8 Computer Viruses That Brought the Internet to Its Knees
Since the very first computer virus spread like wildfire by infecting floppy disks, viruses have gone on to cause millions in damages across the globe.
The first computer virus, called the “Elk Cloner,” was created as a teenager’s harmless prank, displaying random messages to users and played subtle tricks when the infected floppy disk was booted.
But since then, many different types of viruses have been created. Some, like the Elk Cloner, can be annoying but harmless to your computer. Others can do actual damage and end up costing you money due to wasting computer resources, causing system failures, corrupting or deleting your data, or even stealing your private information.
It’s difficult to count the actual number of viruses in existence because everyone defines new viruses and categorizes them differently. Some estimates range from in the thousands, to the tens of millions, while others categorize all viruses to a couple dozen different types.
While many of these viruses can be easily defeated, others have gone rampant and cost millions of dollars in damage. The Klez virus, for example, stole confidential emails and spreads them around the web via mass emails, in some instances costing millions of dollars in damages due to jamming networks with mass emailing. In another famous instance, hackers used viruses to steal 40 million credit card numbers from Target, costing the company $148 million dollars to recover.
Governments and big companies aren’t the only ones at risk. Your computer can be hacked by computer viruses as well, giving hackers access to your personal information, corrupting your data, wiping your hard drive, and even using your computer to spread the virus to your friends and family.
Here are the worst 8 computer viruses in history, the effects they had on their victims — and how you can keep yourself safe.
8 Computer Viruses that Brought the Internet to Its Knees
Computer viruses don’t just slow your computer down and annoy you with popups. Viruses can also steal your credit card information, hold your data hostage and even wipe your hard drive clean. Here’s a look at some of the worst viruses in history.
Melissa
The Virus
- Created in 1999 by David L. Smith
- He claimed to have named the virus after an exotic dancer in Florida
- One of the first email-activated viruses
- The virus was a Microsoft Word macro
- A macro is a series of commands or instructions that gets carried out automatically
- It affected users with Microsoft Word 97 and 2000 by:
- Shutting down safeguards in those programs
- Lowering security settings
- Disabling macro security
- The virus spread itself by sending an infected document via email
- The email was designed to trick people into opening the file
- Computers which had Microsoft Outlook would send the infected document to the top 50 contacts in the users’ address books
- If the day of the month matched the minute, the virus would insert a Bart Simpson quote into the document it sent:
- “Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game’s over. I’m outta here.”
The Damage
- Tens of thousands of people couldn’t access their emails within six hours of the virus being posted
- Hundreds of websites were affected
- The Microsoft Corporation had to disable all incoming and outgoing email
- Caused $1.2 billion in damages and losses
- David L. Smith was:
- Fined $5,000
- Sentenced to 20 months in jail
- Forbidden from accessing computer networks without court authorization
ILOVEYOU
The Virus
- Launched from the Philippines in 2000
- Allegedly written by Onel de Guzman
- Typically spread through an infected email attachment
- The email’s subject line would say that it was a love letter from a secret admirer
- The name of the original file was “LOVE-LETTER-FOR-YOU.TXT.vbs”
- .vbs is a Visual Basic Scripting file
- Due to formatting issues, some email clients omitted the “.vbs” in the file name
- This caused users to think they were opening a plain text file
- The virus would:
- Overwrite file types with copies of itself to let it continue spreading if the original version was removed from the computer
- This erased a number of different files, including:
- JPEG
- MP3
- VPOS
- JS
- JSE
- CSS
- WSH
- SCT
- HTA
- This erased a number of different files, including:
- Reset the infected computer’s Internet Explorer home page
- Send the infected file to all of the user’s contacts in Microsoft Outlook
- Download and execute a file that stole passwords and emailed them to the hacker’s email address
- Overwrite file types with copies of itself to let it continue spreading if the original version was removed from the computer
- If the user entered a chat group with Internet Relay Chat, the virus would attempt to spread to all other users in the group
The Damage
- Roughly one tenth of all Internet-connected computers in 2000 were infected with ILOVEYOU
- The virus caused an estimated $15 billion in damages
- It caused $5.5 billion in damages in the first week
- ILOVEYOU reached an estimated 45 million people in one day
- McAfee reported that a supermajority of their Fortune 100 clients were infected with the virus
- Onel de Guzman was arrested on suspicion of creating the virus
- He and his co-conspirator were later released as the Philippines had no laws at the time against writing malware
Code Red
The Virus
- Code Red launched in July 2001
- A second version of the virus, Code Red II, acted similarly and was launched later in the year
- It infected Windows NT and 2000 machines by exploiting a buffer overload vulnerability
- Works by sending the computer instructions after a long string of nonsense
- Once the buffer has been filled with the nonsense information, the computer begins overwriting memory
- The memory is overwritten with the instructions for the virus
- This meant that the user only had to be connected to the Internet to be infected
- Infected Windows NT machines would crash more often than normal
- Infected Windows 2000 machines would suffer a system-level compromise
- This means that the computer could be entirely controlled by the hacker
- The virus would behave differently depending on a few factors:
- The date:
- 1st-19th: Target random IP addresses and spread the virus
- 20th-28th: Launch a DDoS (distributed denial-of-service) attack on the White House’s IP address
- 29th and after: Go into “sleep” mode
- Page language:
- English-language web pages would be defaced with the words “Hacked by Chinese!”
