Top 10 Dangerous Computer Viruses

TopDangerousComputerVirusesimg

Top 10 Dangerous Computer Viruses of All Time

1.Storm Worm

The most recent virus on our list is the dreaded Storm Worm. It was at the end of 2006 that computer security experts first identified the worm.

The public began to call the Storm Worm virus as one of the e-mail messages carrying the virus had as its subject “230 dead as storm batters Europe. “The antivirus companies call the worm other names. For example, Symantec calls it Peacomm, while McAfee calls it Nuwar.

This may sound confusing, but the W32. Storm Worm is already a 2001 virus. The 2001 virus and the 2006 worm are completely different systems.

Storm Worm is software for Trojan horses. Its payload is a different program, but not always the same. Some forms of Storm Worm transform the machines into zombies or bots. As computers become compromised, the individual behind the attack becomes vulnerable to the remote control.

Several hackers use Storm Worm to build a botnet and use it to send spam mail over the Internet.

Some iterations of the Storm Worm trick the user into downloading the application via fake news stories or videos.

People behind the attacks will often change the subject matter of the e-mail to reflect current events. For example, just before the 2008 Beijing Olympics, a new version of the worm appeared in e-mails with subjects such as “Latest Deadly Disaster in China” or “China’s Most Deadly Earthquake.” The e-mail purported to link to video and news stories related to the subject but clicking on the link triggered a download of the worm to the victim’s computer.

Several news agencies and blogs have called Storm Worm one of the worst virus attacks in years.

By July 2007, an official with the security company Postini claimed that the company had found more than 200 million e-mails linking to the Storm Worm during an attack that lasted several days. Fortunately, not every e-mail has led anyone to download the worm.

While Storm Worm is common, it is not the most difficult virus to identify or remove from a computer system.

If you keep your antivirus software up to date and try to be careful when you receive e-mails from unknown people or see suspicious links, you ‘re going to save yourself some massive headaches.

2.Leap-A/Oompa-A

Maybe you had seen an advertisement in Apple’s Mac computer marketing campaign, where Justin “I’m a Mac.” John “I’m a PC” Hodgman ‘s long consoles. Hodgman comes down with a virus and points out that there are more than 100,000 viruses that can attack a computer. Long says that these viruses threaten PCs, not Mac computers.

That’s true for the most part. Mac computers are partially protected from virus attacks because of the idea of security through obscurity. Apple has a reputation as a closed framework for managing the OS and hardware — Apple develops all hardware and the software.

It leaves the OS obscured. Macs have historically been a distant second to PCs in the home computer market. A hacker who produces a Mac virus is not going to hit as many victims as he or she would have a PC virus.

But at least one Mac hacker hasn’t prevented that. The Leap-A virus, also known as Oumpa-A, emerged in 2006. This uses the iChat Instant Messaging software to spread through insecure Mac computers.

After the virus infects a Mac, it will scan through iChat contacts and give every person on the list a message. The message contains a corrupted file, which appears to be an innocent JPEG image.

The Leap-A virus does not cause serious damage to computers, but it does demonstrate that even a Mac machine can fall prey to malicious software.

As Mac computers grow popular, we’ll probably see more hackers creating custom viruses that could damage computer files or snarl network traffic. The character of Hodgman may yet have his revenge.

3.Sasser and Netsky

Computer virus programmers often avoid detection. Yet once in a while, the authorities find a way to trace the virus back to its origin. This was the case for the viruses Sasser and Netsky.

A 17-year-old German named Sven Jaschan created and released the two programs on the Internet. Although the two worms acted differently, the similarities in the code led security professionals to conclude that they were both the work of the same person.

The Sasser worm targeted computers with a loophole in Microsoft Windows. Like other larvae, e-mail did not distribute. Then, it tried other vulnerable systems once the virus infiltrated a computer. They contacted these systems and told them to download the virus.

The virus will scan random IP addresses for potential victims. The virus even altered the victim’s operating system in a way that made it impossible to shut down the computer without shutting down the system.

The Netsky virus moves through e-mails and Windows. It spoils e-mail addresses and spreads via an attachment of 22,016 bytes. As it spreads, it can trigger a service denial (DoS) attack when systems fail when trying to handle all Internet traffic.

At one time, security specialists at Sophos believed that Netsky and its variants caused 25% of all computer viruses on the Internet.

