The ILOVEYOU worm was first reported in Hong Kong on 4 May 2000 and spread westward on that day. The ILOVEYOU worm affected computers at more than half of the companies in the USA and more than 105 mail servers in Europe. Internal e-mail systems at both the U.S. Senate and Britain's House of Commons were shut down. It was estimated that the ILOVEYOU worm did more damage than any other malicious program in the history of computing: approximately US$ 9 × 109. On 4 May 2000, MessageLabs filtered ILOVEYOU from one in every 28 e-mails, the all-time highest daily infection rate seen by MessageLabs. The ILOVEYOU incident was commonly reported as a virus in the news media, but it was actually a worm, because this malicious program did not infect other programs. I call this worm by the subject line of e-mail that propagated this worm. Norton Anti-Virus calls it VBS.Loveletter.A. The ILOVEYOU worm arrived at the victim's computer in the form of e-mail with the ILOVEYOU subject line and an attachment. The e-mail itself was innocuous, but when the user clicked on the attachment to read the alleged love letter, LOVE-LETTER-FOR-YOU.TXT.VBS, the attachment was a Visual Basic program that performed a horrible sequence of bad things:
Deletion of files from victim's hard disk. The worm overwrote files from the victims' hard disk drive, specifically targeting files with extensions:*.JPG, *.GIF, and *.WAV, amongst many others (i.e., files containing audio/visual data), *.CSS (i.e., cascading style sheets called by HTML 4.0 documents). some later versions deleted *.COM or *.EXE files, which prevented the computer from starting when rebootd. Some later versions deleted *.INI files.
The worm overwrote a copy of itself to a file with the name of the original file, appending the extension *.VBS, so the total number of files on the victim's hard disk would be unchanged and the damage more difficult to immediately detect. Further, if a victim clicked on one of these files, the ILOVEYOU worm would be activated again on that one victim. By overwriting files, instead of merely deleting files, the worm made it much more difficult (perhaps impossible) to recover the original file on the victim's hard drive. For example, if the worm had merely deleted files, then the victim could restore the files from the Recycle Bin or Trash Can. In addition, the worm marked files of type *.MP3 as hidden, so they would no longer appear in directory listings, then copied the worm to new files *.MP3.VBS.
Password theft
The attachment LOVE-LETTER-FOR-YOU.TXT.VBS automatically set the Microsoft Internet Explorer start page to a URL at a web server in the Philippines, which would download WIN-BUGSFIX.EXE to the victim's machine. The worm then set the victim's machine to run WIN-BUGSFIX.EXE the next time the victim's machine was booted. WIN-BUGSFIX.EXE was a Trojan Horse program that collected usernames and passwords from the victim's hard drive and e-mailed them to an address in the Philippines, mailme@super.net.ph. (That was a really stupid feature, since law enforcement agents, within 12 hours of the initial release of the worm, identified the person who owned that e-mail address.) Furthermore, there was a copyright notice in the Trojan Horse's code!

An Internet Service Provider in Europe alerted the web server in the Philippines at 08:30 GMT on Thursday, 4 May 2000, and WIN-BUGSFIX.EXE was removed from the website, which prevented most of the harm in Europe and the USA from this password-collecting program. Later, the web server in the Philippines was overwhelmed (i.e., a kind of a denial of service attack) with requests from the worm for WIN-BUGSFIX.EXE. This Trojan Horse program had been previously submitted as a thesis proposal at a computer college in the Philippines. The proposal was rejected with handwritten comments "This is illegal." and "We don't produce burglars." The student then dropped out of the college without earning a degree. A copy of the student's rejected thesis proposal is posted at Richard M. Smith's website.
Worm propagates
The worm transmitted itself using features of the earlier Melissa program: scanning the address book in Microsoft Outlook, and then transmitted a copy of the ILOVEYOU e-mail to all of those e-mail addresses. This method of transmission rapidly disseminated the worm to millions of victims. In comparison, Melissa sent copies to only the first 50 entries in the Microsoft Outlook address book, while ILOVEYOU sent copies to every address in the that victims' book. The worm also sent copies to other people on the same Internet Relay Chat channel that the victim was using.
Police in the Philippines knew the name and location of the suspect within 12 hours of the initial release of the worm, but the police were hampered by the lack of laws there for computer crimes. The closest relevant Philippine law was designed to cover credit card or bank account fraud, but was broad enough to cover unauthorized taking of goods and services. However, the police were not able to find sufficient evidence for prosecutors to apply this fraud statute. On 7 June 2000, police and prosecutors in the Philippines closed their investigation of the ILOVEYOU worm, because the creation and release of this worm was not a crime in the Philippines. On 21 August 2000, prosecutors dropped all charges against the people who apparently designed and released the ILOVEYOU worm. This example shows the international nature of computer crime: a criminal in one country can rapidly cause havoc all over the world, using the international reach of the Internet. In contrast, a criminal who physically moves from one country to the next would need to pass though immigration and customs controls at each border, as well as become subject to personal jurisdiction in each country. One of the first steps companies used to ward off the ILOVEYOU virus was to screen out notes with ILOVEYOU in the subject line. However, hackers quickly introduced copycat variations with subject lines variously identifying "JOKE" and "Mother's Day!" as the content, but containing the same or similar VBScript code.