Computers and the internet have opened up
the world in ways previously thought to be impossible. But, as a wise uncle once said
with great power comes great responsibility. Sadly, many like to abuse this power and as
a result a number of nasty computer viruses have been created with only malicious intentions,
so join us as we count 10 of the worst computer viruses ever created.
Melissa Melissa is a computer virus based on a Microsoft
Word macro. It was designed so that it could spread through e-mail messages and cause havoc
on both government and private sector networks. In short, the Melissa virus tempts recipients
into opening a document with an e-mail message along the lines of “Here’s that document
you asked for, don’t show it to anyone else”. Once the user opens the document, the virus
is replicated and sends itself out to another 50 users, chosen from the top contacts in
the recipient’s address book. Melissa spread ferociously throughout the world after it
was released, the increase in e-mail traffic from this alone forced some companies to discontinue
their e-mail services until the virus was contained. The created of Melissa, David L.
Smith was sentenced to a 20 months in jail, was given a $5,000 fine and he was forbidden
to access computer networks without court authorization.
ILOVEYOU Only 1 year after the Melissa virus reigned
terror upon the internet, a new threat entered the game from the Philippines, this time in
the form of a worm with the name of ILOVEYOU. This virus travelled by e-mail just like Melissa,
but the message instead was a love letter from a secret admirer. Upon opening the attachment,
many bad things happened. According to McAfee, the ILOVEYOU virus had a number of abilities
such as copying itself and hiding the copies in several folders on the victim’s hard
drive, adding new files to the computer’s registry keys, replacing files with copies
of itself and sending itself through chat clients as well as e-mail. So who made this
destructive menace? Some think it was a chap called Onel de Guzman, but this was never
confirmed and he was never convicted. According to some sources, the virus caused over $10
billion in damages. SQL Slammer
The SQL Slammer, also known as Sapphire hit in late January 2003. It brought down many
important systems including The Bank of America’s ATM service, Continental Airline’s ticketing
and check-in systems and even caused the city of Seattle’s 911 service to suffer outages.
Estimates put the damages to be around $1 billion before the virus was stopped. This
is partly because of how rapidly it spread. Only minutes after infecting its first server,
Slammer was doubling it’s infected victims every few seconds.
The Klez Virus The Klez Virus debuted in late 2001 and had
a number of variations that scoured the internet. The original iteration was similar to the
Melissa virus in that it could send itself to people in the victim’s address book.
However, shortly after it’ introduction, hackers modified the virus to not only send
itself to contacts, but to also use a different name from the contact list and pretend to
be the sender. This is called spoofing, the e-mail appears to come from one source when
in fact it comes from another. It makes it very difficult to stop the spam e-mails since
the recipient doesn’t know where the e-mails are actually coming from. It also doesn’t
help to block the sender’s address since this is not the proper address. Finally, recipients
were more likely to trust the contents of the e-mail since it was coming from somebody
they knew. MyDoom
MyDoom was another worm that created a backdoor in operating systems, allowing remote users
to control the machine. The initial outbreak of MyDoom occurred in February 2004 had 2
stages. Stage 1 caused the virus to begin a denial of service attack and Stage 2 stopped
the virus from distributing itself any further. Later that same year, a second outbreak occurred
that caused many problems for search engine providers since the MyDoom virus would send
search requests to the search enginers using e-mail addresses it found or already knew.
This caused millions of search requests to hit search engines like Google and it resulted
in their services being slowed down or in some cases, it even caused them to crash.
According to MessageLabs, one in every 12 e-mails carried MyDoom at one time.
Nimda Apparently 2001 was hot year for nasty viruses.
Nimda was another worm that spread rapidly through the internet from the moment it launched.
According to TruSecure’s CTO, Peter Tippett, it only took 22 minutes for Nimda from the
moment it was launched to top the list of reported attacks. Due to the release date,
exactly one week after the attacks on the World Trade Center and Pentagon, some media
quickly began speculating a link between the virus and Al Qaeda, though this theory ended
up proving unfounded. It’s main priority was to attack Internet Servers and to destroy
Internet traffic through e-mails, opening network shares, browsing unsecured websites
and exploiting Microsoft IIS vulnerabilities. Code Red and Code Red II
More worms. These surfaced in the summer of 2001. Both worms exploited a vulnerability
within the operating system of Windows 2000 and Windows NT. In simple terms, the worms
would overload the operating system with information, causing the machines to crash. However, a
Windows 2000 machine infected by the Code Red II worm brought an even worse result.
The machine would no longer obey commands from the user since the worm allowed a remote
user to access and control the machine, allowing them to not only access information but they
could even use the infected machine to commit crimes. This brought a second layer of issues
for the victims of the worm, since they may also be accused of causing crimes they didn’t
actually commit. Windows NT machines were also vulnerable, but to a much lesser extent.
Microsoft eventually addressed the issues with a patch, stopping the worm from being
able to infect any more machines. Sasser and Netsky
Sasser and Netsky behaved in different ways but similarities in the code allowed authorities
to track the viruses back to their origin, a 17 year old German named Sven Jaschan. The
Sasser worm used a Microsoft vulnerability to infect systems. Once infected, searched
for other vulnerable systems and instructed them to download the virus. In addition to
this, it manipulated the operating system to make it difficult to shut down the system
without pulling power from the machine. Netsky moved through e-mails by spoofing itself and
caused denial of service attacks on systems. Sophos believed that Netsky at one time accounted
for a quarter of all computer viruses on the internet. Sven didn’t spend any time in
jail. He was given a year and nine months of probation because he was under 18 at the
time of his conviction. Storm Worm
It was late 2006 when Storm Worm was first identified. It got its name from the message
subject in the e-mail, which read “230 dead as storm batters Europe”. It was a Trojan
horse program that had many versions. Some of them would turn computers into bots or
zombies, and would be used to send further spam mail across the Internet. The people
behind Storm Worm were smart, and would re-name the message subjects to match recent news.
For example, just before the 2008 Beijing Olympics, the subjects were changed to things
like “China’s deadliest ever earthquake”. At it’s peak Storm Worm accounted for around
8% of all infected machines. It may still be around today but to a much lesser extent,
and as long as you keep your antivirus updated and remain cautious when opening attachments,
you’ll likely be just fine. Cryptolocker
I myself used to work on an IT Helpdesk not long ago, and I had the misfortune of coming
across this terrible thing. Cryptolocker is a ransomware, meaning that it’s designed
to block access to files or computers until a sum of money is paid, and boy was it effective.
It surfaced in late 2013 via e-mail attachments. When the files were activated, it would encrypt
pretty much any files it could find on both local and network drives. This was bad news
for companies because as long as the infected person had a network share mounted at the
time of infection, Cryptolocker could jump to the server and infect everything there
as well. Once a machine was infected, it would display a message offering to decrypt the
data for a certain amount. From cases I came across it was often around $400.
What made Cryptolocker even more infuriating was the fact that it was really easy to remove
from a computer, but this didn’t help get the data back since it was already encrypted.
Reportedly Cryptolocker extorted a sum in excess of $3 million before it was brought
to a halt in the summer of 2014.