Citizendia
Your Ad Here

Screenshot of the e-mail worm in Portuguese. Image credit: Sergio Savarese
Screenshot of the e-mail worm in Portuguese. Image credit: Sergio Savarese

The ILOVEYOU worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript. A computer worm is a self-replicating Computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network and it may do so without VBScript (short for Visual Basic Scripting Edition) is an Active Scripting language developed by Microsoft.

Contents

Description

The worm arrived in e-mail boxes on May 4, 2005, with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU. Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving Events 1256 - The Augustinian monastic order is constituted at the Lecceto Monastery when Pope Alexander IV Year 2005 ( MMV) was a Common year starting on Saturday (link displays full calendar of the Gregorian calendar. TXT. vbs".

Two aspects of the worm made it effective:

Spread

Its massive spread moved westward as workers arrived at their offices and encountered messages generated by people from the East. Because the virus used mailing lists as its source of targets, the messages often appeared to come from an acquaintance and so might be considered "safe", providing further incentive to open them. All it took was a few users at each site to access the VBS attachment to generate the thousands and thousands of e-mails that would cripple e-mail systems under their weight, not to mention overwrite thousands of files on workstations and accessible servers.

Effects

It began in the Philippines on May 4, 2005, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet[1] and causing about $5. Events 1256 - The Augustinian monastic order is constituted at the Lecceto Monastery when Pope Alexander IV Year 2005 ( MMV) was a Common year starting on Saturday (link displays full calendar of the Gregorian calendar. 5 billion in damage. [2] Most of the "damage" was the labor of getting rid of the virus. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations. [3]

This particular malware caused widespread outrage, making it the most damaging worm ever. Malware, a Portmanteau word from the words '''mal'''icious and soft'''ware''', is software designed to infiltrate or damage a computer system without The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a user's contact list. A contact list is a collection of screen names in an Instant messaging or E-mail program or Online game or Mobile phone. This particular worm only affected computers running the Microsoft Windows operating system. Microsoft Windows is a series of Software Operating systems and Graphical user interfaces produced by Microsoft. An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination While any computer accessing e-mail could receive an "ILOVEYOU" e-mail, only Microsoft Windows systems would be infected.

Authorship

The ILOVEYOU worm is believed to have been written by Burningice & Moon. A computer worm is a self-replicating Computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network and it may do so without The Barok trojan horse used by the worm is believed to have been written by Onel de Guzman, a Filipino student of AMA Computer University in Makati, Philippines. This article refers to a form of Malware in computing terminology Filipinos or the Filipino people are the citizens of the Philippines. AMA Computer University (AMACU is a university located in Project 8 Quezon City, Philippines. The City of Makati, or simply

An international manhunt for the perpetrator finally led to a young programming student. On May 11 (one week after the virus spread), he held a news conference and said that he did not mean to cause so much harm. Events 330 - Byzantium is renamed ''Nova Roma'' during a dedication ceremony but is more popularly referred to as Constantinople He was unable to graduate because the university rejected his thesis on the basis of its illegality. Helped by a group of friends called the Grammersoft Group, he distributed his virus the day before the school held their graduation ceremony.

Detection

Narinnat Suksawat, a 25-year-old Thai software engineer, was the first person to write software that repaired the damage caused by the worm, releasing it to the public on May 5, 2005, 24 hours after the worm had spread. Events 553 - The Second Council of Constantinople begins 1215 - Rebel Barons renounce their allegiance to King John Year 2005 ( MMV) was a Common year starting on Saturday (link displays full calendar of the Gregorian calendar. "Rational Killer", the program he created, removed virus files and restored the previously removed system files so they again functioned normally. Two months later, Narinnat was offered a senior consultant job at Sun Microsystems and worked there for two years. Sun Microsystems Inc ( is a multinational vendor of Computers computer components Computer software, and Information technology services He resigned to start his own business. Today, Narinnat owns a software company named Moscii Systems, a system management software company in Thailand.

UK company MessageLabs shot to fame when their anti-virus software, Skeptic, proactively detected the attachment as malware, thus automatically protecting all of their customers. From a little known company, they gained widespread media coverage, appearing on BBC TV and in the mainstream UK press.

The first copy intercepted by them was stopped at 00:43:26 4 May 2000 UTC, and originated from an email address in the Philippines, going to an email address in the UK. It is likely that the email was from one of the first few rounds of replication of the virus.

Architecture of the worm

The worm is written using Microsoft Visual Basic Scripting (VBS), and requires that the end-user run the script in order to deliver its payload. Microsoft Corporation is an American multinational Computer technology Corporation, which rose to dominate the Home computer Economics and Commerce define an end-user as the person who uses a product. It will add a set of registry keys to the Windows registry that will allow the malware to start up at every boot.

The worm will then search all drives which are connected to the infected computer and replace files with the extensions *. JPG, *. JPEG, *. VBS, *. VBE, *. JS, *. JSE, *. CSS, *. WSH, *. SCT, *. DOC *. HTA with copies of itself, while appending to the file name a . VBS. extension. The malware will also locate *. MP3 and *. MP2 files, and when found, make the files hidden, copy itself with the same filename and append a . VBS extension.

