Iloveyou – the infamous virus of all time

Tram Ho

Born 20 years ago when the Internet was not really popular, the Iloveyou virus spread to over 50 million computers and caused $ 10 billion in damage.

The most dangerous computer viruses in history “]

Dressed in a T-shirt and glasses in Matrix , Onel de Guzman stared at the floor as he passed by a crowd of reporters to enter a press conference room in Quezon City (Philippines) on May 11, 2000 – round one week after the Iloveyou virus upset the Internet world.

A thin face with a few strands of black hair hanging over his forehead, he appeared to answer press questions, sometimes wiping the face with sweat from his face. Sitting on his right is his lawyer, Rolando Quimbohad. He had to lean in to be able to hear the 23-year-old youngster’s clever answer, then translated it into English for newspapers.

“If you ask me if he is aware of the consequences, you can say that the answer is no,” Quimbohad said.

Onel de Guzman at a press conference in mid-May 2000. Photo: Wired.

Onel de Guzman is alleged to be the author of Iloveyou – a virus that pretends to be love spreads on tens of millions of computers worldwide with an estimated damage of 10 billion USD, seriously affecting business operations and organizations around the world from Ford, Merrill Lynch to the Pentagon or the British Parliament.

Twenty years later, Iloveyou is still on the list of viruses with the fastest spreading speed and is the beginning of the journey to awaken the public about the dangers of malware as well as cyber attacks. It shows the risk of vulnerabilities in the system that users are constantly facing, even after two decades with countless improvements in technology and computer security.

Onel de Guzman remained silent since 2000, until this week when investigative journalist Geoff White tracked him down. He now runs a phone repair shop in Manila and admits he is the author of the virus.

Extermination machine

In the afternoon of 4/5/2000, Michael Gazeley sat in his office in Star Computer City (Hong Kong). A few months earlier, he founded a company specializing in dealing with online threats called Network Box.

The phone in his office simultaneously rang. First from customers, then from non-customers. All want Network Box to help block a virus that is spreading in their system and destroy internal data. They all told the same story: Someone in the company received an email with the subject “Iloveyou” and the message “Please open my love letter in the attachment”. In fact, once the file is opened, the malicious code quickly takes over the computer, duplicates and sends a copy to others in the email address list. The recipient, thought to be a joke or a confession from the sender, continues to open the file, causing the virus to spread exponentially.

Along with cloning, Iloveyou also collects passwords, renames and deletes thousands of files on the computer hard drive. The victims panicked for help from Gazeley because they didn’t back up data, and he also spent a long time explaining that many files – such as financial records, photos, MP3s, etc. – would be “one go away.” ”.

According to Gazeley, Internet users at the time did not realize that the email also contained dangers. This type of attack was still new in 2000. According to the International Telecommunication Union (ITU), only 28% of people in Hong Kong, 27% of the British or 15% of the French were connected to the Internet during that period. Even in the US, where this technology was invented, only 43%.

Iloveyou virus targets users of rich countries such as Hong Kong, Europe, and the United States. Photo: CNN.

Iloveyou virus targets users of rich countries such as Hong Kong, Europe, and the United States. Photo: CNN.


On the same day, May 4, 2000, Sophos security expert Graham Cluley attended a seminar in Stockholm, Sweden, describing a malicious code capable of controlling accounts and transmitting messages to colleagues of victim that “Friday, I’m in love”.

During the coffee break, the phone and pager of the visitor suddenly received emails with the subject heading “I love you”. Some rushed to see Cluley, asking if their device had just been infected by the virus he described. Cluley said it was not because the virus he mentioned was limited to the system most people do not use.

At the end of the seminar, Cluley checked his phone and caught his eye a series of missed calls, messages and voicemails. His company Sophos in the UK is also constantly receiving calls from partners asking for help and journalists wanting to know what’s going on.

Cluley rushed to the airport, took a trip to London, and even bought the phone battery of a generous taxi driver because the series of messages had drained his Nokia phone. When he arrived in England, a car was waiting for him to come to the TV station to talk about the malware that would later be classified as one of the most notorious viruses of all time.

