May 4, 2000 is a date that has gone down in history for Symantec Hosted Services, then MessageLabs. On that day the MessageLabs Intelligence team was the first to stop and name the LoveBug virus, a mass-mailing worm that affected 45 million computer users when virus levels surged overnight from 1 in every 1000 emails to 1 in 28. Most of the insight into the sentiment of that day is in the accounts from those who were on the front lines of detection as told in the April 2010 MessageLabs Intelligence Report. Similarly, the only essence of the virus itself is left in its pictorial image which Symantec Hosted Services has captured using LoveBug’s actual virus code.
Image generated by Alex Dragulescu using actual LoveBug virus code
This unique representation of the LoveBug virus was featured this week at InfoSec in London and was displayed as part of the Symantec Hosted Services Cyber Threat Gallery earlier this month at Symantec’s Vision 2010 Conference in Las Vegas and in February at RSA in San Francisco. Compared to many of the other images in the cyber threat collection, LoveBug is characterized by rounded shapes and less complex lines, reminiscent of simplicity of viruses ten years ago. Likewise, the threat landscape has changed dramatically in ten years.
During LoveBug's time, threats were created by individual hackers and distributed by email, IRC and chat rooms, but today they are the workings of organized criminal enterprises and distributed via email, web and IM often in a converged way. In 2000, the most dangerous threats were mass mailer worms with executable attachments, like LoveBug. In 2010, the most dangerous attacks are targeted attacks that demonstrate sophisticated social engineering. Also like LoveBug, threats were distributed by the computers that they compromised in 2000 with the purpose of destroying data housed on the machine. Threats today are most often distributed by botnets which can distribute any desired payload on demand looking to steal data or to recruit the compromised machine to a botnet.
For LoveBug-related statistics and a timeline of threats, download the MessageLabs Intelligence Special Report on LoveBug.
With LoveBug, Symantec Hosted Services learned some valuable lessons regarding the scalability and speed of malware and the infrastructure needed to ensure our clients would still receive clean email should another debilitating outbreak occur. LoveBug proved the veracity of our Skeptic™ engine differentiating our cloud-based scanning methodology.
Although the threat landscape is drastically different ten years on, what remains the same is Symantec Hosted Services ability and passion for protecting customers from all known and unknown viruses.