đ
The World's Worst Computer Virus: The I Love You Virus (Demonstration) - YouTube
Channel: NationSquid
[0]
May 5, 2000, a very average day for the very
average business supervisor.
[7]
Though in just a couple of hours, it would
quickly turn into a day of utter chaos and turmoil.
[14]
Nearly every install of brand-new computer
software damaged beyond repair, over 13,000
[21]
pieces of malware detected in just one office
building, and soon, over $20 billion in damage
[29]
seen all across the world.
[32]
What happened?
[34]
These catastrophic events were the work of
a new computer worm that was circulating the
[39]
internet: âILOVEYOU.â
[42]
Quite an ironic name, but it was derived from
the fact that the worm would disguise itself
[47]
as a love letter coming from a secret admirer.
[51]
The worm would eventually enter the Guinness
Book of World Records as the most âvirulent
[56]
computer virus of all time.â
[59]
What exactly allowed it to cause this much
damage, and how did it work?
[64]
The virus originated in the Philippines and
was created by two programmers, Onel De Guzman
[71]
and his friend, Reonel Ramones.
[73]
It was allegedly developed by taking other
pieces of malicious software found online
[78]
and putting them all together.
[80]
The success of the virus relied on Visual
Basic Scripting, commonly seen as a .vbs file,
[86]
and the gullibility of non-tech savvy computer
users, who used Windowsâ new feature of
[91]
hiding file extensions by default.
[94]
The brand-new OS, Windows 2000, was the first
version of Windows to implement this change.
[102]
The option to hide file extensions goes all
the way back to Windows 95, but users had
[107]
to turn this on voluntarily.
[109]
Microsoft made this change to increase convenience
for their end users, but as a result, also
[115]
created the golden opportunity for malware
developers.
[119]
This was something that they could greatly
take advantage of, and hereâs how:
[124]
Recipients of the ILOVEYOU worm would receive
an email from someone in their Microsoft Outlook
[129]
contact list, reading as follows: âkindly
check the attached LOVELETTER coming from me.â
[136]
The actual worm was listed as an attachment,
and the name of the file shows exactly how
[141]
the creators carried this out.
[144]
Although the file ends in .vbs, the extension
.txt is delusively added to the file name.
[151]
When average Windows 2000 users downloaded
this file, it would appear as only â.txtâ
[158]
on the desktop, giving the impression that
it was a genuine text file.
[164]
This alone is why the virus mostly affected
computers with Windows 2000, but earlier versions
[170]
like 95 and 98 could still get infected, as
those who didnât hide file extensions and
[176]
saw the .vbs at the end just chose to ignore
it.
[181]
The moment the file was actually opened, it
would perform the following tasks:
[187]
Make multiple copies of itself, some of them
hiding in parts of the directory, and others
[191]
replacing and hiding personal files such as
.mp3âs,.
[195]
jpgâs, and other script types.
[199]
Modify Windows registry keys.
[206]
Send itself to everyone in your email contact
list.
[212]
Create a file called WIN-BUGSFIX.EXE, which
would steal passwords from the user, despite
[217]
its misleading name.
[219]
The wormâs ability to cause mass destruction
was also attributed to its design.
[225]
Being a visual basic script, it was super
easy for a user to access the source code
[230]
and do whatever they wanted to with it.
[233]
While ILOVEYOU was not the first email worm,
it made some big changes from previous ones
[239]
that would cause it to be the most recognized.
[241]
A similar virus from the year before known
as Melissa, would mass mail itself to the
[246]
first 50 people in your contact list.
[250]
ILOVEYOU would send it everyone, allowing
it to spread exponentially.
[255]
Guzman and Ramones were arrested and promptly
investigated by Philippinesâ National Bureau
[261]
of Investigation.
[263]
It was revealed that Guzman had been working
on a program designed to steal passwords for
[268]
his college thesis.
[269]
When it was rejected, he dropped out.
[273]
ILOVEYOU was very similar to this program,
and was likely created as a pastime project,
[279]
as Guzman claimed that he may have released
the worm unintentionally.
[284]
Since there were no official anti-malware
laws at the time, all charges were dropped,
[290]
and Guzman and Ramones were released scot-free.
[292]
Antivirus laws were created immediately after,
allowing the nefarious doings of ILOVEYOU
[300]
to remain as an infamous part of computer
history.
[305]
So, I am going to be doing a demonstration
of how the virus actually works.
[310]
This was made possible by YouTube user Dan
O-O-C-T 1, who made a very informative video
[316]
on this topic.
[317]
I highly suggest you check him out.
[320]
This will be a very similar demonstration,
but I, nonetheless, wanted to try this out
[325]
for myself.
[326]
It is currently Friday, May 5, 2000.
[330]
On my computer, I am running Windows 2000,
and on my desktop, I have included some files
[334]
for the virus to overwrite.
[337]
I have an audio file which is completely functional,
[339]
[MUSIC]
[344]
and just a standard image.
[348]
I am going to open my Microsoft Outlook and
check my email.
[352]
Looks like I have something in my inbox.
[355]
Well, this looks interesting.
[359]
âkindly check the attached loveletter coming
from me.â
[364]
I guess someone wants to share some undisclosed
feelings that they have about me.
[369]
Letâs go ahead and download that.
[375]
As you can see, if I turn off the default
setting to hide file extensions, the .vbs
[380]
is here very clearly, but since I have it
turned on, I have no idea.
[386]
This is just an ordinary text file, and Iâm
curious to see whatâs inside.
[395]
As you can now see, everyone in my contact
list has now been sent a copy of this script.
[401]
In addition, the files that I showed you earlier,
have now been overwritten.
[407]
Theyâre gone.
[410]
Even if I revert it back to the original file
extension, nothing.
[419]
You can probably see why this was such an
issue for businesses, as important files would
[423]
be permanently erased, and could only be recovered
from a backup, if they were so lucky.
[429]
As mentioned earlier, this virus would only
hide some files rather than overwrite them,
[435]
specifically audio files.
[438]
As you can see, our mp3 is perfectly fine,
just locked away.
[443]
So, if you were a music producer, you had
a much easier way out of this.
[449]
Remember when I told you that this virus was
known for being easily modifiable?
[453]
Well, I will show you just how simple it is
to access the source code.
[459]
All you have to do is right click and select
âEdit,â the rest is at your fingertips.
[464]
Many other programmers who were also emailed
the virus could send out their own version,
[469]
and thatâs exactly what they did.
[472]
Some of them showed absolutely no mercy, and
rather than destroying files, destroyed the
[477]
entire operating system.
[480]
If we replace js, and jse with âexeâ and
âcom,â these files will be replaced with
[487]
the worm.
[489]
Letâs go ahead and restart, shall we?
[509]
Thatâs too bad.
[511]
This is not going to be a cheap fix.
[517]
Thank you so much for watching, if you would
like more, please subscribe and visit the
[521]
links down below.
[523]
Consider checking out my patreon, where you
can gain access to exclusive content and watch
[528]
videos early.
Most Recent Videos:
You can go back to the homepage right here: Homepage