Those three little words

ILOVEYOU: a search-and-destroy mission on the Internet's psyche.

By Matt Rosoff • October 9, 2006 12:00 am
Those three little words

JUST WHEN YOU think you know it all, something comes along and knocks you down a couple notches. Take, for example, the virus warning I got last week. It read like one of those hoaxes that well-meaning friends send me from time to time. It started with the stupid name, “ILOVEYOU,” as if the 15-year-old jokester who first wrote the message couldn’t think of anything more original. And then the hip topical reference. This time it was MP3 files, which, apparently, the virus would seek out and destroy. Finally the warning noted the virus’ almost-mystical duplicating ability. It automatically e-mails itself to everybody in my address book? Yeah, right, heard that one before. Delete.

Except this time, it wasn’t a hoax. The creators of VBS/LoveLetter, as one antivirus firm immediately dubbed the offender, were not only clever enough to write a remarkably contagious and destructive worm, but must also have been familiar with the virus hoaxes that pop up like dandelions. It’s almost as if they designed this particular beast to tap into the collective fears of the Internet unconscious, basing it on the kind of fake messages we’ve all fallen for at one time or another. The virus even seemed to mutate as computer users realized nobody actually loved them—changing to a phony forwarded joke or a message about an expensive Mother’s Day gift supposedly purchased by the recipient. This reveals an excellent understanding of Net psychology—as if any geek would spend $300 on a gift for his mother! In light of this cleverness, perhaps it isn’t so surprising that two of the three suspects (as of Monday) are female.

Whoever planned it, it worked. The mass freakout engendered by ILOVEYOU was almost unprecedented in the history of computing (let’s forget about that Y2K nonsense, as everybody else already has). Sure, Michaelangelo made a lot of headlines in 1992, but the actual D-Day was a nonevent. Last year’s Melissa decreased productivity to the tune of $80 million, but it didn’t create enough panic to inspire companies to shut down their entire e-mail systems. But last Thursday, systems administrators at big-name organizations—places like AT&T, Ford Motors, and the British Parliament—took entire e-mail systems offline to prevent the spread of this insidious worm.

An overreaction? Probably not. ILOVEYOU is certainly destructive, overwriting not only MP3s but also a wide variety of other material, such as JPEGs and local HTML files (if you were building Web pages last Thursday, this bug could easily have ruined your life). It was remarkably widespread—it seems like every office in Seattle had at least one employee receive the message. Even the once-invincible Microsoft fell prey, as one savvy Outlook user there found the worm sending mysterious faxes to everybody on his recipient list!

LOSING SEVERAL DAYS’ worth of e-mail communication seems like a pretty steep price for a company to pay to protect its employees from their own stupidity. An ounce of prevention is worth a pound of love, or something like that. So, in case you haven’t heard, everybody who uses a computer attached to the Internet absolutely must know some basic rules:

* Do not open strange attachments. Viruses don’t magically execute themselves when you open an e-mail message. They only take effect when you open the attachment containing them. If you don’t understand why the person in the “From” field would be sending you an attachment, don’t open it. If anything looks strange about an attachment, don’t open it. In this case, the double file extension “txt.vbs” at the end might have tipped you off. (Unfortunately, the default settings in Windows don’t show extensions, so many users could only see the “.txt” that was part of the filename and assumed the attachment was a simple text file.) Of course, in this case, a little brainwork would have helped—if somebody was sending you a steamy declaration, why not put it in the e-mail itself? Finally, although I’ve never seen an e-mail program that automatically opens attachments as they arrive, I’ve heard they exist. By all means, if your e-mail client does something that stupid, disable that function or buy a new program!

* Use your e-mail program’s built-in security features. Microsoft Outlook, which has received plenty of heat for being the carrier program that enabled this worm to spread so rapidly, has some decent security features. For example, if you set Internet Security (“Tools” . . . “Options” . . . “Security” . . . “Zone Settings”) to its highest level, you won’t even be able to run the kinds of scripts such as the one included in the ILOVEYOU virus. Other e-mail programs have similar security features. Know them. Use them. Love them.

* Delete messages with suspicious headers. The virus most often came in a message with the header “ILOVEYOU.” Do you often receive important messages with headers written in all capital letters? Usually, when I see anything addressed LIKE THIS, I assume it’s falsehoods about IBM giving away free computers or some anonymous person’s bullet-pointed thoughts about why children are killing other children in school. If you see THIS, reach for the Delete key.

* Install antivirus software. You can download good antivirus software for free. Most antivirus software wouldn’t have stopped ILOVEYOU from infecting your hard drive, but it certainly protects you from the countless other annoying, destructive beasties out there. If you don’t already have a program like McAfee VirusScan on your computer, then download it—for free—from a site like Download.com.

So, for all you folks whose companies lost hours of productivity last week, make your workers read this column. For the rest of you, I’m sorry, but you’re no longer going to be able to open strange attachments and suddenly get out of work for a day or a week. I only warn you of this because ILOVEYOU.