Twenty years have passed since cybercriminals demonstrated the role that human psychology can play in the spread of malware. Do you remember that?
In 2000, Windows XP was nothing (and it would have taken Microsoft until 2004 to close its security gaps with Service Pack 2), and the IT world as a whole was more innocent.
Windows and Office applications like to hide the extensions of known file types and don’t warn you that something could happen if you open an attachment in an email. In the world of Microsoft, the visual BASIC script prevailed.
So, unfortunately, it was inevitable that someone would do something wrong. Enter ILOVEYOU.
The worm was a simple and pleasant thing. The user has received an e-mail with the subject line ILOVEYOU (or similar) and a text asking the victim to open the attachment to see these words of love. In the application, there was a Visual BASIC script file, although the .vbs extension wasn’t visible because it was a known hellish file type.
A simple scenario would be to use the victim’s address book (as Windows is less secure than a paper tea bag from then on) for further email communication, with the computer being damaged to varying degrees depending on the option chosen. Some do not only cause inconvenience, others rename the files so that the PC cannot be booted.
Like a BASIC visual script, the attackers simply had to modify the malware to do all kinds of non-reproducible things.
Although it wasn’t the first worm that caused headaches for computer users (Melissa’s macro did bad things with a malicious Word document last year), it was the first to really show the potential role of social engineering on the Internet.
The worm itself appeared on the 4th. The virus spread through email systems over the next 24 hours and eventually infected a large number of Internet-connected computers around the world. Cleaning systems and restoring backups proved to be a costly headache for administrators still recovering from the Y2K hangover.
Unlike Melissa’s creator, the makers of ILOVEYOU were eventually released by the Philippine authorities without compensation. In the meantime, the country has strengthened its laws.
Although the worm has not brought wealth to its creators (one of them, Onel de Guzmán, was recently found working in a mobile phone workshop in Manila), it has changed the landscape of cybercrime: for criminals, for those accused of fending off attackers and for those accused of training users on what should not be revealed.
The social engineering aspect of the attack is retained, while increasingly sophisticated phishing scammers are tempted to click on what they shouldn’t be and insert credentials in places they will regret.
Jens Monrad, head of intelligence at EMEA Threats to FireEye, told the registry: The year 2000 changed the ecosystem of writing malware and cybercrime by releasing malware that can be used to attack government websites and use infected computers in online adware systems.
However, a few years after the arrival of ILOVEYOU, ZeuS (2007) and Gozi, plans appeared to monetize epidemics and the theft of bank data, not just to make noise, as Monrad said.
Recently, criminals have used social engineering to exploit the public’s fear of VIDOC-19. SonicWall recently reported the discovery of a phishing email containing a file in Word format called COVID-19 stop.zip.
IHATU virus to combat COFU
This option, focused on Chrome, tries to capture the user’s bank details.
The SonicWall 2020 threat report shows a 52 percent increase over the previous year, according to EMEA Vice President Terry Greer-King : Cybercriminals do everything they can to exploit their trial period by enticing users to access dangerous files using sources they think are reliable.
According to Monrad, malware now plays an important role in the cybercrime ecosystem, and while ILOVEYOU is not designed to make money for its creators, the social engineering method that attempts to entice users into clicking on a link or opening an attachment is perhaps ILOVEYOU’s most important legacy. ®
Webcast : Build a new generation of your business in the public cloud.