Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Microsoft IT

How Microsoft Fought the 'ILOVEYOU' Virus 20 Years Ago (fastcompany.com) 74

Posted by msmash from the closer-look dept.
The inside story of 'ILOVEYOU' and two other viruses from two decades ago. Steven Sinofsky, who worked at Microsoft from 1989-2012 and oversaw the Office (1998-2006) and Windows (2006-2012) teams, writes (shared by reader harrymcc): One morning during the first week of May of the new millennium, I received a call at my apartment while I was getting ready for work. I heard a female reporter tell me her name, and then basically listened to her hyperventilating and proclaiming her love for me repeatedly: "I love you. I love you." That's what I heard, anyway. The call. A reporter. Early morning. It was all weird. In reality, LOVE broke out all over the internet. Over the span of a weekend, inboxes around the world of Outlook and Exchange email users were inundated with dozens of copies of email messages with the subject line, "ILOVEYOU."

I learned from the reporter that the LOVE email incident was deemed so serious that the PR lead gave her my home number and simultaneously sent me a briefing via email. In the era of dial-up, I could not read the email and talk on the phone because I only had one analog phone line at home. I had no idea what was going on, so I agreed to return the call after I dialed up and downloaded my email. That's when I realized the magnitude of the issue.
This discussion has been archived. No new comments can be posted.

How Microsoft Fought the 'ILOVEYOU' Virus 20 Years Ago More

How Microsoft Fought the 'ILOVEYOU' Virus 20 Years Ago

Comments Filter:

  • Lost a bunch of image files to it, but not all.
    Thankfully.

  • I remember that day well (Score:5, Interesting)

    by wwphx ( 225607 ) on Tuesday May 05, 2020 @12:09PM (#60024624) Homepage
    I was working for the police department at that time (different times, I wouldn't work for one now). Went in to work at 7am, loaded Slashdot as usual. Saw the article. Went in to our security guy's office, showed him the story. We went into the server room and unplugged the outside connection to our firewall, all before 7:15.

    We then sent out a PD-wide email saying "DO NOT OPEN "I LOVE YOU" EMAILS!" Net result: minimal infection, and curiously the payloads of the ones we received seemed ineffective. Now, our upstream provider, the City? They got clobbered! They were massively pasted by the virus and it took them a lot of work to recover from it. Apparently their IT department didn't read /.

    • Re:I remember that day well (Score:5, Funny)

      by TFlan91 ( 2615727 ) on Tuesday May 05, 2020 @12:58PM (#60024824)

      Too bad nowadays if you relied on /. you wouldn't see the story until a week later, too late to prevent anything...

      • Along with a dupe a few days later.

        The "editors" have been a complete laughing stock -- even before Rob sold /. [computerworld.com].

        Half of the time they can't even do their bloody job such as basic spelling and grammar, the other half of the time they post dumb shit. God forbid they actually SUMMARIZE a story -- because we're all supposed to "know" what these sea of acronyms and names are supposed to be. /s

        i.e. dryriver is basically a fucking moron. I don't even know how msmash continues to post duplicates. Gee, if only the

    • Re: (Score:2)

      by rho ( 6063 )

      It's funny, I haven't thought about the ILOVEYOU virus in forever. I dug up a Slashdot post about it from the time (not going to link it), and my AV software popped up to tell me the page was infected with VBS:Agent-AWK [Trj]. Nice!

      • Re: (Score:2)

        by cusco ( 717999 )

        A co-worker was looking for some old files a couple years ago, popped a floppy into the only drive she had that still worked, and her antivirus software immediately told her that it was cleaning I Love You off the disk. She was shocked that they still check for it.

        • I'm still shocked that you found a pc that used a disk drive.

          • Re: (Score:2)

            by cusco ( 717999 )

            I still have a floppy drive in a cabinet with an IDE controller, but nothing with an ISA bus to plug it into any more.

    • We then sent out a PD-wide email saying "DO NOT OPEN "I LOVE YOU" EMAILS!" Net result: minimal infection, and curiously the payloads of the ones we received seemed ineffective.

      Did you a bunch of cops waving guns outside your office waving banners saying "LIBERATE EMAIL!!!" and "Quarantine is Fascism!"?

      Note: That's meant as a joke, for people about to post angry replies.

      • Re: (Score:2)

        by wwphx ( 225607 )
        Heh. I laughed!

