scot May 6, 2020 8:05 AM

I remember that one. When I saw the first e-mail from a coworker, I realized it was a virus, so I ran up the stairs and disconnected her laptop from the network cable, and then powered it down. I may still have a copy of the virus script somewhere. Fortunately, we got it stopped before it found the network drives with all the test data–I was working for an image processing software company, and that could have been pretty annoying.

Peter A. May 6, 2020 9:54 AM

It is an interesting legacy in many ways.

I remember all the hype only vaguely, because the spread of this virus was rather low in my country – mostly because MS Office was so expensive (relatively) that very few businesses used it, and email was really only starting to take off outside the academia. I don’t even remember if email traffic on our university servers had a noticeable increase at that time.

I see many articles chastising Guzman. He’s not without guilt, obviously, trying to ride on someone elses expense is unethical at least, but the big failure lied within the infastructure. Guzman could not realistically predict the outcome. Yes, he added injury to the insult by putting together desctructive code with his (reportedly) originally intended password-stealing code. In the end it was like some hobo stealing a piece of wire for scrap money sending the whole country into blackout. Who’s to blame for the blackout then? Interesting question.

Such stuff happen on smaller scale sometimes. Some not-well-thought-out experiment or prank in specific unforeseen conditions – and BOOM you have a chain reaction of sorts that you can’t control. For one example I was probably able to send one small hosting business into oblivion – or was it already on the edge? I used to rent cheapest $5-or-less VPSes for my private email & stuff and some playing around with code. I was testing some OpenVPN setup and unwisely did a ping -f … BOOM! I got disconnected from ssh, console access didn’t work, control panel didn’t work, the hosting provider’s ticketing system and front page went offline… It was late Friday evening. Their main email was on Google, however, so I used my other email (my main email was hosted on the poor VPS) to contact them, apologize and describe the situation in detail. I half-expected them to ban me and demand some damages or whatnot and was preparing mentally to suck it up. They responded next week that everything is back now and they’re investigating. That was the last contact I had with them. My next payment for the rented VPS went through but was not accounted for, they stopped responding to my tickets or emails, I ended paying up twice, but eventually the rental period expired and the VPS was (automatically) shut down. I had to seek another provider. Funnily, my control panel account was live for quite a time but I was unable to do anything like fire up another VPS. Their front page was there for a few years, until the domain expired. It looked like they’ve simply dropped the ball. Was I the cause? I still wonder…

wiredog May 6, 2020 10:23 AM

I always though of the Morris Worm as being the first major malware outbreak. By the time this one came out I was running Linux at home. Don’t recall anyone I knew getting hit with it.

Samuel Johnson May 6, 2020 10:51 AM

I was working in the Philippines at the time. We were hammered. So many single young women clicked in hope on emails from their bosses (or all concerned thought it was a joke). Of all the places I’ve worked, and on which I’ve compared notes with colleagues, the Philippines has the highest predilection for chain letter emails. Keeping an Exchange system running was a challenge at the best of times.

It was the perfect place for this to originate.

Clay_T May 6, 2020 9:01 PM

One of the well trained, security conscious employees emailed it to me because they said “It won’t open!”*
(* We were running NT4 at the time, no native VBS script support)

I opened the textfile and had a peek.
Yuck, I said. This is going to be ugly.

I called a couple of our customers to give them the heads up.
Too late for some, they were already whacked.

Our sales mangler and GM had W9x laptops.
Of course, they both opened it.
GM: “It came from the company owner, so it must be ok”
SM: “I thought it was from this guy I met over the weekend”

Robert Oe May 7, 2020 8:05 AM

Remember I got to work and did see it starting to spread. Being in Norway it was still early in the outbreak.

Talked to the guys on #Sendmail on EFnet and quickly added a new rule for sendmail to discard all the email with the subject. Worked like a charm and hours later I still didn’t understand why not all the major mail-providors did the same.

It was almost fun to see the amount of emails just getting discarded by our mailserver 🙂

David May 16, 2020 8:14 PM


Such stuff happen on smaller scale sometimes. Some not-well-thought-out experiment or prank in specific unforeseen conditions – and BOOM you have a chain reaction of sorts that you can’t control.

Good story.Nice of you to be so honest about it.
A bit like Samy Kamkars MySpace worm. Dropped shortly after it had been acquired by Murdoch. He tells the story here, it’s very entertaining and the whole interview is quite informative. can be downloaded as an MP3 or streamed

Sincere apologises for promoting the host but what to do. Mea culpa

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.