I Love You Virus
ILOVEYOU was created by Onel de Guzman, a college student in Manila, Philippines. De Guzman created the computer worm intending to steal other users' passwords. He justified his actions on his belief that Internet access is a human right, and that he was not actually stealing. The worm was created thanks to a bug in Windows 95 that would run code in email attachments.
ILOVEYOU relied on the scripting engine system setting (which runs scripting language files such as .vbs files) and took advantage of a feature in Windows that hid file extensions by default. The worm used social engineering to entice users to open the attachment. Systemic weaknesses in the design of Microsoft Outlook and Microsoft Windows were exploited that allowed malicious code capable of complete access to the operating system, secondary storage, and system and user data.
Messages generated in the Philippines began to spread westwards through corporate email systems. Because the worm used mailing lists as its source, the messages often appeared to come from acquaintances. Only a few users at each site had to access the attachment to generate millions of more messages.
The worm originated in the Pandacan neighborhood of Manila in the Philippines on May 4, 2000. Within ten days, over fifty million infections had been reported. The Pentagon, CIA, the British Parliament, and most large corporations decided to completely shut down their mail systems. The outbreak was later estimated to have caused US$5.5–8.7 billion in damages worldwide and estimated to cost US$15 billion to remove the worm. The events inspired the song "E-mail" on the Pet Shop Boys' UK top-ten album of 2002, Release.
The ILOVEYOU Script (the attachment) was written in Microsoft Visual Basic Scripting (VBS) which runs in Microsoft Outlook. The script adds Windows Registry data for automatic startup on system boot. The worm searches connected drives and replace files with extensions JPG, JPEG, VBS, VBE, JS, JSE, CSS, WSH, SCT, DOC, HTA, MP2, and MP3 with copies of itself while appending the additional file extension VBS. It also downloads the Barok trojan renamed for the occasion as "WIN-BugSFIX.EXE". The fact that the worm was written by VBS provided users a way to modify it. This allowed more than twenty-five variations of ILOveYOU to spread across the internet, each one doing different kinds of damage. Most of the variations had to do with what file extensions were affected by the worm. Others simply modified the email subject in order to make it targeted towards a specific audience, like variant "Cartolina" in Italian, or variant "BabyPic" for adults. Some others only modified the credits to the author, which were originally included in the standard version of the virus, removing them completely or referencing false authors.
Two young Filipino programmers have become the target of a criminal investigation by the Philippine National Bureau of Investigation. Local Internet service provider Sky Internet reported receiving contacts from European computer users alleging that malware (in the form of the "ILOVEYOU" worm) had been sent via the ISP's servers. Reonel Ramones and Onel de Guzman have been arrested and charged in absentia. De Guzman later claimed that he might have unwittingly released the worm. The worm was believed to have been released by a trojan designed to steal Internet login passwords for prepaid Internet cards used by programmers to pay for Internet access. The proposal was rejected by the College.
Since there were no laws against writing malware in the Philippines at the time, both Ramones and de Guzman were released with all charges dropped by state prosecutors. In 2012, the Smithsonian Institution named ILOVEYOU the tenth most virulent computer virus in history. De Guzman did not want the public's attention. His last known public appearance was at the 2000 press conference, where he obscured his face and allowed most of his questions to be answered by his lawyer, and his whereabouts remained unknown for 20 years. In May 2020, it was revealed that while investigating his cybercrime book Crime Dot Com, investigative journalist Geoff White found Onel de Guzman working at a mobile phone repair shop in Manila. De Guzman admitted that he was creating and releasing the virus. He claimed that he had initially developed it to steal Internet access passwords because he could not afford to pay for access. He also claimed that he had created it by himself, clearing the two others who had been accused of co-writing the worm.