Sven Jaschan spent little time in jail; he was sentenced to one year and nine months of probation. Since he was under 18 at the time of his detention, he avoided being tried in German courts as an adult.

So far, most of the viruses we looked at Windows-based target PCs. But Macintosh computers can’t attack computer viruses. Within the next segment, we will look at the first Mac attack virus.

4.SQL Slammer/Sapphire

A new Web server virus spread across the Internet at the end of January 2003. Most computer networks have not been prepared for the attack, and as a result, the virus has taken down many essential systems.

The ATM service of Bank of America crashed, the city of Seattle suffered 911 failures, and due to electronic ticketing and check-in errors, Continental Airlines had to cancel several flights.

The person responsible was the SQL Slammer virus, also known as the Sapphire virus. According to some reports, the virus caused damage of more than $1 billion before patches, and antivirus software hit the issue.

The progress of Slammer ‘s assault has been well reported. Just minutes after the first internet server was compromised; every few seconds, the Slammer virus doubled the number of victims. Fifteen minutes after the first attack, nearly half the servers serving as foundations of the Internet have been compromised by the Slammer virus.

5.MyDoom

The MyDoom (or Novarg) virus is another worm that can create a back door in the operating system of the victim’s computer. The original MyDoom virus — there have been several variants — has had two triggers. One trigger caused the virus to launch a Denial of Service ( DoS) attack beginning on 1 February 2004.

The second trigger ordered the virus to stop spreading itself on Feb. 12, 2004. Even after the virus stopped to spread, the backdoors produced during the initial infections remained active.

Later that year, a second outbreak of the MyDoom virus triggered the sorrow of many search engine firms. Like other viruses, MyDoom searched for e-mail addresses from victim computers as part of its replication process.

But it will also send a search request to the search engine and use the e-mail address contained in the search results. Eventually, search engines like Google started receiving millions of search requests from hacked computers. Such attacks slowed down search engine services and even caused some of them to crash.

MyDoom spreads via e-mail and peer-to-peer networks. According to the MessageLabs security firm, one in every 12 e-mail messages contained the virus at one time. Like the Klez virus, MyDoom could spoof e-mails to make it very difficult to trace the source of the infection.

6.The Klez Virus

The Klez virus marked a new direction for computer viruses, setting the bar high for those who would follow. This appeared at the end of 2001, and the improvements in the virus have infected the Internet for several months.

The simple Klez worm infected the victim’s computer with an e-mail message, repeated it, and then sent it to people in the victim’s address book.

Some variations in the Klez virus had other dangerous programs that could make the victim’s machine inoperable. Depending on the version, the Klez virus could act as a normal computer virus, a worm, or a Trojan horse.

It could also disable virus scanning software and make it a virus removal tool.

Shortly after it appeared on the Internet, hackers modified the Klez virus in a way that made it much more successful. Like other viruses, they could comb through the victim’s address book and send themselves to contact.

But it may also take another name from the contact list and put that address in the “From” area of the e-mail application. It’s called spoofing — the e-mail appears to come from one source when it’s coming from somewhere else.

Spoofing an e-mail address meets a range of goals. For one thing, it’s not convenient for the e-mail recipient to block the person in the “From” area because the e-mails come from someone else.

A Klez worm programmed to spam people with multiple e-mails could close the inbox in short order because the recipients would not be able to tell what the real source of the problem was. Also, the recipient of the e-mail will recognize the name in the “From” field and therefore be more sensitive to opening it.

7.Nimda

Another virus that hit the Internet in 2001 was the Nimda (which is an admin spelled backward) worm. Nimda spread rapidly across the Internet, becoming the fastest spread of the computer virus at the time.

In reality, according to TruSecure CTO Peter Tippett, it only took 22 minutes to reach the top of the list of reported attacks from the moment Nimda hit the Internet.

The primary targets of the Nimda worm were Internet servers. While it could infect a home PC, its real purpose was to bring Internet traffic to a standstill. It could move via the Web using several methods, including e-mail. In record time, this helped spread the virus across several servers.

The Nimda worm has developed a backdoor into the victim’s operating system. This allowed the attacker to access the same level of functions as any user that is currently logged in to the system.

In other words, if a user with restricted privileges installed a worm on a computer, the attacker will also have limited access to the functions of the machine. On the other hand, if the victim were the system owner, the intruder would have full control.