- The date:
- Microsoft released a patch to fix the vulnerability exploited by the virus several months before the attack
The Damage
- In less than a day, the virus infected more than 359,000 computer systems
- Caused over $2 billion in losses
- Between 1 and 2 million computers were infected overall
- CAIDA (the Center for Applied Internet Data Analysis) found that of those hosts infected by Code Red:
- 91% were from the US
- 57% were from Korea
Nimda
The Virus
- Launched in September 2001, one week after 9/11
- The FBI had to refute rumors that the virus was connected to the terrorist attack
- Nimda is “admin” spelled backwards
- In Computerworld Magazine, TruSecure CTO Peter Tippett reported that Nimda topped their list of viruses in just 22 minutes
- The virus was the fastest spreading piece of malware at the time
- More than 2 million computers were infected in 24 hours
- While the virus could infect home PCs, its primary target was web servers
- The virus infected computers in a variety of ways:
- Local networks
- Drive-by downloads on websites
- Loopholes created by other worms
- Vulnerabilities in IIS (Internet Information Server), Microsoft’s web server
- Nimda allowed attackers to have the same access to an infected machine as the current user
- If a user had admin-level privileges, so would the hacker
- Nimda would install itself to the root of drives C, D, and E
- It would also replicate itself in any folder where it found .doc or .eml files
The Damages
- Caused $635 million in losses
- A Florida Federal court had to operate using paper copies of all of their documents when their system was infected with a Nimda variant
- The virus spread so quickly that it significantly slowed Internet browsing times and crashed several networks
SQL Slammer/Sapphire
The Virus
- Launched in 2003
- Spread through a buffer overflow vulnerability in Microsoft’s SQL Server database management service
- Randomly selected IP addresses to infect
- Servers infected with SQL Slammer would spawn millions of copies to infect other servers
- Within 3 minutes of attacking its first victim, the number of servers infected by Slammer doubled every 8.5 seconds
The Damage
- Caused $750 million in damages
- Crashed Bank of America’ ATM service
- A number of other banks were affected by the virus
- Caused outages to Seattle’s 911 service
- Infected Continental Airlines online ticketing systems and electronic kiosks, rendering them inoperable
- Several newspapers had publishing problems, including:
- The Atlanta Journal Constitution
- The Associated Press
- The Philadelphia Inquirer
- US Government websites affected included:
- Department of Agriculture
- Department of Commerce
- Defense Department
- Alfred Huger, from Symantec Security Response, reported that SQL Slammer caused network issues over the entire Internet
- South Korea lost almost all Internet access
- 70% of homes at the time were connected to the web
Sasser
The Virus
- Launched in 2004
- Created by Sven Jaschan, a 17-year-old from Germany
- Sasser worked by exploiting a vulnerability in a Windows system called LSASS (Local Security Authority Subsystem Service)
- The virus scanned IP addresses until it found one that was vulnerable
- Then it downloaded itself into the Windows directory
- The next time the computer was booted up, it would be infected
- Sasser also affected the operating system
- This made shutting down infected computers without pulling the plug difficult.
