Nobody wants a virus in their system as it could be more than a nightmare. It’s like a cancer for computers. Different viruses cause different damages, some of them force you to delete your precious data, change the data without letting you know, hang the network and some of them can even destroy your hardware. If you are curious to know more about viruses, here is the interesting article for you: 10+ Different Types of viruses.
In early days, hacking meant to get into someone’s data or account. Nowadays, hackers have gone professional and their ambitions have gone up high. Nobody cares about your single personal account information or your social password. A professional’s aim is to make a dent in the technology. Why they should only target you when they can get into millions of accounts by finding a single loophole in algorithms.
You might have heard, recently a Russian blogger hacked 5 million Gmail accounts. However, none of the present account got affected because the passwords he got were too old. This is just a tiny piece of cake, below you will find some most destructive and worst computer viruses of all time. Have a look
15. Storm Worm
Image credit: wikimedia
Storm Worm is a Trojan horse that affects Windows based system, first appeared on 17th January 2007 when users start getting emails with a subject “230 dead as storm batters Europe”. Few versions of Storm Worm turn computer into Zombie. Once the system is affected, it becomes easy to access it remotely without owner’s permission.
Few of its versions fool the users to download the program through fake links to news and videos. The attackers often change the subject to current event so that it looks legitimate. Once you click on the innocent looking link, a small software containing worm will start downloading automatically. This was the worst worm of 2007 which infected around 10 million PCs.
Image credit: wikimedia
Also known as MSBlast and Lovesan, is a computer worm first detected on 11th August 2003. It was targeting Microsoft Windows XP and Windows 2000 operating system. Blaster was taking an advantage of buffer overflow bug and spreading through spamming itself to large number of IP addresses. Once a giant network was infected, it spread quickly because the firewalls did not prevent internal machines from using a specific port.
It created distributed denial of service attack (DDoS) against Microsoft website, which forced them to take down Windowsupdate.com. The Worm’s executable file contains the message referring to co-founder of Microsoft.Inc, Bill Gates i.e. “Billy Gates why do you make this possible? Stop making money and fix your software”. There was a one more message “Just want to say Love you San” which gave worn, an alternative name Lovesan.
Estimated Damage costs: $300 Million
Nimda is the file infector and computer worm which was released on 18th September 2001. The name comes from the reverse spelling of “admin”. It utilized numerous types of propagation technique including email, network share and web browsing. That is why it became the most widespread virus on internet within 22 minutes after its release.
It affected both workstations and servers running on Windows NT, 95, 98, 2000, XP, Me. The worm created a backdoor in operating system which allowed the attacker to access the all functions of logged in user. That means, if you are logged in as admin and your computer has been affected by Nimda, attacker can perform all admin tasks.
Estimated Damage costs: $630 Million
11/12. Sasser and Netsky
Image credit: wikimedia
Both Programs were created by an 18 year old computer science student, Sven Jaschan from Germany. Both worms acted in a different way, but the similarities in code structure led the expertise to believe that both were created by the same person. For unleashing these programs onto the internet, Sven Jaschan received a sentence of 1 year 9 month of probation.
The Sasser exploited the Microsoft Windows XP and 2000 vulnerability. It took the advantage of buffer overflow bug Local Security Authority Subsystem Service (LSASS). Unlike other worms it didn’t spread through email. Once the computer gets infected, the virus searches for another vulnerable system based on random IP address. It affects the victim’s operating system by making it difficult to reboot the computer. It also forced to cancel several flights. On the other hand, Netsky virus travels through email (containing 22,016-byte file attachment) and Windows network. It caused denial of service (DoS) by overloading the internet traffic.
Estimated Damage costs: $700 Million
10. SQL Slammer
Image credit: pbs
Also known as SQL Sapphire arrived on 25th January 2003 that slowed down the whole internet traffic and caused denial of service on some internal hosts. It brought down the several crucial servers that affected The Bank of America’s ATM, 911 service in Seattle and a few Continental airlines
This virus spread quickly and affected more than 75,000 users within 10 minutes. It was not written in SQL language. It exploited the buffer overflow problem in Microsoft SQL server and Desktop Engine Database products. Overall, it affected around 200,000 computers worldwide. The total productivity cost could have been a lot more if the SQL Slammer was introduced in week days instead of Saturday.
Estimated Damage costs: $800 Million
Image credit: corbinball
Sircam is a computer worm that propagates through email targeting Microsoft Windows. It was notable during its outbreak because of the way of propagating method. Files were selected at random (usually .doc and XLs) on an infected computer, replaced with the virus code and emailed out to the addresses present on the host’s address book. It also propagated via open share network. It simply scanned the network with share drives and copied itself to the machine with non-password protected/opened drive.
Fortunately the virus was limited as many people upgraded their internet security. But still Sircam did the damage for what it was designed to.
Estimated Damage costs: $1 Billion
Melissa creator, Image credit: cbsnews
In 1999, a man named David L. Smith developed a virus called Melissa for Windows platform based on Microsoft Word macro. The program automatically spreads itself through an email attachment. Once the attachment (named list.doc) is open in MS Word or Outlook, it resends itself to first 50 contacts present in address book along with the message “Here is the document you asked for.. don’t show it to anyone else”. It doesn’t destroy any personal files or data present in hard drive but was strong enough to hang the entire network.
The virus spread quickly and it forced Microsoft corporation to shut down incoming email service. Intel and other companies were affected too. For creating Melissa, David received 20 months jail sentence and $5000 fine.
Estimated Damage costs: $1 Billion
6/7. Code Red And Code Red II
Image credit: datarescue
Code Red was the computer worm appeared on 15th July, 2001. Just after 2 weeks, Code Red II appeared on Internet. Both were discovered by two eEye Digital Security employees Ryan Permeh and Marc Maiffret. At the time of discovery, both employees were drinking Code Red Mountain Dew, hence they named it Code Red.
