The ILOVEYOU virus comes in an e-mail note with “I LOVE YOU” in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient’s Microsoft Outlook address book and, perhaps more seriously, the loss of every JPEG, MP3, and certain other files on the recipient’s hard disk. Because Microsoft Outlook is widely installed as the e-mail handler in corporate networks, the ILOVEYOUvirus can spread rapidly from user to user within a corporation. On May 4, 2000, the virus spread so quickly that e-mail had to be shut down in a number of major enterprises such as the Ford Motor Company. The virus reached an estimated 45 million users in a single day.
The attachment in the ILOVEYOU virus is a VBScript program that, when opened (for example, by double-clicking on it with your mouse), finds the recipient’s Outlook address book and re-sends the note to everyone in it. It then overwrites (and thus destroys) all files of the following file types: JPEG, MP3, VPOS, JS, JSE, CSS, WSH, SCT and HTA. Users who don’t have a backup copy will have lost these files. (In March 1999, a virus named Melissa virus also replicated itself by using Outlook address books, but was less harmful in destroying user files.) The ILOVEYOU virus also resets the recipient’s Internet Explorer start page in a way that may cause further trouble, resets certain Windows registry settings, and also acts to spread itself through Internet Relay Chat (Internet Relay Chat).
One of the first steps companies used to ward off the ILOVEYOU virus was to screen out notes with ILOVEYOU in the subject line. However, hackers quickly introduced copycat variations with subject lines variously identifying “JOKE” and “Mother’s Day!” as the content, but containing the same or similar VBScript code. At least 12 variations have been identified. The most sinister mutation is undoubtedly the one with the subject line containing “VIRUS ALERT!!!” Posing as a virus fix from Symantec, the note starts out with “Dear Symantec Customer.” The attachment (which should not be opened) is “protect.vbs.”
Companies and users are advised to get or update anti-virus software that can help screen for the virus and remove it for users whose systems have been infected. Users are always advised never to open an e-mail attachment without screening it with anti-virus software or knowing exactly who sent it and what it is.