- The virus affected Windows 2000 and XP
- Unlike other viruses, users didn’t have to open any email attachments in order to be infected by Sasser; they only need to be online
The Damage
- Caused $500 million in damages
- Infected all 19 of the British Coastguard’s control rooms
- Staff had to use paper maps and pens
- Delayed British Airways flights
- Sasser brought down a third of Taiwan’s post offices
- Sven Jaschan was sentenced to:
- 1 year, 9 months’ probation
- 30 hours of community service
- He was tried as a junior
MyDoom
The Virus
- Launched in 2004
- Originally began spreading through KaZaA, a file-sharing application, but then spread to emails
- In both cases, users had to open a file in order to become infected
- At its peak, MyDoom infected one in 12 emails as it tried to spread itself
- Computers infected with MyDoom would launch a DDoS on www.sco.com (a Linux softare company)
- The virus would also open ports on victims’ computers so that hackers would have backdoor access to their systems
- A second attack later that year affected search engines
- MyDoom-infected computers would send search requests to search engines in an attempt to find email addresses
- Some search engines received so many requests that they crashed
- MyDoom was capable of spoofing its infection emails, making it more difficult to track
- “Spoofing” involves forging the “From” address in an email
- Infected between 600,000 and 700,000 computers
The Damage
- Caused $38 billion in damages
- McAfee reported that MyDoom:
- Slowed down Internet access worldwide by 10 percent
- Reduced access to some websites by as much as 50 percent
Conficker
The Virus
- Launched in 2008
- Took advantage of an exploit in Windows 2000, XP, 2003 servers that could cause them to install an unauthenticated file
- It could even affect servers with firewalls, as long as they had print and file sharing enabled
- Infected millions of computers
- Spread by infected USB drives and over networks
- Later variants were capable of:
- Disabling anti-malware programs
- Creating backdoors in firewalls
- Communicating with other infected machines via peer-to-peer networks
- Conficker was supposed to do something on April 1, 2009, but nothing happened
- Experts were worried computers infected with Conficker would possibly:
- Become a botnet
- Create a criminal version of a search engine, copying private information from infected systems and then selling that information
- Launch massive DDoS attacks
The Damage
- Caused $9.1 billion in damages
- French fighter planes were grounded when they couldn’t download their flight plans
- In England, military systems were infected, including:
- More than two dozen British Royal Air Force bases
- 75% of the Royal Navy fleet
- The Manchester City Council IT system went down, rendering the city unable to process fines
- Computers and medical devices at hospitals in the US and the UK were infected
While the majority of these viruses are no longer the threats they once were, there are still many viruses on the Internet and more being created every day. To avoid getting infected, remember these tips: Update your antivirus software often, download OS patches when they come out, and don’t open untrustworthy files.
Sources
- 10 Worst Computer Viruses of All Time – computer.howstuffworks.com
- Record or Run a Macro – support.office.com
- Melissa Virus – searchsecurity.techtarget.com
- ‘Melissa’ Mutates, Becomes Resistant to Patch – cnn.com
- ‘Melissa’ Virus Swamps Corporate E-Mail – zdnet.com
- 10 Of The Most Costly Computer Viruses Of All Time – investopedia.com
- Top 10 Computer Viruses – sciencechannel.com
- ILOVEYOU Virus – searchsecurity.techtarget.com
- ‘I Love You’ Virus Turns Ten: What Have We Learned? – pcmag.com
- U.S. Catches ‘Love’ Virus – money.cnn.com
- CodeRed – virus.wikia.com
- Warning: Code Red Virus Returning – abcnews.go.com
- The Spread of the Code-Red Worm (CRv2) – caida.org
- Nimda – the Worm Finds New Tricks – symantec.com
- Malware’s Destructive Appetite Grows – books.google.com
- Viruses That Can Cost You – symantec.com
- Nimda – malware.wikia.com
- Nimda Disables Fla. Court Computers – apnewsarchive.com
- What is the Slammer Worm/SQL Worm/Sapphire Worm? – ethics.csc.ncsu.edu
- MS SQL – databasejournal.com
- Slammed! – archive.wired.com
- Internet Worm Hits Airline, Banks – washingtonpost.com
- Sasser Worm Spreading Quickly – cnn.com
- Worm Brings down Coastguard PCs – news.bbc.co.uk
- Press Releases – sophos.com
- MyDoom.A:Fastest Spreading Virus in History – pcmag.com
- MyDoom Virus Declared Worst Ever – news.cnet.com
- Mydoom – virus.wikidot.com
- McAfee Names MyDoom ‘Exploit’ of the Decade – news.softpedia.com
- Conficker – mtc.sri.com
- Conficker Worm Update: How Does Conficker Spread? – computerweekly.com
- The Conficker Worm: April Fool’s Joke or Unthinkable Disaster? – bits.blogs.nytimes.com
- French Fighter Planes Grounded by Computer Virus – telegraph.co.uk
- Conficker Left Manchester Unable to Issue Traffic Tickets – theregister.co.uk
- Conficker Infected Critical Hospital Equipment, Expert Says – cnet.com
Comments
Post a Comment