8 Deadliest Computer Viruses of All Times

8 Deadliest Computer Viruses of All Times

Computer viruses don’t just slow your computer down and annoy you with popups. Viruses can also steal your credit information, hold your data hostage and even wipe your hard drive clean. Here’s a look at some of the worst viruses in history.

1. Melissa

Created in 1999 by David L. Smith.

The Virus

The virus was Microsoft Word macro. A macro is a series of commands or instructions that get carried out automatically. David L. Smith claimed to have named the virus after an exotic dancer in Florida. And it was the first email-activated viruses. And the virus affected the users with Microsoft Word 97 and 2000 by:

• Shutting down safeguards in those programs.
• Lowering security settings.
• Disabling macro security.
• The virus spread itself by sending ad infected document via email.

Note: Computer which had Microsoft Outlook would send the infected documents to the top 50 contacts in the users address books. The email was designed to trick people into opening the file. If the day of the month matched the minute, the virus would insert a Bart Simpson quote into the document it sent:

“Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game’s over, I’m outta here”.

The Damage

• Tens of thousands of people couldn’t access their emails within six hours of the virus being posted.
• Hundreds of websites were affected.
• The Microsoft Corporation had to disable all incoming and outgoing email.
• Caused $1.2 billion in damages and losses.

David L. Smith was fined $5,000, sentenced to 20 month in jail and forbidden from accessing computer networks without court authorization.

2. ILOVEYOU

The Virus

Allegedly written by Onel de Guzman

Typically the ILOVEYOU virus spread through an infected email attachment. And it was launched from the Philippines in 2000.

The email’s subject line would say that it was a love letter from a secret admirer. The name of the original file was “LOVE-LETTER-FOR-YOU.TXT.vbs” (.vbs is a Visual Basic Scripting file). Due to formatting issues, some email client omitted the “.vbs” in the file name. This caused users to think they were opening plain text file.

When the file was opened, the virus would:

• Overwrite file types with copies of itself to let it continue spreading if the original version was removed from the computer. (This erased number of different files including JPEG, JS, JSE, HTA, MP3, SCT, VPOS, WSH, CSS)
• Reset the infected computer’s internet Explorer home page.
• Send the infected file to all of the user’s contacts in Microsoft Outlook.
• Download and execute a file that stole passwords and emailed them to the hacker’s email address.

(If the user entered a chat group with Internet Relay Chat, the virus would attempt to spread to all other users in the group.)

The Damage

• Roughly one tenth of all the Internet-Connected computers in 2000 were infected with ILOVEYOU.
• ILOVEYOU reached an estimated 45 million people in one day.
• It caused $5.5 billion in damages in the first week.
• The virus caused an estimated $15 billion in damages.

Note: (McAfee reported that a supermajority of their fortune 100 clients were infected with the virus.)

Onel de Guzman was arrested on suspicion of creating the virus. He and his co-conspirator were later released as the Philippines had no laws at time against writing malware.

3. CODE RED

The Virus

Code Red was launched in July 2001.

The virus infected Windows NT and 2000 machines by exploiting a buffer overload vulnerability.

A second version of the virus, Code Red II, acted similarly and was launched later in the year.

Characteristics of virus

• It works by sending the computer instructions after a long string of nonsense.
• Once the buffer has been filled with the nonsense information, the computer begins overwriting memory (The memory is overwritten with the instructions for the virus.).
• This meant that the user only had to be connected to be infected.
• Infected Windows NT machines would crash more often than normal. Infected Windows 2000 machines would suffer a system-level compromise (This means that the computer could be controlled by the hacker).

The virus would behave differently depending on a few factors:

• The date:

1st – 19th: Target random IP addresses and spread itself.

20th – 28th: Launch a DDoS (Distributed Denial of Service) attack on the White House’s IP address

29th – after: Go into “Sleep” mode.

•Page Language:

English-language web pages would be defaced with the words “Hacked by Chinese!”

Note: (Microsoft released a patch to fix the vulnerability exploited by the virus several months after the attack)

The Damage

• Between 1 and 2 Million computers were infected overall.
• In less than 1 day, the virus infected more than 359,000 computer systems.
• Caused over $ 2billion in losses.

CAIDA (the Center for Applied Internet Data Analysis) found that of those hosts infected by Code Red:

43.91% were from the US.

10.57% were from Korea.

4. NIMDA

The Virus

Launched in September 2001, one week after 9/11

Nimda is “admin” spelled backwards.

The FBI had to refute rumors that the virus was connected to the terrorist attack. In Computer world Magazine, TruSecure CTO Peter Tippett reported that Nimda topped their list of viruses in just 22 Minutes.

The virus was the fastest spreading piece of malware at the time. More than 2 Million computers were infected in 24 hours. While the virus could not infect home PCs, its primary target were web servers.

