a copy of itself. This particular malware caused widespread damage.
In order to free themselves, The Pentagon, CIA, and the British Parliament had to shut down their mail systems as did most large corporations. Most of the damage cited was the time and effort spent getting rid of the worm. By, 50 million infections had been reported. The worm originated in the Philippines on and spread across the world in one day, moving on to Hong Kong and then to Europe and the US, causing an estimated $5.5 billion in damage. Only a few users at each site had to access the attachment in order to generate the millions of messages that crippled POP systems under their weight and release the worm that overwrote millions of files on workstations and accessible servers. Because the worm used mailing lists as its source of targets, the messages often appeared to come from acquaintances and would therefore be considered "safe", providing further incentive to open the attachments. Messages generated in the Philippines began to spread westwards through corporate email systems. It exploited the weakness of the email system design that an attached program could be run easily by simply opening the attachment to gain complete access to the file system and the Registry.This was actually a system setting the engine had not been known to have been ever used previously Microsoft received scathing criticism for leaving such a powerful (and dangerous) tool enabled by default with no one the wiser for its existence. It relied on the scripting engine being enabled.In this way the exploit could display the inner file extension 'TXT' as the real extension text files are considered to be innocuous as they can't contain executable code. Windows had begun hiding extensions by default the algorithm parsed file names from right to left, stopping at the first 'period' ('dot'). It relied on a flawed Microsoft algorithm for hiding file extensions.It relied on social engineering to entice users to open the attachment and ensure its continued propagation.
Such propagation mechanism had been known (though in IBM mainframe rather than in the MS Windows environment) and used already in the Christmas Tree EXEC of 1987 which brought down a number of the world's mainframes at the time.įour aspects of the worm made it effective:
It also made a number of malicious changes to the user's system. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. The final extension was hidden by default, leading unsuspecting users to think it was a normal text file. The worm arrived e-mail on and after with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.". ILOVEYOU, also known as Love Letter, is a computer worm that successfully attacked tens of millions of computers in 2000 when it was sent as an attachment to a user with the text "ILOVEYOU" in the subject line. Onel De Guzman is the creator of ILOVEYOUVIRUS