The computer security world is currently abuzz about one of the latest computer viruses to hit the computing world, W32.Stuxnet. Containing a record four zero-day exploits, Stuxnet is the subject of much speculation about the intended target, as it infects and allows for exploits in Siemens systems control software, which is widely used in industrial systems. Security firm Symantec has disassembled and analyzed the virus, finding that it uses four previously unknown exploits in Windows and other software. Due to the complexity, sophistication and nature of the virus, many are theorizing that it was created by a large group, or potentially a governmental intelligence agency.
So, we decided to take a look back at 10 of the most destructive computer worms and viruses to ever be created. From the incredibly ancient (in computer time) worms such as CIH and Melissa, to the latest and rapidly spreading Conficker, these viruses and worms maximized their damage and wreaked havoc on the computer world.
1. MyDoom – $38 Billion
Mydoom, also known as [email protected], Novarg, Mimail.R and Shimgapi, is a computer worm affecting Microsoft Windows. It was first sighted on 26 January 2004. It became the fastest-spreading e-mail worm ever (as of January 2004), exceeding previous records set by the Sobig worm. Mydoom appears to have been commissioned by e-mail spammers so as to send junk e-mail through infected computers. The worm contains the text message “andy; I’m just doing my job, nothing personal, sorry,” leading many to believe that the worm’s creator was paid. Early on, several security firms expressed their belief that the worm originated from a programmer in Russia. The actual author of the worm is unknown. MyDoom slowed down global Internet access by ten percent, and caused some website access to be reduced by 50 percent. Upon infection, it looked for email addresses from contact lists and sent itself to any addresses it found. It was said that during the first few days, one out of ten email messages sent contained the virus. It was only stopped from spreading after about a month. (For tips on eradicating mass mailing viruses, read Email Scanners – Protection from viruses and malware).
2. Sobig.F – $37 Billion
Computer users were still recovering from the damage caused by Blaster in 2003 when another mass-mailer known as Sobig.F attacked. This computer virus caused billions of dollars in damage by stalling or completely crashing Internet gateways and email servers, resulting in the merciless slowing down of global Internet access. It harvested email addresses from various documents found in the infected computers. The virus then sent itself to these addresses. It was able to send over a million copies of itself within just a few hours of the outbreak. By September of 2003, it had deactivated itself, having been programmed to do so. It then ceased to be a threat.
3. ILOVEYOU – $15 Billion
ILOVEYOU, a.k.a. LoveLetter, is a computer worm that successfully attacked tens of millions of Windows computers in 2000 when it was sent as an attachment to an email message with the text “ILOVEYOU” in the subject line. The worm arrived in email inboxes on and after May 4, 2000 with the simple subject of “ILOVEYOU” and an attachment “LOVE-LETTER-FOR-YOU.TXT.vbs”. The final ‘vbs’ extension was hidden by default, leading unsuspecting users to think it was a mere text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user’s sender address. It also made a number of malicious changes to the user’s system. The virus was written by a Filipino programmer who was still a college student at that time. He said the release of the virus was only “accidental.” This virus spread throughout the world in just a day, infecting computers of large corporations and governments, including the Pentagon in the United States. It caused $15 billion in damages. The actual “damage” occurred during the removal of the infection from computers, as email servers and computer networks had to be shut down before the virus could be removed.
4. Conficker: $9.1 billion
The Conficker worm was released in 2007, infecting millions of computers around the world. Once a computer was infected, this worm downloaded and installed malware from sites controlled by the hackers, including things like keystroke loggers and remote PC-control software.
5. Code Red – $2 Billion
The world had not yet recovered from the damage caused by the ILOVEYOU virus when Code Red was released in mid-2001. Unlike other viruses, this one only targeted certain computers running the Microsoft IIS (Internet Information Server) Web Server, exploiting a bug in the software. Once a computer was compromised by the virus, it would modify the handled website, displaying the message “Welcome to http://www.worm.com! Hacked by Chinese!” Then, it would later seek other computers running the web server software and do the same thing. After about two weeks of infection, the virus was programmed to launch DDoS (Distributed Denial of Service) attacks on certain websites, including the server of the White House.
6. Melissa Virus – $1.2 Billion
Released in 1999, the Melissa virus was another mass-mailing malware that was said to have infected up to 20 percent of computers worldwide. This included the networks of Microsoft, Intel, and other companies that relied on MS Outlook as their email client. Email servers around the world were forced to shut down in order to prevent the virus from spreading, as well as to remove the virus from their system. The virus came through email including an MS Word attachment. When opened, it emailed itself to the first 50 people in the MS Outlook contact list. It also overwrote the document files in the infected computer with quotes from the famous cartoon TV series “The Simpsons.”
7. SQL Slammer – $750 Million
SQL Slammer is the least damaging virus in this list. It still caused a considerable amount of damage, though, by overwhelming routers, causing them to shut down. The target of this virus was web servers running a vulnerable version of Microsoft SQL Server. Only computers that ran this server software were infected, but it caused the slowdown of Internet access around the world. In just under ten minutes, it was able to infect thousands of servers center away. Upon infection of a server, the virus generated random IP addresses through which it attempted to further infect other computers.
8. Sasser – $500 Million
Sasser was another complex computer virus that crippled thousands of computers, and was written by a 17-year-old German student in 2004. Sasser did not spread through email, and did not require any human intervention to compromise computers. It infected computers by exploiting vulnerability present in both Windows 2000 and Windows XP machines, known as the RPC (Remote Procedure Call) exploit – the same vulnerability used by the Blaster virus. Sasser successfully infected and shut down thousands of computer networks in just a matter of days. After infecting a computer, it is programmed to access the Internet to search for other vulnerable machines so that it can infect them. Sasser also displayed a notice indicating that the system was shutting down.
9. Blaster – $320 Million
The Blaster virus was a complex malware that spread itself not through email, but through a vulnerability in both the Windows 2000 and Windows XP machines. This malicious software was detected in mid-2003 and by then had infected hundreds of thousands of computers. Once a computer was infected, it displayed a message box indicating that the system would shut down in a couple of minutes. It was also programmed to launch a DDoS attack to a server run by Microsoft by April 2003, but was already contained by that time. Discovered in the code was a hidden message to Microsoft founder Bill Gates saying “Billy Gates, why do you make this possible? Stop making money, and fix your software!”
10. CIH – $80 Million
This virus was considered one of the most dangerous and most destructive viruses ever because it had the ability to remain undetected in a computer’s memory, infecting every application that was run. First released in 1998, the CIH virus infected executable files of the operating systems Windows 95, 98, and ME. This virus also was accidentally distributed by a software vendor, contributing to the massive infection of computers. What made this virus dangerous was that it had a trigger date. Once that date was reached, it overwrote the files on the hard drive and completely destroyed its contents. It also had the ability to overwrite the BIOS of the computer to prevent it from booting up. This virus was also known as the Chernobyl virus because some variants were set to destroy data in computers that coincided with the nuclear power plant accident.