Tomorrow, it will be exactly 20 years since the ILOVEYOU virus infected computers across the world. It was one of the first examples of how social-engineering could play a vital role in cybercrime. It was not the first mass-mailing worm in the late 90’s, but the virus was undoubtedly the one which affected most computers globally.
While “ILOVEYOU” was not intended to generate money for the developers, the social engineering method, is one of the most important legacies of “ILOVEYOU.
The mid-nineties saw the start of macro viruses and file propagation attacks. The ILOVEYOU worm tricked victims into opening an attachment claiming to be a love letter from a secret admirer, but when they did so, it would overwrite personal files, introduce a password-stealing programme and send the email to everyone in the user’s contact list.
It was the first truly global mass mailer. It wasn’t the first mass mailer by any means – the 1999 Melissa virus would send itself to 50 of its victim’s contacts. But ILOVEYOU is significant because it was the first of its kind that spread worldwide so quickly. The ILOVEYOU worm could send itself to everyone in a contact list.
What made the ILOVEYOU virus so prolific was the clever social engineering elements to it – it manipulated people into divulging confidential information. Mass information stealing attacks were rare at the time, and because it was so new and innovative, people fell for it.
Social engineering has been around as long as cyber-attacks, it\’s a technique still widely used by cybercriminals today. Security professionals can however take action to combat social engineering attacks and protect their businesses. One way to prevent successful social engineering-based attacks is to educate and train staff. Today we see highly sophisticated, crafted cyber-attacks that mimic websites and business emails. This means that employees not only need to look out for the most common tell-tale signs of a scam, such as spelling and grammar errors, but also harder-to-spot clues, such as URLs that are incorrect or often close but not correct, or language criminals use to drive an emotional response to act.
20 years since \”ILOVEYOU\” – What impact did it have?
In 2000, many users would receive an email with the subject \”ILOVEYOU\”. The email contained a text saying \”Kindly check the attached LOVELETTER coming from me\” and attached was a malicious script, which could cause damages to files on the infected computer as well as taking advantage of the address book in Microsoft Windows for further spreading.
ILOVEYOU\” or \”Love Letter\” was not the first mass-mailing worm, in the late 90\’s many organizations were also affected by the \”Melissa virus\” and \”Happy99\”. But the \”Love Letter\” virus was undoubtedly the one which affected most computers globally and was also used as an inspiration by Pet Shop Boys\’ song \”Email\”, released in 2002. More importantly, it is fair to say that \”ILOVEYOU\” was one of the first examples of how social-engineering could play a vital role in cybercrime.
If we look back on what has happened in the 20 years since \”ILOVEYOU\” from a threat perspective in cyberspace, certainly a lot has changed. When \”ILOVEYOU\” infected millions of computers via a relatively unsophisticated method, the motivation behind it was not to obtain some financial gain whereas these days it probably would be. Equally, back in 2000 many countries did not even have an appropriate law against malware writing or the exploitations we now see in cyberspace.
The year 2000 brought changes to the malware writing and cybercrime ecosystem, with releases of malware that could be used to carry out disruption attacks against government websites and use infected computers in online ad-schemes. It would take years before we saw what I consider the biggest game-changer for cybercrime.
In 2007 with the release of the \”ZeuS\” and the \”Gozi\” malware, IT security changed. Designed to monetise infected computers rather than just generating \”noise\” as we saw with \”ILOVEYOU\”, infected computers now became an asset that malware operators could use to steal credentials, credit card data and banking information. The aftermath of the source code of \”ZeuS\” being released in 2011 also paved the way for a variety of information-stealing/banking-trojans using components in new malware designed with the same purpose.
Today malware plays a vital role in the cybercriminal ecosystem, and while \”ILOVEYOU\” was not designed to make the creators any money, the social engineering method of trying to lure users into clicking on a link or opening an attachment is probably \”ILOVEYOU\”\’s most significant legacy.