The spread of the Nimda virus caused some network systems to crash as more of the system ‘s resources became food for the worm. In turn, the Nimda worm has become a distributed denial of service ( DDoS) attack.

8.Code Red and Code Red II

Code Red and Code Red II worms appeared in the summer of 2001. Both infections have abused the vulnerability of the operating system found on Windows 2000 and Windows NT computers.

The vulnerability was a buffer overflow problem, which means that when a computer running on such operating systems receives more information than its buffers can accommodate, it begins overwriting the adjacent memory.

The initial Code Red worm conducted a distributed denial of service ( DDoS) attack on the White House. That means that all computers infected with Code Red were trying to contact the White House Web servers at the same time, overloading the devices.

The owner no longer obeys the Windows 2000 computer corrupted with the Code Red II worm. This is because the worm creates a loophole in the operating system of the computer, allowing remote users to access and manipulate the machine. In programming terms, this is a system-level compromise, so it’s bad news for the owner of the computer.

The person behind the virus may access information from the victim’s computer or even use the infected computer to commit the crime. It ensures that the victim not only has to deal with the infected computer but can also be suspected of having committed crimes that he or she did not commit.

Although Windows NT computers were vulnerable to Code Red worms, the impact of viruses on these machines was not as severe. Web servers running Windows NT may have crashed more often than normal, but it was just as bad as it was. Compared to the hardships experienced by Windows 2000 users, that’s not so bad.

Microsoft released software patches that fixed the security vulnerabilities in Windows 2000 and Windows NT. Once patched, the initial worms could no longer exploit the Windows 2000 machine; however, the patch did not remove viruses from infected computers – victims had to do that themselves.

9.ILOVEYOU

A year after the Melissa virus reached the Internet, a new threat arose from the Philippines. Like the Melissa virus, this threat came in the form of a worm — a stand-alone software capable of replicating itself. It was renamed ILOVEYOU.

The ILOVEYOU virus initially spread across the Internet via e-mail, much like the Melissa virus. The recipient of the e-mail said the message was a letter of love from a secret admirer.

The connection to the e-mail was what caused all the trouble. The first worm had the file name LOVE-LETTER-FOR-YOU.TXT.vbs. The extension vbs pointed to the language used by the hacker to build a worm: Visual Basic Scripting.

According to antivirus software developer McAfee, the ILOVEYOU virus has had a wide range of attacks:

He copied himself several times and placed copies in several files on the victim’s hard drive.

New files were added to the victim’s registry keys.

It has replaced several different types of files with copies of themselves.

It was sent by Internet Relay Chat clients as well as by e-mail.

The file called WIN-BUGSFIX.EXE was downloaded from the Internet and executed.

Instead of fixing bugs, this program was a password-stealing code that e-mailed confidential information to the hacker’s e-mail address.

Who developed the virus of ILOVEYOU? Some people believe it was Onel de Guzman of the Philippines. The Philippine authorities charged de Guzman on charges of theft — when the Philippines had no regulations on electronic hacking or sabotage. Citing a lack of evidence, the Philippine authorities dropped the charges against de Guzman, who would not confirm nor deny his responsibility for the virus.

According to some estimates, the ILOVEYOU virus caused 10 billion in damages.

Now that the love fest is over let’s take a look at one of the most widespread viruses on the Web.

10.Melissa

In the spring of 1999, a man called David L. Smith developed a Microsoft Word macro-based computer virus. The virus was designed so that it could spread via e-mail messages. Smith named the virus “Melissa” and said he named it after an exotic dancer from Florida.

Rather than shaking his moneymaker, the Melissa computer virus tempts recipients to open a document with an e-mail message like “Here’s the document you asked for, don’t show it to anyone else.” Once triggered, the virus replicates itself and sends it to the top 50 people in the recipient’s e-mail address book.

The virus spreads rapidly after Smith ‘s release to the world. The U.S. federal government was very involved in Smith ‘s work — according to comments made by FBI officials to Congress, the Melissa virus “wreaked havoc on government and private sector networks.”

The growth in e-mail traffic has caused some businesses to discontinue e-mail services until the virus has been contained.

Following a lengthy trial, Smith lost his case and received a 20-month prison term. The court also fined Smith $5,000 and forbade him from accessing computer networks without the authorization of the court.

In the end, the Melissa virus did not cripple the Internet, but it was one of the first computer viruses to draw media attention.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.