The Most Destructive Malware of All Time
By Nick Anderson 6 minutes
Computer viruses are an ever-persistent challenge for security firms. Since there have been computers, there have been such malicious programs that are designed to cause harm. There have been several viruses over the decades, each more destructive than the other, but one thing that they all share is their ability to alter the functionality of a system.
We’ll go down in history and compile a list of viruses that have left their mark on the world.
The Common Misconception About Virus
A virus is a leading term that is used to define every harmful computer program. And threat detection programs naming themselves as “anti-virus” hasn’t helped erode the misconception. Malware is the correct term to define a harmful piece of software. It is an umbrella term that encompasses all types of malicious software. In short, a virus is a subcategory of malware. Not every malware isa virus, but every virus is malware.
A virus is a malicious program that attaches itself to legitimate programs. It hides to avoid detection, only running when the user executes the host program. Once executed, it will infect files and programs on the computer, leaving them corrupted or even deleting them. Furthermore, a virus can spread to other computers on the network or external drives attached to the computer. It has self-replicating characteristics.
A worm, on the other hand, has self-replicating characteristics of a virus but does not need user intervention. It can spread to other places even if the host program is not executed.
List of the Most Dangerous Viruses
Malware is man-made programs designed to cause harm by altering the functionality of a system. We’ve compiled a list of malware that have left their mark on the world.
The virus named after an exotic dancer and created by a programmer named David Lee Smith emerged in 1999. It took the form of a document file which promised to contain passwords to premium adult websites. The file was posted in an online newsgroup and spread from thereon.
The virus used Microsoft Outlook to spread itself to the first 50 email addresses in the user’s list. The email title carried enticing messages, such as “Here is the document you requested … don’t show anyone else ;-).”
As we have discussed in our previous blogs, phishing attempts that trick a user into downloading or visiting a malicious file/link apply social engineering to bypass suspicion.
Under the wrong context, those words could spell disaster for you. The virus named ILOVEYOU emerged in the year 2000 – just about a decade from now. The virus used email as a means to attack users. It spread a malware-infected attachment that was concealed as a romantic gift card from an anonymous lover. The email title “I love you” was an easy trick to get people into the opening and downloading the “LOVE-LETTER-FOR-YOU.TXT.VBS” file.
As a self-replicating virus, it spread to the user’s contact list after overwriting files on the target’s computer. It is estimated that the virus affected 50 million people worldwide.
Based on the Greek god of thunder, Zeus emerged in the year 2007 as a trojan that could create a botnet and also steal financial information. A trojan is a type of malware that conceals itself as a legitimate program but has different functionality that will demonstrate itself once downloaded and installed.
Zeus – also known as Zbot – initiates a keylogger to obtain credentials when the user visits a banking website. It can also install ransomware on the target system, locking away important files behind encryption, until the user provides ransom in the form of money. Modern ransomware ask for payment in cryptocurrency.
Losing access to sensitive and personal data is the most hard-hitting experience anyone can have when malware is concerned. As ransomware, Cryptolocker encrypts files once it has entered the system. The maker of the ransomware will demand money in exchange for the key that can decrypt the files.
The same mastermind behind Zeus malware developed Cryptolocker.
MyDoom and Melissa are considered one of the fastest-spreading malware. It spread through as an email attachment, which, when download, would deliver a new copy of itself to a new target. The computers infected with MyDoom would create a botnet that will then be used to carry out a DDoS (Distributed Denial of Service) attack.
The DDoS attacks choked several web search engines such as Google. MyDoom would use the victim’s computer to request a search result for new email addresses, thus leaving search engines overwhelmed when a large number of computers made the request simultaneously.
Poison Ivy is especially dangerous because it allows an attacker control of the target system. It is a remote access malware that grants an attacker access to a system; allowing it to run keyloggers, file transfers, and more. It was at the heart of several malware campaigns, including a campaign in 2011 known as Nitro, which targeted government agencies, chemical groups, defense contractors, and more.
Remote access trojans leverage zero-day vulnerabilities. Such as when attackers leveraged a zero-day vulnerability in Java. The malware usually targeted high-profile entities, and as such, it was part of Spear Phishing emails that contained the malware.
Stuxnet is unlike anything on our list. Not because it has unique characteristics, but because it’s the first weapon that contains only computer code.
The worm targeted Iran’s nuclear facilities and caused significant setbacks to their progress. It was capable of controlling the Programmable Logic Controllers (PLC) in the nuclear enrichment facilities. The worm controlled the speed of the PLCs, thus tampering with the centrifuges used in the uranium enrichment process. It was so clever that it delivered false feedback, preventing anyone from discovering the frictions in the process.
Stuxnet was delivered via USB drives by targeting people who were believed to be involved in the facilities. It is believed to have been engineered by the NSA.
Slammer took out bank ATMs, the 911 emergency services, printing presses, and other IT systems in just a matter of minutes since its release on the internet in 2003. It is known as SQL Slammer because it used an exploit in Microsoft SQL Server 2000 for buffer-overflow. As a consequence, the worm tried to connect to other computers through SQL Server’s UDP port 1434.
Interestingly, it was developed as a penetration-testing code by a researcher, but back then, it was not called Slammer and not meant to be malicious in nature. The idea was stolen from the author, and thus SQL Slammer was born to wreak havoc on systems around the world.
These are just some of the malware that the world has seen over the past two decades. The problem with the digital world is the ever-present threat of malware that seeks to exploit new vulnerabilities. Only with an anti-virus that is equipped to deal with various types of malware and certain practices that each user should adopt can we truly minimize the risk of infection.
One of those practices is to always use a VPN on unsecured networks such as public Wi-Fi hotspots. With AES 256-bit encryption, a VPN can prevent Man-in-the-Middle attacks, and also keep data secure throughout.