In just 5 hours, Iloveyou spread across Asia, Europe and North America at a speed 15 times faster than Melissa – the virus was born in 1999 and infected over a million computers. The House of Commons, Ford Motor Company, even Microsoft has to shut down the email server.

Microsoft’s Outlook software is the main means for hackers to spread viruses. At that time, Windows was present on 95% of personal computers and Outlook was installed in the Office package. For many people at the time, Outlook was synonymous with email.

As the Director of the National Infrastructure Protection Center NIPC – the agency tasked with dealing with cyber threats, Michael Vatis was recommended to Iloveyou as early as 4/5. NIPC quickly issued a warning about “a virus identified as LoveLetter or LoveBug is spreading via global email”, but it was still too late. The virus spread quickly because many people were curious to open “love letters”, including dozens of US businesses, the Pentagon …

Anti-virus companies have started rolling out patches . However, the virus has already reached over 50 million computers.

The US Federal Bureau of Investigation immediately launched an investigation and found that the virus did not originate in Hong Kong but in the Philippines. Iloveyou is a rather awkward programmer. It mixes some code of some existing viruses and does not even hide the source.

Iloveyou contains some code to help identify the author, such as two email addresses and, both of the Philippines. The code also mentions the GrammerSoft Group hacker group. The virus communicates with a server located in Sky Internet in Manila to send the victim’s computer password. After Sky shut down the server, Iloveyou can only delete files on the device, instead of performing the original purpose of collecting passwords.

Iloveyou is awkwardly programmed, revealing the source of the author. Photo: CNN.

Iloveyou is awkwardly programmed, revealing the source of the author. Photo: CNN.

Four days later, Filipino police arrived in an apartment in Manila, seized computer magazines, phones, floppy disks, cassettes, and arrested one of the people living there, Reomel Ramones.

Ramones, then 27, with curly hair, worked for a local bank. He did not look like a hacker and investigators wondered if they could catch the wrong person. They began to notice two other people: Ramones’s girlfriend, Irene de Guzman and her younger brother, Onel de Guzman.

Onel de Guzman, not in the apartment when the arrest took place, was a student at AMA Computer College. The school is also the home of the GrammerSoft Group, which was created to help students cheat when doing homework. The school also provided the police with a rejection of the thesis of Onel de Guzman, which described an Iloveyou similar program.

In this manuscript, de Guzman wrote the purpose of the program is to “collect Windows passwords” and “steal Internet accounts from victims’ computers.” At that time, Internet access in the Philippines was done via dial-up connection and charged every minute. de Guzman wants to find a way for users in developing countries to “borrow” connections from users in richer countries, so they can spend more time online without paying.

Legal problems

On 11/5, de Guzman appeared in the press in Quezon along with his lawyer and sister. “He doesn’t even know his actions will lead to the consequences we already know,” the lawyer said.

Although the Philippine police, the FBI and the security world all claim that de Guzman is the author of the virus, he is not punished.

The problem is that investigators do not have enough clear evidence. More importantly, the Philippines, like many other countries in the transition period between the two centuries, has not enacted laws on cybercrime. After the Iloveyou incident, lawmakers in the country urgently drafted computer and network security laws. However, it cannot be used to judge an act that took place before the law was introduced.

Besides, many Filipinos also consider de Guzman to be a hero. Students at AMA Computer College told New York Time that they were proud that “Filipino hackers could penetrate the Pentagon even though they are technologically behind compared to the US,” or “Iloveyou showed. Filipinos are creative and able to turn the world upside down, either positive or negative. ”

In the early stages of the Internet, computer worms were written primarily for testing purposes, spreading as widely as possible in order to resonate. But later, hackers began to switch to viruses to attack the system for money, targeting certain targets instead of spreading on a large scale.

“The scary thing is that after 20 years, there are still many organizations that don’t care about security until they have a problem,” said Gazeley, an expert in Hong Kong.

Share the news now

Source : Techtalk