Talk:ILOVEYOU
Computer Security: Computing Start‑class | ||||||||||||||||||
|
Tambayan Philippines Start‑class Mid‑importance | ||||||||||
|
The First Virus Killer ?
I think the first virus killer is the creator of Reaper, not that Thai guy mentioned in this article.
- Narinnat Suksawat was totally unknown at the time and the citation is suspect to say the least. The worm continued to spread for some time; there was no stop to it within 24 hours. For most of the researchers at the time, this name 'Narinnat Suksawat' was either unheard of or so insignificant as to not even count. Suggestion is this apocryphal section be removed or qualified in some drastic way.
The Author?
According to The Register article linked at the bottom, the actual author of the bug was "Reomel Lamores" This isn't mentioned anywhere in this entry! The entry does state that Guzman was charged with illegal use of bank numbers--it doesn't say that Guzman was in fact Reomel's girlfriend. This is a substantial omission. I'd add it myself, but I think it would require rewriting a few sections of the article. --TexasDex 22:52, 23 September 2005 (UTC)
- The Register's article is correct. Onel was charged initially, but the charges were dropped in favor of charging Reomel. 207.250.79.29 19:09, 15 December 2005 (UTC)
Sorry, but you're all way off base. Disregard the El Reg article. If you want any information on this one, consult Fredrick Bjorck and his colleague Rick Downes who both tracked and dissected the worm. The actual tracking was completed within 24 hours.
As for El Reg, no one was charged because the Philippines didn't have a law against this at the time. Consult Guzman's press conference where he says he may have 'inadvertently' caused the outbreak. The accepted theory is Buen and Guzman were involved in a rivalry, Guzman had already written (and update) Barok (and this author has inspected the code) and Buen tacked on the script to unleash it. Guzman was the victim of 'social engineering' in opening the letter with the 'ILOVEYOU' subject line.
Both Guzman's sister and her supposed boyfriend are irrelevant in the story aside from the sister holding Guzman's hand during the entire press conference. A lot of the news on this one passed to the west through Indian and other oriental news agencies who have a reputation for 'embellishing' facts. There was in fact no 'Reomel' mentioned anywhere in the research documents that led to singling out Buen and Guzman.
ILOVEYOU was NOT responsible for any denial of service. Get a grip - and study the code before you write such rash statements.
The estimate of damage was also 'embellished'. According to eWeek it was US$5.5 billion, NOT 10 billion.
The worm did NOT send itself to 'everyone' on the 'contact list' and the 'contact list' is in fact the 'Windows address book' (WAB) used exclusively by Microsoft's Outlook clients. And ILOVEYOU sent only to the first FIFTY.
Later in your less than stellar coverage you cite the point that Guzman said he might have unleashed ILOVEYOU without realising what was happening, but this is no reason to conclude he wrote the script as well. In fact he did NOT write it - Buen wrote it.
As for all that follows, the only possible reason it can be here is because of incomplete research. As one of the major players on the team at the time, I can only say this Wiki article is more like Swiss cheese.
The Register's article is correct. Onel was charged initially, but the charges were dropped in favor of charging Reomel.
Nonsense. And even if it were true, it doesn't point to the origin. Reomel is the boyfriend of Guzman's sister. He has no bearing on the case and those who have studied it know better. As for what the local authorities did or did not - their role was very much that of 'Keystone Kops'. And especially if any of this information comes directly or indirectly from India it is highly suspect. Throughout the entire story the Indian press were writing 'soap opera' articles highly embellished and mostly fiction, this to satisfy their readers.
The only person who knows anything about this case knew everything by daybreak the first day. His name is Fredrick Bjorck. Everything else is pure conjecture with no facts to back up wild theories. Bjorck had the evidence at his disposal. See the links below for a further discussion.