The worm propagates by sending out copies of itself to all entries in the Microsoft Outlook address book. Microsoft Outlook or Outlook (full name Microsoft Office Outlook since Outlook 2003 is a Personal information manager from Microsoft, and is It also has an additional component, in which it will download and execute an infected program called variously "WIN-BUGSFIX. EXE" or "Microsoftv25. exe". This is a password-stealing program which will e-mail cached passwords.

Variants

  1. Attachment: LOVE-LETTER-FOR-YOU. TXT. vbs
    Subject Line: I LOVEYOU
    Message Body: kindly check the attached LOVE LETTER coming from me.
  2. Attachment: Very Funny. vbs
    Subject Line: fwd: Joke
    Message Body: empty
  3. Attachment: mothers day. vbs
    Subject Line: Mothers Day Order Confirmation
    Message Body: We have proceeded to charge your credit card for the amount of $326. 92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! mothersday@subdimension. com
  4. Attachment: virus_warning. jpg. vbs
    Subject Line: Dangerous Virus Warning
    Message Body: There is a dangerous virus circulating. Please click attached picture to view it and learn to avoid it.
  5. Attachment: protect. vbs
    Subject Line: Virus ALERT!!!
    Message Body: a long message regarding VBS. love letter. A
  6. Attachment: Important. TXT. vbs
    Subject Line: Important! Read carefully!!
    Message Body: Check the attached IMPORTANT coming from me!
  7. Attachment: Virus-Protection-Instructions. vbs
    Subject Line: How to protect yourself from the IL0VEYOU bug!
    Message Body: Here's the easy way to fix the love virus.
  8. Attachment: Kill EmAll. TXT. VBS
    Subject Line: I Cant Believe This!!!
    Message Body: I Cant Believe I have Just received This Hate Email . . Take A Look!
  9. Attachment: Arabian. TXT. vbs
    Subject Line: Thank You For Flying With Arab Airlines
    Message Body: Please check if the bill is correct, by opening the attached file
  10. Attachment: IMPORTANT. TXT. vbs
    Subject Line: Variant Test
    Message Body: This is a variant to the vbs virus.
  11. Attachment: Vir-Killer. vbs
    Subject Line: Yeah, Yeah another time to DEATH. . .
    Message Body: This is the Killer for VBS. LOVE-LETTER. WORM.
  12. Attachment: LOOK. vbs
    Subject Line: LOOK!
    Message Body: hehe. . . check this out.
  13. Attachment: BEWERBUNG. TXT. vbs
    Subject Line: Bewerbung Kreolina
    Message Body: Sehr geehrte Damien und Herr en!

  14. Subject Line: Is this you in this picture?
    Message Body: Is this you in this picture?

Legislative aftermath

As there were no laws in the Philippines against virus-writing at the time, on August 21, 2005, the prosecutors dropped all charges against Onel A. Events 1192 - Minamoto Yoritomo becomes Seii Tai Shōgun and the De facto ruler of Japan. Year 2005 ( MMV) was a Common year starting on Saturday (link displays full calendar of the Gregorian calendar. de Guzman in a resolution signed by Jovencito Zuno. The original charges brought up against de Guzman dealt with the illegal use of passwords for credit card and bank transactions. The Philippines E-Commerce Law (Republic Act No. 8792), passed on June 14, 2005, laid out penalties for cybercrime. Events 1276 - While taking exile in Fuzhou in southern China, away from the advancing Mongol invaders, the remnants of the Year 2005 ( MMV) was a Common year starting on Saturday (link displays full calendar of the Gregorian calendar. Under the law, those who spread computer viruses or otherwise engage in cybercrime (including copyright infringement and software cracking) can be fined a minimum of 100,000 pesos (about USD$2,000), and a maximum commensurate with the damage caused, and imprisoned for six months to three years. 'Copyright infringement' (or copyright violation) is the unauthorized use of material that is covered by Copyright law in a manner that violates Software cracking is the modification of Software to remove protection methods Copy prevention, trial/demo version serial number hardware key CD check The peso ( Filipino: piso) ( sign: ₱; code: PHP) is the currency of the Philippines. The United States dollar ( sign: $; code: USD) is the unit of Currency of the United States; it has also been A prison, penitentiary, or correctional facility is a place in which individuals are physically confined or interned and usually deprived of a range of

References

  1. ^ http://news.zdnet.com/2100-9595_22-520463.html TrendMicro HouseCall online web scanner found out that one-fifths of all HouseCall users infected
  2. ^ cite web | url = http://www.catalogs.com/info/travel-vacations/top-10-worst-computer-viruses.html | publisher = WHoWhatWhereWhenWhy. com | title = ILOVEYOU | access date = 5-26-2008
  3. ^ http://news.zdnet.com/2100-9595_22-520435.html?legacy=zdnn British parliament shut down e-mail systems to prevent damage

See also

External links

The Code Red worm was a Computer worm observed on the Internet on July 13, 2001. Nimda is a Computer worm, isolated in September 2001. It is also a file infector This is a Timeline of noteworthy Computer viruses and worms 1970-1979 Early 1970s Creeper virus was detected on ARPANET The Register (" El Reg " to its staff and readers is a British technology news and opinion website
© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
 Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic