Computer Viruses or Computer Worms, are the programs, generally specialized set of code languages that can replicate and modify other applications within a computer or number of computers connected to a network. “Creeper” is said to be the first computer virus written by Bob Thomas in 1971. Computer viruses have been technologically advancing since the past few decades causing massive damages to computer systems and the Internet. Here are the ten most destructive computer viruses of all time.
First found on 5 September 2013, Cryptolocker was the first ransomware test which could target unfortunate users through phishing and malicious email links, encryption of victim’s records and a message box requesting payment for their return. The malware showed a message which offered to decode the information if an installment (through either bitcoin or a prepaid money voucher) was made by an expressed due date, and it took steps to erase the private key if the due time passes.
If the due date was not met, the malware offered to unravel data through an online administration given by the malware’s managers, at a fundamentally more noteworthy cost in bitcoin. There was no certification that installment would discharge the scrambled substance. In June 2014, a group of professionals led by “Operation Tovar” brought down Evgeniy Bogachev, the pioneer of the group of hackers behind CryptoLocker. But before it was taken down, Cryptolocker had already affected nearly 500,000 computers which resulted in the loss of $3 million in just 100 days.
Code Red & Code Red II
The two worms, Code Red and Code Red II, were found on the internet on July 15, 2001, which primarily targeted the computer running Windows 2000 and Windows NT. The worm spread by examining irregular IP addresses and contaminating all hosts vulnerable against the IIS(Internet Information Services) abuse. The vulnerability was a buffer overflow, which implies when a machine running on these working frameworks gets more data than its buffers can deal with, it begins to overwrite contiguous memory.
Discovered by employees of eEye Digital Security Marc Maiffret and Ryan Permeh, they named it “Code Red” because Code Red Mountain Dew was what they were drinking at that time. Code Red also could run entirely in the memory, leaving no documents on the hard drive or some other perpetual capacity. Code Red tainted 359,104 computers in less than 14 hours and had already caused an economic loss of $2.75 billion before Microsoft released security patch against the worm.
Sapphire or SQL Slammer was the fastest-spreading worm of its time that appeared in January 2003. The worm dramatically brought down internet traffic including America’s ATM service, 911 service of the city of Seattle and Continental Airlines. The worm was a simple set of code and had an extreme spreading ability. The worm targeted the systems running MS SQL Server 2000 and the systems running Microsoft Desktop Engine (MSDE) 2000.
SQL Slammer spread by checking the Internet for powerless frameworks which debased the administration crosswise over the whole Internet. The worm infected nearly half of the servers that act as the pillars of the Internet and 359,000 computers in just 15 minutes due to which it became one of the largest and fastest spreading viruses. Due to its rapid-spreading ability, the worm deliberately caused an economic loss of $950 million to $1.2 billion in its first five days worldwide.
First detected in November 2008, Conficker was a computer worm which exploited millions of Windows Devices to create a Botnet to spread rapidly. The worm spreads over the systems utilizing system shares, removable media or programming vulnerabilities. The worm quickly infected millions of computers including governments and businesses across 190 countries making it most notorious cyberattacks till date. However, Conficker wasn’t meant to steal data or make any profit. It was only programmed to infect as many systems as possible within a short period.
The worm is still said to be active and has been reported in many computers all over the world. Conficker was estimated to have infected more than 15 million computers. The worm attack caused an economic loss of $9.1 billion across the world according to the Cyber Secure Institute. The worm was believed to have emerged from Ukraine, but in late March of 2009, studies claimed to have found evidence that it originated from China.
Sasser & Netsky
Created by German named Sven Jaschan, Sasser and Netsky infected the computers running MS Windows XP and Windows 2000. The worm name ‘Sasser’ comes from its exploitation of the lsass.exe vulnerability. Unlike other worms, the Sasser looked for vulnerable systems and instructed them to download the virus. The worm was programmed to scan random IP address to find other systems through TCP port 445 and port 139.
Sasser also brought down news agency Agence France-Presse’s satellites, U.S. Flight Company Delta Air Lines, Nordic Insurance Company and British Coastguards. But, Netsky (got its name from the Skynet in ‘Terminator’ movie) virus spread through e-mails and Windows Networks by spoofing e-mail addresses. As it spread, it caused frequent Denial of Service (DoS) attacks and slowed Internet Traffic. Security experts estimate that infected computers numbered in the millions. Tens of thousands of infected computers around the world repeatedly crashed and then rebooted. Thus, the total economic loss caused by the worm was found to be $500 million.
