From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing  (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
WikiProject Tambayan Philippines (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Tambayan Philippines, a collaborative effort to improve the coverage of topics related to the Philippines on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.


It's apparent this article - never in the best of conditions - now needs a complete rewrite. There are several reasons for this.

1. The original article was poorly researched. The original authors had as much penchant for fact-checking and the truth as the Indian correspondents at the time (who weren't any closer to the epicentre than the people here) who were actually assigned to write short novellas rather than report news.

2. A lot of people think they know something about the worm and dive in to add something (often with extraordinarily poor writing skills) when the information is already in the article - meaning yes, this important piece (which deserves far better treatment) is riddled with redundancy (and a motley mix of the most disparate writing styles).

3. Very little is known for certain about ILOVEYOU but what is known and not known is very easy to determine. The contributors should keep this in mind.

4. Any number of apocryphal stories appeared at the time, and only a small number of them appear here. Merely because something is published doesn't mean it's true or even that the people mentioned actually exist. A lot of websites (eg The Register) really stretched journalistic ethics at the time, so desperate they were to get anything at all published. Try to locate Reomel Ramores as a simple exercise. Try as well to hunt down the "Australian lead" - because there definitely was one. There are even further leads into still further corners of the globe.

The most plausible and most generally accepted story is of course the one revolving around "Amaconda" classmates Onel and Michael, with a strong suspicion Michael unleashed Barok on Onel as an act of jealousy involving their teacher Madame Bautista. But it's not proven, none of that is proven, not even close, and it never will be. So clarify that for the reader at every point and always keep that in mind yourselves so hysteria doesn't get the upper hand again.

The Author?[edit]

According to The Register article linked at the bottom, the actual author of the bug was "Reomel Lamores" This isn't mentioned anywhere in this entry! The entry does state that Guzman was charged with illegal use of bank numbers--it doesn't say that Guzman was in fact Reomel's girlfriend. This is a substantial omission. I'd add it myself, but I think it would require rewriting a few sections of the article. --TexasDex 22:52, 23 September 2005 (UTC)

The Register's article is correct. Onel was charged initially, but the charges were dropped in favor of charging Reomel. 19:09, 15 December 2005 (UTC)

Sorry, but you're all way off base. Disregard the El Reg article. If you want any information on this one, consult Fredrick Bjorck and his colleague Rick Downes who both tracked and dissected the worm. The actual tracking was completed within 24 hours.

As for El Reg, no one was charged because the Philippines didn't have a law against this at the time. Consult Guzman's press conference where he says he may have 'inadvertently' caused the outbreak. The accepted theory is Buen and Guzman were involved in a rivalry, Guzman had already written (and update) Barok (and this author has inspected the code) and Buen tacked on the script to unleash it. Guzman was the victim of 'social engineering' in opening the letter with the 'ILOVEYOU' subject line.

Both Guzman's sister and her supposed boyfriend are irrelevant in the story aside from the sister holding Guzman's hand during the entire press conference. A lot of the news on this one passed to the west through Indian and other oriental news agencies who have a reputation for 'embellishing' facts. There was in fact no 'Reomel' mentioned anywhere in the research documents that led to singling out Buen and Guzman.

ILOVEYOU was NOT responsible for any denial of service. Get a grip - and study the code before you write such rash statements.

The estimate of damage was also 'embellished'. According to eWeek it was US$5.5 billion, NOT 10 billion.

The worm did NOT send itself to 'everyone' on the 'contact list' and the 'contact list' is in fact the 'Windows address book' (WAB) used exclusively by Microsoft's Outlook clients. And ILOVEYOU sent only to the first FIFTY.

Later in your less than stellar coverage you cite the point that Guzman said he might have unleashed ILOVEYOU without realising what was happening, but this is no reason to conclude he wrote the script as well. In fact he did NOT write it - Buen wrote it.

As for all that follows, the only possible reason it can be here is because of incomplete research. As one of the major players on the team at the time, I can only say this Wiki article is more like Swiss cheese.

The Register's article is correct. Onel was charged initially, but the charges were dropped in favor of charging Reomel.

Nonsense. And even if it were true, it doesn't point to the origin. Reomel is the boyfriend of Guzman's sister. He has no bearing on the case and those who have studied it know better. As for what the local authorities did or did not - their role was very much that of 'Keystone Kops'. And especially if any of this information comes directly or indirectly from India it is highly suspect. Throughout the entire story the Indian press were writing 'soap opera' articles highly embellished and mostly fiction, this to satisfy their readers.

