How A Love Letter Changed Computer Security Forever

BY Ray Stevens / ON Jun 10, 2021

Computer security has always been important, and enterprising network programmers have tried to warn people about the effects of unsecured networks since the age of ARPANET and the Creeper virus.

However, as the number of people who started to use computers and the internet more regularly increased exponentially in the latter half of the 1990s, this led to more people online who were less aware of the potential dangers of online communication and more at risk of social engineering.

This led to the spread of a new type of virus that would prey on the emotions of a new, more naive internet user and changed the face of online security forever.

It began with a love letter.

The New Computer User

Windows 95 first launched to the general public in August 1995, and immediately made an impact on computer sales through a far simpler and easy to use interface than had been seen before.

This, along with the rise of more accessible internet service providers such as AOL brought many people who at the start of the decade would not even dream of using a computer onto the early world wide web.

Many businesses would also start to set up websites and email addresses for communication during this time.

However, whilst most existing online users were more aware of the potential risks that could be seen on the internet, a fatal flaw in Windows 95 and 98’s design would inadvertently hide this from less savvy users.

The Love Bug

The ILOVEYOU virus was an email worm made in VBScript, an automation tool similar to Batch files that used Visual Basic to control essentially every aspect of a computer system.

As it needed to be activated before use, it needed to be written in a language that would allow for complete control of a computer system and also have the element of surprise, both of which made possible by two major flaws in Windows 95, 98 and early NT systems.

Windows works by assigning every file type a small extension, such as “.exe” for executables, “.txt” for plain text files and “.doc” for Microsoft Word documents.

These extensions are removed by default, as Windows knows and trusts these file types. This means, however, that viruses can be hidden simply by having two extensions at the end of the file name, as the latter extension would be hidden.

ILOVEYOU sent emails with the subject line “ILOVEYOU” and an attachment that claimed to be a love letter text file, but when it was clicked it activated the virus script.

This script overwrites random files with copies of itself and sends a copy of itself to all addresses in the computer’s Outlook address book. It also adds itself into Windows’ startup registry, making the computer unusable.

As the letter comes from a trusted email address, people who did not know the threat at the time would inadvertently click it and become infected, spreading the virus further.

Ultimately, over ten million computers were infected since the first spread of the virus on 5th May 2000, the majority of which were infected within 10 days.

Fixing the damage is estimated to have cost over £10bn as it spread from its point of origin in the Philippines across the world.

The alleged programmers, Reonel Ramones and Onel de Guzman, were arrested but the Philippines did not actually have any laws to charge them with, so they were ultimately released and new laws were enacted to stop this happening again.

After spending decades in hiding, Mr de Guzman claimed he was the only programmer and did so to steal ISP passwords to get internet access when he could not afford to pay for it himself.

It also changed how people treated emails, and emphasised the importance of computer security and training to be savvy for suspicious emails and files.

Share: