Getting a computer virus has happened to many users in some fashion or another. To most, it is simply a mild inconvenience, requiring a cleanup and then installing that antivirus program that you’ve been meaning to install but never got around to. But in other cases,
it can be a complete disaster, with your computer turning into a very expensive brick which which no amount of antivirus can protect.
In this list, I will highlight some of the worst and notorious computer viruses that have
caused a lot of damage in real life.
And since people usually equate general malware like worms and trojan
horses as viruses, we’re including them as well. These malware have
caused tremendous harm, amounting to billions of dollars and disrupting
critical real life infrastructure. Here are the
10 most famous and malicious computer viruses.
1. Code Red
Code Red first surfaced on 2001 and was discovered by two eEye Digital Security employees. It was
named Code Red because the the pair were
drinking Code Red Mountain Dew at the time of discovery. The worm
targeted computers with Microsoft IIS web server installed,
exploiting a buffer overflow problem in the system. It leaves very
little trace on the hard disk as it is able to run entirely on memory,
with a size of 3,569 bytes. Once infected, it will proceed to make a
hundred copies of itself but due to a bug in the programming, it will
duplicate even more and ends up eating a lot of the systems resources.
2. ILOVEYOU
The ILOVEYOU virus is
considered one of the most virulent computer virus ever created
and it’s not hard to see why. The virus managed to wreck havoc on
computer systems all over the world, causing damages totaling in at an
estimate
of $10 billion. 10% of the world’s Internet-connected computers were
believed to have been infected. It was so bad that governments and large
corporations took their
mailing system offline to prevent infection.
The virus was created by two Filipino programers, Reonel Ramones and Onel de Guzman. What it did was
use social engineering to get people to click on the attachment; in this case,
a love confession.
The attachment was actually a script that poses as a TXT file, due to
Windows at the time hiding the actual extension of the file. Once
clicked, it will send itself to everyone in the user’s mailing list and
proceed to overwrite files with itself, making the computer unbootable.
The two were
never charged, as there were no laws about malware.
This led to the enactment of the E-Commerce Law to address the problem.
3. Melissa
Named after an exotic dancer from Florida, it was created by David L. Smith in 1999. It started as
an infected Word document
that was posted up on the alt.sex usenet group, claiming to be a list
of passwords for pornographic sites. This got people curious and when it
was downloaded and opened, it would trigger the macro inside and
unleash its payload.
The virus will mail itself to the top 50 people in the user’s email address book and this caused an increase of email traffic, disrupting the email services of governments and corporations. It also
sometimes corrupted documents by inserting a Simpsons reference into them.
Smith was eventually
caught
when they traced the Word document to him. The file was uploaded using a
stolen AOL account and with their help, law enforcement was able to
arrest him less than a week since the outbreak began.
He cooperated with the FBI in capturing other virus creators,
famous among them the creator of the Anna Kournikova virus. For his
cooperation, he served only 20 months and paid a fine of $5000 of his 10
year sentence. The virus
reportedly caused $80 million in damages.
4. Sasser
A Windows worm first discovered in 2004, it was
created by computer science student Sven Jaschan, who also created the
Netsky worm. While the payload itself may be seen as simply annoying (it
slows down and crashes the computer, while making it hard to reset
without cutting the power), t
he effects were incredibly
disruptive, with millions of computers being infected, and important,
critical infrastructure affected. The worm took advantage of a
buffer overflow vulnerability in Local Security Authority Subsystem
Service (LSASS), which controls the security policy of local accounts
causing crashes to the computer. It will also use the system resources
to propagate itself to other machines through the Internet and infect
others automatically.
The effects of the virus were widespread as while the exploit was already patched, many computers haven’t updated. This
led to more than a million infections, taking out critical infrastructures,
such as airlines, news agencies, public transportation, hospitals, public transport, etc. Overall, the damage was
estimated to have cost $18 billion.
Jaschen was tried as a minor and
received a 21 month suspended sentence.
5. Zeus
Zeus is a Trojan horse made to infect Windows computers so that it
will perform various criminal tasks. The most common of these tasks are
usually
man-in-the-browser keylogging and form grabbing.
The majority of computers were infected either through drive-by
downloads or phishing scams. First identified in 2009, it managed to
compromise thousands of FTP accounts and computers from
large multinational corporations and banks
such as Amazon, Oracle, Bank of America, Cisco, etc. Controllers of the
Zeus botnet used it to steal the login credentials of social network,
email and banking accounts.
In the US alone, it was
estimated that
more than 1 million computers were infected,
with 25% in the US. The entire operation was sophisticated, involving
people from around the world to act as money mules to smuggle and
transfer cash to the ringleaders in Eastern Europe. About $70 million
were stolen and in possession of the ring. 100 people were
arrested in connection of the operation. In late 2010, the creator of Zeus
announced his retirement but many experts believe this to be false.
