Fifteen Years After the ILoveYou Bug: Has the Face of Malware Changed?
Where were you when the ILOVEYOU bug started spreading on May 4th 2000? Was your computer one of the tens of millions of PCs the Love Letter attacked?
Exactly fifteen years ago to the day, email messages with the subject line ‘ILoveYou’ and the message ‘Kindly check the attached LOVELETTER coming from me’ started propagating to millions of inboxes. The malware-laced attachment was named LOVE-LETTER-FOR-YOU.txt.vbs. Since the vbs extension was hidden by default, it seemed to recipients that the attachment was a harmless txt file. Once the attachment was opened, a VBS script would overwrite image files and send the LoveLetter email to all contacts in the victim’s Outlook address book. The computer worm also tried to download and install a Trojan horse designed to intercept passwords and send them back to the perpetrators in the Philippines, and then rendered the machine unbootable.
Because the email was being spread by infected machines and sent to known contacts in address books, recipients thought the email was sent by people they knew. Within ten days, over fifty million infections had been reported, and it is estimated that 10% of internet-connected computers in the world had been affected. The outbreak is said to have caused $10 billion in damages worldwide.
ILoveYou Bug – Then and Now
Fifteen years ago, the ILoveYou bug was very successful in terms of number of infections and inflicted damage. Would it have been as successful now? What has changed in the malware threat landscape in the last fifteen years?
#1. Malware Awareness Has Come a Long Way
People are no longer as easily fooled. By now, most consumers know that malware can look like it is being sent from someone you know. Even though the attachment can look innocuous, it can still be malware. Attackers now need to put more effort into social engineering in order to make potential victims fall into the trap.
#2. End of the Prank Malware Era
The ILoveYou bug was designed to steal passwords and was part of a new variation of malware that was not sent simply as a prank but to provide financial gain for the attackers. Today’s malware attacks are often executed by sophisticated criminals who are after financial gains, or by state sponsored actors with political motives.
#3. Attacks Have Become More Targeted
The ILoveYou bug was spread to anyone who was misfortunate enough to be listed as a contact in an infected computer’s Outlook Address Book. In short, the attack was not very targeted. Attackers have changed their strategy in that they are now not so much going for quantity, but for quality. They will stake out their victims carefully with a clear intent toward the data they want to get their hands on. Since most corporations have valuable data, attackers are targeting specific individuals within companies and are using social engineering, such as gleaning personal information from the internet, to make their victims take the bait.
#4. Email Filters Can Intercept Spoofed Attachments
Part of the success of the ILoveYou bug was because the email attachment’s real extension was hidden, making it look like a harmless txt file. Email filters can now block dangerous files such as executables and .vbs files. Advanced email filters can also perform file type verification to ensure that email attachment extensions that have been spoofed, such as an exe file that is disguised as a txt file, will not be allowed through.
#5. Malware Now Tries to Avoid Detection
In the ILoveYou bug era, attackers did not attempt to hide the infection on your machine. As soon as the computer became infected, files would be overwritten, pop-up messages would appear, and browsers or applications would be blocked from use, making the infection obvious. In recent years we have seen the rise of more sophisticated Advanced Persistent Threats (APTs) that operate in stealth and try to avoid detection, in order to syphon off as much data as possible before being detected.
Fifteen years after the ILoveYou bug, malware is still a major problem is not going anywhere anytime soon. How can businesses protect themselves against malware attacks? Even though malware threats are increasingly sophisticated, there is still a lot that companies can do to protect themselves. By maintaining proper security practices, such as centrally monitoring devices to ensure that they are safe and patched, deploying multi-scanning with multiple anti-virus engines on servers, web proxies, clients and email servers, and educating employees in cyber security, organizations can greatly decrease their exposure.
Deborah Galea is Product Marketing Manager at OPSWAT, a company that provides solutions to secure and manage IT infrastructure, and developers of multi antimalware scanner Metascan. Deborah is dedicated to identifying solutions that help companies of all sizes secure the data workflow in their organization. Prior to joining OPSWAT, Deborah co-founded Red Earth Software, a company that specialized in email security solutions for Microsoft Exchange Server.