citations.press Submit a citation →
Index  ›  tech  ›  BBC
tech · BBC

A decade on from the ILOVEYOU bug

BBC Reviewed Jun 30, 2026 ✓ Reviewed by citations.press editors
Citation-ready fact
Paul Fletcher, manager of Star Labs security, stated that on 4 May 2000, Star Labs' e-mail filtering service was showing more than 100 pieces of malware.
more than 100 pieces · malware
Paul Fletcher, manager of Star Labs security
View source ↗
Citation-ready fact
Mikko Hypponen, head of research at F-Secure, stated he received and missed more than 40 phone calls during a 30-minute conference call.
more than 40 calls · phone calls received/missed30 minutes · conference call duration
Mikko Hypponen, head of research at F-Secure
View source ↗
Citation-ready fact
Paul Fletcher stated that Star Labs' e-mail filtering service was showing more than 100 viruses overnight on May 4, 2000.
more than 100 viruses · viruses snagged by e-mail filtering service
Paul Fletcher, manager of Star Labs security
View source ↗
Citation-ready fact
Paul Fletcher observed Star Labs' virus counter flip to 450 at 0900GMT on May 4, 2000.
450 viruses · viruses snagged by e-mail filtering service
Paul Fletcher, manager of Star Labs security
View source ↗
Citation-ready fact
Paul Fletcher observed Star Labs' e-mail filtering service catch more than 13,000 viruses by the end of May 4, 2000.
more than 13000 viruses · viruses caught by e-mail filtering service
Paul Fletcher, manager of Star Labs security
View source ↗

For Paul Fletcher, manager of Star Labs security, 4 May 2000 started like any other day. By the end of the day nothing would ever be the same again.

He got to work around 0830GMT and, as he did every day, checked how many viruses Star Labs' e-mail filtering service had snagged overnight.

Updated hourly, on a busy night it stopped 40 or 50 pieces of malware.

"That day it was showing more than 100 and I thought that was kind of interesting," said Mr Fletcher.

At 0900GMT he watched as the counter flipped over to 450: more than Star Labs usually caught in a day.

He changed the counter to update every 10 minutes and watched as the total started to climb. By the end of the day it had caught more than 13,000.

All around the world, security researchers were waking up to the scale of the problem confronting them.

It all started in the Philippines many hours earlier when 24-year-old Onel De Guzman released a virus that he had proposed creating as part of his undergraduate thesis.

The key part of the virus was not any technical trick but the wording of the subject line - ILOVEYOU - and its attachment LOVE-LETTER-FOR-YOU.

Few could resist opening the attachment which kicked off the attack code that then plundered their e-mail address list and sent itself to every name it found.

In 2000, many people did not have any security software and even those that did only updated the signatures of known viruses once a month.

Simon Heron, manager of security firm Network Box, remembers he was at a meeting on the day to discuss security with a client.

He said: "We were in a room with four programmers and a guy burst in shouting 'Don't open any e-mail from me!"

"That was their alerting system," he said.

With defences so scant, pretty much everyone that opened up the attachment was infected. In all about 45 million Windows PCs were thought to have been hit on 4-5 May.

Despite being traced via an alias he left in the virus, Mr De Guzman was never charged with a crime. At the time he released the malware, the Philippines had no laws criminalising malicious use of computers.

Mikko Hypponen, head of research at F-Secure, remembers the day well.

"I remember working on the case all day from 09:41, when it started, until midnight, then going to bed only to be woken up at 3am by calls from the USA," he said.

Mr Hypponen remembers coming off a conference call with other security firms and the various national Computer Emergency Response Teams to see that lots of other people had called.

"When I hung up my phone and looked at the screen, it showed that I had received and missed 40+ phone calls during that 30-minute conference call," he said. "All those calls were coming in from partners, vendors and media.

"Everybody wanted to know what was happening and how to fight the outbreak," he told the BBC.

Unfortunately, combating the LoveBug was hard.

Big companies were hit the hardest. The virus kicked off a tsunami of e-mail within and between companies so their mail servers crashed under the load.

The anti-virus companies released a fix around 1000GMT but few could get hold of it because so many people were trying to download it at the same time.

"It was very difficult to clean up," said Mr Fletcher. "It took a lot more effort to clean up and people were not very used to that then, no-one was really used to doing back-ups."

The LoveBug did more than just cause a problem in early May, ten years ago.

Prior to its release, viruses were written by teenagers for kicks. Similarly spam senders were few and far between because they had to pay for their bandwidth and hosting.

The LoveBug showed how to get spam to send itself and how, with a cleverly designed virus that preyed on human psychology and technical failings, malware could rack up enormous numbers of victims.

The end result is that now 90% of all e-mail sent is spam. Star Labs, which became MessageLabs soon after, now stops more than one million viruses every day. Cyber crime is big business and is done for financial gain rather than kicks of bragging rights.

"The LoveBug showed the shape of things to come," said Mr Fletcher.

This article was originally published by BBC ↗. citations.press indexes the source-backed facts above and links to the original. Something wrong? Corrections policy · Report an error