Join 3,572 readers in helping fund MetaFilter (Hide)


I LOVE YOU VIRUS 10 Years Out
May 5, 2010 3:34 AM   Subscribe

10 years ago yesterday, The ILOVEYOU or LOVELETTER computer worm successfully attacked tens of millions of Windows computers in 2000 when it was sent as an attachment to an email message with the text "ILOVEYOU" in the subject line. Mefi Was There that day when Onel De Guzman released a virus that he had proposed creating as part of his undergraduate thesis. The BBC Looks Back. The key part of the virus was not any technical trick but the wording of the subject line - ILOVEYOU - and its attachment LOVE-LETTER-FOR-YOU.
posted by Blake (28 comments total) 7 users marked this as a favorite

 
Social engineering represents the biggest threat to security even today because it attacks the weakest link in the security chain: the guy sitting behind the keyboard.
posted by Chocolate Pickle at 4:27 AM on May 5, 2010 [2 favorites]


I love that original MeFi post. The names are different, but it has a familiar "I have REDHAT so I'm BETTER" feel to it. Lots of helpful advice still, which is why MeFi rocks to this day.

I can't believe that de Guzman proposed creating a trojan horse that would steal passwords in order to save money on internet usage as a legitimate undergraduate thesis. The world wasn't that different back then.

"We were in a room with four programmers and a guy burst in shouting 'Don't open any e-mail from me!"
"That was their alerting system," he said.


I just love that quote as much as I hate:

The LoveBug showed how to get spam to send itself and how, with a cleverly designed virus that preyed on human psychology and technical failings, malware could rack up enormous numbers of victims.
The end result is that now 90% of all e-mail sent is spam.


I remember this going through the dorms at my university. Imagine all that porn and stolen music, just going down the drain. Such a travesty...
posted by This Guy at 4:52 AM on May 5, 2010 [1 favorite]


I remember seeing this in my inbox. "Impossible," I thought as I deleted it.

Bitterness saves the day.
posted by TrialByMedia at 5:01 AM on May 5, 2010 [20 favorites]


> I remember seeing this in my inbox. "Impossible," I thought as I deleted it.
>
> Bitterness saves the day.
> posted by TrialByMedia at 8:01 AM on May 5 [+] [!]

So I wonder. If there were a real virus that would certainly kill you after an interval (ten years, say, or even five) but in the meantime also brought you the love you've always dreamed of, and many people received the virus in a piece of physical mail and knew exactly what it was, how many would open it? Quite a number, I would guess.

(That's basically the initial plot device in Mann's Dr. Faustus - guy sleeps with prostitute for love, well aware of the risk, and does pick up syphilis at a time when there was no cure, and then [rest of book])
posted by jfuller at 5:18 AM on May 5, 2010


The guy who first sent it through our office was the lead programmer (MS certified!). Myself and one other guy downloaded the vbs file and opened it in a text editor. The entire time the department manager was freaking out -- and people thought we were crazy for "opening" the file -- while we were reading through the code going "neat."
posted by ryoshu at 5:36 AM on May 5, 2010 [3 favorites]


That was ten years ago? Aww crap I feel old.

At the time, I was working for Transco (the guys who own(ed) the gas pipes in the UK). Our email was some horrific pine-a-like system that ran in a DOS window.

All day, every 2 minutes, a fresh copy of the code arrived in my inbox. No attachment, just the code, as if someone had cut and paste it into the body of the message.

I have no doubt that Transco was saved by their crappy email system...
posted by sodium lights the horizon at 5:43 AM on May 5, 2010 [2 favorites]


sodium lights the horizon: "I have no doubt that Transco was saved by their crappy email system"

Crappy is relative.

I would say a system that displays things, even inline pasted into the message, is much less broken than a system that automatically opens and executes every attachment sent to you. ILOVEYOU, like just about every email virus, was just an outlook exploit, and more the fault of the people who implemented outlook than the virus author..
posted by idiopath at 6:00 AM on May 5, 2010 [2 favorites]


Mefi Was There

My new favorite history program. "The Signing of the Declaration of Independence... and MeFi Was There!"

