The word “virus” and its association with computers was affixed by American computer scientist Frederick Cohen who used it to describe “a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself” way back in 1983. They come in all flavours, from problematic worms that spread like wildfire to backdoor entrances caused by trojan horse imposters.
Over the years there have been some very high-profile virus alerts, many of which caught mainstream media attention. In this article I will be exploring the history of computer viruses – 5 of the very worst (best?) computer viruses ever to be compiled and unleashed on the web. Bug spray at the ready…
October 2001: Klez
Before 2001 and the Klez virus, all viruses that spread via email were sent from the infected recipient’s email address. Whilst this was still massively problematic as the web was adjusting to words like “trojan” and “worm”, Klez turned the heat up an extra notch.
Klez was in fact the first virus to be able to spoof email addresses, replacing the address in the “From” field with anyone else it pleased. This made avoiding detection difficult, and once a user became infected the infection was quickly passed on via email address books.
Distributed in many different flavours including a worm and trojan horse, some versions rendered infected computers useless without reinstalling Windows. Klez exploited a vulnerability in Internet Explorer’s Trident rendering agent (also used in Outlook and Outlook Explress) to wreak its havoc.
January 2003: SQL Slammer/Sapphire
SQL Slammer, also known as Sapphire, targeted Microsoft’s SQL Server and Desktop Engine database software, initiating Distributed Denial of Service (DDoS) attacks on various targets. Within minutes of infecting the first server, Slammer began doubling its number of infected machines every few seconds.
The effects of this virus impacted on real-world situations. The Bank of America suffered ATM outages, the city of Seattle was unable to take 911 calls for a period and customers travelling via Continental Airlines experienced ticketing and check-in issues. The virus is estimated to have caused around $1 billion of damages in total.
January 2004: MyDoom
MyDoom began appearing in inboxes around the world in January 2004 and soon became the fastest spreading worm ever to hit the web. Email messages containing the worm were often masked as delivery failures, prompting many to open and investigate the message. Once the attached file had been executed the worm would send itself to email addresses found in the local address book and also put a copy in KaZaA’s shared folder.
Much like Klez, MyDoom could spoof email but also came with the ability to look-up email addresses via web searches. Due to this, another knock-on effect of the virus was severe load being placed on services like Yahoo and Google, slowing down web search.
The worm carried two payloads – one was a backdoor entrance allowing an intruder to control the infected computer and another was a DDoS attack on the SCO group. Many have questioned where the virus came from, with many reports suggesting Russia. MyDoom contained the text “andy; I’m just doing my job, nothing personal, sorry,” which led many to believe that the virus was constructed for a fee, though this is not conclusive.
2004: Sasser & Netsky
Easily one of the most famous outbreaks ever to make the news, Sasser and Netsky are famous not only for their astonishing effectiveness but also the fact that they have been traced back to a then-17-year-old German teenager called Sven Jaschan. Sasser and Netsky are separate viruses, and it was similarities in the code which initially linked them both to the same individual.
The Sasser worm did not spread via email but instead by scanning for vulnerable IP addresses and depositing its payload that way. Sasser exploited a buffer overrun in Windows XP’s Local Security Authority Subsystem Service (LSSASS) which had been patched prior to the release of the worm. This prompted some to believe that Microsoft’s fix was reverse-engineered and this led to the construction of the virus.
Netsky spread via email like more conventional viruses, and came in many different flavours with differing results. The author of both was given up by a friend once Microsoft issued a $250,000 bounty for information about the outbreak. He was tried as a minor and received a 21-month suspended sentence (and a flurry of job offers from security firms, of course).
January 2007: Storm Worm (Peacomm/Nuwar)
Originally distributed in email messages containing the subject “230 dead as storm batters Europe”, the Storm Worm (as it became known) is a nasty Trojan horse that would further infect a user’s machine with malware once active. Whilst “Storm Worm” is the name that has stuck, the virus has been seen masquerading behind other news-inspired subject lines.
Emails infected with the worm contained an executable attachment. Once run, further malware may be installed, and the infected computer will become part of a botnet – a network of remotely-controllable PCs. By September 2007 it was believed that anywhere from 1-10 million computers were infected and part of the Storm botnet, but due to the way the computers communicate, gauging the size is impossible without access to the control server.
Whilst the Storm Worm is not hard to detect or remove now, at that point in time during the entire history of computer viruses, it was particularly resilient due to the way each infection evolved. At its peak the virus was spreading at an incredible rate, with one Postini analyst noting the company had detected over 200,000 emails containing links to the virus over a period of just days.
Whilst security seems to be the web’s number one buzzword these days, you can still never be too careful. By far the most important steps you can take to avoid future infection are performing all system updates on time and of course using a virus scanner.
It’s been ages since I’ve had a virus, how about you? Sorry if I missed your “favourite” virus – fill us in on the details in the comments, below.
Image credit: Shutterstock