7 Notorious computer viruses you definitely don’t want

Image: Podknox CC-BY

Computer viruses, worms, spyware, and other forms of malware are all part of the ITGS syllabus. Here are 7 notorious computer viruses that you definitely don’t want:

Morris worm (1988)

Notorious computer virusesWidely considered to be the first Internet worm, it was created by Cornell student Robert Morris and released at MIT. It infected around 6,000 computers by taking advantage of known security problems in common Unix tools. An error in the worm caused it to be far more effective than intended: any computer could be infected more than once, with each infection slowing the machine down even more until eventually it was unusable. The cost of the damage – including lost hours and the expense of cleaning machines – is estimated at anywhere between $100,000 and $10,000,000.

Morris was convicted under the Computer Fraud and Abuse Act, fined a $10,000 and sentenced to three years probation.

CIH / Chernobyl (1998)

CIH was an incredibly destructive virus that infected Windows machines in the late 1990s. It overwrote the first megabyte of the hard disk, destroying the partition table and making data inaccessible. Recover was sometimes possible using special tools. Another effective of CIH was an attempt to overwrite the machine’s BIOS, stored in flash memory. In some cases this meant machines needed a new BIOS chip before they could be cleaned – since without a BIOS the machine will not even boot.

I Love You (2000)

I Love You is a classic example of social engineering – exploiting human weaknesses to violate security. This worm sent an email with the subject “I Love You” which, when opened, sent itself to the first 50 addresses in the user’s address book. Because the emails arrived from people they knew, victims were much more likely to open them. With ten days, 50 million machines were infected, and the total cost of recovery was estimated at $5.5 billion.

Modern security software attempts to stop worms like I Love You by disabling scripting by default and preventing the sending of large numbers of emails in a short space of time.

SQL Slammer (2003)

Slammer was the quickest spreading worm ever – within ten minutes it had infected more than 75,000 machines. It targeted a known security vulnerability in Microsoft SQL Server, which had been patched six months earlier. Slammer relied on the fact that many admins had not downloaded Microsoft’s patch to fix the problem. Although it did not directly damage files or data, the rate at which Slammer spread was so rapid that it slowed down Internet traffic within minutes of its release, even affecting ATM networks and airline reservation systems.

Mydoom (2004)

The Mydoom worm was the fastest spreading email worm ever, with anti-virus firms intercepting 100,000 copies every hour. Software company SCO were so heavily hit by the worm that they offered a $250,000 reward for information leading to the arrest of its creator (who still has not been found).

Mydoom spread via email, appearing as an error message with an infected attachment. Running the attachment caused the worm to be sent to email addresses found on the user’s address book. Strangely, Mydoom also deliberately avoided email addresses at certain locations, including MIT, Stanford, and Microsoft.

Stuxnet (2010)

Image: Podknox CC-BY

Stuxnet was the realisation of many governments’ “cyber-warfare” fears. Discovered in mid-2010 in Iran, Stuxnet spread via many different computer systems but only attempted to damage one particular type of hardware – the Programmable Logic Controllers (PLC) inside industrial computers made by Siemens. This happened to be the exact type of hardware used in Iran’s nuclear processing plants.
Stuxnet damaged the PLCs by rapidly switching them on and off. One estimate claimed 20% of the centrifuges used in Iran’s Natanz plant were destroyed by Stuxnet. In June 2012 it was revealed that Stuxnet was created by US and Israeli intelligence services specifically to target Iran, after fears that Iran were attempting to build a nuclear weapon.

Flame (2012)

Flame was one of the most advanced viruses seen to date. It included the ability to silently infiltrate machines, take periodic screenshots, steal or edit documents, log keystrokes, and even record audio using the machine’s microphone. Flame also monitors the computer for a list of “interesting” programs which it then observes closely when run. Governments and businesses in Iran, Israel, Egypt, Syria, and Lebanon were affected.

In June 2012 computer security labs said Flame contained many similarities to Stuxnet (above), suggesting they shared a common source and may be part of a wider government-led monitoring scheme.

Flame malware
Countries suffering Flame infections (Source: Wired)

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.