LLMpediaThe first transparent, open encyclopedia generated by LLMs

I love you (computer virus)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: CERT Coordination Center Hop 4
Expansion Funnel Raw 85 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted85
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
I love you (computer virus)
NameILOVEYOU
Release dateMay 2000
AuthorReputedly Onel de Guzman
TypeWorm/Email worm
OsMicrosoft Windows
LanguageVisual Basic Script
GenreMalware

I love you (computer virus) was a computer worm that emerged in May 2000 and caused widespread damage to personal computers, corporate networks, and government systems. Originating in the Philippines, the worm propagated via email and exploited user interaction to overwrite files and exfiltrate data, prompting rapid international law enforcement cooperation and changes in cybersecurity practice. The incident influenced policies at institutions such as Microsoft Corporation, United States Department of Justice, European Union, and Internet Service Providers.

Background

In late May 2000 the worm appeared amid a landscape shaped by prior incidents like the Melissa (computer virus) outbreak and evolving standards from organizations such as CERT Coordination Center, SANS Institute, and Internet Engineering Task Force. Email systems run by providers including AOL, Yahoo!, and Hotmail became delivery vectors, while corporate domains at Enron, British Airways, and World Bank experienced disruptions. The event occurred during policy debates in bodies such as the United Nations and the Council of Europe about cross-border cybercrime and harmonization of laws like the Computer Fraud and Abuse Act and proposed European directives.

Technical details

The worm was written in Visual Basic Script and leveraged features of Microsoft Windows and Microsoft Outlook to execute when an attachment was opened. The message subject and body emulated personal correspondence to induce recipients to launch the payload, reminiscent of social engineering techniques discussed by researchers at Symantec, McAfee, and Kaspersky Lab. Once executed, the script modified files with extensions such as .vbs, .jpg, and .mp3, performed network propagation by harvesting address books from Microsoft Exchange Server and Outlook clients, and attempted to transmit copies to FTP servers. Analysts at F-Secure, Trend Micro, and academic groups at Massachusetts Institute of Technology and Stanford University dissected the code to map infection vectors, payload behavior, and potential countermeasures.

Spread and impact

Within days the worm infected millions of systems across regions including North America, Europe, Asia, and Australia, overwhelming infrastructure managed by Bell Atlantic, BT Group, and national telecoms like SingTel and Telstra. Financial losses were estimated by entities such as Gartner and IDC, and organizations including Reuters, The New York Times, and BBC News reported large-scale outages, cleanup costs, and lost productivity at institutions like NASA, Library of Congress, and multinational corporations such as Ford Motor Company and Sony. The incident strained relations between law enforcement agencies including FBI, INTERPOL, and national cyber units, and triggered emergency response measures at data centers operated by AOL Time Warner and Deutsche Telekom.

Investigations pointed to origins in the Philippines and individuals such as the student Onel de Guzman were publicly associated with the case by media outlets like The Washington Post and Los Angeles Times. Legal frameworks in the Philippines at the time lacked statutes analogous to the Computer Fraud and Abuse Act in the United States or the Council of Europe's Budapest Convention on Cybercrime, complicating prosecution. International cooperation involved agencies including INTERPOL, Royal Canadian Mounted Police, and the National Crime Agency (UK), while academic commentators from Harvard University and Yale University discussed ethical and legal implications. Some civil suits and governmental inquiries examined negligence and liability at companies such as Microsoft and major ISPs.

Response and mitigation

Organizations mobilized incident response teams drawing on guidance from CERT Coordination Center, National Institute of Standards and Technology, and private firms like PricewaterhouseCoopers and Deloitte. Mitigation steps included rolling out patches, implementing email filtering rules at Lotus Notes and Microsoft Exchange Server, deploying antivirus signatures from vendors like Symantec and McAfee, and issuing advisories through outlets such as CNET and ZDNet. Corporations revised backup strategies inspired by best practices from ISO standards and incident playbooks developed at Stanford University's security labs. The episode accelerated adoption of security awareness training at universities including University of Oxford and University of Cambridge.

Legacy and cultural impact

The worm had lasting effects on cybersecurity doctrine, influencing curricula at institutions like Carnegie Mellon University's CERT and prompting policy initiatives within the European Commission and United States Congress. It entered popular culture through coverage by Time (magazine), dramatizations on networks such as CNN and BBC, and references in literature alongside events like the Melissa (computer virus) and later incidents involving Stuxnet. The incident spurred growth in the cybersecurity industry, benefitting firms such as Palo Alto Networks, FireEye, and CrowdStrike, and encouraged the expansion of legal instruments culminating in treaties like the Budapest Convention on Cybercrime. Museums and archives including the Computer History Museum preserved materials related to the outbreak, and scholars at MIT and University of California, Berkeley continue to analyze its technical, social, and legal ramifications.

Category:Computer worms Category:Malware