Saying "I Love You" with All of My Malware


Thought Leadership

Saying "I Love You" with All of My Malware

Fred Touchette

Do you remember passing out Valentine’s Day cards to your elementary schoolmates?  It was a fun, innocent activity that everyone seemed to enjoy each February.  The tradition carried on into the teenage years, with cards that professed sweet sentiments and underlying love for one another.  But, unfortunately, love can be fleeting.

It is not unusual for us security analysts to see love-themed malware campaigns traverse the Internet this time of year.  It’s like cupid’s evil twin decided to shoot arrows through hard drives instead of hearts.  The underlying ruse is to attract the misty-eyed and lovelorn folk to cleverly-written subject lines.  One of the more famous and most destructive malware campaigns that took advantage of ‘love’ is known as “ILOVEYOU”, “love letter” or simply “The Love Bug”.

The Love Bug originated in May 2000 and was a self-propagating worm that attached itself to emails with the subject line, “ILOVEYOU” and an attachment labeled “LOVE-LETTER-FOR-YOU”. The attachment was made to look as if it were a simple .txt file though it actuality was a .vbs (Visual Basic Scripting) file that ran when the file was opened. The fact that the file had a hidden double extension was due to how Windows operating systems interpreted the filenames at the time of reading them (from left to right and stopping after the first period it came across), thereby hiding the rest of the filename and its true file type. Once executed, The Love Bug would replace the majority of files on its new host computer with copies of itself and would then go as far as to place itself in the Windows Registry to make sure it ran at every startup. The worm would also propagate by sending its malicious payload to every contact in the infected machine’s contact list, which allowed it to travel quickly and spread across borders in a matter of hours. In the end, it was said that ‘ILOVEYOU’ spread to at least 20 countries and caused more than $15 billion dollars in damages.

The Internet worm has evolved since its early inception as a self-propagating concept. In the past, worms like The Love Bug relied on email to get from machine to machine, but nowadays, that’s just one of the arrows in their quiver of tricks. Now an Internet worm can seek out attached media devices or traverse network shares. Or in the case of Stuxnet, even jump onto an air-gapped network and make its way through very specific industrial control systems.

It’s amazing to think of the leap in technology in just the last 15 years and the dangers that have evolved alongside it. Back in 2000, Anti-virus and Firewalls were a foreign concept to many computer users.  Now they’re both considered baseline security measures and come pre-installed and run alongside the most common operating system.

We still see these types of cyber tricks that attempt to manipulate users’ heart strings and encourage rash decisions. Such attacks can –and do- propagate quickly over social media as well as other, more traditional methods such as email and infected websites. When The Love Bug made its initial rounds in 2000, there were an estimated 361 million people using the internet. Today, there are about 1.23 billion active monthly users on Facebook alone and an estimated 3.1 billion Internet users. That is a huge target demographic primed and ready to click on the first love letter that appears in their inbox.

Malware authors are always looking for a chance to leverage a newly-discovered vulnerability. That’s why it is so important for users to remain vigilant.  If it looks too good to be true, it is. If you don’t recognize the sender or you weren’t expecting a piece of mail that shows up in the inbox, it’s best to air on the side of caution and just delete it. Stay informed and in touch with potential pitfalls. If we all use a little more caution we can make a great impact in IT security so that everyone can enjoy this holiday with loved ones rather than formatting hard drives and monitoring bank accounts for illicit activity.