It should also be pointed out that the El Reg is surprisingly and unusually irresponsible. Fredrick Bjorck has never been an 'FBI specialist sniffer'. He worked with the FBI on one occasion: when Richard Smith was getting nowhere tracing Melissa and Bjorck contacted him and explained how easy it was. On that occasion only was Bjorck directly connected with the FBI. In the subsequent hunt for the origin of ILOVEYOU the FBI were never contacted by Bjorck - all he did was find the origin, notify the local newspapers, and turn over his findings to them. He didn't even explain what he'd found or comment on these findings - he left it to them. Some of the ensuing confusion is due to the media not reading through the evidence properly. Bjorck was never an 'FBI specialist sniffer'. Period. He might be the best on the planet ever, but he has absolutely no connection with the US FBI nor had the FBI contacted him in the case of the ILOVEYOU worm outbreak.
Further, it turns out that the author of this El Reg article, one Peter Hayes who is a relative newcomer, is getting everything wrong as far as technical facts in the case.
For example, Hayes writes: 'The virus was smart - for that time - in that it knew about file length. The full title (of the original e-mail) was LOVE-LETTER-FOR-YOU.TXT.vbs. The length of this tile was vital because (on default Windows setting) this hides the .vbs extension and it could be taken as plain text.'
Anyone in the IT field who reads this knows at once Hayes is a total boob. The exploit succeeded in hiding the extension 'vbs' because the algorithm used by Microsoft to hide extensions works backward from the end of the file name and stops at the first period (.) - it has absolute squat to do with file name length.
In general, the article in question is littered with other such preposterous silly innuendoes and should be taken with a year's supply of salt. Taken as a whole, the article is obviously an attempt to make copy out of something that isn't even a story. Ideally it should be removed from the list of external links for this article. El Reg have any number of better, more comprehensive, and significantly more accurate articles on the subject.
On a sadder note, it might be pointed out that someone has been in here recently vandalising the article. For now it's been set aright again but the curators should keep their eyes peeled. Thank you. — Preceding unsigned comment added by 62.1.91.82 (talk • contribs)
- If you claim it was Guzman who wrote the virus, please find a proper source. Otherwise it is hearsay or, as it is called here "original research". The cited source attributed the virus to her boyfriend and I see no alternative ones. --Friendly Neighbour (talk) 06:06, 5 October 2008 (UTC)
- I added a second source but still quotable sources do not say who was the author but only who was suspected. We cannot claim otherwise as we need to stick to the Wikipedia reliable sources guideline. --Friendly Neighbour (talk) 06:21, 5 October 2008 (UTC)
Virus or worm?
The article appears to use the terms "virus" and "worm" interchangeably, which is a mistake. It certainly sounds like ILOVEYOU was a virus, not a worm, since it didn't propagate itself without user intervention (namely, running the VBScript attachment). If that's the case, the change should be made throughout, and also on the Timeline of notable computer viruses and worms page. --4.249.207.150 17:39, 5 June 2006 (UTC)
This is rather immaterial and only points to the fact that the terminology for people on the street is roughly equivalent. What's more important - what's vital - is to get the facts straight and the story correct. Arguing that viruses require user 'intervention' (wouldn't user 'interaction' be more appropriate) is weak at best. ILOVEYOU is normally classified as a worm and yet similar 'worms' emerged in the wake of ILOVEYOU, working basically the same way, yet requiring no user interaction at all. What should they in such case be called? And how long should we delay getting this article up to speed whilst we debate if a virus is a worm or the other way around? Thank you.
Never trust wikipedia, because its nevr the true facts.
It's the contributor's fault, not Wikipedia itself. People who write stuff here should at least be careful not to exaggerate facts and stuff... Blake Gripling 22:49, 25 August 2007 (UTC)
- I consider worm to be a type of virus .Richardson j 12:09, 26 September 2007 (UTC)
Revival?
I seemed to have got an attempted attack by this virus while browsing MySpace.... 67.46.139.157 23:27, 14 October 2007 (UTC)
Picture
Is there any English screenshot of the ILOVEYOU? I'm Brazilian, but i think that this picture, in english wikipedia, should be in English. --Edans.sandes (talk) 01:53, 23 January 2008 (UTC)
Yes, there is an American English website that hosts the ILOVEYOU. I have provided a screenshot on the front page. Tell me what you guys think and please read the image description page. Thanks! Hotbabygurl016 (talk) 22:27, 10 July 2008 (UTC)
ILOVEYOU: A Marketing Ploy?
Just pointing another possible angle here.
