Notorious LoveBug virus turns 10

LoveBug caused damage worth millions of pounds

Today marks the 10th anniversary of the LoveBug virus, seen by many as a key milestone in the evolution of malware. The virus managed to infect an estimated 45 million email users in just one day.

Hosted security vendor MessageLabs, now known as Symantec Hosted Services, was one of the first to intercept LoveBug on 4 May 2000, and watched the mass mailer virus rise from one in 1,000 emails to one in 28.

The malware writers used the rather crude social engineering technique of sending the virus as a text file attachment to an email containing the intriguing subject line 'ILOVEYOU'.

Once curiosity got the better of the recipient and they opened the attachment, a malicious Visual Basic Script sent itself to every email address in their address book.

The virus was very much a product of its time, with the threat landscape dominated by the efforts of "script kiddie" attacks, rather than organised crime.

"Our understanding is that at the time there was no obvious criminal intent and no monetary aspect to the attack," said Symantec Hosted Services senior analyst, Paul Wood.

"It was destructive in a 'look at me' fashion, designed to spread and wreak havoc."

The virus also seemed to take advantage of users who were generally less suspicious of unsolicited emails than they are today, said Wood.

"It was very significant at the time and the landscape was entirely different. We didn't have the same number of broadband connections, and people were using the internet differently," he said. "We don't see so many mass mailer outbreaks now. They tend to be more targeted."

Wood added that LoveBug is notable for being an early example of a scripted virus, which gave birth to a number of variants and copycats in the days that followed its initial outbreak, prolonging the pain for many businesses.

Sophos senior technology consultant Graham Cluley argued in a blog post that the success of LoveBug was due in a large part to its social engineering aspect.

"There was nothing particularly clever about the LoveBug's code that explained why it had spread so widely so quickly - the reason for its 'success' was that it had tapped into a universal need: the desire to be loved," he explained.

"It's sad to say, but although technology may have improved in the last nine years, the majority of the general public are still woefully uneducated about how to act safely online and best protect their bank accounts and identities."