Microsoft Outlook got hacked with ILOVEYOU malware and caused a loss of $8.7 billion!

Yeah, it's the grey season of cozy sweaters and cuddling (let's leave Australia out of it), and we all like some romantic experiences in our lives from time to time, but what happens when we get infected. No, not Covid or influenza or even just a cold. Infected by a lovely mail. 

How would you feel when YOU are the „I love U“ infection spreader to all of your contacts (including your boss) in your Outlook address book? What a great way to get attention from your „loved“ ones. Huh? 

The chills that you suddenly get through your spine, I feel you.

So how does this virus work: 

The ILOVEYOU malware was basically a worm, which could replicate and overwrite itself into files. It was the first computer worm to be reported in the mass media worldwide. The systemic weaknesses in the design on Microsoft outlook and Microsoft windows was an open door for this mean worm. 

This allowed the malicious code to gain full access to the operating system, secondary storage and user data simply by the unknowing user clicking on an icon. This malware was able to spread via Microsoft Outlook and, after entering the inbox, send a copy of the same email to all the addresses present in the email address book.

‍More than a love letter, it was a cyber attack!

The email contained the subject "I LOVE YOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The malware exploited a Windows setting that enables the execution of scripting languages such as Visual Basic. In addition, the worm exploited a feature in Windows that, by default, hides file extensions that malware authors can use as an attack opportunity.

$8.7 billion in damages and about $15 billion in recovery costs!

The worm originated in the Philippines on May 4, 2000. Within days, it spread like wildfire across Europe and America, causing an estimated $8.7 billion in damage. The recovery costs were estimated at around $15 billion. Almost 10% of the entire Internet was affected. Even organizations such as the Pentagon, the CIA, and the British Parliament were forced to shut down their email services. It was estimated that a total of 10 million systems were affected.

An advice to you: Whenever you get an eye-catching email, please double check it before opening it. Otherwise, you will send hopefully only a new recipe of homemade whiskey chocolate for Christmas around. But your loved ones with lactose intolerance will block you in a second! So be aware! Don’t lose good people by infection!

„Fun“ Fact: Due to the legal situation at the time (2000), the Programmer (Onel de Guzmán, who is a Filipino computer scientist) could not be charged and thus could not be convicted. In 2000, Philippine law did not yet have any specific laws against cybercrime. Only two months later, a law against malware programming was created. The Philippine Congress enacted Republic Act No. 8792 in July 2000 in response to the Loveletter incident.