An email carrying the subject line “ILOVEYOU” infected 45 million computers within 24 hours after its release in May 2000, disrupting email systems at the Pentagon, the CIA and many of the world’s largest corporations. The malware was written by Onel de Guzman, then a 23-year-old Filipino college dropout, who was never prosecuted because cybercrime was not yet specifically illegal in the Philippines at the time.
The email appeared to come from someone the recipient knew. Its attachment was named LOVE-LETTER-FOR-YOU.txt.vbs, but many email clients in May 2000 hid the .vbs extension by default, making it appear as a harmless text file. Once opened, the Visual Basic Script executed silently in the background.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
A Simple Attachment With Global Consequences
The worm accessed the victim’s Microsoft Outlook address book and sent identical copies of itself to every listed contact, using the original recipient’s name and address as the sender. This made later waves of infection appear to come from trusted colleagues, friends or family members.
The malware also scanned hard drives for certain image, video and document files and overwrote them with copies of its own code, destroying the originals. It installed a hidden program called WIN-BUGSFIX.EXE that attempted to collect internet account passwords and send them to an email address registered in the Philippines.
The article states that the worm reached email servers at major corporations, government agencies and military installations across North America, Europe and Asia within hours. According to the account, the US Pentagon and CIA shut down external email systems, while the British Parliament took its email offline for several hours.
Fastest-Spreading Malware of Its Time
The ILOVEYOU worm was described as the fastest-spreading piece of malware in human history at the time of its release. It reportedly moved about 15 times faster than the Melissa virus, which had held the previous record in 1999.
The estimated global damage eventually reached about $10 billion, calculated from lost productivity, data loss and remediation costs. By some measures, the article described ILOVEYOU as the most expensive single piece of malware of its era.
Its technical design was not considered highly advanced by modern standards. The code was 10.31 kilobytes, written in Visual Basic Script, and used no zero-day vulnerability or advanced obfuscation. Its success relied largely on social engineering, using the emotional pull of a message titled “ILOVEYOU” from someone the recipient appeared to know.
Author Traced but Case Dropped
Investigators traced stolen passwords to an email address embedded in the worm’s code. The address led to an apartment in the Sampaloc district of Manila, occupied by the brother of computer science student Onel de Guzman, who attended AMA Computer College.
Police searches recovered computer equipment, draft code and a rejected undergraduate thesis in which de Guzman had proposed creating a program to steal internet passwords so users could access the internet without paying. The article states that the thesis was rejected on ethical grounds and that de Guzman later dropped out of the university. He released the ILOVEYOU worm on May 4, 2000.
De Guzman appeared at a press conference in Manila on May 11, 2000. When asked whether he had released the virus, he said he “possibly” had and could not rule out having released it by accident. Prosecutors initially charged him under existing fraud and credit card theft laws, but the charges were dropped by the Philippine Department of Justice in August 2000 because existing laws did not apply to the conduct in question.
The Philippines later passed the E-Commerce Act of 2000, which criminalised hacking, malware creation and related computer crimes. However, the law could not be applied retroactively to de Guzman. The article states that he later faded from public view and, according to later reporting, was found in 2020 working at a small phone repair booth in Manila.
