There is no computer system that is immune to viruses. Even the IT networks of governments and super-secret nuclear facilities are susceptible to the deleterious impact of malicious code.
The evolution of malware, which is believed to have kicked off in 1986 with the emergence of the floppy-borne Brain virus, spawned a plethora of Trojans, worms, data wipers, keyloggers, scareware, ransomware and other strains often collectively dubbed “viruses.”
However, very few stood out from the crowd during the three decades that have elapsed since. Let’s look back on the top 10 computer viruses that turned out to be groundbreaking or caused hefty damage.
Also referred to as Novarg, the Mydoom computer worm surfaced in late January 2004. It spread through email and P2P networks and targeted machines running the Windows operating system. One of the adverse effects boiled down to creating a backdoor in the host that allowed the operators of this outbreak to remotely access the plagued computers. Mydoom also scoured the contaminated PC for email addresses and sent a copy of itself to all of the victim’s contacts as part of the replication mechanism.
To top it off, the worm automatically submitted requests to search engines from the plagued computers, causing slowdowns of popular search providers around the world. This infection was additionally used in massive DDoS attacks. At the peak of this electronic raid, 25% of all emails in circulation had Mydoom on board. Experts estimate the global losses over this wave at about $38 billion.
Sasser is another Windows worm that gained notoriety for its overwhelming prevalence. It was first documented in 2004. Contrary to counterparts from the same category, this culprit was distributed through a Windows vulnerability. Specifically, it exploited a buffer overflow bug in LSASS (Local Security Authority Subsystem Service) to infiltrate systems and then tried to proliferate further by looking for other machines on the network that were susceptible to this flaw.
In the aftermath of the incursion, Sasser-tainted computers become slow and eventually crashed. The virus ended up disrupting the operation of numerous critical infrastructure entities along with a bevy of regular PCs worldwide. The emergence of Sasser was attributed to a 17-year-old German student, Sven Jaschan, who had reportedly also created the dreadful Netsky virus. He never got a jail sentence because of his young age, though. The damages incurred due to this campaign were estimated at about $18 billion.
No matter how romantic the ILOVEYOU virus might sound, it shaped up to be one of the worst cyber infections ever created in terms of the attack scope and the losses caused. The distribution campaign, which commenced in May 2000, was based on social engineering. The unscrupulous operators sent out numerous emails camouflaged as a love letter.
The attachment, a file named LOVE-LETTER-FOR-YOU.txt.vbs, was a toxic Visual Basic script that looked like a regular TXT document due to Windows hiding the actual extensions back then. When opened by an unsuspecting recipient, the virus instantly sent copies of itself to all of the victim’s contacts and then overwrote files on the computer. Such interference made the machines unbootable. The ILOVEYOU virus infected tens of millions of computers worldwide, with the damages estimated at $5.5–8.7 billion (and $15 billion to remove the worm).
4) Code Red
This worm got on the AV radar in 2001. In order to proliferate rapidly, it harnessed a buffer overflow issue in computers running Windows NT and Windows 2000. Code Red was one of the first known fileless viruses, which means that it was able to run entirely in memory and thus had an incredibly small system footprint that tangled detection.
Once inside a machine, it would trigger a messy self-replication process and consume most of the host’s CPU resources. The pest crippled up to 2 million web servers and was used to carry out a DDoS attack against the site of the White House. The approximate damage in lost productivity over the Code Red attack was $2 billion.
5) Storm Worm
The infamous Storm Worm, or Nuwar, started wreaking cyber mayhem in early 2007. It made the rounds via email and got its name from the original spam campaign involving booby-trapped messages with the subject “230 dead as storm batters Europe”. Storm Worm turned PCs into a zombie host that could be controlled remotely. The cybercrooks used the associated huge botnet to orchestrate powerful DDoS attacks and send out millions of spam emails.
Conficker, also known as Downadup, is another dangerous computer worm first spotted in 2008. It took advantage of a network service vulnerability in Windows to enter a computer behind the victim’s back. Having trespassed on a system, Conficker would thwart operating system updates, block antivirus websites, and install additional modules that added the host to a botnet and displayed rogue security alerts to defraud the user of money. The worm contaminated more than 9 million PCs, with the approximate losses amounting to $9 billion.
7) SQL Slammer/Sapphire
This one was a web server virus that took the world by storm in late January 2003. It leveraged a buffer overflow trick to take over unpatched servers and render them virtually inoperable in no time. Some of the high-profile victims included Continental Airlines and Bank of America. The former was coerced to cancel a number of flights, and the latter experienced serious ATM service outages. Other infected organizations ran into major hurdles with their regular activity as well.
The number of SQL Slammer victims doubled every few seconds, and the perpetrating code impacted almost half of the world’s critical web servers in a mere 15 minutes. The reason why it was spreading like wildfire was because it used the UDP Internet protocol as the conduit for the attacks, which is known to be much faster than TCP. The affected companies were estimated to have lost over $1 billion in the upshot of this incident.
The Trojan dubbed Zeus splashed onto the cybercrime scene in 2009. Targeting home users and large corporations alike, it aimed at stealing sensitive credentials for various online accounts. Zeus boasted the capability to grab forms on websites and log keystrokes behind the scenes. A few noteworthy victims included Amazon, Cisco, Bank of America, and Oracle.
More than a million machines were reportedly hit in the U.S. alone. The crooks who masterminded this campaign stole about $70 million and hired hundreds of “money mules” to smuggle the assets to Eastern Europe, where the ringleaders were presumably based.
Nimda (“admin” spelled the other way around) is yet another detrimental computer worm on the list. It made its debut in September 2001 and quickly wrought a great deal of havoc. One of its distinguishing hallmarks was a multi-vector distribution that spanned email, drive-by downloads on compromised websites, network shares, and the use of known vulnerabilities and backdoors. The Nimda outbreak was lightning-fast and it reportedly took the worm about 20 minutes to become the top cyber threat being detected at that point.
This worm was mainly intended to compromise web servers rather than PCs, with the goal being to disrupt the overall Internet traffic. Due to the innumerable quantity of infected servers in the felons’ arsenal, Nimda became an instrument for deploying DDoS attacks powerful enough to take down pretty much any computer system.
WannaCry is one of the most devastating file-encrypting ransomware threats to date. It popped up in May 2017 and infected at least 200,000 computers in 150 countries during just 4 days. Its uniqueness revolved around the fact that the payload entered machines via an exploit codenamed EternalBlue, which was created by the NSA and got leaked by The Shadow Brokers hacker crew earlier that year. Such a distribution vector doesn’t involve user interaction at all and only relies on an unpatched flaw in Windows, which explains the rapidity of WannaCry proliferation.
When inside a Windows computer, WannaCry used a strong cipher to render all valuable data inaccessible. Then it displayed a ransom note demanding $300 worth of Bitcoin for the recovery of hostage files. This ransomware made numerous high-profile victims, including FedEx, England’s National Health Service, and Renault. Analysts estimate economic losses from this destructive wave at about $4 billion.
Although the strains on the above list are now history, they demonstrated that the losses ensuing from a single well-orchestrated malware campaign might reach billions of dollars.
About David Balaban
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.