Tainted love….remembering the love bug of 2000

By Siân John | June 20, 2011 | Leave a Comment 

Siân John

I realised the other day that an important anniversary passed me by last month. 4th May 2010 was the 10th anniversary of the love bug, the worm that e-mail servers will never forget.

When the love bug hit the world I was working at an independent security consultancy and this was one of the busiest days of my working life. We realised very early on in the day that this would be a game changer delivering on the threat that Melissa had shown was possible. After all, who can resist finding out why somebody loves them?

Many organisations were hit by the love bug and were struggling because their users kept clicking on the worm to discover why they were loved, despite repeated warnings from their IT departments not to. In a matter of hours this took the numbers of infected e-mails from 1 in every thousand or so to 1 in 30. A number of organisations I spoke to had to turn off their e-mail server to stop their users spreading the virus whilst they waited for the AV vendors to write signatures

The love bug was big news at the time, but in retrospect, now appears to have come in an altogether more innocent age. It was designed to cause as much damage to files as possible but was done so in a vainglorious attempt to maximise the kudos of the author. Now most malware is geared towards financial gain and we are seeing a major increase in both sophistication and targeting that makes us look at the love bug in a different light than we did at the time.

This is a different world we live in now and although we still need signatures to catch and isolate mass spreading worms such as Qakbot or Silly.FDC, the old signature based adage of the first 10 systems get infected the next 10,000 are protected doesn’t play in a world where 75% of malware infects only 50 machines and the average malware infects only 20. In a world where the generation of malware variants has commoditised in a way that office software did 25 years ago anti-malware vendors such as Symantec need to look at new ways of protecting our users. This is why we’ve developed the file insight reputation based technology that allows us to determine the context, prevalence and provenance of a file before allowing it to execute on a system.

We need to do this because malware has moved from hacking for kudos into a profit driven underground economy.

Wouldn’t it be so much simpler if we could go back to a world where malware was created by amateurs and hobbyists, attempting to disrupt as many computers as possible in order to maximise their fame, and where the only problem in determining the impact was how recent and up to date backups were.

Something tells me that this is a dream of the past and we won’t see the innocence of the love bug again.