Getting a love letter in your inbox might make you blush, depending on who sent it. But 20 years ago, email messages with the subject line “ILOVEYOU” weren’t actually so sweet. They came with a virus attached, and that love letter racked up billions of dollars in damages. Two decades later, the author of the not-so-affectionate virus has admitted to unleashing the malicious code.
According to the creator of the virus, also known as the “Love Bug,” he never intended for it to cause as much damage as it did. Or any damage at all, really. Geoff White, a writer for BBC News, says he tracked the culprit down at a mobile phone repair shop in Manila. His name is Onel de Guzman, and he’s now 44 years old.
Guzman claims he wrote an earlier virus with the intent of stealing dial-up internet passwords. As he explains it, ILOVEYOU was based on that previous virus he wrote, but with the added ability to send itself to a person’s Outlook contacts. Guzman says he couldn’t afford internet access at the time, so he started out by targeting login information from users in his area before casting a wider net.
The wider net turned out to be troublesome, and costly. According to CNN, at its height ILOVEYOU was on pace to cause $10 billion in damages. Some estimates have the financial impact being even higher. Finding a breakdown why exactly it was so financially disruptive is hard to come by, but is presumably related to the costs of removing the virus, restoring impacted files and system, and associated downtime to deal with the mess, as well as strengthening security in general. Regardless, It hit major corporations like Ford and government agencies around the globe.
“He is not really aware that the acts imputed to him were indeed done by him,” Guzman’s lawyer stated in a press conference on Sunday, according to CNN. “So if you ask me whether or not he was aware of the consequences I would say that he is not aware.”
In a blog post, security outfit Sophos breaks down how the virus worked, explaining the payload was contained in a Visual Basic Script file disguised as a benign text file. This was in the early days of webmail. When clicked on, the malicious file would get busy overwriting and infecting other files on a victim’s PC, including images (JPEG) and music files (MP3). It would also attempt to spread over IRC, a popular instant messaging protocol in the early 2000s, not just email.
This brings up an interesting question that Guzman doesn’t really address—if the intent of his first virus was simply to steal login information for internet access, why did ILOVEYOU overwrite files that had nothing to do with that? His interview with the BBC doesn’t offer a direct answer, but it does sound like he just wanted to see how far it could spread. Guzman “created a title for the email attachment that would have global appeal, tempting people across the world to open it… De Guzman claims he sent the virus initially to someone in Singapore, and then went out drinking with a friend. The first he knew of the global chaos he had unleashed was when his mother told him police were hunting a hacker in Manila.”
Much has changed in the malware business since ILOVEYOU emerged, though the basic concepts are the same—it was essentially a phishing scheme. And 20 years later, Windows still hides file extensions, unless you manually configure it to show them. This makes it easier to spoof files, like masking a malicious executable as a plain document or image.
As for Guzman, he managed to escape being punished because what he did was not illegal in the Philippines at the time.