|
The ILOVEYOU worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript.
Description The worm, first discovered in Hong Kong, first arrived in e-mail boxes on May 3, 2000 with the simple subject of "ILOVEYOU" with an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". Created by a small gang of Filipinos in 2000. Two aspects of the worm made it effective: Spread Its massive spread moved westward as workers arrived at their offices and encountered messages generated by people to the east. Because the virus used mailing lists as its source of targets, the messages often appeared to come from an acquaintance and so might be considered "safe", providing further incentive to open them. All it took was a few users at each site to access the VBS attachment to generate the thousands and thousands of e-mails that would cripple e-mail systems under their weight, not to mention overwrite thousands of files on workstations and accessible servers. Effects This particular malware caused widespread outage for an estimated $5.5 billion in damage, making it the most damaging worm ever. The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a user's contact list. This particular worm only affected computers running the Microsoft Windows operating system. Authorship This worm program is believed to have been written by Michael Buen. The Barok trojan used by the worm is believed to have been written by Onel A de Guzman, a Filipino student of AMA Computer University in Makati, Philippines. Architecture of the Worm The author of the worm has conceded that he may have released the malware by "accident". The worm is written using Microsoft Visual Basic Scripting (VBS) and requires that the end user run the script in order to deliver its payload. It will add a set of registry keys to the Windows registry that will allow the malware to start up at every boot. The worm will then search all drives which are connected to the infected computer and replace The worm propagates by sending out copies of itself to all entries in the Microsoft Outlook address book. It also has an additional component that it will download and execute on an infected system called "WIN-BUGSFIX.EXE" which is a password stealing program which will e-mail cached passwords. Variants Subject Line: ILOVEYOU Message Body: kindly check the attached LOVELETTER coming from me. Subject Line: fwd: Joke Message Body: empty Subject Line: Mothers Day Order Confirmation Message Body: We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place.Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com Subject Line: Dangerous Virus Warning Message Body: There is a dangerous virus circulating. Please click attached picture to view it and learn to avoid it. Subject Line: Virus ALERT!!! Message Body: a long message regarding VBS.LoveLetter.A Subject Line: Important! Read carefully!! Message Body: Check the attached IMPORTANT coming from me! Subject Line: How to protect yourself from the IL0VEY0U bug! Message Body: Here's the easy way to fix the love virus. Subject Line: I Cant Believe This!!! Message Body: I Cant Believe I have Just received This Hate Email .. Take A Look! Subject Line: Thank You For Flying With Arab Airlines Message Body: Please check if the bill is correct, by opening the attached file Subject Line: Variant Test Message Body: This is a variant to the vbs virus. Subject Line: Yeah, Yeah another time to DEATH... Message Body: This is the Killer for VBS.LOVE-LETTER.WORM. Subject Line: LOOK! Message Body: hehe...check this out. Subject Line: Bewerbung Kreolina Message Body: Sehr geehrte Damen und Herren! Legislative aftermath Since there were no Philippine laws against virus-writing at the time, on August 21, 2000, the prosecutors dropped all charges against Onel A. de Guzman in a resolution signed by Jovencito Zuno. The original charges brought up against de Guzman dealt with the illegal use of passwords for credit card and bank transactions. The Philippines E-Commerce Law (Republic Act No. 8792), passed on June 14, 2000, laid out penalties for cybercrime. Under the law, those who spread computer viruses or otherwise engage in cybercrime (including copyright infringement and cracking) can be fined a minimum of 100,000 pesos (about USD$2,350) and a maximum commensurate with the damage caused, and imprisoned for six months to three years. See Also | ||||||||
|
| |||||||||
 |
|
| |