The only person who knows anything about this case knew everything by daybreak the first day. His name is Fredrick Bjorck. Everything else is pure conjecture with no facts to back up wild theories. Bjorck had the evidence at his disposal. See the links below for a further discussion.

It should also be pointed out that the El Reg is surprisingly and unusually irresponsible. Fredrick Bjorck has never been an 'FBI specialist sniffer'. He worked with the FBI on one occasion: when Richard Smith was getting nowhere tracing Melissa and Bjorck contacted him and explained how easy it was. On that occasion only was Bjorck directly connected with the FBI. In the subsequent hunt for the origin of ILOVEYOU the FBI were never contacted by Bjorck - all he did was find the origin, notify the local newspapers, and turn over his findings to them. He didn't even explain what he'd found or comment on these findings - he left it to them. Some of the ensuing confusion is due to the media not reading through the evidence properly. Bjorck was never an 'FBI specialist sniffer'. Period. He might be the best on the planet ever, but he has absolutely no connection with the US FBI nor had the FBI contacted him in the case of the ILOVEYOU worm outbreak.

Further, it turns out that the author of this El Reg article, one Peter Hayes who is a relative newcomer, is getting everything wrong as far as technical facts in the case.

For example, Hayes writes: 'The virus was smart - for that time - in that it knew about file length. The full title (of the original e-mail) was LOVE-LETTER-FOR-YOU.TXT.vbs. The length of this tile was vital because (on default Windows setting) this hides the .vbs extension and it could be taken as plain text.'

Anyone in the IT field who reads this knows at once Hayes is a total boob. The exploit succeeded in hiding the extension 'vbs' because the algorithm used by Microsoft to hide extensions works backward from the end of the file name and stops at the first period (.) - it has absolute squat to do with file name length.

In general, the article in question is littered with other such preposterous silly innuendoes and should be taken with a year's supply of salt. Taken as a whole, the article is obviously an attempt to make copy out of something that isn't even a story. Ideally it should be removed from the list of external links for this article. El Reg have any number of better, more comprehensive, and significantly more accurate articles on the subject.

On a sadder note, it might be pointed out that someone has been in here recently vandalising the article. For now it's been set aright again but the curators should keep their eyes peeled. Thank you. —Preceding unsigned comment added by (talkcontribs)

If you claim it was Guzman who wrote the virus, please find a proper source. Otherwise it is hearsay or, as it is called here "original research". The cited source attributed the virus to her boyfriend and I see no alternative ones. --Friendly Neighbour (talk) 06:06, 5 October 2008 (UTC)
I added a second source but still quotable sources do not say who was the author but only who was suspected. We cannot claim otherwise as we need to stick to the Wikipedia reliable sources guideline. --Friendly Neighbour (talk) 06:21, 5 October 2008 (UTC)
Guzman is suspected of being the author of the worm as he's thought to be the author of Barok and in fact submitted his graduation work proposal based on Barok. Barok was definitely the back end of ILOVEYOU as anyone inspecting the code could easily see. It seems apparent that the authors of this article weren't even familiar with that aspect of the story (which again doesn't say much for their qualifications to write it). Guzman's submission was rejected by the college with the motivation that they couldn't sponsor a project that would steal Internet provider credentials. Guzman's motivation for submitting the project was specifically that too few people in his country could afford Internet connections, that additional hookups on hijacked accounts didn't cost the actual account holders anything, and that the Internet should be free. Guzman never submitted another project for his graduation and in fact did not graduate, unlike his friend Michael Buen who completed a very tidy (but very innocuous) project using Borland development tools. Yet none of this seems to be in the current version of the article. The names cited by The Register disappeared quickly as time went on. Although The Register never retracted their story, it was obvious to all concerned that they had used a bad lead.
Furthermore, the real import of this story is what it told the world about Windows in general and Microsoft Outlook in particular. There is little mention of the outcry amongst security experts at the time and how they laid the blame directly on the doormat of Microsoft Corporation, and it must be suspected there are employees of that corporation who stop by here from time to time to perform "damage control". Where for example are the articles penned at the time by Mark Joseph Edwards and Bruce Schneier? The importance of ILOVEYOU is how it transformed the topology of personal computing and the perception of Microsoft in the new millennium, yet all we find here are PFY stories tantamount to theories about the involvement of UFOs and ET.

