Viruses have been wreaking havoc on computers since 1986 when the first virus, known as BRAIN showed up on the scene. Brain is considered to be the first virus found on PC’s and infected MS-DOS. Over the past 24 years there have been over 65,000 viruses created. Today we highlight our selected TOP 10 list of the most destructive viruses ever.
Sircam was notable during its outbreak for the way it distributed itself. Document files (usually .doc or .xls) on the infected computer were chosen at random, infected with the virus and emailed out to email addresses in the host’s address book. Opening the infected file resulted in infection of the target computer. During the outbreak, many personal or private files were emailed to people who otherwise should not have got them.
It also spread via open shares on a network. Sircam would scan the network for computers with shared drives and copy itself to a machine with an open (non-password protected) drive or directory. A simple RPC (Remote Procedure Call) was then executed to start the process on the target machine, usually unknown to the owner of the now-compromised computer.
Over a year later, Sircam was still in the top 10 virus charts.
#9 Code Red
The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh. The worm was named the .ida “Code Red” worm because Code Red Mountain Dew was what they were drinking at the time, and because of the phrase “Hacked by Chinese!” with which the worm defaced websites.
Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000 The worm defaced websites by inserting its payload which said “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!”
#8 SQL Slammer
SQL Slammer is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000 victims within ten minutes. So named by Christopher J. Rouland, the CTO of ISS, Slammer was first brought to the attention of the public by Michael Bacarella. Although titled “SQL slammer worm”, the program did not use the SQL language; it exploited a buffer overflow bug in Microsoft’s flagship SQL Server and Desktop Engine database products, for which a patch had been released six months earlier in MS02-039. Other names include W32.SQLExp.Worm, DDOS.SQLP1434.A, the Sapphire Worm, SQL_HEL, W32/SQLSlammer and Helkern
#7 Nimda (also known as the Concept Virus)
Nimda (also known as the Concept Virus) appeared in September 2001, attacking tens of thousands of servers and hundreds of thousands of PCs. The worm modified Web documents and executable files, then created numerous copies of itself. The worm spread as an embedded attachment in an HTML e-mail message that would execute as soon as the recipient opened the message (unlike the typical attached virus that requires manual launching of the attachment). It also moved via server-to-server Web traffic, infected shared hard drives on networks, and downloaded itself to users browsing Web pages hosted on infected servers. Nimda soon inspired a crowd of imitators that followed the same pattern. Visit Symantec’s Security Response for the Nimda removal tool.
#6 The Anna Kournikova (or VBS.SST@mm) worm
The Anna Kournikova virus–also called VBS_KALAMAR, VBS/SST and VBS/OnTheFly–spread worldwide Monday. The Anna virus poses as a photo of 19-year-old Russian tennis player Anna Kournikova attached to an e-mail. The attachment appears as AnnaKournikova.jpg.vbs or as an abbreviated version of that name. The virus uses Visual Basic to infect Windows systems and then, on systems with Microsoft Outlook, mails itself out to the entire address book. The virus does not affect MacOS, Linux or Unix systems. The virus’ ability to mail itself out to a large number of Internet users classifies it as a worm.
Experts claimed that the virus spread nearly as widely as the Melissa virus (see #3) that hit the Net almost two years ago. The Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University said that more than 100 sites reported encountering the virus on Monday.
#5 SoBig Virus
In 2003 significant problems occurred as a result of the SoBig virus, which had several variations. SoBig spread through infected e-mail message attachments and unprotected shared folders on computer networks. This virus modified a computer’s operating system so that the worm code ran whenever Windows booted. The latest strain, called SoBig.F, arrived in August 2003 and produced more than 1 million copies within its first 24 hours of life on the Internet.
America Online scanned more than 40 million e-mail messages per day in the weeks after that worm hit and found 60 percent to be infected with the virus. After generating more than $2 billion in damages in the United States alone, the SoBig virus will end the year in the number-one spot in annual virus rankings.
Magistr is one of the most complex viruses to hit the Internet. Its victims, users of Outlook Express, were hooked by an infected e-mail attachment. The virus, discovered in mid-March 2001, sent garbled messages to everyone in the infected user’s e-mail address book. Attached were files pulled at random from the infected PC’s hard drive plus an executable file with the Magistr code. This virus was not as widespread as many others, but it was very destructive. Magistr overwrites hard drives and erases CMOS and the flashable BIOS, preventing systems from booting. It also contained antidebugging features, making it hard to detect and destroy. Visit Symantec’s Security Response for instructions on how to remove Magistr.
#3 The Melissa Virus
The Melissa virus hit the Internet in March 1999. Like most viruses, it was sent as an e-mail attachment and was only activated once the recipient opened the attachment. The virus was designed to take advantage of vulnerabilities in macros — short computer scripts — used by Microsoft’s (Nasdaq: MSFT) main word-processing application, Word.
“What made Melissa powerful was its ability to replicate itself,” Vincent Weafer, senior director at security vendor Symantec (Nasdaq: SYMC), told TechNewsWorld. After examining the contents in a person’s e-mail address book, the virus would send itself out to all of those listed.
The virus was unleashed on a Friday afternoon and quickly spread around the Internet that weekend. Eventually, 15 to 20 percent of U.S. businesses were impacted, leading to hundreds of millions of dollars in damages as a result of lost productivity, computer downtime and additional IT expenses.
Melissa’s designer, David Smith, was eventually sentenced to 20 months in prison after being charged with interruption of public communications, conspiracy to interrupt public communications, theft of computer services and damage or wrongful access to computer services.
#2 The Klez worm
The Klez worm, which blends different virus traits, was first detected in October 2001. Klez distributes itself like a virus, but sometimes acts like a worm, other times like a Trojan horse. Klez isn’t as destructive as other worms, but it is widespread, hard to exterminate–and still active. In fact, so far, no other virus has stayed in circulation quite like Klez. It spreads via open networks and e-mail–regardless of the e-mail program you use. Klez sometimes masquerades as a worm-removal tool. It may corrupt files and disable antivirus products. It pilfers data from a victim’s e-mail address book, mixing and matching new senders and recipients for a new round of infection. Visit Symantec’s Security Response for instructions on how to remove Klez.
#1 ILoveYou Worm
This worm showed up in May 2000, and is reported to be the most costly worm to businesses ever, it attacked literally tens of millions of windows computers with spam email that contained the words “ILOVEYOU” in the subject line. The worm came with a .VBS attachment that was hidden and disguised as a simple text file. Upon open the worm would send a copy of itself to everyone in the windows address book, and also make some malicious system changes to the users computer. The worm originated in the Philippines on May 4, and spread across the world in one day. It is estimated to have caused about $5.5 billion dollars in damage to businesses. Within nine days of its launch over 50 million infections were reported. The cost of damage was primarily associated with the labor it took to remove the worm. Both the Pentagon and the CIA had to shut down their mail systems in order to deal with the worm, as did many large businesses. Watch the ILOVEYOU worm in action (You Tube).