Understanding History of Biggest Virus Attacks on Computer

Despite of so many up-to-date security tools for all possible touch points in our computer systems and networks the virus and other malware menace continues unabated.

Let us check out few biggest virus attacks of all time.

History of Computer Viruses in Brief
1983 – Fred Cohen created term
1985 – 1st Virus created in Labs
1987 – Spread to Universities
1987 – Friday 13th, Stoned, Cascade
1990 – Bulgaria (Dark Avenger)
1991 – Michelangelo (3/6/1491)
1992 – Virus Creation Tools
1996 – 1st Word Macro Virus
1997 – 1st Excel Macro Virus
1998 – 1st BIOS based Virus (CIH)
1999 – 1st Windows NT Virus
1999 – Melissa (EMAIL attack)
1999 – Ping Virus (Network attack)
2000 -- Love Bug ($10 billion damages)
2001 -- Code Red, Nimda, SirCam
2002 -- Klez, Yaha, BugBear

Computer Virus History Details:

First Virus to Hit Personal computers -Elk Cloner (1982)
Regarded as the first virus to hit personal computers worldwide, "Elk Cloner" spread through Apple II floppy disks. The programmed was authored by Rich Skrenta, just a ninth-grade student then, who wanted to play a joke on his schoolmates.

The virus was put on a gaming disk, which could be used 49 times. On 50th time, instead of starting the game, it opened a blank screen that read a poem: "It will get on all your disks. It will infiltrate your chips. Yes it's Cloner! It will stick to you like glue. It will modify RAM too. Send in the Cloner!" The computer would then be infected.
Elk Cloner was though a self-replicating virus like most other viruses, it bore little resemblance to the malicious programmes of today.

First virus to hit computers running Microsoft's OS(operating system)- Brain (1986)
`Brain' was the first virus to hit computers running Microsoft's then popular operating system DOS. The virus was written by two Pakistani brothers, Basit Farooq Alvi and his brother Amjad Farooq Alvi and left the phone number of their computer repair shop.

A boot-sector virus, Brain infected the boot records of 360K floppy disks. The virus would fill unused space on the floppy disk so that it could not be used. The first "stealth" virus, it hid itself from any detection by disguising the infected space on the disk. Due to its partial non-destructiveness, Brain often went undetected as many times users paid little attention to the slow speed of floppy disk access.

Morris (1988)
Written by a Cornell University graduate student, Robert Tappan Morris, the virus infected an estimated 6,000 university and military computers connected over the Internet.

The computers Morris invaded were part of the Arpanet, an international grid of telephone lines, buried cables, and satellite hookups established by the Department of Defense in 1969. Interestingly, Morris later claimed that the worm was not written to cause damage, but to gauge the size of the Internet. An unintended consequence of the code, however, led to the damage caused.

Concept -First macro virus-1995
This is the first Macro virus that was discovered. Concept’ infected word documents.

Boza, Staog-1996
Boza was the first virus written to infect Windows 95 machines. Staog was the first virus to infect Linux machines.

Chernobyl (CIH) virus, most harmful viruses, first detected in 1998
Chernobyl virus also known as CIH was first detected in 1998, however, it first triggered in April 1999, 13th the anniversary of the Chernobyl nuclear disaster (which took place in Ukrainian).
One of the most harmful viruses, it overwrites critical information on infected system drives. The virus was reportedly the first virus known to have the power to damage computer hardware, with virus attempting to erase the hard drive and overwrite the system's BIOS as well.

The virus is also known as "space filler virus," due to its ability to clandestinely take up file space on computers and prevent anti-virus software from running.

Melissa, first viruses to spread over email in 1999
'Melissa' was one of the first viruses to spread over email. When users opened an attachment, the virus sent copies of itself to the first 50 people in the user's address book, covering the globe within hours.

The virus known as Melissa -- believed to have been named after a Florida stripper its creator knew -- caused more than $80m in damage after it was launched in March 1999. Computers became infected when users received a particular e-mail and opened a Word document attached to it.

First found on March 26, 1999, Melissa shut down Internet mail systems at several enterprises across the world after being they got clogged with infected e-mails carrying the worm. The creator of the virus, David Smith, was sentenced to 20 months imprisonment by a United States court.