This article needs a total rewrite, and after that it needs to be locked so people can't use the talk section as a message board about everything under the sun. ILOVEYOU is an important milestone in personal computer security and should be treated as such - treated as such by industry professionals, not wannabes who want to get something on these pages, no matter the damage to Wikipedia's reputation.

Virus or worm?[edit]

The article appears to use the terms "virus" and "worm" interchangeably, which is a mistake. It certainly sounds like ILOVEYOU was a virus, not a worm, since it didn't propagate itself without user intervention (namely, running the VBScript attachment). If that's the case, the change should be made throughout, and also on the Timeline of notable computer viruses and worms page. -- 17:39, 5 June 2006 (UTC)

This is rather immaterial and only points to the fact that the terminology for people on the street is roughly equivalent. What's more important - what's vital - is to get the facts straight and the story correct. Arguing that viruses require user 'intervention' (wouldn't user 'interaction' be more appropriate) is weak at best. ILOVEYOU is normally classified as a worm and yet similar 'worms' emerged in the wake of ILOVEYOU, working basically the same way, yet requiring no user interaction at all. What should they in such case be called? And how long should we delay getting this article up to speed whilst we debate if a virus is a worm or the other way around? Thank you.

ILOVEYOU was a worm. End of story. If you consult the professionals in computer security, you'll get the same answer all the time: worm. If you consult people at Wikipedia, who knows what you'll get.
It's also incorrect to claim or imply that "people on the street" are incapable of distinguishing twixt the three: virus, worm, trojan.
A virus is code running in the address space of a process (and part of an executable image on disk) that goes "resident", hooking into the operating system's launch code and attaching itself to every other process that's created. Alternatively a boot sector virus is part of the computer's start up code, also goes resident, and attaches itself to devices (further disks, removable or otherwise) that are connected to the system.
A worm is code that spreads. Cf the Robert Tappan Morris worm for the primordial example.
A trojan is code that pretends to be one thing (and might actually be that one thing) but also carries a "hidden agenda", with the Greek myth as the basis of its preferred epithet.
These definitions can of course overlap, as is seen with current sophisticated malware, but the distinctions are crystal clear.
As for what remains in this section: that's another symptom of what's wrong.

Never trust wikipedia, because its nevr the true facts.

It's the contributor's fault, not Wikipedia itself. People who write stuff here should at least be careful not to exaggerate facts and stuff... Blake Gripling 22:49, 25 August 2007 (UTC)

I consider worm to be a type of virus .Richardson j 12:09, 26 September 2007 (UTC)


I seemed to have got an attempted attack by this virus while browsing MySpace.... 23:27, 14 October 2007 (UTC)


Is there any English screenshot of the ILOVEYOU? I'm Brazilian, but i think that this picture, in english wikipedia, should be in English. --Edans.sandes (talk) 01:53, 23 January 2008 (UTC)

Yes, there is an American English website that hosts the ILOVEYOU. I have provided a screenshot on the front page. Tell me what you guys think and please read the image description page. Thanks! Hotbabygurl016 (talk) 22:27, 10 July 2008 (UTC)

ILOVEYOU: A Marketing Ploy?[edit]

Just pointing another possible angle here.

I was a 3rd year student at AMA when this virus broke out. Before continuing, I would like to point out that these are testimonies from the professors within the school.

There have been talks that the university was riding on Onel's publicity. AMA during that time, although reputable (two decades or so old), was still in an "infancy stage" along with the IT industry in the Philippines. AMA was, during that time, vying for a university level accreditation. One of our professors who claim to have met Onel in person and seen his records, claim that, although having above average grades in computer classes, he had less than average standing in everything else. He was, according to them, a windbag (for lack of a better word). I'd imagine he probably had less than average on his business ethics class(euthenics 1 & 2 during my time), which probably explains his childish and naive motives in his thesis. [1]

A notable anomaly here is that a thesis consists of two semesters. Why would he not be able to graduate on a rejected proposal when software development doesn't start until the second semester - AFTER the approval of the thesis! It is a minor if not negligble event if he fails this subject. In fact, it is during the final presentation on the 2nd semester that it is decided if a student is worthy to graduate. Given this guy's so-called exceptional programming expertise, I find it very unusual that instead of complying with the class' expectations he writes something that would be very disturbing to the panelists. It would surprise me as well that the proposal even got that far. Why would the advisor approve this thesis? In the first month alone a student is given a chance to make alternative proposals. What happened then?

