Since the beginning of the millennium that have been the numerous computer viruses that have plagued networks and computer users around the globe.
Of these, five stand out as the most notorious headline makers that rocked the computing world and the billions of dollars in damages.
Knowing the history and background of these five computer viruses and the technology behind each will help information technologists, computer security specialists, and in users protect their systems and networks.
The damage done by computer virus number five on our list, Code Red, was estimated at around $2 billion dollars (U.S.). Launched in two phases, Code Red and Code Red II attacked major networks such as the Associated Press, Qwest Incorporated, and even Microsoft itself.
In 2001, Code Red attacked various vulnerabilities within the IIS servers of Microsoft.
Later that year, Code Red II was unleashed against the vulnerability found in the indexing service module within Microsoft Windows NT 4.0 and within the Windows 2000 operating system.
System’s performance degradation and website vandalism or two of the key elements of destruction unleashed by this headline grabbing computer virus.
The extent of the damage is done could have been easily minimized and computer users applied the Microsoft released patch that was made available approximately a month prior to the attack. Unfortunately, far too many failed to heed the warning and install a patch.
Conficker caused an estimated $9.2 billion dollars (U.S.) in damages when it affected approximately 15 million computers in 2008.
Labeled by some as a “genius worm,” Conficker was able to replicate itself and cloak itself from various security measurements. It spread over the Internet via a number of malware executable files as it acts LANs, removable storage, and network devices.
The worm was able to shield itself from detection and removal by manipulating Windows own system restore point settings, updating itself in a way that made it appear not malicious, and disabling various services in Windows including antivirus services. Conficker also delivered malware such as Spambot, Waledec, Spyprotect2009, and others to the infected computers.
ILOVEYOU was responsible for $15 billion dollars (U.S.) in damages in 2000. This virus required human interaction in order to spread its destruction. The so-called “Love Bug” virus appeared in user e-mail as an anonymous letter professing love.
Heart-struck victims who defied the number one e-mail security rule: “Do not open e-mail attachments unless you know who it is from and were expecting it” were rewarded with the vandalism of files with .hta, .cuss, .mp3, and .jpeg extensions. The ultimate cyber terrorist act.
ILOVEYOU kissed millions of users worldwide affecting over 80% of commercial networks in Australia, Dow Jones Newswires, in the Asian Wall Street Journal forcing many companies to suspend corporate e-mail systems until a virus was brought under control.
SoBig weighs in as number two on the list leaving a whopping $37.2 billion dollar (U.S.) mark on worldwide computer networks and users. In 2003, a self-replicating worm began to attack computer systems through e-mail attachments.
Known as SoBig, the worm was also a Trojan virus in that it could disguise itself to escape detection and removal.
While it was clear that SoBig used the SMTP agent in the host computer to collect e-mail addresses and thus forward itself across the Internet, security analysts were never able to understand the purpose of SoBig.
It has been rumored that SoBig was a government-led experiment and was possibly a forerunner of systems like Stuxnet, which was allegedly dispatched in 2010 by the Israeli military against computer networks inside of the nation of Iran.
This conspiracy theory may have developed from the fact that no hardcore damage was evidenced in the SoBig attack. Systems were compromised, e-mail addresses were collected, and the hybrid worm/trojan virus spread itself around the globe. However, no vandalism of files or other destruction was reported.
Ironically, SoBig allegedly deactivated itself after only about 30 days of non-destructive deployment. Its creator and its purpose remain a mystery to this day.
Mydoom made its presence felt in late January 2004. Another worm spread by e-mail, Mydoom was a rapid spreader, especially in the corporate world where millions of workers trusted e-mail at work to be safe.
Moreover, if you were a worker who received an email at work that read, “I’m just doing my job, nothing personal, sorry!” would you not want to sneak a peek? With job security at a premium in 2004, millions of people rushed to open the file, fearing they had lost their jobs.
The purpose of Mydoom seems to have been to create a zombie-bot network that would be used to forward spam across the World Wide Web.
There was also speculation that Mydoom was purposed to launch a massive Denial of Service attack upon the services of SCO Group, an organization that was embroiled in highly publicized legal actions against the Linux.
While over 25% of infected machines did in fact launch DoS attacks against www.sco.com, investigators subsequently ruled this out stating it was a mere ruse used to throw investigators off track.
Image source: 1
By Alisha Webb. Alisha is a British writer working out of Barcelona and a content developer for Conosco – IT service provider in London.