We hold thefe truths to be self-evident, and among these are life, liberty, and the purfuit of happinefs. BOOYAH.
writ by tommyj at 8:01 AM on Jul 4 [75 favorites +] [!]


Hell, yeah, I'm tuning in to that.
posted by grubi at 6:11 AM on May 5, 2010 [8 favorites]


Was kind of half hoping the MeFi thread would say something like, "Michelangelo virus almost ten years old," with a few supporting links including info about ILOVEYOU. Was somewhat disappointed that TuxHeDo didn't put together a better post. Maybe I'll make a MeTa call out...
posted by 1f2frfbf at 6:21 AM on May 5, 2010 [1 favorite]


From the 10 years ago link: For those of you who are running your own mail server on UNIX with sendmail, you might want to block this crud at the server.

The internet was a very different place ten years ago.
posted by ook at 6:34 AM on May 5, 2010


True, what self respecting nerd still runs sendmail? For that matter, qmail was already mature back then.
posted by kmz at 6:51 AM on May 5, 2010 [4 favorites]


Heh.
posted by ook at 6:52 AM on May 5, 2010


The internet was a very different place ten years ago.

I'm betting a good portion of mefites do still run their own mail servers. I know Malor has posted some interesting things about {his|her} configuration, especially as it related to spam filtering.
posted by odinsdream at 6:57 AM on May 5, 2010


Mentions of Eudora Lite in the old Mefi article brought back memories. How many people ever paid for the full version of Eudora?
posted by ardgedee at 6:57 AM on May 5, 2010


I would likely take that bet, odinsdream. I'm remembering a recent thread about spam, in which the discussion was largely "I never see any spam, because gmail's filtering is so good;" not much if any mention of running your own mailserver, which would've been equally relevant, you'd think, if many people were still doing it. I run my own webserver, do small-scale rehosting, etc, and I gave up doing my own mail admin years ago; it's just too much of a PITA to be worth bothering with.
posted by ook at 7:29 AM on May 5, 2010


ook; I'll clarify by stating that I meant a good portion of mefites, in comparison to other online communities (exception: gentoo forums). Eh.
posted by odinsdream at 7:49 AM on May 5, 2010


I remember hearing vague news about the ILOVEYOU virus and not really caring too much because I used a Mac and was immune.

Yeah, I said it.
posted by The Winsome Parker Lewis at 8:06 AM on May 5, 2010 [1 favorite]


Aw, I remember that. I was working at an Internet start up (do those still exist?) and was one of the first people at work today. The IT women were running around shouting "Don't open the 'I love you' e-mail! Don't open the 'I love you' e-mail!" but people apparently thought they didn't mean them, as it showed up over and over in my in box, sent by various coworkers...
posted by The corpse in the library at 9:00 AM on May 5, 2010


ook: Here's a comment I posted about running one's own mailserver from April 15.

With the advent of VPSes, you can do this really cheap, too, maybe 10 bucks a month.

I don't find admin time especially onerous anymore. It did, admittedly, take me a lot of iteration to arrive at my present configuration... at this point, my primary spam defense is customized, per-sender addresses. I also have greylisting and spamassassin and bogofilter and maildrop filtering running, but those are kind of vestigial holdovers from before I converted over to per-sender emails. It's a ferociously complex setup, and I used to spend a lot of time with it, training spam and ham, but most of that seems to be obsolete now. I just keep everything running because of inertia... it's all troubleshot and all works, so I just don't screw with it, even though most of it is superfluous.

Were I doing it new, I'd probably just do a standard Postfix install, with a virtual file listing sender addresses, and that would be it for spam prevention. For reading, I'd probably use Dovecot IMAP running over SSL with a self-signed certificate*. (I believe it generates one automatically if you turn SSL mode on.) As long as I didn't need to read the catch-all address, there wouldn't be much need for anything else. I really barely have to think about mail anymore, except when I'm starting a new account with someone and need to generate an email for them to use. Takes typically about one minute from a standing start, and would be much faster if I needed to issue more than one at a time.

