Ten years after LoveBug: social engineering and security lessons


Ten years after LoveBug: social engineering and security lessons

A decade after the LoveBug computer virus caught the online world by surprise, social engineering is still a popular element of cyber attacks, but it has become far more sophisticated.

"The key thing about the LoveBug worm, was that it used social engineering," according to Paul Fletcher, a member of the first security team to intercept and name the virus.

This enabled LoveBug to spread faster and wider than anything we had seen before," said Fletcher, chief architect at Symantec Hosted Services, formerly Messagelabs.

Before 4 May 2000, no-one had seen a malicious e-mail that appeared to be a simple text message sent from someone they knew, he told Computer Weekly.

"There was no reason to mistrust the source, and few people could resist opening an attachment to a message with the subject line 'ILOVEYOU'," he said.

Once opened, the virus sent itself to every e-mail address in the recipient's address book, hitting an estimated 45 million e-mail users in one day.

The first LoveBug messages were intercepted by Messagelabs' Skeptic heuristic detection engine just after midnight on 4 May 2000.

Skeptic, now owned by Symantec, was the first tool to pick them up because it is not signature-based.

The tool looks at previously analysed malcode to identify potential threats, and blocked LoveBug based on characterstics seen in the Melissa virus, said Fletcher.

"By the time I got into the office at 8:30, Skeptic had intercepted around 460 messages, about 150 more than our daily average at that time," he said.

Within half-an-hour the number had jumped to over 3,000, more than ten times the daily average.

"It was exciting when we realised we were stopping something new, and stopping lots of it," said Fletcher.

"Between 9 and 10 o'clock we huddled around the virus counter, and saw the massive acceleration as people started arriving at work and opening their e-mails," he said.

Cybercriminals are still using social engineering to trick people into opening attachments or clicking on malicious links, but they are much more sophisticated.

LoveBug was primitive by today's standards, being a simple script virus with clear, unobfuscated code that was easy to understand, said Fletcher.

Today, social engineering attacks typically target only a few key individuals in an organisation with a carefully crafted personalised e-mail that looks legitimate, he said.

These attacks are motivated by financial gain and are supported by an organised, well-funded and sophisticated underground economy.

The LoveBug was about wanting to be seen, but most of the e-mail-borne malware of today is designed to steal information, undetected for months or years, said Fletcher.

"It is more important than ever before to be alert, aware, and have adequate protection because the attacks are not as obvious as before, and consequently they are lot more dangerous," he said.

Play now:
Download for later:

Ten years after LoveBug: social engineering and security lessons

  • Internet Explorer: Right Click > Save Target As
  • Firefox: Right Click > Save Link As

This was first published in May 2010


COMMENTS powered by Disqus  //  Commenting policy