LoveLetter worm

The LOVELETTER worm (also called the ILOVEYOU worm) is a computer worm that successfully attacked tens of millions of computers running the Windows operating sytem in 2000 when it was sent as an attachment to an email message with the text "ILOVEYOU" in the subject line.

The worm arrived in email inboxes on and after May 4, 2000 with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". The final 'vbs' extension was hidden by default, leading unsuspecting users to think it was a mere text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. It also made a number of malicious changes to the user's system.

Such propagation mechanism had been known (though in IBM mainframe environment rather than in the MS Windows environment) and already used in the Christmas Tree EXEC of 1987, which brought down a number of the world's mainframes at the time.

Four aspects of the worm made it effective:


 * It relied on social engineering to entice users to open the attachment and ensure its continued propagation.
 * It relied on a flawed Microsoft algorithm for hiding file extensions. Windows had begun hiding extensions by default; the algorithm parsed file names from right to left, stopping at the first 'period' ('dot'). In this way the exploit could display the inner file extension 'TXT' as the real extension; text files are considered to be innocuous as they can't contain executable code.
 * It relied on the scripting engine being enabled. This was actually a system setting; the engine had not been known to have been ever used previously; Microsoft received scathing criticism for leaving such a powerful (and dangerous) tool enabled by default with no one the wiser * It exploited the weakness of the email system design that an attached program could be run easily by simply opening the attachment to gain complete access to the file system and the Registry.