I was a 3rd year student at AMA when this virus broke out. Before continuing, I would like to point out that these are testimonies from the professors within the school.
There have been talks that the university was riding on Onel's publicity. AMA during that time, although reputable (two decades or so old), was still in an "infancy stage" along with the IT industry in the Philippines. AMA was, during that time, vying for a university level accreditation. One of our professors who claim to have met Onel in person and seen his records, claim that, although having above average grades in computer classes, he had less than average standing in everything else. He was, according to them, a windbag (for lack of a better word). I'd imagine he probably had less than average on his business ethics class(euthenics 1 & 2 during my time), which probably explains his childish and naive motives in his thesis. [1]
A notable anomaly here is that a thesis consists of two semesters. Why would he not be able to graduate on a rejected proposal when software development doesn't start until the second semester - AFTER the approval of the thesis! It is a minor if not negligble event if he fails this subject. In fact, it is during the final presentation on the 2nd semester that it is decided if a student is worthy to graduate. Given this guy's so-called exceptional programming expertise, I find it very unusual that instead of complying with the class' expectations he writes something that would be very disturbing to the panelists. It would surprise me as well that the proposal even got that far. Why would the advisor approve this thesis? In the first month alone a student is given a chance to make alternative proposals. What happened then?
This story may have been inspired by the then emerging hacker culture in the country in which stealing dial-up passwords was every computer geeks' wet dream. I fondly remember that hacking ISPs passwords, which were expensive even by US consumer standards, was a popular past time.
Another professor's story was that the school helped Onel own up to the accusation knowing that his crime would be unpunished in the Philippines. The whole world would then know that the so-called famous ILOVEYOU author/hacker originated from AMA University, Philippines. Yes, he was kicked out but the school got the publicity it needed. He didn't go to jail either so it's a win-win situation for them. I recall almost every computer illiterate parent clamoring for their children's admission into the university after this incident. Then again, in the competitive world of IT, hacking was never an unrewarding vice. Instead of imprisonment most got high paying jobs in prestigious companies.
Unethical? Commercial success was never without sacrifice! This was one willing sacrificial lamb!
Accident? I also find that surprising coming from a computer virus creator and given the magnitude of this "accident" makes it ALMOST deliberate. You can accidentally release biological viruses in the wild but not an electronic one out of sheer ignorance alone.
Although these are all probably just hearsay but it makes you think these things:
1. New computer school in need to make a name for itself nationwide and worldwide. 2. Expendable student with unexpected worldwide fame.
Do the math.
But if it is hearsay, it would surprise all of us to know that the AMA rose to popularity in a span of less than 2yrs after the ILOVEYOU virus - even after the dotcom collapse! After ILOVEYOU I couldn't get through a conversation about my college without the topic veering sharply towards the virus or my speculated skill in hacking. Whatever Onel and AMA cooked up on that day it may have worked pretty well to our favor.
But, as you read their Wiki, their reputation is not spotless to "anomalous" (as I would like to call it) administrative activities. Every administration has their conspiracies. This is probably theirs that paid off in the long run.
Ch4dwick (talk) 04:11, 13 February 2008 (UTC)
Greetings from the Philippines
I am Onel de Guzman hahaha.
This article needs citation
This article badly needs citations. Yes, it has lots of information but still, it has no (if still, little) citations. This means the information here are not verifiable. If you all guys know, articles in Wikipedia without citations are "not so reliable" so please, add some. Neffyring (talk) 12:37, 21 May 2008 (UTC)Neffyring
I LOVE YOU VIRUS released in 2005?... owz..
Ravenlasher (talk) 14:02, 10 June 2008 (UTC)
Hey guyz i'm raven a filipino citizen and now works as a programmer in Saudi Arabia..... I would like all of you to know, that the i love you virus was not released in 2005?.. if my recollection is right. when that happen (the arrest of the virus creator), the philippine president was Mr. Joseph Estrada.. and i guess it was either on 2000 or 2001..
Thanks... Please correct if im wrong...
