Nobody wants a virus in their system as it could be more than a nightmare. It’s like cancer for computers. Different viruses cause different damages, some of them force you to delete your precious data, while some change the data without letting you know, hang the network and even destroy the hardware.
In the early days, hacking meant to get into someone’s data or account. Nowadays, hackers have gone professional and their ambitions have gone up high. Nobody cares about your single personal account information or your social password. A professional’s aim is to make a dent in the technology. Why they should only target you when they can get into millions of accounts by finding a single loophole in algorithms.
You might have heard this – a Russian blogger hacked 5 million Gmail accounts in 2014. However, none of the present accounts got affected because the passwords he got were too old. This is just a tiny piece of cake, below you will find some most destructive and worst computer viruses of all time. Have a look
Table of Contents
15. Storm Worm
Storm Worm is a Trojan horse that affects Windows-based system, first appeared on 17th January 2007 when users start getting emails with a subject “230 dead as storm batters Europe”. Few versions of Storm Worm can turn computers into Zombie. Once the system is affected, it becomes easy to access it remotely without the owner’s permission.
Few of its versions fool the users to download the program through fake links to news and videos. The attackers often change the subject to current events so that it looks legitimate. Once you click on the innocent looking link, a small software containing worm will start downloading automatically. This was the worst worm of 2007 which infected around 10 million PCs.
Estimated Damage costs: $300 Million
Also known as MSBlast and Lovesan, Blaster is a computer worm first detected on 11th August 2003. It was targeting Microsoft Windows XP and Windows 2000 operating system. Blaster was taking advantage of buffer overflow bug and spreading through spamming itself to a large number of IP addresses. Once a giant network was infected, it spread quickly because the firewalls did not prevent internal machines from using a specific port.
It created distributed denial of service attacks (DDoS) against Microsoft’s website, which forced them to take down Windowsupdate.com. The Worm’s executable file contained the message referring to the co-founder of Microsoft.Inc, Bill Gates i.e. “Billy Gates why do you make this possible? Stop making money and fix your software”. There was one more message “Just want to say Love you San” which gave worn, an alternative name Lovesan.
Estimated Damage costs: $630 Million
Nimda is the file infector and computer worm which was released on 18th September 2001. The name comes from the reverse spelling of “admin”. It utilized numerous types of propagation technique including email, network share, and web browsing. That is why it became the most widespread virus on the internet within 22 minutes after its release.
It affected both workstations and servers running on Windows NT, 95, 98, 2000, XP, Me. The worm created a backdoor in the operating system which allowed the attacker to access all functions of logged-in users. That means, if you are logged in as admin and your computer has been affected by Nimda, attackers could perform all admin tasks.
11/12. Sasser and Netsky
Estimated Damage costs: $700 Million
Both Programs were created by an 18-year-old computer science student, Sven Jaschan from Germany. Both worms acted in a different way, but the similarities in code structure led the expertise to believe that both were created by the same person. For unleashing these programs onto the internet, Sven Jaschan received a sentence of 1 year 9 month of probation.
The Sasser exploited the Microsoft Windows XP and 2000 vulnerability. It took advantage of buffer overflow bug Local Security Authority Subsystem Service (LSASS). Unlike other worms, it didn’t spread through email. Once the computer gets infected, the virus searches for another vulnerable system based on random IP addresses.
It affects the victim’s operating system by making it difficult to reboot the computer. It also forced to cancel several flights. On the other hand, the Netsky virus travels through email (containing 22,016-byte file attachment) and Windows network. It caused denial of service (DoS) by overloading the internet traffic.
10. SQL Slammer
Image credit: PBS
Estimated Damage costs: $800 Million
SQL Sapphire arrived on 25th January 2003. It slowed down the whole internet traffic and caused denial of service on some internal hosts. It brought down the several crucial servers that affected The Bank of America’s ATM, 911 service in Seattle and a few Continental airlines
The virus spread quickly and affected more than 75,000 users within 10 minutes. It was not written in the SQL language. It exploited the buffer overflow problem in Microsoft SQL Server and Desktop Engine Database products.
Overall, it affected around 200,000 computers worldwide. The total damage could have been a lot more if the SQL Slammer was introduced in weekdays instead of Saturday.
Image credit: corbinball
Estimated Damage costs: $1 Billion
Sircam is a computer worm that propagates through email targeting Microsoft Windows. It was notable during its outbreak because of the way of its propagating method. Files were selected at random (usually .doc and XLs) on an infected computer, replaced with the virus code and emailed out to the addresses present on the host’s address book.
It also propagated via open share network. It simply scanned the network with share drives and copied itself to the machine with non-password protected/opened drive. Fortunately, the virus was limited as many people upgraded their internet security. But still, Sircam did the damage for what it was designed to.
Melissa creator, Image credit: CBS News
Estimated Damage costs: $1 Billion
In 1999, a man named David L. Smith developed a virus called Melissa for Windows platform based on Microsoft Word macro. The program automatically spreads itself through an email attachment. Once the attachment (named list.doc) is open in MS Word or Outlook, it resends itself to first 50 contacts present in address book along with the message “Here is the document you asked for.. don’t show it to anyone else”.
It didn’t destroy any personal files or data present in hard drive but was strong enough to hang the entire network. The virus spread quickly and it forced Microsoft corporation to shut down incoming email service. Intel and other companies were affected too. For creating Melissa, David received 20 months jail sentence and $5000 fine.
6/7. Code Red And Code Red II
Image credit: datarescue
Estimated Damage costs: $2.7 Billion
Code Red was the computer worm appeared on 15th July 2001. Just after 2 weeks, Code Red II appeared on the Internet. Both were discovered by two eEye Digital Security employees Ryan Permeh and Marc Maiffret. At the time of discovery, both employees were drinking Code Red Mountain Dew, hence they named it Code Red.
