ILOVEYOU (computer worm)

ILOVEYOU was a mass-mailing worm in May 2000 that propagated through email attachments, infecting millions and prompting major changes in email, OS defaults, and computer-crime law.

Overview

ILOVEYOU was a fast-spreading computer worm first observed on May 5, 2000. It reached large numbers of personal and corporate computers within hours by exploiting human trust: users received an email with the subject line "ILOVEYOU" and an attached file that appeared to be a harmless text message. When recipients opened the attachment, the program executed and began replicating itself.

How it worked

The worm was written in Visual Basic Scripting (VBScript) and crafted to take advantage of several default behaviors of the Windows operating system and popular email software at the time. The attachment was typically named "LOVE-LETTER-FOR-YOU.txt.vbs." Because Microsoft Windows commonly hid known file extensions by default, many users saw only "LOVE-LETTER-FOR-YOU.txt" and treated it like a plain text file. Opening the file ran the script instead of displaying a message.

The script overwrote and replaced many user files (for example, image and media files) with copies of itself in some variants, rendering original content inaccessible.
It used Microsoft Outlook to send copies of the infected attachment to addresses found in a user’s address book, enabling rapid propagation across organizations and personal contacts.
Different variants existed; the code could be modified easily, so payload behavior varied between versions.

Spread and impact

ILOVEYOU propagated with remarkable speed. Estimates of the number of infected systems vary, but many reports cite tens of millions of machines affected worldwide. The worm generated massive volumes of email traffic and caused widespread disruption to businesses and public institutions. Economic impact estimates differ across sources; some commonly referenced figures place the cost of cleanup, lost productivity, and other consequences in the range of billions of dollars.

Investigation and legal aftermath

Authorities identified a student from the Philippines, Onel de Guzman, as a primary suspect. At the time, local computer-crime laws did not clearly encompass the actions he was suspected of, and international prosecution proved difficult. The ILOVEYOU incident highlighted gaps in legislation and cross-border enforcement that many countries later addressed.

Legacy, responses and lessons

The ILOVEYOU outbreak had several lasting effects on computing and security practice. Email clients and operating systems introduced or changed defaults to make script execution less automatic and to display full file extensions. Corporations and institutions strengthened filtering of attachments, limited macro and script execution, and improved user education about social engineering. The incident also accelerated adoption of antivirus tools and spurred new or revised computer-crime laws.