Thunderbird's a nice client for this kind of setup... under Manage Identities, you can add aliases that you need to send mail from. When you reply to a mail to a defined alias, it sets the return address correctly. I only do this with addresses that I expect to reply with... as it turns out, that's not very many. Most email is receive-only, at least for me.

*: This is less secure than using a private CA and issuing certificates, but you have to be masochistic to use OpenSSL's CA management stuff. The TinyCA scripts make it easier, but the pure suckage of OpenSSL still peeks through. Using a Microsoft or public CA would be an option, but self-signing is probably good enough, and it's free.
posted by Malor at 9:57 AM on May 5, 2010 [1 favorite]


Hah -- I remembered that comment, Malor, your system sounds awesome; it figures it'd be in the very thread I was thinking about. Which, reading through it again now, I do see a handful of people talking about it from the mail admin point of view; more than I remembered, anyway.

OK, odinsdream, I owe you a whatever it was we were betting.
posted by ook at 10:12 AM on May 5, 2010


come on fhqwhgads come on fhqwhgads. Everybody to the limit, the cheat is to the limit.
posted by djduckie at 10:15 AM on May 5, 2010


idiopath : I would say a system that displays things, even inline pasted into the message, is much less broken than a system that automatically opens and executes every attachment sent to you.

I don't disagree with you on that at all. Never have. It doesn't change the fact that their email system was crap though...
posted by sodium lights the horizon at 10:27 AM on May 5, 2010


How many people ever paid for the full version of Eudora?
I, er, my employer, did.
I still use it.
posted by Floydd at 11:02 AM on May 5, 2010


Heh, I just checked my virus-collection... and I still lack the ILOVEYOU virus. Sucky collection. (anyone want some Melissa? Nimda? Bagle? Kilroy?)

And me and Malor seem to be admin-twins when it comes to email server setups. The ones that have sold me out recently are Twitter tribes, that adress caught some spam the other week.
posted by dabitch at 12:49 PM on May 5, 2010 [1 favorite]


anyone want some Melissa? Nimda? Bagle? Kilroy?


Yes, I'd like to infect my dosbox with Yankee Doodle for old time sake.
posted by MiltonRandKalman at 3:31 PM on May 5, 2010


Some email addresses that have received spam:

The one I gave to Caravel.net when I registered Deadly Rooms of Death (they ignored my complaint, too, so it may be deliberate):
The address given to MacHeist (apparently this was from a hack of an external mail provider, but I still hold MacHeist responsible for giving my email address to a third party without my permission)
Vonage
Greatflowers
The linux-lvm mailing list
The Debian bugtracking system
The Motley Fool

I get a freaking hurricane of email to the GrantsInvestor address, but I think it may not be officially 'spam'. I believe I tried to unsubscribe with them and failed, and then just removed the address from my whitelist. That torrent of email may all be from them, but jesus they send a lot.

This is all spam I've gotten in the last few weeks, dumped off in my crap folder automatically. There are probably plenty of others from before the last time I cleaned it out.
posted by Malor at 6:09 PM on May 5, 2010


Oh, you send to a spam folder? I reject them in the access file directly (with special 550 messages about not selling my address to spammers thank you very much, but nobody reads rejection reasons anymore - still, it makes me feel better, so I do that).
posted by dabitch at 12:52 AM on May 6, 2010


Ahhh the ILOVEYOU virus. I remember that my wife's old company used to block emails that had the text "I love you" in them... Presumably in an attempt to avoid this virus... of course, I could still send messages to her that had ILOVEYOU in the subject line, so they were kinda blocking the wrong thing. But now my wife and I have a cutesy in-joke where I tell her that I wove her, like a basket, which became our workaround.
posted by antifuse at 9:33 AM on May 13, 2010


« Older Dune, the motion picture was made in Mexico City, ...   |   Don't like those commercials t... Newer »


This thread has been archived and is closed to new comments