This worm exploited the vulnerability of Windows 2000 and Windows NT system. It was a buffer overflow problem i.e. when the operating system gets more data than its buffers can handle, it simply starts overwriting adjacent memory. All computers affected by Code Red tried to contact White House web servers at the same time, overloading the servers. As a result, it successfully brought down the Whitehouse.gov along with other government agencies websites.
Moreover, the systems affected by Code Red II were no longer obeying the owners because the worm created a backdoor in the operating system. It was allowing the remote access from an unauthorized user, which is a complete System Level Compromise. Unauthorized users could access/edit/change all your files and could do illegal activities on your behalf.
A few weeks later, Microsoft released software set to fill the voids present in Windows 2000 and NT. However, they were unable to remove the virus from infected systems. Affected users (more than 2 million) had to format the hard drive and start fresh.
Image credit: Microsoft
Estimated Damage costs: $9 Billion
Also known as Kido, Downup, and Downadup, Conficker is a computer worm first appeared on November 2008. It targeted Microsoft Windows bug while forming a botnet. Conficker was using many advanced malware techniques which is why it was difficult to track and destroy these programs. It changed its propagation and updated methods from version to version.
There are a total of 5 variants i.e Conficker A, B, C, D, and E which exploit a vulnerability in server service on Windows systems. The infected computer sends special RPC request to force buffer overflow and execute shellcode on the target system. It also runs an HTTP server on a port ranging from 1024 to 10000, to download a copy of the virus in DLL format which then later attaches to svchost.exe.
Conficker infected millions of Government, business, organization and home computers as well as servers in over 200 countries. Till 2009, 15 million systems got affected.
Image credit: mcmaster
Estimated Damage costs: $15 Billion
Back in 2000, millions of people made a huge mistake by opening a cute and innocent looking mail “I Love You”. Yeah, I know any desperate human would like to open it. However, it was not just a simple email, it was a threat in the form of a worm. It could replicate itself and steal your password and send it to hacker’s email address. Within 10 days, more than 50 million infections had been reported.
Initially, it traveled through email just like Melissa. The ILOVEYOU worm was packed with LOVE-LETTER-FOR-YOU.TXT.vbs, a Visual basic script. It copied itself numerous times and hid the copies in different folders present in hard drive. It added a new file in registry keys, overwrote image files and send the copies to all email address specified in Windows address book.
The ILOVEYOU worm was created by a college dropout, Onel de Guzman in the Philippines. He was not charged because of lack of evidence and at that time, there were no hard laws regarding malware. This whole activity led the enhancement in eCommerce and computer malware related laws.
Image credit: scsb
Estimated Damage costs (till now): $19 Billion
Klez is a computer worm which first appeared in October 2001. It travels through email and infects Microsoft Windows computer, exploiting the vulnerability in IE Trident layout engine. It can even disable the antivirus program and impersonate as a virus removal tool.
Just like other viruses, it makes copies of itself and distributes it to your contacts. It can also modify the sender’s field, which is known as spoofing where the email appears to come from an authorized source, but in reality, it is coming from an anonymous sender.
It can infect the computer just by previewing the infected mail i.e. without even downloading or executing the attachment. It has 3 variants; Klez.D, Klez.E, Klez.H. The virus is not completely dead yet, that’s why it is highly recommended to be careful what you are downloading from the internet and not to use old browser version and expired antivirus software.
Image credit: zatz
Estimated Damage costs (till now): $37 Billion
Sobig was a Trojan horse that infected millions of internet-connected Microsoft Windows computers in August 2003. It had a total of 6 variants named Sobig.A, B, C, D, E and F. The last one i.e. Sobig.F was the most widespread worm among all variants.
The recipients get this virus through email with a sender address [email protected], usually with subjects like Re: Movie, Re: Sample, Re: documents, Re: my details, Thank you, etc.
All these emails consist of attachment files of extension .pif. After downloading, it copies itself to the Windows folder as Winmgm32.exe which allows your operating system to be used as a backdoor for spammers.
The creator of the worm is unknown. Also, Microsoft announced that they will pay $250,000 for information leading to capture the worm’s creator.
Estimated Damage costs (till now): $38 Billion
MyDoom became the fastest spreading email worm in January 2004. It could create a backdoor in the computer operating system letting unauthorized users access your system. It could also spoof emails so that it becomes very difficult to track the source.
Like other viruses, MyDoom searches for email contact in the address book, plus it also sends the request to all search engines and uses email addresses found in search engines. In 2004, the most popular search engine, Google starts receiving millions of search requests from corrupted systems which slowed down the search engine service and even caused some servers to crash. According to the MessageLabs, at that time, every 12th email carried this virus.
The worm was created by a Russian programmer, however, the actual author is still unknown. It contains a text message “andy; I’m just doing my job, nothing personal, sorry,”. In fact, on 27th January 2004, SCO group offered $250,000 reward for giving information about the worm’s creator.
Total Estimated Damage costs (including all computer viruses): $250 Billion
Mac Virus: It is true that Mac computers are partially protected from virus attacks because of security through obscurity. They produce both hardware and software which keeps the OS obscure. However, they have also been affected by numerous viruses. Most damaging of those were Leap-A/Oompa-A and Flashback Trojan. We haven’t included them in the list because they didn’t cost as much as Windows attacks listed above.
All these viruses taught us one most important thing: No matter how much you upgrade your machines with the latest antivirus software, someone out there will find a way to exploit hidden weakness. So the safest way is to create a backup of precious data on a regular basis and prepare for the worst-case scenario.