These self replicating malicious programs were first described by doctoral student Fred Cohen, who likened them to ‘viruses’, the name has stuck ever since.
In the 1980’s, viruses depended on the actions of humans to spread. Hackers would write the viruses to disks and distribute the disks to other people. But as modems became a common part of every home and office computer, the world wide web network transformed into a fertile breading ground for viruses to spread.
Today we think of computer viruses as programs that transmit themselves via the Internet, infecting computers through email, instant messenger, or corrupt web links.
Programs like these can spread exponentially when distributed via the Internet
So what are the ten worst computer viruses of all time?
In the spring of 1999, a programmer named David L. Smith wrote a virus based on a Microsoft Word macro, he built the virus so that it would spread through e-mail. The virus, named ‘Melissa’ after an exotic dancer from Florida, was one of the first viruses to gain public attention.
Melissa tempted users to open an e-mail titled similar to, “Here is that document you asked for, don’t show it to anybody else.” With the virus activated, it replicated and forward itself to the top 50 people in the recipients e-mail address book.
The virus spread rapidly after Smith unleashed it upon the world. The US Federal Government became highly interested in Smith’s work after the virus “wreaked havoc on government and private sector networks” .
The increase in e-mail global email traffic forced some companies to discontinue e-mail programs until the virus was contained.
Smith was subsequently taken to court and after a lengthy trial he received a 20 month jail sentence and $5,000 fine. The court also banned him from accessing computer network without court authorization.
In the end, Melissa didn’t completely cripple the Internet, but it did bring viruses to the attention of the public.
The next digital menace to emerge came from the Philippines. The sweetly named ILOVEYOU virus came in the form of worm – a standalone program capable of replicating itself.
ILOVEYOU began its initial travels just like Melissa, via e-mail with the subject of the e-mail saying that the message was from a secret admirer. The e-mail contained an attachment that once opened, infected the recipient’s computer.
The original worm had the file name LOVE-LETTER-FOR-YOU.TXT.vbs. The vbs (Visual Basic Scripting) extension pointed to the language the hacker used to create the worm.
The ILOVEYOU virus had a wide range of attacks, it could:
- Copy itself several times and hide copies in several folders on the victims hard disk drive.
- Add new files to the victims registry.
- Replace several different kinds of files with copies of itself.
- Send itself through Internet Chat programs and e-mail.
- Downloaded and execute a password-stealing application file called WIN-BUGSFIX.EXE. The application then sent private data to the hacker.
According to some estimates, the ILOVEYOU virus caused over $10 billion in damages. It is still unclear who really created the ILOVEYOU virus, however many think it was Onel de Guzman of the Philippines. At the time, the Filipino authorities had no computer espionage or sabotage laws, so tried de Guzman on charges of theft.
Citing a lack of evidence, the Filipino authorities eventually dropped the charges against de Guzman, who would neither confirm nor deny his responsibility for the virus.
8. The Klez Virus
In 2001, the Klez virus emerged and set a new standard for all computer viruses that followed. The effects of this virus reverberated round the Internet for months. The basic Klez worm infected computers by e-mail, replicating and sending itself to people in the victims address book, but the Klez virus quickly developed to carry other harmful programs that could render a computer unusable.
Depending on the version, the Klez virus could act as a virus, a worm or a Trojan horse. It could even disable antivirus software and pose as a virus-removal tool.
Shortly after its appearance, hackers further modified Klez to make it much more effective. The modifications allowed the Klez virus to replace the senders ID with a name from the victims contacts, masking its real identity and making it appear as though it came from a friend. This technique is known as spoofing, when an email appears to come from one source when it really originates from somewhere else.
Spoofing can achieve several goals, it can make it impossible for the recipient of the email to block the senders contact because the e-mail is really coming from somewhere else; it can also clog an inbox in a very short time because the recipients are unable to tell what the real source of the problem is; and because the masked sender is listed in your contacts, your e-mail security is less vigilant when opening mails and attachments.
7. Code Red and Code Red 2
Both of these viruses popped up in the summer of 2001 exploiting an operating system vulnerability found in Windows 2000 and Windows NT. The weakness in the OS was down to a buffer overflow problem that caused the system to overwrite memory when the machine breached its buffer threshold.
The original Code Red worm initiated a distributed denial of service (DDoS) attack on the White House. This caused all the computers in the White House infected with Code Red, to contact the White House’s Web servers at the same time, overloading the machines.
Windows 2000 machines were the hardest hit, once infected with the Code Red 2 worm these computer’s would no longer obey the user.
This happens because the worm creates a back-door into the computer’s operating system allowing a remote user to gain access and control the machine. The person behind the virus can then gather private data from the user and can also use the infected computer to commit crimes. This means that the victim not only has to face the problems of having an infected computer, but they may also have to deal with hassle of being suspected of committing a crime they didn’t commit.
Windows NT machines, while also being vulnerable to Code Red, were not effected as bad. The virus caused Web servers to crash more often but apart from that, the effects were not nearly as bad as those experienced by Windows 2000 users.
Microsoft release a patch to fix the troublesome security vulnerability. With the patch installed Code Red could no longer infect the computer, but the patch didn’t remove viruses from infected computers - victims had to do that themselves.
Another virus to riddle the Internet in 2001 was called Nimda. Its name is derived from ‘Admin’, the default sign in name for most databases, which is simply pronounced backwards to read Nimda.
According to TruSecure CTO Peter Tippett , it took only 22 minutes from the moment Nimda hit the Internet, before it became top on the list of reported attacks.