        As I said in my original post, I couldn't work there now. It was a different time, and then officers were held to very high standards, at least at our department. I saw officers disciplined and fired. Granted, I was a civilian, so I didn't see the actual true inside operations. But I worked with a lot of insiders. Five years ago my dad, brother, and I went to the shooting range. I was talking to one of the people who worked there, turned out he was a retired officer from the same de

    • Re: (Score:1)

      by arsenix ( 19636 )
      I worked in IT during this lovely time. I knew about the virus. I sent out numerous company wide emails instructing people not to open emails with the "I LOVE YOU" subject line. I told specific people directly in person (the most likely ones to open it). Despite that we had several incidents. One secretary opened the email THREE TIMES in the span of a few weeks. The company I worked at chose (for reasons that simply cannot be explained) to expose all network storage to all employees with full write access,

      • Re: (Score:2)

        by wwphx ( 225607 )
        What's the phrase? 'Social engineering: because there's no patch for human stupidity.' You tried, my friend, you tried. Sounds like too much institutional stupidity and inertia arrayed against you.

        Where I was at, we were three sysadmins for the entire Microsoft network serving 4,000~ users sworn and civilian, I'm guessing around a dozen sites throughout the city, 20 servers give or take including my SQL Servers. We had junior admins at the remote sites who were officers who knew how to change tapes a
  • Hell, I had a cell phone in the year 2000, and I was making a lot less than a Microsoft team lead. I had a plan with a reasonable number of minutes back then for something like $20 / month. Granted my reception was crap because I was on a CDMA network but I did have a cell phone.

  • Only had a dialup line in 2000? Seriously? What's his excuse for that? Most people with middle class or higher income had cable modems and DSL back then.

    • Re: (Score:2)

      by sims 2 ( 994794 )

      I'd take a guess that he wasn't in an area where anything better was available.

      I was on dailup till ~2005 and that was a move to satellite.
      The much more surprising thing to me is what damn_registrars mentioned was that he apparently didn't have a cellphone in 2000 and they were already pretty common by that point in time.

    • I had dialup in 2000, and didn't get cable until maybe 2001 or 2002. Dislup was very common to the point that web pages that I created back then were small enough to load in a second on dialup, and that was B2B stuff. Most businesses still ran on dialup.

      In fall of 1999 I helped a guy install a Linux machine to act as a "firewall" when he got a Comcast cable modem at his office. Comcast sent someone out to install the cable modem and connect a single computer to it, which was the norm at the time. We let

    • That was about the time I was able to get slow DSL.

    • What's his excuse for that?

      He lived in the US...

    • I had a cable modem in the year 2000, though I did in fact pay for a dial up connection for quite a while after as well. This was especially useful when traveling.

      When I think about it, it was a kind of a weird time right before WIFI hit wide enough adoption that you could safely assume a hotel was likely to have free internet access. I needed the dial up connection, but it was just barely capable of allowing me to do much except respond to emails. I mean at the time we were still using Source Safe, and

    • Re: (Score:2)

      by cusco ( 717999 )

      I still had a pager in 2000, I avoided getting a cellphone until my new employer paid for it in 2002. My neighborhood was built in the 1950s, the cable infrastructure was too crappy for a modem to maintain a connection. We had DSL for a while, 2002-2003 I think, but because of the way the wiring was run it was a four mile cable path from my house to the DSLAM that I could probably hit with my spud gun from the front yard so the connection would go down for days at a time. They finally upgraded the cable

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      Only had a dialup line in 2000? Seriously? What's his excuse for that? Most people with middle class or higher income had cable modems and DSL back then.

      Not really.

      Cable broadband didn't come to my area until 2001 or so. It was pretty big news since the cable company was going to be around installing broadband equipment in our area and we could all sign up for it. And no, we weren't in a rural area - it was a nice suburban part of the city.

      Heck, this was the time the installers provided free networking card

    • Re:Wait what? (Score:5, Interesting)

      by VP ( 32928 ) on Tuesday May 05, 2020 @03:48PM (#60025512)
      That was exactly my reaction... Broadband was available, and a company like Microsoft would have been in a position to make it available (i.e. pay the local cable company to extend their broadband network to his home). I know of a much smaller (10 person) company who paid the local telco to install a T1 line outside city limits for their CEO not much later than 2000.

