10 Computer Viruses

  Storm Worm exploited users’ thirst for sensational news headlines. In this case, the headline was “230 dead as storm batters Europe” which accompanied a link to the “story.” When users clicked the link, instead of reading a news story, they downloaded a virus that then turned their computer into a bot that redistributed the email.

  SQL Scammer sparked on January 25, 2003, when it infected its first server. After it, the infection spread rapidly, having infected more than 70,000 computers after the release into the wild. This worm exploited a bug in Microsoft’s SQL Server as well as Desktop Engine database products. As it spread quickly, it severely slowed down worldwide internet traffic, which resulted in the collapse of important systems, and it caused panic and significant damage.  What is remarkable is that the patch that could have prevented the spread of this infection was released 6 months prior to the incident itself. However, those companies that were affected merely ignored the recommendation to install it. 

  Tinba was first discovered in 2012. The name stands for the Tiny Banker Trojan. As a modified version of older Banker Trojans, it was developed to target the websites of financial institutions. The main goal was to collect clients’ information, such as PIN codes, usernames, account details, passwords, and credit card numbers. Tinba is based on network sniffing and man-in-the-browser attacks. It is indeed tiny — 20 KB — and it is what made the Trojan difficult to detect. 

  Ransomware has become hugely popular among hackers and cybercriminals for obvious reasons. By disrupting users’ systems, preventing access to data, or using social engineering to prey on their fears, criminals extract payment in return for removing the threat. CryptoLocker was one of the first examples. Released in September 2013, CryptoLocker spread via email attachments and encrypted files on infected computers, making them impossible to access. In order to restore access to their data, users had to pay a ransom, at which point the cybercriminals behind CryptoLocker would send a decryption key that could be used to unencrypt the files. Some users reported that they were able to regain access by carrying out a System Restore or using data recovery software. Others said that when they had tried to recover files, they had lost them completely.

  Remember we said in the introduction that the damage caused by viruses included damaging an entire country’s nuclear program? Well, that was Stuxnet. Believed to be a joint US/Israeli cyberweapon, though neither country has openly admitted responsibility, Stuxnet was first discovered in 2010. The purpose of the virus was said to be to interfere with Iran’s attempts to build a nuclear weapon. It was spread by a USB thumb drive and targeted software that controlled a uranium facility in Iran. According to a report published in the New York Times, the damage it caused was so great it made 1,000 centrifuges self-destruct. The Times reported that it was a ‘programming error’ that allowed Stuxnet to escape the facility in Iran and spread around the world on the internet. It was said to be part of a wider US effort, called Olympic Games, to disrupt Iran’s nuclear program.

  Until Mydoom came along, ILOVEYOU held the record for the fastest-spreading email worm ever. But that all changed in January 2004. And 15 years later, Mydoom, first spotted in that month, still holds the record. Mydoom was named by one of the first people to discover it, who noted that code contained the word ‘mydom’ and, given the fact that it was already apparent that it would spread quickly, felt that having ‘doom’ in the name was appropriate. Mydoom affected Windows computers and used a backdoor to take control of a PC and subvert Windows Explorer. It launched a distributed denial-of-service attack, which seemed to particularly target computers belonging to SCO.com. But avoided hitting email addresses registered to some universities as well as those at Microsoft and Symantec. The text of the email used to spread the virus contained the rather cryptic message, “andy; I’m just doing my job, nothing personal, sorry.”