Nimda’s primary target was Internet servers, and although it could infect home PCs, it’s real aim was to bring Internet traffic to a standstill.
Similar to the Klez virus, Nimda was be transmitted by e-mail and created a back-door into the victims machine. The spread of the Nimda virus ate up many systems resources causing the network servers to crash. Just like the Code Red virus, Nimda quickly became a distributed denial of service (DDoS) attack.
5. SQL Slammer/Sapphire
Two years later in January 2003, a Web server virus hit the Internet. Named the SQL Slammer or Sapphire, the virus took down several important computer networks that were unprepared for the attack.
The Bank of America’s ATM service crashed, the city of Seattle experience outages in the 911 service and Continental Airlines had to cancel several flights die to electronic ticketing and check-in errors.
The SQL Slammer/Sapphire virus caused more than $1 billion in damages before patches and antivirus updates were released to contain the problem.
The progress of the SQL Slammer/Sapphire was well documented, according to reports only a few minutes after the Slammer hit the Internet it was doubling its number of victims every few seconds. Fifteen minutes later, it had infected nearly half of the Internet servers that act as pillars of the Internet.
The SQL Slammer/Sapphire virus taught IT technicians a valuable lesson. It is not good enough to have the latest patches and antivirus software, hacker will always be trying to find new ways to exploit any weaknesses. It’s best to stay ahead of game and try to ward off new viruses before they infect a machine. Because this isn’t always possible, it’s imperative to have a worst-case-scenario back-up plan in case disaster strikes.
The MyDoom virus, also known as Novarg, was another virus that spread like wildfire. This virus also created a back-door in the victims computer and the original version had two triggers.
One trigger caused the virus to begin a denial of service (DoS) attack starting Feb. 1, 2004. The second trigger commanded the virus to stop distributing itself on Feb. 12, 2004. Even after the virus stopped spreading the back-doors already created stayed active.
Later the same year, another outbreak of the MyDoom virus caused huge problems for several search engine companies. Like other viruses, MyDoom sent itself to other contacts in the recipients inbox, but in addition it would also make a search engine request and sent itself to address that came up in the results. Before long, search engines like Google were receiving millions of search engine requests from infected computers. attacks slowed down search engine services and even caused some to crash.
MyDoom spread through e-mail and peer-to-peer networks, and like the Klez virus MyDoom could spoof e-mails which made it very difficult to track the original source. According to the security firm MessageLabs, at one time, one in every 12 e-mail messages carried the virus.
3. Sasser and Netsky
These two viruses were created by 17 year-old Sven Jaschan from Germany. While the two worms behaved in different ways, the similarities between codes led security experts to pin both of them on the same person.
The Sasser worm attacked computers through another Windows vulnerability, but unlike other worms it didn’t spread through e-mail. Instead the virus would scan random IP addresses to find potential victims. Once it found other computers with the same vulnerability, it instructed those computers to download and install the virus. The virus also altered the victims operating system in a way that made it difficult to shut down the computer without directly cutting the power.
The Netsky virus transmitted via e-mail and Windows networks. It spoofed e-mails and propagated through a 22,016-byte file attachment. As it spread, it can initiated a denial of service (DoS) attack collapsing systems while trying to handle all the Internet traffic. At one point, security experts believed Netsky and its variants accounted for a quarter of all viruses on the Internet.
Sven Jaschan was tried as minor and received no jail time for his actions, instead he was given one year and nine months of probation.
In the last article we mentioned how Apple had quietly released a recommendation to use antivirus software in conjunction with Mac’s OS X. Macs have always been a more secure system for two reasons; the Unix architecture that OS X (and Linux) is built on is more secure than Windows; and because the Mac is less popular, virus writers tend to write malicious code for Windows.
But no computer system is really immune to attacks. In 2006 a Mac hacker distributed the Leap-A or Oompa-A virus through the iChat application.
The virus searches through the iChat contacts and sends a message to each person on the list. The message contains a corrupt file that appears to be a JPEG image. Although the virus doesn’t harm the computer too much, it does go to show that there are and will be more malicious programs aimed at Mac users.
1. Storm Worm
In 2006 a virus typically known as Storm Worm hit the Internet. The public began to call the virus Storm Worm because of the e-mail title “230 dead as storm batters Europe.” Antivirus companies came up with other names for the worm, Symantec dubbed it Peacomm while McAfee refers to it as Nuwar. These name variations came about to differentiate between a 2001 virus W32.Storm.Worm.
The Storm Worm is a Trojan horse program which installs a malicious program. Some versions of the Storm Worm turns computers into zombies or bots. Others create a botnet and use it send Spam mail across the Internet.
Most versions of the Storm Worm coax people into downloading the application through fake e-mail links. Distributors of the virus typically change the e-mail subject title to reflect current stories, clicking the links to the stories then downloads the worm and infects the computer.
Several news reports and blogs have called Storm Worm the worst attack in years. According to the the security company Postini, more than 200 million e-mails carrying links to Storm Worm were detected during a three day attack, fortunately not every email led to the downloading of the worm.
Storm worm is still widespread, it can be very difficult to detect and remove. But if you run up-to-date antivirus software and are diligent about following links from your e-mail, you should be OK.
While most of these viruses have been contained, the dangers of contracting a harmful computer virus remains very real, it’s almost certain that another outbreak of a new virus lies around the corner, waiting to infect the Internet with the capabilities that surpass those mentioned above.