First discovered on March 26, 1999, Melissa was a fast-spreading macro virus which infected Microsoft word and Outlook-based systems and paralyzed network traffic across the globe. Created by David L. Smith, the virus was named after an exotic dancer in Florida. Unlike other viruses, the Melissa virus tricks the victims into opening a document with an email message like “Here’s that document you asked for, don’t show it to anybody else.” Once opened, the virus makes several copies of itself and sends itself to the top 50 people in the victim’s email address book.
Companies such as Microsoft, Intel, Lockheed Martin, and Lucent Technologies were forced to shut down their email gateways because of the huge amount of email generated by the virus. David L. Smith was sentenced to 20 months in prison and charged $5,000 fine. The virus caused $80 million of damage in North America alone and about $1.1 billion worldwide. About 100,000 computers and 300 organizations were deliberately infected.
The Sobig worm is considered to be one of the most destructive worms to date. Discovered on 18 August 2003, Sobig is a mass-mailing worm that carries the ability to replicate itself, including the ability to send itself to all the email addresses with the extensions .dbox, .eml, .hlp, etc. The worm spreads through SMTP agent engine. Sobig.F is the sixth variant issued in the Sobig series and appears to be the most sophisticated to date causing massive damage.
The worm brought down the network traffic in Washington D.C and slowed the computer systems including that of Air Canada and Lockheed Martin. The worm additionally executed a background program that transformed an infected computer into a relay system for further messages from the worms’ creator. The worms also had a special auto-update functionality due to which it contacted one of its servers to download the Trojan files into the victim’s computer. The worm was programmed to deactivate itself on September 10, 2003, and halted further propagation. But before its deactivation, the worm had already caused economic damage of $37.1 billion. The creator of the worm is still unknown.
First discovered in mid-June 2010, Stuxnet was the world’s first digital weapon used to cause substantial damage to Iran’s Natanz uranium enrichment facility. The malware was created by the intelligence agencies of America and Israel to attack SCADA(Supervisory control and data acquisition) systems. The worm worked by altering the functionality of PCL (Programmable Logic Controllers) causing the failure of the centrifuge of the nuclear plant at an unprecedented rate.
Although Stuxnet was never planned to spread past the Iranian nuclear program, the malware ended up affecting internet-connected computers and started to spread in the wild because of its amazingly refined and aggressive nature, however as noted it did little harm to outside computers it infected. Stuxnet was considered to be one of the most advanced cyber weapon used at that time. The malware degraded almost one-fifth of Iran’s nuclear centrifuges, tainted 200,000 computers and made 1,000 machines physically debase.
ILOVEYOU was a standalone program that attacked millions of computers running the Microsoft Windows Operating System around the world. First discovered in Hong Kong on 4th May 2000, the worm first began spreading as an email with the title “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.txt.vbs.” Opening the attachment activated the Visual Basic content causing malfunctioning of the local computer, overwriting arbitrary kinds of document and sent a duplicate of itself to all the addresses in the Windows Address Book utilized by Microsoft Outlook.
The worm shortly caused widespread email outages and brought down several industries including stock brokerages, food companies, media, auto, and technology giants as well as government agencies, universities and medical institutions worldwide. The worm infected more than 45 million computers worldwide. The worm was confirmed to have originated from the Philippines and was programmed by Onel A. de Guzman, a computer science student who claimed that he had released the worm accidentally. Evaluations of the worm’s harm are in between $5.5 billion and $15 billion.
First sighted on January 26, 2004, Mydoom was the most damaging email worm ever exceeding the records of the Sobig and ILOVEYOU. The worm started spreading through Kazaa, a file-sharing application and then spread to emails. The infected mail contained an attachment that, whenever executed, resent the worm to email addresses found in the victim’s computer as a user’s address book. The worm also contained a backdoor Trojan and was also programmed to carry out Dos assaults.
The virus also slowed down the 20%-30% of internet traffic and reduced access to some websites by as much as 50% around the world shortly after its attack. The sole purpose of the worm was to execute Denial-of-Service attacks against SCO(Santa Cruz Operation) group, which at the time was associated with a claim with IBM claiming that Linux source code was duplicated from the first UNIX, which SCO held the copyrights to at the time the worm was discovered. Infecting 600,000 to 7000,000 computers across the world, Mydoom and its variants were said to have caused $38.5 billion damage. The origin of the worm was believed to be Russia. However, the actual author of the virus is still unknown.