      It is just that Microsoft as a whole viewed the Internet at the time as a "not-invented-here" competition that they could overtake with proprietary breakage like Internet Explorer...

      • 'It is just that Microsoft as a whole viewed the Internet at the time as a "not-invented-here" competition that they could overtake with proprietary breakage like Internet Explorer'

        Very true.

      • Re: (Score:2)

        by cusco ( 717999 )

        Remember, the walled garden of AOL (aka Eh? Oh Hell!) was the primary online service at the time, MSN was still trying to follow their lead.

    • I did have DSL by 2000, but only barely, and most people I knew didn't. I think you are either misremembering, or have a very provincial viewpoint.

      Here's some stats: https://www.statista.com/stati... [statista.com]

      As you can see, broadband at home was very, very uncommon in the US in early 2000, and only flipped over to be a majority of people around the middle of that decade.

      Different source with different information from which you can glean similar insights: https://www.statista.com/stati... [statista.com]

      It's really no surprise.

  • Not a word here about re-thinking the creation of the greatest software virus ecosystem imaginable?

    Nah. Who am I kidding.

  • "M$ wasn't an enterprise co", as though they weren't already selling to corporations.

    But when he writes "Clippy was criticized at the time, but really was ahead of its time" is where I stopped reading.

    • "M$ wasn't an enterprise co", as though they weren't already selling to corporations.

      As though they didn't start by selling to corporations.

    • I like bashing Clipping, or the pooffing wizard as much as the next guy. But I gotta say, I was consistently impressed with the Help in Office. If I got stuck trying to do something and pressed F1, many times the help window came up and had EXACTLY what I needed. Then they gutted the context-sensitive help and just threw up a link to some MS search page where you had to decide what key words to type in and then wade through a bunch of crappy results. Now everyone has just learned to search for help somewher
  • The most interesting thing in the article is how they discuss how they had no intentionn to use GUID metadata to identify the maker of a document, and how this was essentially close to a conspiracy theory, and then someone turned around and used that data to actually help identify who made the Melissa worm. Apparently if a capability exists, it will get used.

    • Re: (Score:1)

      by lengel ( 519399 )

      Yeah douche-a-rama goes on and on about they would never do this and nobody would think of this and blah blah blah.... But when it tracks the person down doing exactly this he seems to take credit for MS coming up with the idea.

      Douche.

      • I think he was pretty clear in the article that a) the idea wasn't his and b) that he's pretty embarassed by the whole thing.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      The push back from customers is interesting. I remember it, people didn't trust updates to software that was working fine for them and didn't want functionality removed at any cost.

  • When my PC was infected by this terrible virus. First it turned purple and then shortly after that my PC speaker started to bleep out the Barney I love you theme.

    It was terrible I tell you! TERRRIBLE!

    I then tried to unplug my PC as it tried to hug me. It was a fight. My computer was no longer a trusted tool, but a purple hugging bleeping PC.

    It then chased me down the hall bleeping away. The only reason I live to tell this story, is because the computer's power cord was not long enough to reach

  • Steven Sinofsky, who worked at Microsoft from 1989-2012 and oversaw the Office (1998-2006) and Windows (2006-2012) teams

    I don't know the guy, but the fact that he oversaw Office during its good years and Windows during its good years speaks volumes to me.

    • > Windows during its good years

      It was good? /s :-)

      • Re: (Score:2)

        by cusco ( 717999 )

        It was better than anything else at the time, what were you going to replace it with? Linux? Sure, if you wanted to dick around with poorly documented text files scattered in random locations, no support, no standards, and essentially no apps. Apple? Sure, if you wanted to pay three times the price for half the computer, shitty support, inconsistent standards, and essentially no apps. AS400 terminals? Sure, if you wanted to pay more for the system than for your house and terminals that cost as much as

        • You keep saying "No apps". I don't think it means what you think it means.

          Every OS has had apps written for it.

          Whether it popular like Windows, Linux or MacOS, or obscure Operating Systems like like GEOS, BeOS, etc.

          • Re: (Score:2)

            by cusco ( 717999 )

            Microsoft wrote the only widespread productivity apps that ran on the Mac, otherwise there was a very limited set of applications that it could run (mostly by Adobe). Until the adoption of Beowulf clusters Linux was mostly a flaky hobbyist OS, even Apache ran on more Windows servers than Linux ones.

