PC viruses and worms can be a nightmare, causing havoc of unimaginable degree and crippling your work-rate in an awful manner
In 1988, the first ever PC virus, Morris Worm was distributed via the internet and infected about 6,000 computers. Morris Worm was created by Robert Tappan Morris, a student of Cornell University and launched from MIT. Morris was later convicted in the U.S. under the 1986 Computer Fraud and Abuse Act.
25 years after, millions of computers have been notoriously infected by different types of virus and we take a look at 5 of the most deadly and catastrophic PC viruses of all time.
May 2000: ILOVEYOU
The ILOVEYOU virus infected millions of Windows PC’s all over the world. It initially started in Philippines before spreading like wild-fire via email with a “ILOVEYOU” subject and the “LOVE-LETTER-FOR-YOU.txt.vbs” attachment. The vbs (Visual Basic Scripting) extension pointed to the language the hacker used to create the worm [source: McAfee]
According to anti-virus software producer McAfee, the ILOVEYOU virus had a wide range of attacks:
- It copied itself several times and hid the copies in several folders on the victim’s hard drive.
- It added new files to the victim’s registry keys.
- It replaced several different kinds of files with copies of itself.
- It sent itself through Internet Relay Chat clients as well as e-mail.
- It downloaded a file called WIN-BUGSFIX.EXE
The ILOVEYOU virus was designed to steal internet access passwords from users for its creators.
Ramones and de Guzman who were widely believed to be the creators of the ILOVEYOU virus could not be persecuted as there were no laws in the Philippines against writing malware during the time the virus was released. This prompted the creation of the E-Commerce Law, in July 2000.
The ILOVEYOU virus reportedly caused $10 billion in damages.
October 2001: Klez
Klez virus is a smart virus, it had the ability to spoof email addresses, replacing what’s on the form field with eventually anything. In late 2001, the virus was released and subsequently had various versions; some versions could act like a normal computer virus, while others acted as a worm or a Trojan horse.
Microsoft’s Internet Explorer was entirely vulnerable to the Klez virus attack, the virus used the IE trident rendering agent to cause havoc of epic scale on consumer PC’s.
When Klez is executed, it must decrypt the information about email senders, subject lines and the email body. It copies itself to the system folder as Krnl132.exe. It adds the value krnl32 = System folder\krnl32.exe to the local machine registry key that ensures the worm will run upon starting the machine.
Klez may deactivate on-access virus scanners. It will search active processes and give the “TerminateProcesses” command to processes [Source: Wikidot]
Havoc caused by the Klez virus currently stands at over $19 billion in damages.
January 2004: MyDoom
MyDoom is the fastest-spreading email worm to ever hit the web. Mydoom is primarily transmitted via e-mail, appearing as a transmission error, with subject lines including “Error”, “Mail Delivery System”, “Test” or “Mail Transaction Failed” in different languages, including English and French. The mail contains an attachment that, if executed, resends the worm to e-mail addresses found in local files such as a user’s address book. It also copies itself to the “shared folder” of peer-to-peer file-sharing application KaZaA in an attempt to spread that way. [Source: Wikipedia]
MyDoom operates in similar fashion as Klez. Once a user opens the attachment sent in a email by MyDoom, the virus infects the system and spread its network to every individual address it can access. The virus unlocks the computer system allowing a remote control access to it and then it could also initiate series of DDoS attacks. [Source: Symantec]
Mydoom’s origin was traced to Russia when Kaspersky Labs location-sensing software followed the original emails to ISPs from Russia.
2004: Sasser and Netsky
The Sasser and Netsky outbreaks are one of the most fruitful computer worms to have hit the Windows Operating System. Sasser and Netsky are two similar but separate viruses; Netsky first appeared in Febuary 2004 while Sasser was released in April 2004. It is fundamentally difficult for authorities to track a PC virus to its origin, but this was largely not the case as Sasser and Netsky’s origin were traced to a 17-year-old German named Sven Jaschan who released the virus on his 18th birthday.
Sasser, unlike other worms, it didn’t spread through e-mail, instead, it scans different ranges of IP addresses and connects to victims computers primarily through TCP port 445. The virus exploited a buffer overrun in Windows XP’s Local Security Authority Subsystem Service (LSSASS) which was patched by Microsoft in April of 2004 prior to the release of the worm.
Netsky works like most conventional viruses; it is transmitted and spread via email. It had different variants, each producing different results [source: CERT].
Sven Jaschan wrote the code when he was a minor, and was found guilty of computer sabotage in a ruling at a German court, but was given a suspended sentence.
January 2007: Storm Worm
On Friday, January 19, 2007. Innocent PC users started receiving emails with a subject line about a recent weather disaster “230 dead as storm batters Europe”. The Storm Worm would later become known as a nasty Trojan horse that caused massive disaster on a user’s machine once the malware being transmitted via email becomes active.
Don’t Miss: How To Make Your Windows Computer Run Faster
Emails with an executable attachment were transmitted with the Storm Worm and upon installation by an unsuspecting user; malware finds access into his computer, which later becomes part of a botnet – a collection of compromised computers often referred to as “zombies” infected with malware that allows an attacker to control them.
Some versions of the Storm Worm fool the victim into downloading the program through fake links promising access to hot stories. For example, “U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel,” “A killer at 11, he’s free at 21 and kill again!,” “Saddam Hussein alive!”. The email promises a link to access full details of the story in the subject. Once the link is clicked, a download of the worm is initiated on the victim’s PC [source: McAfee].
The Storm Worm is reportedly to have originated from Russia [Source: PCWorld].
The Storm Worm is largely considered as the worst and biggest virus attacks on Personal Computers in decades and by July of 2007 Postini claimed it had detected more than 200 million emails carrying links to the Storm Worm during an attack that lasted several days [source: Gaudin].
These are the most destructive computer viruses in decades. Like the Storm Worm which still exists, users who are security conscious can easily detect it. Receiving the email does nothing but avoiding attempts to click on links that promises access to ambiguous stories can do a lot. The best rule would be to apply caution on mails from unfamiliar people and ensuring regular updates of your antivirus software. Adhering to these little tips can save you from a havoc of monumental scale.
ILOVEYOU Image via Kultur
MyDoom Imave Via Reuters
Sasser Image via Edurider