Monday, November 29, 2010

Scariest Computer Viruses

Jerusalem – 1987


Named after one of the first places it hit — Jerusalem University — this was one of the first MS-DOS viruses.  It infected thousands of computers while remaining undetected. On infection, theJerusalem virus resides in the computer’s memory and then infects every executed file over and over, until eventually the file sizes overwhelm computer resources. On Friday the 13th of every year after 1987 the virus deletes every program file that was executed. But, since the advent of Windows, Jerusalem’s DOS targeting has become obsolete.  While the virus was thought to have originated in Israel, antivirus researchers believe that Italy might be ground zero for this one.




Morris (aka Internet Worm) – November 1988


The Morris worm was not actually created to cause damage, but to gauge the size of the Internet. Unfortunately, the Morris worm contained an error that caused it to infect computers multiple times, creating a denial of service (DoS).  Developed by Cornell University student, Robert Morris, but released through MIT to disguise its origin, the author became the first to be convicted in the U.S. under the 1986 Computer Fraud and Abuse Act.  The Morris worm infected around 6,000 computers, slowing them to the point of becoming unusable. The estimated economic impact was between $100,000 to $10 million. Robert Morris was fined, put on probation and ordered to 400 hours of community service.  He is now a professor at MIT.




Solar Sunrise – 1998


Named because it exploited a vulnerability in the Solaris operating system, the virus affected dozens of Pentagon computer systems.  Launched at a time when tensions were high in the Persian Gulf, it was suspected that the virus was an Iraqi attack.  A joint task force was put together with agents from the FBI, the Air Force Office of Special Investigations, NASA, the U.S. Department of Justice, the Defense Information Systems Agency, the NSA and the CIA. The investigation let to two American teenager computer hackers from California.




Melissa – 1999


Created by David L. Smith, a computer programmer from New Jersey, and named after a lap dancer he met in Florida, the virus was circulated in an e-mail message with the subject line “Important Message” and spread with an attached Microsoft Word document.

When the file was opened, Melissa sent the infected document to the first 50 addresses in the user's address book. It clogged government and private sector networks, forcing some companies to discontinue e-mail service until the virus was contained. Smith received a 20-month jail sentence and a fine.




ILOVEYOU (a.k.a. The Love Bug) – 2000


Like the Melissa virus, ILOVEYOU also spread through e-mail, but came in the form of a self-replicating worm from the Philippines.  The subject of the malicious e-mail message was ILOVEYOU with an attachment of a supposed love letter from a secret admirer.  It affected tens of millions of Windows computers almost overnight. Upon opening the attachment, the worm sent a copy of itself to everyone in the user’s address book with the user's sender address. It also made a number of malicious changes to the user's system. While two suspects in the Philippines were investigated and arrested, charges were dropped since no definitive link could be made between the creators and the virus and there were no laws in the Philippines at the time against computer crimes.




The Code Red worm –  June 2001


Attacking a vulnerability in Microsoft Internet Information Server, Code Redwent through a number of versions in several days, all of which conducted a distributed denial of service (DDOS) attack that turns infected computers into “zombies” that overwhelm Web sites running on the Microsoft server. More than 350,000 computers were affected in the first 14 hours of the attack on July 19. Then at midnight, all Code Red zombies quit attacking new victims, and redirected themselves to one of the servers that hosts the White House Web site, bombarding it with a deluge of bad connections.  An earlier version of the worm defaces any Web site hosted by the server with the text: "Welcome to http://www.worm.com! Hacked by Chinese!" The actual source of the attack has not been identified.




The Klez Virus – 2001


The most persistent virus up to that time, Klez posed a triple threat acting as a virus, a worm and a Trojan horse. Klezarrives in a victim’s inbox as a file attachment. When the attachment is double-clicked, Klez appropriates the user’s e-mail address book and searches the user’s hard drive for addresses from the Web browser cache. Klez always appears to be sent from someone the user knows — an extremely effective social-engineering trick that has become a mainstay of virus distribution.




Nimda – September 2001


Admin, backwards — this worm was released shortly after the Sept. 11 attacks and infected hundreds of thousands of computers worldwide.Nimda was considered to be one of the most complicated viruses, having up to five different methods of infecting computers systems.  It affects both local files and those on shared networks.  The worm also creates open network shares on the infected computer, allowing access to the system. During this process, the worm creates the guest account with Administrator privileges and the infected computer is vulnerable to pillaging. Given the timing, there was speculation that the worm was linked to Al Qaeda, but the theory has since been rejected.




Slammer worm (aka Sapphire) – 2003


With devastating effects, the Slammer worm exploited a hole in Microsoft's SQL server. Once it attacked a server running Microsoft SQL, the infected system instantly started spewing millions of Slammer clones, targeting computers at random, duplicating itself and creating an army of Slammer slaves that doubled every 8.5 seconds. Within hours of the initial release, huge sections of the Internet were knocked offline. Slammer was also responsible for causing Emergency 911 operators in suburban Seattle to resort to using paper and Continental Airlines was forced to cancel flights from Newark because it was unable to process tickets.




MyDoom – February 2004


A worm affecting Microsoft Windows was one of the fastest spreading worms in history affecting a new computer every millisecond. It appears that it might have been commissioned by e-mail spammers to send junk e-mail through infected computers. The actual author of the worm remains unknown.

The worm was transmitted via e-mail with a subject line like “Mail Delivery System Error.”  The mail contains an attachment that resends the worm to e-mail addresses found in the user’s address book and also copies itself to the “shared folder” of peer-to-peer sharing applications (like Kazaa, at the time) in order to spread through file exchanges.  Versions of MyDoom have continued to resurface as recently as July 2009, targeting Web sites belonging to the White House, Department of Homeland Security, U.S. Secret Service, National Security Agency, Federal Trade Commission, Department of Defense and the State Department, as well as sites in South Korea including the Ministry of Defense.




Leap-A (aka. Oompa-Loompa) – 2006


While most of the viruses in this list have been targeted at PC systems, Apple has been significantly less vulnerable to attack — with its market share appreciably smaller, a hacker targeting a Mac won’t hit as many targets. But, the Leap did. Whether it is a virus, worm or Trojan horse is not exactly clear. It infects Mac computers running the iChat instant messaging program.  It searches through the user's iChat contact and sends corrupted files to each user through an attached JPEG image. It causes infected programs to stop running — which is actually helpful, because users couldn’t launch infected applications.




Storm Worm (aka. Peacomm a.k.a. Nuwar) – 2007


The Storm Worm is a Trojan horse program that affects computers using Microsoft operating systems. It began by infecting computers in Europe and the U.S. using an e-mail message with the subject line “230 dead as storm batters Europe.” There were six waves of attacks that followed, and the Storm Worm became a global epidemic within four days. Once the infected attachment is opened, the computer is compromised and becomes merged into a botnet — a network of zombie machines.  It isn’t that hard to detect or even avoid downloading, but it was one of the most widespread in years.




No comments:

Post a Comment