Il 4 May of the 2000, millions of users were faced with aEmail from the seemingly harmless object: “ILOVEYOU“. A message that seemed romantic, perhaps a little naive, but which concealed one of the greatest cyber threats in history: a virus, or rather a worm, destined to enter the legend of cybersecurity.
Within a few hours, that attached file brought computer systems worldwide to their knees: companies, institutions, governments. It was the dawn of the first real cyber emergency of the 21st century, and for many the sudden discovery of the digital vulnerability in an era that was just beginning to connect.
Over the course of two weeks, over 50 million computers were infected. Such rapid and widespread propagation that it remains, even today, a case study in computer security manuals. No attack up until then had hit with such force. And although much more sophisticated attacks followed over the years – from Stuxnet, the malware that sabotaged Iranian nuclear facilities, up to modern ransomware that paralyze hospitals and entire cities – even today, 25 years later, the worm ILOVEYOU remains a milestone. Not so much for its power, but for what it taught us.
A (malicious) love letter
Il trick It was as simple as it was effective. The email appeared to be from a trusted contact and contained an attachment named: “LOVE-LETTER-FOR-YOU.TXT.vbs”. At the time, Windows hid by default the file extension, making that “.vbs” (which indicated an executable script) invisible and making the file look like a normal text document.
In message body, a few words in broken English: “Kindly check the attached LOVELETTER coming from me.” This was enough to disarm the mistrust and push millions of users to click. Just one click to trigger the infection.
A simple, yet devastating virus
ILOVEYOU was a worm: A malware able to replicate and spread independently. Written in Visual Basic Scripting, used Microsoft Outlook to send itself to all contacts of the infected user. Once activated, overwrote media files and documents, made some files invisible, changed the Internet Explorer home page, and in some cases downloaded software that could steal passwords.
The attack it did not require any special skills by the user: did leverage on standard functions of Windows and on a daily, almost instinctive gesture. Precisely theextreme simplicity of the mechanism was the key to success.
An unstoppable global spread
Left from the Philippines, the worm reached Hong Kong, Europe and finally the United States within hours. In less than 24 hours, the contagion was out of control. In the United States, the Department of Defense, the CIA and NASA suffered serious operational disruptions. In Europe, the British Parliament was forced to shut down its email servers for two hours. In Italy, the Treasury was also among those affected.
Le countermeasures were drastic: Many multinational corporations and public agencies temporarily disabled email in an effort to contain and eliminate the threat.
According to contemporary estimates, the worm caused damages of approximately 5,5 billion dollars, a figure that included not only data loss, but also operational disruptions, emergency response and system recovery costs.
Who was behind ILOVEYOU
But who was really behind ILOVEYOU? No state, no organized criminal group. investigations they led to Manila, in Philippines, where the author was identified in Onel of Guzman, a 23 year old college student. Months earlier, he had presented a thesis focused on the creation of a software capable of obtaining free access to the Internet. According to investigators, the worm was born from that work.
De Guzmán was identified but he was never convicted. At the time, Philippine law did not yet cover computer crimes, and there was a complete lack of an international legal framework capable of filling the regulatory gap.
In an interview given to Guardian in 2020, de Guzman admitted paternity of the virus, explaining that he acted for economic reasons: could not afford a stable Internet connection and was looking for a way to get free login credentials.
The virus that changed digital security
ILOVEYOU left a profound legacy e changed cybersecurity forever. Microsoft was forced to change some default settings in Windows and Outlook. Antivirus manufacturers they began to develop tools that could detect suspicious behavior, not just already known digital signatures.
Among technical curiosities: the worm contained strings like “WIN-BUGSFIX” and used the real domain skyinet.net to redirect infected browsers. It was the more aggressive and refined version of another virus that had been circulating shortly before: Melissa, which limited itself to sending the email to 50 contacts. ILOVEYOU had no limits.
The real weak point: the human being
La real news – and the most enduring legacy of the ILOVEYOU worm – it was another: first, a global cyber attack did not exploit a technical vulnerability, but a psychological weakness. Not a bug in the software, but in the human being. The decisive weapon was theSOCIAL ENGINEERING: the ability to manipulate emotions and behaviors to push the user to trust. No sophisticated exploits, just a false declaration of love. A well-packaged trap, which played on an instinctive and universal reaction: “But yes, it will be nice, I'll click on it.”
As he observed Greg Day, cybersecurity expert: “The concept of social engineering used by the virus has been extremely effective and, unfortunately, continues to be successful even today.".
Since then, the cybercrime has made great stridesWe've gone from worms to ransomware that ask for ransom in bitcoin, from email attacks to deepfake who imitate faces and voices to scam. Yet, the the heart of the problem remains unchanged: The most dangerous vulnerability is not in software, but in human nature. Curiosity, distraction, desire to trust: a friendly email, a familiar name, a seemingly innocuous link are enough to open the door to intrusion. And so, ILOVEYOU, a romantic virus in name only, continues to remind us today how fragile cyberspace is.
