Michael Gazeley was in his office in Star Computer City on the afternoon of May 4, 2000. Star Computer City was a collection of IT companies and shops selling electronics and gadgets in Hong Kong.
A few months earlier, Gazeley and his long-time business partner, Mark Webb-Johnson, founded their own information security company, Network Box, which specialised in protecting customers from cyber threats.
All the phones in his office suddenly started ringing at once. First it was his clients, then all sorts of people calling frantically in the hope that Network Box could help stop a virus moving through their computer systems and destroying their data.
They all told the same story: Someone in the office had received an email with the subject "ILOVEYOU" and the message: "Please check the attached love letter ("LOVELETTER") coming from me." When they opened what appeared to be a text file, the virus installed and sent copies of itself to everyone in their email contact list. The contacts thought the email was either a weird joke or a serious declaration of love from someone they knew, so many of them reopened the attachment and spread the virus further. Microsoft Office email servers were mainly affected.
It quickly turned out to be much worse than just an annoying chain letter. While replicating itself, the ILOVEYOU virus destroyed much of the victim's hard drive, renaming and deleting thousands of files.
Worldwide computer chaos
From Hong Kong, where the virus crippled communications and ravaged the file systems of investment banks, PR firms and news agencies, ILOVEYOU spread west as the May 4 workday began.
Graham Cluley was on stage at an IT security conference in Stockholm when the virus hit Europe. He had just finished describing an unrelated virus that targeted a particular operating system and took over users' accounts to send messages to their colleagues.
As the conference was taking a coffee break, many of the participants started receiving emails they saw on their mobile phones. Several attendees approached Cluley and asked if the virus he had described was being spread via email. He assured them that it was not. The participants were surprised when they all received emails with the subject ILOVEYOU.
When Cluley turned on his own phone, he was bombarded with notifications of unanswered calls, voicemails and text messages. Cluley's employer, anti-virus firm Sophos, was inundated with phone calls from clients asking for help and journalists trying to understand what was going on.
In five hours, ILOVEYOU spread through Asia, Europe and North America. It spread about 15 times faster than the Melissa virus did when it was sent out a year earlier, infecting over 1 million computers.
Many large companies were affected, including Ford Motor Company and Microsoft, whose Outlook software was the primary means of spreading the virus. At the time, Windows held more than 95% of the personal computer market and Outlook was part of Microsoft Office, which was used by almost everyone in their workplace.
The virus also spread rapidly in the US, as almost everyone seemed unable to resist opening the "love letter". In the Pentagon, panic spread when the virus infected the email list of The United States Army Forces Command (FORSCOM). The list had 50,000 contacts. From there, the virus reached many of the major military bases in the US.
A suspect emerges
Four days after the virus began spreading, police in the Philippines raided an apartment in Manila and seized phones, hard drives, wires and cassette tapes. They also arrested one of the residents, Reomel Ramones.
Ramones was a 27-year-old man who worked in a local bank. Police did not believe he could be behind the virus, so their attention turned to the apartment's other two occupants: Ramones' girlfriend, Irene de Guzman, and her brother, Onel. Onel de Guzman, who was not in the apartment at the time, was a student at AMA Computer College.
While police initially could not prove de Guzman was the ringleader, some staff at his college gave them a rejected final thesis he had written. The thesis contained the code for a program that looked surprisingly similar to ILOVEYOU. In the abstract of the thesis, de Guzman wrote that the goal of his program was to steal Windows passwords and Internet accounts from victims' computers. Police had found the man behind the devastating virus.
ILOVEYOU and variations of it ended up costing $10 billion in damage before updates to anti-virus software and email clients could stop them. To this day, ILOVEYOU remains one of the viruses that has infected the most computers in the worldsplan. It ended up infecting many millions of computers and other systems.
About the author
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.