tiero - stock.adobe.com

Revealed: The man behind the first major computer virus pandemic

After 20 years of silence, Onel de Guzman has admitted unleashing the “Love Bug”, the computer virus that caused havoc by infecting 45 million machines around the world

This article can also be found in the Premium Editorial Download: Computer Weekly: The role of AI in the war against pandemics

The creator of the world’s first global computer virus has admitted to his guilt – 20 years after his software infected tens of millions of machines worldwide.

Filipino Onel de Guzman, now 44, says he unleashed the “Love Bugcomputer worm to steal passwords so he could access the internet without paying. He claims he never intended to spread it worldwide, and regrets the damage his code caused.

The Love Bug outbreak began on 4 May, 2000. Victims were tricked into opening an email attachment entitled LOVE-LETTER-FOR-YOU. A virus hidden in the attachment overwrote files, stole passwords, and automatically sent copies of itself to all contacts in the victim’s Microsoft Outlook address book.

Within 24 hours, the virus had caused major problems across the globe, reportedly infecting 45 million machines. It overwhelmed organisations’ email systems and IT managers disconnected parts of their infrastructure to prevent infection. Estimates of damage and disruption ran into billions of pounds.

In the UK, Parliament shut down its email network for several hours to protect itself, and in the US, the Pentagon was reportedly affected.

The Love Bug was not the first computer worm, however. The previous year, the Melissa malware had reportedly infected a million machines using similar tactics. But in the speed and scale of its propagation, the Love Bug dwarfed previous outbreaks and exposed the vulnerability of the world’s increasingly internet-connected existence to attack.

FBI traced outbreak to Philippines

Investigators, including the FBI, traced where the stolen passwords were being sent, and discovered an email address registered in the Philippines. From there, they homed in on an apartment in the capital, Manila.

The occupant’s brother was Onel de Guzman, a computer science student at the city’s AMA Computer College. He was a member of an underground hacking group called GRAMMERsoft and quickly became the lead suspect.

De Guzman appeared before the world’s media on 11 May. He appeared to speak little English and communicated mainly through his lawyer. When asked whether he may have released the virus accidentally, de Guzman said: “It is possible.”

The Philippines had no law covering computer hacking, so neither de Guzman nor anyone else was ever prosecuted. Suspicion also fell on de Guzman’s fellow student, Michael Buen, another GRAMMERsoft member whose name was found on computer diskettes discovered in the apartment raided by police. As a result, Buen is frequently cited online as the co-author (and sometimes sole author) of the Love Bug.

Tracking down De Guzman

I set out to finally lay to rest the mystery of who was behind the virus by tracking down Onel de Guzman. There were rumours he had moved to Germany, to Austria or to the US. Others said he had been recruited by Microsoft following the outbreak. All proved to be wide of the mark.

On a forum dedicated to the Filipino underworld, a user claimed in 2016 that de Guzman ran a mobile phone repair shop in the Quiapo district of Manila. In April 2019, I visited the area hoping to find the Love Bug suspect, only to discover a sprawling market containing dozens of mobile phone repair shops.

In desperation, I wrote Onel de Guzman’s name on a piece of paper and showed it to shop workers at random in the hope that someone would recognise it. Finally an employee said he knew of de Guzman and believed he worked in another phone repair booth at a shopping mall elsewhere in Manila.

After several hours wandering the mall, still brandishing de Guzman’s name, I was directed to a cramped, messy stall at the very back of the building, and after waiting several hours for him to turn up, I came face to face with Onel de Guzman.

His face has filled out over two decades, but some distinctive facial features convinced me it was him, even before he began describing the virus and his part in its creation and spread.

Many people wanted Love

De Guzman speaks in broken English, and claims his lawyer told him to pretend not to speak the language in the press conference in 2000. He claimed the Love Bug was a revamped version of an earlier virus he had created to steal passwords. In the era of dial-up internet, such passwords were needed to get online, and de Guzman said he could not afford access himself.

At first, de Guzman claimed he sent the virus only to Filipino victims with whom he communicated in chatrooms, because he only wanted to steal internet access passwords that would work in his local area.

But in the spring of 2000, he tweaked the code. He added an auto-spreading feature that would send copies of the virus to victims’ Outlook contacts, using a flaw he said was present in Microsoft’s Windows 95 operating system. He added a title to the email attachment that would entice people across the world to open it.

“I figured out that many people want a boyfriend, they want each other, they want love, so I called it that,” he said.

Onel de Guzman pictured with author Geoff White

De Guzman claimed he sent the virus initially to someone in Singapore, and then went out drinking with a friend. The first he knew of the global chaos he had unleashed was when his mother told him police were hunting a hacker in Manila.

His mother hid his computer equipment, but not the diskettes containing de Guzman’s classmates’ names, including Michael Buen, which were later found by the police. De Guzman insisted Buen had nothing to do with the Love Bug and that he was its sole creator.

After a period of lying low, de Guzman returned to computer work, but did not go back to college. He now runs the small phone repair booth with another member of staff. He says he regrets writing the virus, and the infamy it has brought.

“Sometimes I get my picture on the internet,” he said. “My friends say, ‘It’s you!’ I’m a shy person, I don’t want this.”

The Love Bug may have faded into history now, but its story has echoes in the current, virus-afflicted world.

Damage caused by organisations responding to the virus

Just like the coronavirus, de Guzman’s infection spread from East to West, crippling computer systems as the working day began and employees opened up their email inboxes.

De Guzman’s virus exploited a weakness in Windows computers, a fatal vulnerability in the digital immune system for which a fix could not be generated quickly enough to stop the spread.

The damage was mainly caused not by the virus itself, but by organisations (such as Parliament) sealing off their networks to prevent infection. In a digitally connected world, isolating computers proved to be as economically ruinous as distancing people.

But where viruses like Love Bug differed from SARS-Cov-2 is that their victims immediately knew they were infected, because their files were unusable.

In the 20 years since the Love Bug, that has changed. The best computer viruses now sit, stealthily controlling computers without the user’s knowledge. And it’s exactly these hidden infections that are being used to spread the current round of coronavirus spam email.

Crime dot com – from viruses to vote rigging, how hacking went global by Geoff White will be published by Reaktion Books on 10 August and is available to pre-order now on Amazon: https://www.amazon.co.uk/dp/1789142857

Read more on Hackers and cybercrime prevention

Data Center
Data Management