The virus infected computers in a variety of ways:

• Email
• Local Networks
• Drive-by downloads on websites
• Loopholes created by other worms
• Vulnerabilities in IIS (Internet Information Server), Microsoft’s Web Server
• Nimda allowed attackers to have the same access to an infected machine as the current user.
• If a user had admin level privileges, so would the hacker.
• Nimda would install itself to the root of drives C, D and E.
• t would also replicate itself in any folder where it found .doc or .eml files.

The Damage

• Caused $635 million in losses.
• The virus spread so quickly that it significantly slowed internet browsing times and crashed several networks.
• A Florida Federal court had to operate using paper copies of all of their documents when their system was infected with Nimda variant.

5. SQL Slammer/Sapphire

The Virus

Launched in 2003.

This virus spread through a buffer overflow vulnerability in Microsoft’s SQL Server database management service.

It randomly selected IP addresses to infect. Servers infected with SQL Slammer would spawn millions of copies to infect other servers. Within 3 minutes of attacking its first victim, the number of servers infected by Slammer doubled every 8.5 seconds.

The Damage

• Caused $750 million in damages
• Crashed Bank of Americas ATM service
• A number of other banks were affected by the virus.
• Caused outages to Seattle’s 911 service
• Alfred Huger, from Symantec Security Response, reported that SQL Slammer caused network issues over the entire Internet.
• Infected Airlines online ticketing systems and electronic kiosks, rendering them inoperable.

Note:

South Korea lost almost all internet access.

US Government websites affected includes:

• Department of Agriculture
• Department of commerce
• Defense department

Several newspapers had publishing problems, including

• The Atlanta Journal Constitution
• The Associated Press
• The Philadelphia Inquirer

6. SASSER

The Virus

Launched in 2004. Created by Sven Jaschan, a 17-year old from Germany.

Sasser worked by exploiting a vulnerability in a Window system called LSASS (Local Security Authority Subsystem Service).

The virus scanned IP addresses until it found one that was vulnerable, then it downloaded itself into the windows directory. The next time the computer was booted up, it would be infected. Unlike other viruses, users didn’t have to open any email attachments in order to be infected by Sasser; they only needed to be online.

Sasser also affected the operating system. This made shutting down infected computers without pulling the difficult. The virus affected Windows 2000 and XP.

The Damage

• Infected all 19 of the British Coast-guard’s Control rooms.
• Delayed British Airway’s flights
• Staff had to use paper maps and pens
• Caused $500 million in damages
• Sasser brought down a third of Taiwan’s post offices

Sven Jaschan was sentenced to 1 year 9 month probation, 30 hours of community service and he was tried as junior.

7. MYDOOM

The Virus

Launched in 2004

MYDOOM virus originally began to spread through KaZaA, afile-sharing application, but the spread to emails. In both cases, users had to open a file in order to become infected. At its peak, MyDoom infected one in 12 emails as it tried to spread itself.

The virus had potential to do following things:

• Computers infected with MyDoom would launch a DDoS on www.sco.com (a Linux software company). The virus would also open ports on victim’s computers so that hackers would have backdoor access to their systems.
• A second attack later that year affected search engines. My Doom infected computers would send search requests to search engines in an attempt to find email addresses. Some search engines received so many requests that they crashed.
• MyDoom was capable of spoofing its infection emails, making it more difficult to track. “Spoofing” involves forging the “From” address in an email. Infected between 600,000 and 700,000 computers.

The Damage

• Caused $83 billion in damages
• Slowed down internet access worldwide by 10 percent.
• Reduced access to some websites by as much as 50 percent.

8. CONFICKER

The Virus

Launched in 2008

The CONFICKER virus took an advantage of an exploit in Windows 2000, XP and 2003 servers that could cause them to install an unauthenticated file.

It could even affect servers with firewalls, as long as they had print and file sharing enabled.

Facts

• Infected millions of computers. Spread by infected USB drives and over networks.

Later variants were capable of:

• Creating backdoor in firewalls
• Disabling anti-malware programs

Conficker was supposed to do something on April 1, 2009, but nothing happened. Experts were worried computers infected with Conficker would possibly:

• Become a botnet
• Create a criminal version of search engine, copying private information from infected systems and then selling that information
• Launch a massive DDoS attack.

The Damage

• Caused $9.1 billion in damages
• French fighter planes were grounded when they couldn’t download their flight plans.
• In England, military system were infected, including:
• a.         More than two dozen British Royal Air Force bases
• b.         75%  of the Royal Navy fleet
• Computers and medical devices at hospitals in the US and the UK were infected
• The Manchester City Council IT system went down, rendering the city unable to process fines.

Note: While the majority of these viruses are no longer threats they once were, there are still many viruses on the Internet and more being created every day. To avoid getting infected, remember these tips: Update your antivirus software often, download OS patches when they come out, and don’t open untrustworthy files.

-->

Reference: whoishostingthis.com

-->