Steltek (talk) 7:08, 12 June 2008 (UTC)
Fully agree, the worm arrived in 2000. Numerous sources on the Net can confirm this: - http://archives.cnn.com/2000/TECH/computing/05/04/iloveyou.01/ - http://news.bbc.co.uk/1/hi/uk/736080.stm The other dates in the article referencing the dismissal of the case and the Republic Act No. 8792 were also wrongly set in 2005 instead of 2000. Sources: - http://query.nytimes.com/gst/fullpage.html?res=9C0CE6DD1E3EF931A1575BC0A9669C8B63 - http://unpan1.un.org/intradoc/groups/public/documents/APCITY/UNPAN002710.pdf (numerous others can be found)
I've updated the article accordingly.
detection
i've removed the following two paragraphs, as they both completely unsourced, and appear to be quite vandalized:
"A Kenyan company opened the e-mail and got some explicit content when their anti-virus software, Skeptic, detected the attachment as malware, thus automatically protecting all of their customers. They gained widespread media coverage, appearing on BBC TV and in the mainstream UK press.
The first copy intercepted by them was stopped at 00:43:26 4 May 2000 UTC, and originated from an email address in the Philippines, going to an email address in the UK. It is likely that the email was from one of the first few rounds of replication of the virus."
if someone can fix them and source them, go ahead and put it back in. pauli133 (talk) 14:24, 20 January 2009 (UTC)
"(though in IBM mainframe...)"
The parentesis in "Such propagation mechanism had been well known (though in IBM mainframe rather than in the MS Windows environment) and used already in the Christmas Tree EXEC of 1987" may suggest this is the first such worm for MS Win, which is missleading. I thing Happy99, PrettyPark and possibly Melissa used social engineering and scripting in similar ways, and predate ILOVEYOU. The intention of the parentesis may have been to describe "Christmas Tree EXEC", but that is well done in the linked article. The parentesis was introduced 19:40, 12 July 2008 http://en.wikipedia.org/w/index.php?title=ILOVEYOU&diff=next&oldid=225262874. I think the text it replaced was clearer and more accurate. Now that info exists in the preceedig and the following paragraphs. Suggestion: remove the parentesis. David A se (talk) 14:44, 21 April 2009 (UTC)
Legislation and Upper Deck
I noticed that a small paragraph was added about Upper Deck commemorating the virus as part of there 20th anniversary edition. However no mention as to what the 20th anniversary edition was. I edited the paragraph to be more clear. However, I am wondering if this should be under legislation, or if there should be a new section to pop culture reference. Or perhaps changing the "Legislation" section to something like "After Effects." —Preceding unsigned comment added by 161.6.65.216 (talk) 20:38, 12 May 2009 (UTC)
- I've gone ahead and made some changes to improve that section. However it leaves a larger issue, which is whether a card in a trading set is really notable enough to merit inclusion on Wikipedia. Feel free to delete the paragraph entirely if anyone agrees it's not really worth knowing. - DustFormsWords (talk) 03:45, 15 September 2009 (UTC)
Effects
I removed the claim that ILOVEYOU infected 10% of the world's computers in one day. The zdnet source does not directly support that proposition, and the parenthetical about one-fifth of the world's HouseCall users being infected in that time does not really clarify matters, as the source does not specify how many HouseCall users there were at that point in time. I kept the source in because it supports the general proposition of worldwide spread within one day. GrayRoset (talk) 13:07, 26 August 2009 (UTC)
Subculture
I've done very much research on this worm and it's creators, and I've found the picture of the worm source code from the main wikipedia page to be quite compelling. I ended up visiting the website on a Linux computer, (DO NOT VISIT THE FOLLOWING WEBSITE(www.subculture.com/backdoor.html)) And I've also visited it on Windows 98. What I am curious is how subculture.com relates to the worm itself? I'm curious if anyone could right anything about that and possibly have any more information? Thank you. TSS Titanic March 16, 2010 (EST)
- Start-Class Computer Security articles
- Unknown-importance Computer Security articles
- Start-Class Computer Security articles of Unknown-importance
- Start-Class Computing articles
- Unknown-importance Computing articles
- All Computing articles
- All Computer Security articles
- Start-Class Philippine-related articles
- Mid-importance Philippine-related articles
- WikiProject Philippines articles