It’s amazing to think that computer viruses have been around for over 35 years. The first computer virus to be found ‘in the wild’ was in 1982. Fifteenth year old Rich Skrenta created a boot sector virus that targeted Apple II computers (and to think of all those Mac users who swear their machines are impenetrable to viruses), that was spread on good old fashioned, five and a quarter inch floppy disks.
Since those days, viruses have become a lot more complex, and their consequences, in some cases, devastating for businesses and end users. We’ve rounded up what are arguably the five most damaging viruses of recent times.
ILOVEYOU, also known as Love Bug, was a computer worm that infected millions of Windows PCs in the year 2000. It started spreading as an email message with the subject line “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.txt.vbs”. The file extension ‘vbs’ was often hidden by default on Windows computers at the time, leading recpients to think it was a normal document. Opening the attachment triggered a visual basic script. The worm would then overwrite random file types, and then send a copy of itself to all addresses in the users Address Book used by Microsoft Outlook. This made it spread much faster than any other previous email worm.
A precursor to the ILOVEYOU, the Melissa virus was spread using macros embedded into a Microsoft Word document. It was released into the wild by American David Smith in 1999, and attracted it’s victims by claiming to be a document that contained access passwords to pornographic websites. Once opened, the virus would send itself to a users address book, causing huge amounts of email traffic and reducing corporate and governmental systems to a crawl. Smith was eventually caught and pleaded guilty to releasing the virus and was sentenced to 10 years in prison, serving 20 months. He was also fined US $5,000.
SQL Slammer was a 2003 computer worm that caused a denial of service on Internet hosts and dramatically slowed Internet traffic. Its spread was rampant, infecting most of its 75,000 victims within ten minutes. The virus used a buffer overflow vulnerability, a small piece of code that does little other than generate random IP addresses and send itself out to those addresses. If a one of the address happened to belong to a server that was running an unpatched copy of Microsoft SQL Server and listening on port 1434, the host immediately became infected and began propagating the Internet with more copies of the worm program.
With over 300 million computers shipped per year, virus writers have a huge target.
Scarily this virus to handed control of the infected computer to would be hackers. by opening a backdoor, PoisonIvy could record or manipulate the computer or activate the webcam and speaker to record audio and video.
It also avoided being detected by the user by using different techniques, such as injecting itself into running processes so that no unusual tasks were seen whilst it was running. It also captured information entered by the user such as keystrokes, in order to obtain information for accessing online banking services, passwords and other confidential information.
The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that started in September 2013. The attack used a trojan that targeted computers running Microsoft Windows and it propagated via infected email attachments. When activated, the malware encrypts certain types of files stored on local and mounted network drives using public-key cryptography, with the private key stored on the malware’s control servers. The malware then displays a message which offering to decrypt the data if a payment is made by a certain deadline; if the deadline passes it will threatesn to delete the private key. There is no guarantee that payment will release the encrypted content.
Although CryptoLocker itself is easily removed, the affected files remained encrypted. Many said that the ransom should not be paid, others said that paying the ransom was the only way to recover files that had not been backed up. Some victims claimed that paying the ransom did not always lead to the files being decrypted. It is believed that the operators of CryptoLocker successfully extorted a total of around $3 million from victims of the Trojan.