            BeOS was a nice OS, OSX was OK, but neither had the literally tens of thousands of apps that had been written for Windows by the turn of the century.

  • because no one loves a Linux user.
  • If you were running Exchange Server with an anti-virus scanner on a small hard drive back then, the AV notification emails for every infected email brought the entire server down.

  • Microsoft never got the internet (Score:5, Interesting)

    by eap ( 91469 ) on Tuesday May 05, 2020 @02:41PM (#60025206) Journal
    The internet has been a second class feature to Microsoft since they first learned of it in the early 90s. They didn't understand it, and its culture of interoperability clashed with the company's proprietary culture. This is why their users were pwnd by something as dumb as email macros.

    From TFA:

    Our products (and customers) were put at risk due to an increasingly connected world.

    No. You put your customers at risk by disregarding security for your janky-ass scripting interface. People were running companies based off shitty Outlook macros. All pwnd.

    • Re: (Score:2)

      by cusco ( 717999 )

      I see this opinion frequently, but I don't remember it that way. I was given a 1996 VHS tape as a white elephant gift, Bill Gates doing a presentation he called 'Windows At Work', in which he spent essentially the entire speech talking about the coming changes that the integration of the Internet into the workplace would bring. It was quite prescient for its time.

    • People were running companies based off shitty Outlook macros

      Fast forward to 2020 and we're finally getting away from that practice. ... Now we're running companies based on shitty Office 365 Power Automation hooks.

  • Where I worked at the time, the Chief Financial Officer was the person who handed out bonuses and pink slips. He got the virus first. When you see his name and "I Love You", you KNOW you are going to open it. Within 10 mins of the start of business, everyone in the company opened it and sent email to everyone else. I still want to kick the author in the nuts. (several times)

  • How Microsoft caused the ILOVEYOU virus (Score:4, Insightful)

    by Solandri ( 704621 ) on Tuesday May 05, 2020 @06:22PM (#60026206)
    From the wiki page [wikipedia.org]:

    spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The latter file extension ('vbs', a type of interpreted file) was most often hidden by default on Windows computers of the time (as it is an extension for a file type that is known by Windows), leading unwitting users to think it was a normal text file.

    It's been over 20 years and I'm still asking - what exactly is gained by hiding the file extension? How does it improve anything? I turn this stupid "feature" off on every computer I set up for friends, family, and clients.

    • Microsoft has caused most computer viruses in existence with their poor source code control and bad design. They have cost businesses billions of dollars worth of downtime. Why anyone chooses to run their garbage I'll never know...

    • Extensions are "techy" stuff that users should not need to know about. Same reason they hide the true email address, so that Bill.Gates@thieves.com looks genuine.

      Microsoft has user experience experts who, by definition, know nothing about technology but advise on this sort of thing.

    • Solandri [slashdot.org]: “The latter file extension ('vbs .. was most often hidden by default .. leading unwitting users to think it was a normal text file”

      So clicking on it opened it, and OPEN equates to RUN on Windows.
  • How Microsoft Fought the 'ILOVEYOU' Virus 20 Years Ago

    That's an ironic statement, considering it was a combination of Microsoft Windows, Internet Explorer, Outlook and Visual Basic scripts that caused the infestation.
  • Jan 1994: Steven Sinofsky [slated.org]: “For all this we should be analysing the Mac system as it evolves and improves and innovating what makes sense .. With Wings, I think, optimistically, there is a real chance to undermine the Mac.”

    March 1998 Steven Sinofsky [groklaw.net]: “It is hard to imagine any customer of Microsoft's or any owner of a PC that does not think of their PC as flaky or buggy and places the blame on Microsoft. Part of this is definitely a perception issue tied to Microsoft.”

    May 2000:
  • I was working for a company that was a division of Conagra Foods at the time. Half the company or the marketing and sales department got hit hard by it. It was funny as only 6 months prior did that half of the company decide to move to Windows NT. That part of the company was down for more than 2 weeks with re-infections.

    The Plant operations and engineering services division never noticed it as we were running OS/2 eBusiness Server. We all had a good chuckle out of it. Move to windows, be shut down for 2

  • At the time, the company I worked for used Novell Groupwise (I forget the version ....) and we were essentially immune.

    Virus scanners still caught it, and life went on. Some of my colleagues weren't so lucky.

Slashdot Top Deals

God doesn't play dice. -- Albert Einstein

Close