ILOVEYOU: The wrong kind of LoveLetter


Originating in the Philippines, the Love Bug was the brainchild of two computer programmers, Reonel Ramones and Onel de Guzman. Although they were arrested, they were never prosecuted due to a lack of anti-malware legislation in the country at the time.

From there, the virus spread to Hong Kong, to Europe and finally arrived reached the US just as offices were opening up in the morning, as Lysa Myers, Security Researcher at ESET, remembers:

“My day of the outbreak started at 5AM, when I was called in to help with the unprecedented number of reports we got from people who’d been affected. A huge variety of people wrote in with tales of woe; everyone from government offices whose email servers had been kneecapped by the load of virus-laden messages, to grandparents who were heartbroken to find that pictures of grandchildren had been irreparably destroyed by the virus.”


Adding to its seemingly innocent façade, the email appeared to come from a known contact – the worm would infiltrate a victim’s address book, sending replicas of itself to personal and business contacts.

In this way, LoveLetter was more harmful than its predecessor Melissa, which also took advantage of mass-mailing on its release in 1999.


One (double) click on the attachment was all it took. Once released, the virus began its attack by overwriting files within the computer system (as well as mailing itself to contacts).

And its damage was widespread: it is estimated to have infected over 55 million computers around the world, causing billions of dollars of damage, estimated between US $5 billion and $10 billion.


To counter its spread, Chey Cobb, head of INFOSEC in the US “advised all US government agencies to disconnect from the internet until the thing was contained”.

Many large corporations followed suit, with the British Parliament, the Pentagon and the CIA shutting down their internet connections to avoid damage to their systems.

Reach out

So, what came of this? For one, it did lead businesses to explore alternative ways of alerting users to potential inbox viruses. Some companies reverted to old fashioned methods and stuck paper notices on people’s doors; others left urgent voicemails; and, around the world, bosses did everything they could to ensure the first email in their employees’ inbox was a warning about LoveLetter.

Bruce P. Burrell, yet another Security Researcher at ESET, explains the importance of establishing contact via any medium available, in the instance of an inbox virus: “When one medium is bogged down [we need to] use whatever other channels available to reach people …  Today that would include using social media, putting up a blurb on the company home page, on the internal network, etc.”

Additionally, as Myers explains, it helped security professionals “refine policies and procedures that were put in place to help us respond quickly and consistently even in the most overwhelming emergencies”.

Finally, whilst both computer security and methods of infiltration have evolved, security systems are often only as effective as their human users – many of us still fail to protect our systems with security software or to back up our data.

This Valentine’s … back up your data

Rather than letting our emotions sway our decisions, as a general rule, the advisable precaution would be to always double-check attachments before opening them by (a) never opening attachments or clicking on links in unsolicited email (or in Facebook, IMs, etc), even when they appear to be from those you know and trust and (b) before opening, contact the purported sender to see if s/he actually did send you something, and if so, exactly what it is.

No matter how enticing the subject matter may seem, the risk is never worth it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s