The Love Bug - six years on, Sophos comments on the changing malware landscape

Sophos Press Release

"May the fourth be with you.."

Onel de Guzman is suspected of being the author of the Love Bug worm
Onel de Guzman is suspected of being the author of the Love Bug worm.

Six years ago today, on 4 May 2000, the VBS/Lovelet-A virus (also known as the Love Bug or ILOVEYOU worm) caused considerable damage as it infected computers worldwide. But according to experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, a lot has changed in the malware landscape in that time.

The Love Bug worm, believed to have been written by Filipino student Onel de Guzman, fooled computer users into believing they were receiving a love letter in their email. However, if the attached file was opened the virus would forward itself to other email addresses found on the infected computer.

"The Love Bug, and the Melissa worm before it, heralded a new era in malware of mass-mailing worms which relied upon social engineering to tempt people into double-clicking on malicious email attachments," said Graham Cluley, senior technology consultant for Sophos. "Computer users' email systems became clogged up with an avalanche of malicious emails carrying worms such as Sobig, Anna Kournikova and Naked Wife. However, mass-mailing worms are now on the descent, as we are witnessing a huge rise in targeted Trojan horse attacks instead."

In 2001, 21% of all threats discovered by Sophos were Trojan horses. By April 2006, this figure had risen to 86% as hackers used Trojan horses to download malicious code, spy on users, steal information or gain unauthorised access to computers.

"Trojans are often spammed out to unsuspecting users, or planted on websites, in an attempt to secretly install themselves on victims' computers. Once in place they can open backdoors for hackers to steal information, including sensitive data such as banking passwords," continued Cluley. "It is barely remembered by most, but the Love Bug was actually a precursor to some of this kind of activity as it was conceived to try and steal internet connection passwords to give its creators cheaper access to the net."

After the appearance of the Love Bug on 4 May 2000 many other viruses emerged which used similar tricks to tempt users into double-clicking on a malicious attachment. Memorably in 2001 a worm which pretended to be pictures of the Russian tennis pin-up Anna Kournikova successfully spread around the globe. Other viruses posed as files connected with Shakira, Britney Spears, Paris Hilton or Jennifer Lopez.

Sophos experts believe that many computer users are still at risk of falling for malware with a psychological trick up its sleeve, but that financially-motivated hackers now prefer to use Trojan horses rather than mass-mailing worms.

"At the time of the Love Bug most malware was written to show off, rather than to make money. The new organized criminal gangs behind malware don't want their attack to hit the headlines, as that will increase the public's awareness about the threat. So they use Trojan horses, which can target a small number of people at a time, rather than mass-mailing worms which could infect millions around the globe at once," continued Cluley. "It's sad to say, but although technology may have improved in the last six years, the majority of the general public are still woefully uneducated about how to act safely online and best protect their bank accounts and identities."

Laws designed to combat computer misuse were only introduced in June 2000 by the authorities in the Philippines as a result of the Love Bug incident. These laws could not be backdated, and suspect Onel de Guzman walked free.

"No-one has ever been convicted for spreading the Love Bug virus, and it seems they probably never will," said Cluley.

Sophos continues to recommend that companies protect their email with a consolidated solution to thwart the virus, spyware and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection. Sophos also recommends that users are educated in safe computing guidelines to help reduce the risks.

For more information about the latest trends in viruses, spyware and spam read the in-depth Sophos Security Threat Management Report 2005:

Download "Sophos Security Threat Management Report 2005"

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at