A simple email with the subject line “ILOVEYOU” became one of the most damaging cyberattacks in history when it spread across the world in May 2000, infecting an estimated 45 million computers within 24 hours and causing billions of dollars in losses.
The email appeared to come from someone the recipient knew and contained an attachment named LOVE-LETTER-FOR-YOU.txt.vbs. Since many email clients at the time hid file extensions, users often saw only LOVE-LETTER-FOR-YOU.txt, making it appear harmless. Once opened, the Visual Basic Script executed automatically, sending copies of itself to every contact in the victim’s Microsoft Outlook address book.
The worm quickly spread through corporations, government agencies, and military networks across North America, Europe, and Asia. To contain the outbreak, the Pentagon, the CIA, and several other major institutions temporarily shut down their email systems. Businesses worldwide disconnected employees from email networks while attempting to remove the infection.
The malware was relatively simple by today’s standards. The code was only 10.31 kilobytes in size and used no advanced hacking techniques. Its success relied almost entirely on social engineering. By using the subject line “ILOVEYOU” and appearing to come from a trusted contact, the email convinced millions of users to open the attachment.
Once activated, the worm carried out 2 primary functions. First, it replicated itself by sending copies to every contact in the victim’s address book. Second, it searched the computer for image, video, music, and document files and replaced them with copies of its own code, effectively destroying the original files. It also installed a hidden program designed to collect stored internet passwords and send them to an email address registered in the Philippines.
Investigators later traced the attack to Manila, where evidence led authorities to Onel de Guzman, a former computer science student. A rejected thesis proposal written by de Guzman had outlined software capable of obtaining internet passwords to gain free online access. Authorities concluded that he had created and released the ILOVEYOU worm on 4 May 2000.
Despite being identified as the creator, de Guzman was never prosecuted because the Philippines did not have specific cybercrime laws in place at the time. More than 2 decades later, the ILOVEYOU incident remains one of the most significant examples of how human behavior can be exploited to fuel a global cyberattack.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.