By Editor
It was partly through taking advantage of our
emotional rather than technical vulnerabilities that VBS/LoveLetter – also
known as the Love Bug virus – caused such a trail of destruction when it hit
the inboxes of its first victims on the morning of May 5th, 2000.
“Kindly check the attached
LOVELETTER coming from me.”
Displaying the title I LOVE YOU in the subject
line, the email was immediately effective. It included the following body
message: “Kindly check the attached LOVELETTER coming from me.” The attachment
was a file, titled: LOVE-LETTER-FOR-YOU.TXT.VBS, which contained the virus’s
code.
According to David Harley, Senior Research Fellow
at ESET, much of the virus’s success was a result of “unusually successful
social engineering”. He explains: “It was unusual enough to persuade a victim
to open it out of curiosity or in the expectation of reading some kind of
joke.”
As its victims would find out, there was very
little to laugh about.
Write me a letter
Originating in the Philippines, the Love Bug was
the brainchild of two computer programmers, Reonel Ramones and Onel de Guzman.
Although they were arrested, they were never prosecuted due to a lack of
anti-malware legislation in the country at the time.
From there, the virus spread to Hong Kong, to
Europe and finally arrived reached the US just as offices were opening up in
the morning, as Lysa Myers, Security Researcher at ESET, remembers:
“My day of the outbreak started at 5AM, when I was
called in to help with the unprecedented number of reports we got from people
who’d been affected. A huge variety of people wrote in with tales of woe;
everyone from government offices whose email servers had been kneecapped by the
load of virus-laden messages, to grandparents who were heartbroken to find that
pictures of grandchildren had been irreparably destroyed by the virus.”
“Much of the virus’s
success was a result of ‘unusually successful social engineering’.”
Adding to its seemingly innocent façade, the email
appeared to come from a known contact – the worm would infiltrate a victim’s
address book, sending replicas of itself to personal and business contacts.
In this way, LoveLetter was more harmful than its
predecessor Melissa, which also took advantage of mass-mailing on its release
in 1999.
Toxic
One (double) click on the attachment was all it
took. Once released, the virus began its attack by overwriting files within the
computer system (as well as mailing itself to contacts).
And its damage was widespread: it is estimated to
have infected over 55 million computers around the world, causing billions
of dollars of damage, estimated between US $5 billion and $10 billion.
“Many of the same
vulnerabilities are [exploited] by today’s ransomware, as those used by
LoveLetter.”
To counter its spread, Chey Cobb, head of INFOSEC
in the US “advised all US government agencies to disconnect from the internet
until the thing was contained”.
Many large corporations followed suit, with the
British Parliament, the Pentagon and the CIA shutting down their internet
connections to avoid damage to their systems.
Reach out
So, what came of this? For one, it did lead
businesses to explore alternative ways of alerting users to potential inbox
viruses. Some companies reverted to old fashioned methods and stuck paper
notices on people’s doors; others left urgent voicemails; and, around the
world, bosses did everything they could to ensure the first email in their
employees’ inbox was a warning about LoveLetter.
Bruce P. Burrell, yet another Security Researcher
at ESET, explains the importance of establishing contact via any medium
available, in the instance of an inbox virus: “When one medium is bogged down
[we need to] use whatever other channels available to reach people …
Today that would include using social media, putting up a blurb on the
company home page, on the internal network, etc.”
Additionally, as Myers explains, it helped security
professionals “refine policies and procedures that were put in place to help us
respond quickly and consistently even in the most overwhelming emergencies”.
Finally, whilst both computer security and methods
of infiltration have evolved, security systems are often only as effective as
their human users – many of us still fail to protect our systems with security
software or to back up our data.
This Valentine’s … back up your data
Rather than letting our emotions sway our
decisions, as a general rule, the advisable precaution would be to always
double-check attachments before opening them by (a) never opening attachments
or clicking on links in unsolicited email (or in Facebook, IMs, etc), even when
they appear to be from those you know and trust and (b) before opening, contact
the purported sender to see if s/he actually did send you something, and if so,
exactly what it is.
No matter how enticing the subject matter may seem,
the risk is never worth it.