Ask a Teacher



who created computer virus called i love u? can u display its script? any kid below age of 18 had any virus or not.explain please??

The author of this "Love Bug" virus was Rodel Lequip and Onel de Guzman. Victims would receive an e-mail with the heading "I Love You" and the moment they opened it, the virus would infect their computers and e-mail itself to every contact in their address book. This caused the virus to spread like wildfire (6 Degrees of Separation Theory) and wreak a lot of cyber-havoc. 

Guzman was a student at Ama Computer College in Makati who dropped out a few months before the virus was released (around early May 2000). The unfortunate fact was that the Philippines didn't have any anti-computer hacking laws in place at the time. New legislation was introduced in June, but could not be applied to the Love Bug case (post-facto law).
ILOVEYOU, also known as Love Letter, is a computer worm that successfully attacked tens of millions of computers in 2000 when it was sent as an attachment to a user with the text "ILOVEYOU" in the subject line. The worm arrived e-mail on and after May 4, 2000 with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.". The final extension was hidden by default, leading unsuspecting users to think it was a normal text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. It also made a number of malicious changes to the user's system.
Such propagation mechanism had been known (though in IBM mainframe rather than in the MS Windows environment) and used already in the Christmas Tree EXEC of 1987 which brought down a number of the world's mainframes at the time.
Four aspects of the worm made it effective:
? It relied on social engineering to entice users to open the attachment and ensure its continued propagation.
? It relied on a flawed Microsoft algorithm for hiding file extensions. Windows had begun hiding extensions by default; the algorithm parsed file names from right to left, stopping at the first 'period' ('dot'). In this way the exploit could display the inner file extension 'TXT' as the real extension; text files are considered to be innocuous as they can't contain executable code.
? It relied on the scripting engine being enabled. This was actually a system setting; the engine had not been known to have been ever used previously; Microsoft received scathing criticism for leaving such a powerful (and dangerous) tool enabled by default with no one the wiser for its existence.
? It exploited the weakness of the email system design that an attached program could be run easily by simply opening the attachment to gain complete access to the file system and the Registry.


The worm is written using Microsoft Visual Basic Scripting (VBS), and requires that the user run the script in order to deliver the payload. It adds a number of registry keys so the worm is initialized on system boot.
The worm will then search all drives which are connected to the infected computer and replace files with the extensions *.JPG, *.JPEG, *.VBS, *.VBE, *.JS, *.JSE, *.CSS, *.WSH, *.SCT, *.DOC *.HTA with copies of itself, while appending to the file name a .VBS. extension. The worm will also locate *.MP3 and *.MP2 files, and when found, make the files hidden, copy itself with the same filename and append a .VBS extension.
The worm propagates by sending out copies of itself to all entries in the Microsoft Outlook address book. It also adds registry keys that direct the Windows operating system to download and execute a password-stealing Trojan variously called "WIN-BUGSFIX.EXE" or "Microsoftv25.exe."



comments powered by Disqus