This worm exploited vulnerability of Windows 2000 and Windows NT system. It was a buffer overflow problem i.e. when these operating system gets more data than its buffers can handle, it simply starts overwriting adjacent memory. All computer affect by Code Red tried to contact White House web servers at the same time, overloading the servers. As a result, it successfully brought down the Whitehouse.gov along with other government agencies websites.
Moreover, the systems affected by Code Red II were no longer obeying the owners because the worm created a backdoor in operating system. It was allowing the remote access from unauthorized user, which is a complete System Level Compromise. Other user could access/edit/change all your files and could do illegal activities on your behalf.
Few weeks later, Microsoft released software set to fill the voids present in Windows 2000 and NT. However, they were unable to remove the virus from infected systems. Affected users (more than 2 million) had to format the hard drive and start fresh.
Estimated Damage costs: $2.7 Billion
Image credit: Microsoft
Also known as Kido, Downup and Downadup, is a computer worm first appeared in November 2008. It targets Microsoft Windows bug and dictionary attacks on admin password to travel while forming a botnet. Conficker is using many advanced malware techniques which is why it is difficult to track and destroy these programs. It changes its propagation and update methods from version to version.
There are total 5 variants i.e Conficker A, B, C, D, and E which exploit vulnerability in server service on Windows systems. The infected computer sends special RPC request to force buffer overflow and execute shellcode on the target system. It also runs a HTTP server on a port ranging from 1024 to 10000, to download a copy of virus in DLL format which then later attaches to svchost.exe.
Conficker infected millions of Government, business, organization and home computers as well as servers in over 200 countries. Till 2009, 15 million systems got affected.
Estimated Damage costs: $9 Billion
Image credit: mcmaster
Back in 2000, millions of people made a huge mistake by opening a cute and innocent looking mail “I Love You”. Yeah, I know any desperate human would like to open it. However, it was not just a simple email, it was a threat in form of worm. A program which is capable to replicate itself and steal your password and send it to hacker’s email address. Within 10 days, more than 50 million infections had been reported.
Initially, it traveled through email just like Melissa. The ILOVEYOU worm was packed with LOVE-LETTER-FOR-YOU.TXT.vbs, a Visual basic script. It copied itself numerous times and hid the copies in different folders present in hard drive. It added a new file in registry keys, overwrote image files and send the copies to all email address specified in Windows address book.
The ILOVEYOU worm was created by a college dropout, Onel de Guzman in Philippines. He was not charged because of lack of evidence and at that time, there were no hard laws regarding malwares. This whole activity led the enhancement in eCommerce and computer malware related laws.
Estimated Damage costs: $15 Billion
Image credit: scsb
Klez is a computer worm which first appeared in October, 2001. It travels through email and infects Microsoft Windows computer, exploiting the vulnerability in IE trident layout engine. It can even disable antivirus program and impersonate as virus removal tool.
Just like other viruses, it makes copies of itself and distributes it to your contacts. It can also modify the sender’s field, which is known as spoofing where the email appears to come from an authorized source, but in reality, it is coming from an anonymous sender.
It can infect the computer just by previewing the infected mail i.e. without even downloading or executing the attachment. It has 3 variants; Klez.D, Klez.E, Klez.H. The virus is not completely dead yet, that’s why it is highly recommended to be careful what you are downloading from internet and not to use old browser version and expired antivirus software.
Estimated Damage costs (till now): $19 Billion
Image credit: zatz
Sobig was a Trojan horse that infected millions of internet connected Microsoft Windows computers in August 2003. It had total 6 variants named Sobig.A, B, C, D, E and F. The last one i.e. Sobig.F was the most widespread worm among all variants.
The recipients get this virus through email with a sender address firstname.lastname@example.org, usually with subjects like Re: Movie, Re: Sample, Re: documents, Re: my details, Thank you etc. All these emails consist of attachment files of extension .pif. After downloading, it copies itself to the windows folder as Winmgm32.exe which allows your operating system to be used as a backdoor for spammers.
The creator of the worm is unknown. Also, Microsoft announced that they will pay $250,000 for information leading to capture the worm’s creator.
Estimated Damage costs (till now): $37 Billion
MyDoom became the fastest spreading email worm as of January 2004. It can create a backdoor in computer operating system letting unauthorized user to access your system. It can also spoof emails so that it becomes very difficult to track the source.
Like other viruses, MyDoom searches for email contact in address book, plus it also sends the request to all search engines and use email addresses found in search engines. In 2004, most popular search engine, Google starts receiving millions of search requests from corrupted systems which slowed down the search engine service and even caused some to crash. According to the MessageLabs, at that time, every 12th email carried this virus.
The worm was created by a Russian programmer, however the actual author is still unknown. It contains a text message “andy; I’m just doing my job, nothing personal, sorry,”. In fact, on 27th January 2004, SCO group offered $250,000 reward for giving information about the worm’s creator.
Estimated Damage costs (till now): $38 Billion
Total Estimated Damage costs (including all computer viruses): $250 Billion
Mac Virus: It is true that Mac computers are partially protected from virus attacks because of security through obscurity. They produce both hardware and software which keeps the OS obscure. Till now they are affected by numerous viruses, major 2 of them are Leap-A/Oompa-A and Flashback Trojan. However, they are not included in the list because they were not much destructive as compared to the Windows attacks listed above.
All these virus taught us one most important thing: No matter how much you upgrade your machines with latest antivirus software, there are few genius out there who always look for a way to exploit any weakness which is not widely known, not even by the software creator. So the safest way is to create backup of precious data regularly and prepare for the worst case scenario.