20 years since “ILOVEYOU” – What impact did it have?

---Jens Monrad, Head of Mandiant Threat Intelligence, EMEA, FireEye

In 2000, many users would receive an email with the subject “ILOVEYOU”. The email contained a text saying “Kindly check the attached LOVELETTER coming from me” and attached was a malicious script, which could cause damages to files on the infected computer as well as taking advantage of the address book in Microsoft Windows for further spreading.

“ILOVEYOU” or “Love Letter” was not the first mass-mailing worm, in the late 90’s many organizations were also affected by the “Melissa virus” and “Happy99”. But the “Love Letter” virus was undoubtedly the one which affected most computers globally and was also used as an inspiration by Pet Shop Boys’ song “Email”, released in 2002. More importantly, it is fair to say that “ILOVEYOU” was one of the first examples of how social-engineering could play a vital role in cybercrime.

If we look back on what has happened in the 20 years since “ILOVEYOU” from a threat perspective in cyberspace, certainly a lot has changed. When “ILOVEYOU” infected millions of computers via a relatively unsophisticated method, the motivation behind it was not to obtain some financial gain whereas these days it probably would be. Equally, back in 2000 many countries did not even have an appropriate law against malware writing or the exploitations we now see in cyberspace.

The year 2000 brought changes to the malware writing and cybercrime ecosystem, with releases of malware that could be used to carry out disruption attacks against government websites and use infected computers in online ad-schemes. It would take years before we saw what I consider the biggest game-changer for cybercrime.

In 2007 with the release of the “ZeuS” and the “Gozi” malware, IT security changed. Designed to monetise infected computers rather than just generating “noise” as we saw with “ILOVEYOU”, infected computers now became an asset that malware operators could use to steal credentials, credit card data and banking information. The aftermath of the source code of “ZeuS” being released in 2011 also paved the way for a variety of information-stealing/banking-trojans using components in new malware designed with the same purpose.

Today malware plays a vital role in the cybercriminal ecosystem, and while “ILOVEYOU” was not designed to make the creators any money, the social engineering method of trying to lure users into clicking on a link or opening an attachment is probably “ILOVEYOU”‘s most significant legacy.”