The LoveBug worm: Ten years later

Today's threats now go beyond email as a way to find victims

Ten years ago today, on May 4, 2000, a security team with MessageLabs, a provider of messaging security services, came in to work and discovered the number of viruses its system had intercepted in the last several hours was off the charts.

"It was higher than it normally was in an entire day," recalls Paul Fletcher, part of that team and now chief software architect with Symantec Hosted Services, which later acquired MessageLabs. "That was our first indication that something was up."

What was up was the LoveBug. Millions of recipients around the world received an infected message from email contacts with the subject line "ILoveYou". Inside was a malicious attachment titled "LOVE-LETTER-FOR-YOU.TXT.vbs". The virus had the ability to overwrite other documents on a recipient's computer, such as jpg files. It sent itself to all of the recipients' email contacts, racking up approximately 45 million victims in just days.

Also see Why Some Classic Viruses May Come Back to Haunt a Corporate Network Near You

"We hadn't seen anything like it before," said Fletcher. "We didn't know we were going to stop that virus that day; no one even knew it existed."

The LoveBug virus was an old-style cyber-crime attempt, the kind done more for attention than for financial gain.

It was a notoriety type of virus, it wanted to be noticed. The LoveBug was more about vandalism than any serious crime "

But it set the stage for today's threat landscape, explained Fletcher. While today's attacks typically involve malware installation that hides on a computer in order to gain sensitive information, criminals often use sophisticated social engineering attacks to snare users, which is what the LoveBug did in 2000 when email was still early in its development into an important business tool.

"It was a very simply message. A very short message but it was very effective in terms of peaking the interest of the recipient," noted Fletcher. "Criminals started realizing the potential for email and the Internet as a means to conduct their criminal activities from. What you started to see after that was a spread of malware as a means to an ends of distributing other things; Trojans, malware, etc."

Today's threats now go beyond email as a way to find victims, said Fletcher. Attacks now use the web, as well, making it necessary not only to scan email, but web traffic.

"Now what we see are the blended threats," he said. "You'll receive an email that doesn't have anything in it, but in it has a link where you go somewhere and download malware. They come together to deliver the final payload."

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags LoveBugemailwormvirusessecurityanniversariesmalware

More about etworkMessageLabsSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts