Six years ago Thursday the infamous "Love Bug" worm debuted to the dismay of the world's computer users, who fell for one of the first socially-engineered pieces of malware.
Also known as "ILOVEYOU," the worm duped millions in May 2000 into opening the e-mailed attachment by promising it was a message from a secret admirer. "kindly check the attached LOVELETTER coming from me," the e-mail's text read.
Once the worm infected the recipient's PC, it spawned clones and spread to other PCs by hijacking local e-mail addresses, a new tactic at the time. Love Bug also changed Internet Explorer's home page, destroyed image and digital music files, and snatched passwords.
The worm caused an estimated $7 to $10 billion in damage worldwide.
Filipino student Onel de Guzman, then 23, was arrested for writing the worm but was never prosecuted because the Philippines lacked anti-computer attack laws at the time.
"The Love Bug, and the Melissa worm before it, heralded a new era in malware of mass-mailing worms which relied upon social engineering to tempt people into double-clicking on malicious attachments," said Graham Cluley, senior technology consultant for Sophos, in a statement. "Users' e-mail systems became clogged up with an avalanche of malicious emails carrying worms such as Sobig, Anna Kournikova, and Naked Wife."
Cluley, however, noted that the malware landscape has changed big time in six years. Mass-mailed worms like Love Bug are declining, while Trojan horses are on a major upswing.
In 2001, for instance, Trojans accounted for only 21 percent of all malicious code; by April 2006, they made up 85 percent. Trojans, often planted by malicious Web sites in silent drive-by downloads, aim to install backdoor and other spyware to steal confidential, and salable, information such as bank and credit account passwords.
"At the time of the Love Bug most malware was written to show off, rather than to make money," acknowledged Cluley. "The new organized criminal gangs behind malware don't want their attack to hit the headlines, as that will increase the public's awareness about the threat. So they use Trojan horses, which can target a small number of people at a time, rather than mass-mailing worms which could infect millions at once."
Love Bug, and "Melissa," which preceded it by a year, are widely considered the opening salvos in the security attacks which continue to plague Windows users worldwide.