This story may have been inspired by the then emerging hacker culture in the country in which stealing dial-up passwords was every computer geeks' wet dream. I fondly remember that hacking ISPs passwords, which were expensive even by US consumer standards, was a popular past time.

Another professor's story was that the school helped Onel own up to the accusation knowing that his crime would be unpunished in the Philippines. The whole world would then know that the so-called famous ILOVEYOU author/hacker originated from AMA University, Philippines. Yes, he was kicked out but the school got the publicity it needed. He didn't go to jail either so it's a win-win situation for them. I recall almost every computer illiterate parent clamoring for their children's admission into the university after this incident. Then again, in the competitive world of IT, hacking was never an unrewarding vice. Instead of imprisonment most got high paying jobs in prestigious companies.

Unethical? Commercial success was never without sacrifice! This was one willing sacrificial lamb!

Accident? I also find that surprising coming from a computer virus creator and given the magnitude of this "accident" makes it ALMOST deliberate. You can accidentally release biological viruses in the wild but not an electronic one out of sheer ignorance alone.

Although these are all probably just hearsay but it makes you think these things:

1. New computer school in need to make a name for itself nationwide and worldwide. 2. Expendable student with unexpected worldwide fame.

Do the math.

But if it is hearsay, it would surprise all of us to know that the AMA rose to popularity in a span of less than 2yrs after the ILOVEYOU virus - even after the dotcom collapse! After ILOVEYOU I couldn't get through a conversation about my college without the topic veering sharply towards the virus or my speculated skill in hacking. Whatever Onel and AMA cooked up on that day it may have worked pretty well to our favor.

But, as you read their Wiki, their reputation is not spotless to "anomalous" (as I would like to call it) administrative activities. Every administration has their conspiracies. This is probably theirs that paid off in the long run.

Ch4dwick (talk) 04:11, 13 February 2008 (UTC)

Greetings from the Philippines[edit]

I am Onel de Guzman hahaha.

This article needs citation[edit]

This article badly needs citations. Yes, it has lots of information but still, it has no (if still, little) citations. This means the information here are not verifiable. If you all guys know, articles in Wikipedia without citations are "not so reliable" so please, add some. Neffyring (talk) 12:37, 21 May 2008 (UTC)Neffyring

I LOVE YOU VIRUS released in 2005?... owz..[edit]

Ravenlasher (talk) 14:02, 10 June 2008 (UTC)

   Hey guyz i'm raven a filipino citizen and now works as a programmer in Saudi Arabia.....
      I would like all of you to know, that the i love you virus was not released in 2005?.. if my recollection is right.
   when that happen (the arrest of the virus creator), the philippine president was Mr. Joseph Estrada.. 
   and i guess it was   either on 2000 or 2001..
      Thanks... Please correct if im wrong...

Steltek (talk) 7:08, 12 June 2008 (UTC)

Fully agree, the worm arrived in 2000. Numerous sources on the Net can confirm this: - - The other dates in the article referencing the dismissal of the case and the Republic Act No. 8792 were also wrongly set in 2005 instead of 2000. Sources: - - (numerous others can be found)

I've updated the article accordingly.


i've removed the following two paragraphs, as they both completely unsourced, and appear to be quite vandalized:

"A Kenyan company opened the e-mail and got some explicit content when their anti-virus software, Skeptic, detected the attachment as malware, thus automatically protecting all of their customers. They gained widespread media coverage, appearing on BBC TV and in the mainstream UK press.

