How does the ILOVEYOU virus work and spread?

The attachment in the ILOVEYOU virus is a VBScript program that recipients at the time mistook for a simple text file because the extension .vbs was hidden from view on Windows machines. When the file is opened, it finds the recipient’s Outlook address book and re-sends the note to everyone in it. It then overwrites — and thus destroys — all files of types:

JPEG
MP3
VPOS
JS
JSE
CSS
WSH
SCT
HTA

ILOVEYOU could — and did — destroy all kinds of files including photographs, audio files and documents. Affected users who didn’t have backup copies lost them permanently. In March 1999, similar to ILOVEYOU, the Melissa virus also replicated itself by using Outlook address books. However, it only infected about 1 million computers and wasn’t as successful as ILOVEYOU at destroying user files.

ILOVEYOU also resets the recipient’s Internet Explorer start page in a way that may cause further trouble, changing certain Windows registry settings and spreading itself through Internet Relay Chat.

Since ILOVEYOU, thousands of other viruses and worms have impacted organizations all over the world. The problem is not going away, so companies should take proactive steps to protect themselves.

Most importantly, they should install antivirus software on their systems to continuously screen for ILOVEYOU and other kinds of viruses. Antivirus software can also remove these viruses from infected systems and protect systems from future viruses. To make sure the antivirus works well, it’s crucial to regularly update it. Users should never open any email attachment without screening it first with antivirus software, especially if the sender or attachment type are unknown or unfamiliar.

If a system is already infected, the organization should immediately run a virus scan. Starting it in Safe Mode can help handle malicious files. It’s also critical to disconnect all affected systems from the internet to prevent the virus from spreading.