6. Conficker
Also known as
Downup or
Downadup,
Conficker is a worm of unknown authorship for Windows that made its
first appearance in 2008. The name comes form the English word,
configure and a German pejorative.
It infects computers using flaws in the OS to create a botnet. The malware was able to
infect more than 9 millions computers all around the world, affecting governments, businesses and individuals. It was
one of the largest known worm infections to ever surface causing an
estimate damage of $9 billion.
The worm
works by exploiting a network service vulnerability
that was present and unpatched in Windows. Once infected, the worm will
then reset account lockout policies, block access to Windows update and
antivirus sites, turn off certain services and lock out user accounts
among many. Then, it
proceeds to install software that will turn the computer into a botnet slave
and scareware to scam money off the user. Microsoft later provided a
fix and patch with many antivirus vendors providing updates to their
definitions.
7. Stuxnet
Believed to have been created by the Israeli Defence Force together with the American Government, Stuxnet is
an example of a virus created for the purpose of cyberwarfare, as it was intended to disrupt the nuclear efforts of the Iranians. It was estimated that Stuxnet has
managed to ruin one fifth of Iran’s nuclear centrifuges and that nearly 60% of infections were concentrated in Iran.
The computer worm was
designed to attack industrial Programmable Logic Controllers (PLC), which allows for automation of processes in machinery.
It specifically aimed at those created by Siemens and was spread
through infected USB drives. If the infected computer didn’t contain
Siemens software, it would lay dormant and infect others in a limited
fashion as to not give itself away. If the software is there, it will
then proceed to alter the speed of the machinery, causing it to tear
apart. Siemens eventually found a way to remove the malware from their
software.
8. Mydoom
Surfacing in 2004, Mydoom was
a worm for Windows that became one of the
fastest
spreading email worm since ILOVEYOU. The author is unknown and it is
believed that the creator was paid to create it since it contains the
text message, “andy; I’m just doing my job, nothing personal, sorry,”.
It was named by McAfee employee Craig Schmugar, one of the people who
had originally discovered it. ‘mydom’ was a line of text in the
program’s code (my domain) and
sensing this was going to be big, added ‘doom’ into it.
The worm spreads itself by appearing as an email transmission error and contains an attachment of itself.
Once executed, it will send itself to email addresses that are in a
user’s address book and copies itself to any P2P program’s folder to
propagate itself through that network. The payload itself is twofold:
first it opens up a backdoor to allow remote access and second it
launches a denial of service attack on the controversial SCO Group. It
was believed that
the worm was created to disrupt SCO due
to conflict over ownership of some Linux code. It caused an
estimate of $38.5 billion in damages and the worm is still active in some form today.
9. CryptoLocker
CryptoLocker is
a form of Trojan horse ransomware targeted at computers running Windows. It
uses several methods to spread itself,
such as email, and once a computer is infected, it will proceed to
encrypt certain files on the hard drive and any mounted storage
connected to it with RSA public key cryptography. While it is easy
enough to remove the malware from the computer, the files will still
remain encrypted.
The only way to unlock the files is to pay a ransom by a deadline.
If the deadline is not met, the ransom will increase significantly or
the decryption keys deleted. The ransom usually amount to $400 in
prepaid cash or bitcoin.
The ransom operation was eventually stopped when
law enforcement agencies and security companies managed to take control part of the botnet operating CryptoLocker and Zeus. Evgeniy Bogachev, the ring leader, was
charged
and the encryption keys were released to the affected computers. From
data collected from the raid, the number of infections is
estimated to be 500,000, with the number of those who paid the ransom to be at 1.3%, amounting to $3 million.
10. Flashback
Though not as damaging as the rest of the malware on this list, this is
one of the few Mac malware to have gain notoriety as it showed that Macs are not immune. The Trojan was first
discovered in 2011
by antivirus company Intego as a fake Flash install. In its newer
incarnation, a user simply needs to have Java enabled (which is likely
the majority of us). It propagates itself by using compromised websites
containing JavaScript code that will download the payload. Once
installed, the Mac becomes part of a botnet of other infected Macs.
The good news is that
if it is infected, it is simply
localized to that specific user’s account. The
bad news is that more than 600,000 Macs were infected, including 274 Macs in the Cupertino area, the headquarters of Apple.
Oracle published a fix for the exploit with Apple releasing an update to remove Flashback from people’s Mac. It is still out in the wild, with an
estimate of 22,000 Macs still infected as of 2014.
For More Post Like This Please Visit Again........