The first copy intercepted by them was stopped at 00:43:26 4 May 2000 UTC, and originated from an email address in the Philippines, going to an email address in the UK. It is likely that the email was from one of the first few rounds of replication of the virus."

if someone can fix them and source them, go ahead and put it back in. pauli133 (talk) 14:24, 20 January 2009 (UTC)

"(Though in IBM mainframe...)"[edit]

The parentesis in "Such propagation mechanism had been well known (though in IBM mainframe rather than in the MS Windows environment) and used already in the Christmas Tree EXEC of 1987" may suggest this is the first such worm for MS Win, which is missleading. I thing Happy99, PrettyPark and possibly Melissa used social engineering and scripting in similar ways, and predate ILOVEYOU. The intention of the parentesis may have been to describe "Christmas Tree EXEC", but that is well done in the linked article. The parentesis was introduced 19:40, 12 July 2008 I think the text it replaced was clearer and more accurate. Now that info exists in the preceedig and the following paragraphs. Suggestion: remove the parentesis. David A se (talk) 14:44, 21 April 2009 (UTC)

Legislation and Upper Deck[edit]

I noticed that a small paragraph was added about Upper Deck commemorating the virus as part of there 20th anniversary edition. However no mention as to what the 20th anniversary edition was. I edited the paragraph to be more clear. However, I am wondering if this should be under legislation, or if there should be a new section to pop culture reference. Or perhaps changing the "Legislation" section to something like "After Effects." —Preceding unsigned comment added by (talk) 20:38, 12 May 2009 (UTC)

I've gone ahead and made some changes to improve that section. However it leaves a larger issue, which is whether a card in a trading set is really notable enough to merit inclusion on Wikipedia. Feel free to delete the paragraph entirely if anyone agrees it's not really worth knowing. - DustFormsWords (talk) 03:45, 15 September 2009 (UTC)


I removed the claim that ILOVEYOU infected 10% of the world's computers in one day. The zdnet source does not directly support that proposition, and the parenthetical about one-fifth of the world's HouseCall users being infected in that time does not really clarify matters, as the source does not specify how many HouseCall users there were at that point in time. I kept the source in because it supports the general proposition of worldwide spread within one day. GrayRoset (talk) 13:07, 26 August 2009 (UTC)


I've done very much research on this worm and it's creators, and I've found the picture of the worm source code from the main wikipedia page to be quite compelling. I ended up visiting the website on a Linux computer, (DO NOT VISIT THE FOLLOWING WEBSITE( And I've also visited it on Windows 98. What I am curious is how relates to the worm itself? I'm curious if anyone could write anything about that and possibly have any more information? Thank you. TSS Titanic March 16, 2010 (EST) —Preceding unsigned comment added by TSS Titanic (talkcontribs)

Cleanup and fact-checking desperately needed[edit]

This article desperately needs cleanup. One significant issue is that the name of one of the suspects is highly questionable. This article used to refer to Reomel Lamores and Onel de Guzman. Through a series of edits, they later became Mr. Ramones and Mr. de Guzman. On February 6, 2009, User:TheOneWithTheDeerOnIt changed the name Reomel Lamores to Reomel Ramones without any explanation for the change. I don't know if this was a correction or a harmful edit. This change seems to have gone unnoticed by other editors for over a year. According to The Register, the name is Reomel Lamores, not Reomel Ramones.[2] Are there any conflicting sources? --JHP (talk) 08:28, 6 March 2011 (UTC)

I've revived the ref; it's indeed Ramores. --DanielPharos (talk) 19:10, 27 November 2011 (UTC)

Earlier Macintosh virus[edit]

There was definitely a Macintosh virus (and frankly the only very successful virus written for Macs) a year or 2 before. Given that I graduated in 2008, I would have been in 3rd and 4th Grades from 1998 to 2000. At the time our elementary schools were Macintosh and our high school was Windows, although it's now the other way around with all the computer upgrades after I graduated. Anyway, there was definitely a Macintosh virus back then, and I was in elementary school at the time our teachers told us about it and warned us not to open a folder with a heart superimposed on part of the folder icon, on any of the school computers.

This virus did not rely on email: It entered in such a way that it appeared on the computer's offline desktop, even if the Browser was entirely logged out and not actually running when the virus reached that particular computer unit. (As I mentioned, it appeared as an unlabeled folder with a little heart on it.) As long as nobody double-clicked on that folder, however, the virus would remain inactive.

They called it the "Love Bug," and as I recall it was discovered around Valentine's Day that year. Personally, I never saw the heart-emblazened folder they told us about, but apparently a number of Macintoshes around the world had already crashed when someone had opened that folder, even before a few of the school computers (apparently) had acquired it.

My question for the Article: Where might I find non-anecdotal sources that such a Macintosh virus existed (IE any academic databases on computer history)? The Mysterious El Willstro (talk) 18:30, 13 June 2011 (UTC)