Most Deadly Virus known in 2000 –ILOVEYOU also known as Love Bug
Travelling via email attachments, "Love Bug" exploited human nature and tricked recipients into opening it by disguising itself as a love letter. The virus stunned security experts by its speed and wide reach. Within hours, the pervasive little computer programmed tied up systems around the world.

The virus which was similar to the earlier Melissa worm, spread via an email with the tantalising subject line, "I Love You." When a recipient opened the attachment, the virus sent copies of itself to his entire address book. It then looked for files with .jpeg, .mp3, .mp2, .css and .hta extensions and overwrote them with itself, changing the extensions to .vbs or .vbe. These files then could not be retrieved in searches.

The bug affected companies in Taiwan and Hong Kong -- including Dow Jones Newswires and the Asian Wall Street Journal. Companies in Australia had to close down their email systems to keep the virus from spreading (80 per cent of the companies in Australia reportedly got hit).

The victims also included Parliaments of Britain and Denmark. In Italy, the outbreak hit almost the entire country. In the United States too, the e-mail systems were shut down at several companies.

Most expensive viruses in history - Code Red (2001)
Said to be one of the most expensive viruses in history, the self-replicating malicious code, 'Code Red' exploited vulnerability in Microsoft IIS servers. Exploiting the flaw in the software, the worm was among the first few "network worms" to spread rapidly as they required only a network connection, not a human opening like attachment worms. The worm had a more malicious version known as Code Red II.

Both worms exploited a bug in an indexing service shipped with Microsoft Window's NT 4.0 and Windows 2000 operating systems. In addition to possible website defacement, infected systems experienced severe performance degradation. The virus struck multiple times on the same machine.

Code Red II affected organisations ranging from Microsoft to the telecom company Qwest to the media giant Associated Press. According to a research firm Computer Economics, the virus caused damage worth above $2 billion. Incidentally, Microsoft had issued a patch to fix the vulnerability almost a month earlier, however, most system operators failed to install it.

Klez, Yaha, Bugbear-2002
Klez was the biggest virus under 2002. According to Sophos this was infected on 25 % of the systems which was virusinfected during 2002. The 3 other largest viruses under 2002 was Klez, Bugbear aswell as Badtrans.

Blaster in 2003 also known as Lovsan or Lovesan
Blaster spread across a RPC DCOM vulnerability in Windows. It took approx 3 months after the vulnerability was patched by Windows before Blaster appeared on the Internet.
Sobig-F also topped the lists over the most spread viruses during 2003.

The worm started circulating in August 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster.

On August 29, 2003, Jeffrey Lee Parson, an 18-year-old from Hopkins, Minnesota was arrested for creating the B variant of the Blaster worm; he admitted responsibility and was sentenced to an 18-month prison term in January 2005.

Sasser (2004)
Another worm to exploit a Windows flaw, 'Sasser' led to several computers crashing and rebooting themselves.

Sasser spread by exploiting the system through a vulnerable network port. The virus, which infected several million computers around the world, caused infected machines to restart continuously every time a user attempted to connect to the Internet. The worm also severely impaired the infected computer's performance.

The worm’s three modified versions have followed it since then, known as Sasser.B, Sasser.C and Sasser.D. The companies affected by the worm included the Agence France-Presse (AFP), Delta Air Lines, Nordic insurance company .

Storm worm (2007)- Big Trojan attack
Another big Trojan attack was Storm worm that hit computers worldwide in January 2007. The Storm worm originally posed as breaking news of bad weather hitting Europe. Over time, the worm was also seen in emails with the following subjects: personal greetings, reports that Saddam Hussein is still alive, reports that Fidel Castro is dead, sexy women, YouTube, and even blogs.

Users who fell for it unknowingly became a part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge.

The worm infected millions of PCs worldwide and was compared to the Sasser and Slammer attacks of 2006 in terms of damage caused. On April 1, 2008, a new storm worm was released onto the Net, with April Fools-themed subject titles.

Useful Tips:
Always use Up-to-Date Security tools (like anti-virus, anti-spyware, Anti-malware etc), to assure safety of your computer

Thanks for the research work and input from:
Rahul (Network Engineer and contributor of contents for this blog)

Post a Comment