Twenty years have passed since cybercrocs demonstrated the role that the exploitation of human psychology can play in the spread of malware. Remember I love you “?
In 2000, Windows XP was not yet a thing (and Microsoft had to wait until 2004 to close its most gaping security holes with Service Pack 2) and the IT world was generally a more innocent place.
Windows and Office applications would happily conceal the extensions of known file types and not warn you that something might happen when opening an attachment in an email. Visual BASIC scripts have reigned supreme in the Microsoft world.
So unfortunately it was inevitable that someone would do something nasty. Enter “ILOVEYOU”.
The worm was a gloriously simple thing. An email was sent to a user with the subject ILOVEYOU (or similar) and a text urging the victim to open the attachment in order to see these words of affection. The attachment was a Visual BASIC script file, although the .vbs extension is not visible because, heck, it was a known file type.
The simple script would use the victim's address book (thanks to the fact that Windows at the time was slightly less secure than a sachet of tissue paper) to send each other an e-mail while inflicting different levels of damage to their computer, depending on the variant. Some would do little more than interfere while others would rename files to the point where a PC might no longer be bootable.
Being Visual BASIC Script, it was easy for criminals to modify the malware to do all kinds of unnecessary things.
While it was not the first worm to cause headaches for computer users (the Melissa macro virus from the previous year did naughty things with a Word document loaded with malware), it was first to truly demonstrate the potential role of online social engineering.
The worm itself originated in the Philippines on May 4, 2000 before spreading through messaging systems over the next 24 hours and ultimately infecting a substantial part of the computers connected to the Internet worldwide. Purging systems and restoring backups has proven costly to administrators. Y2K hangover.
contrary to the creator of the Melissa virus, the manufacturers of ILOVEYOU were finally released by the Philippine authorities without charge. The laws were then tightened in the country.
Although the worm did not bring wealth to its creators (one, Onel de Guzman, could recently be found working in a mobile phone repair shop in Manila), it changed the landscape of cybercrime: for perpetrators, for those accused of repelling criminals and for those responsible for educating users about what not to open.
The social engineering aspect of the attack persists, with increasingly sophisticated phishing scams encouraging users to click on things they really shouldn't and to paste credentials into places they will regret.
Jens Monrad, chief of Mandiant Threat Intelligence in EMEA for FireEye, said The register: “The year 2000 brought changes to malware writing and the cyber crime ecosystem, with versions of malware that could be used to conduct disruptive attacks on government websites and use infected computers in online advertising systems. “
However, it was only a few years after the arrival of ILOVEYOU that “ZeuS” (in 2007) and “Gozi” appeared with conceptions on the monetization of epidemics and the theft of bank information rather than simply “generating noise, “as Monrad said. he.
In recent times, criminals have been harness public concerns about COVID-19 through social engineering. SonicWall recently reported the discovery of a phishing email containing a Word file called “COVID-19 stop.zip”.
The IHATEYOU virus sweeps BOFH Land
Targeting Chrome (and Chrome), this variant will attempt to siphon a user's bank details.
SonicWall's 2020 threats report noted a 52% year-over-year increase in these types of attacks, and EMEA region vice president Terry Greer-King said : “Cybercriminals are doing everything they can to take advantage of difficult times by deceiving users into opening dangerous files, through what they consider to be trusted sources.”
“Today,” said Monrad, “malware plays a vital role in the cybercrime ecosystem, and although ILOVEYOU was not designed to make money for creators, the social engineering method for trying to attract users by clicking on a link or opening an attachment is probably the most important legacy of ILOVEYOU. “®
Webcast: Build the Next Generation of Your Business in the Public Cloud