According to Guinness World Records, I Love You Virus was the most widespread computer virus of all time. I Love You Virus, also known as Love Letter, is a computer Trojan Worm that successfully attacked tens of millions of Windows computers in 2000 when it was sent as an attachment to an email message with the text ILOVEYOU in the subject line. The worm arrived in email on and after May 4, 2000 with the simple subject of ILOVEYOU and an attachment LOVE-LETTER-FOR-YOU.TXT.vbs. A student from AMA Computer College Makati on 1999 named Onel de Guzman submitted a thesis proposal for the creation of a computer program that will hack into computer systems and extract vital information, particularly internet service accounts. The proposal was unanimously rejected by the College of Computer Studies academic board. Onel de Guzman was scheduled to complete his studies in 2000 and an academic subject called Thesis A was one of his final requirements before graduation. On May 3, 2000, an email trojan called ILOVEYOU spread all throughout the globe and caused delays in several online transactions. The I Love You Virus unleashed a flood of email that hit at least 45 million users in at least 20 countries, according to one estimate. The virus started with “ILOVEYOU” in the subject line. The virus both replicates itself and steals the user names and passwords of unsuspecting victims.
The e-mail replies from angry virus recipients to the creator passed through a US email address, isp-adm@mail.com, which then forwarded them to the two Access.Net email accounts used by the virus creator, spyder@super.net.ph and. The final vbs extension was hidden by default, leading unsuspecting users to think it was a mere text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. It also made a number of malicious changes to the user's system. The virus was traced to an apartment room in downtown Manila. The tenant was Onel de Guzman. Guzman was invited by the National Bureau of Investigation for questioning. De Guzman, in an interview, admitted spreading the virus by accident. In reaction to the news. The NBI charged De Guzman for violation of Republic Act 8484 or the Access Devices Regulation Act on 1998. But due to lack of sufficiency the Philippine Department of Justice dropped the charges as there was no clear laws regulating the World Wide Web. Due to this incident, June 14, 2000, Republic Act 8792 known as Philippine Electronic Commerce Act of 2000 was signed.
The e-mail replies from angry virus recipients to the creator passed through a US email address, isp-adm@mail.com, which then forwarded them to the two Access.Net email accounts used by the virus creator, spyder@super.net.ph and. The final vbs extension was hidden by default, leading unsuspecting users to think it was a mere text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. It also made a number of malicious changes to the user's system. The virus was traced to an apartment room in downtown Manila. The tenant was Onel de Guzman. Guzman was invited by the National Bureau of Investigation for questioning. De Guzman, in an interview, admitted spreading the virus by accident. In reaction to the news. The NBI charged De Guzman for violation of Republic Act 8484 or the Access Devices Regulation Act on 1998. But due to lack of sufficiency the Philippine Department of Justice dropped the charges as there was no clear laws regulating the World Wide Web. Due to this incident, June 14, 2000, Republic Act 8792 known as Philippine Electronic Commerce Act of 2000 was signed.
Four aspects of the worm made it effective is because it relied on social engineering to entice users to open the attachment and ensure its continued propagation. It relied on a flawed Microsoft algorithm for hiding file extensions. Windows had begun hiding extensions by default. The algorithm parsed file names from right to left. In this way the exploit could display the inner file extension TXT as the real extension; text files are considered to be innocuous as they can't contain executable code. It relied on the scripting engine being enabled. This was actually a system setting; the engine had not been known to have been ever used previously; Microsoft received scathing criticism for leaving such a powerful and dangerous tool enabled by default with no one the wiser for its existence. It exploited the weakness of the email system design that an attached program could be run easily by simply opening the attachment to gain complete access to the file system and the Registry.