MOST DANGEROUS VIRUSES TILL NOW
Causing close to 100 billion dollars in damage to businesses worldwide, PC viruses have brought the world a massive headache. We name the 10 most destructive of the past 20 years.
By George Jones, TechWeb
Computer viruses are like real-life viruses: When they're flying around infecting every PC (or person) in sight, they're scary. But after the fact...well, they're rather interesting, albeit in a gory kind of way. With this in mind, we shamelessly present, in chronological order, the 10 most destructive viruses of all time.
CIH (1998)
Estimated Damage: 20 to 80 million dollars worldwide, countless amounts of PC data destroyed
Unleashed from Taiwan in June of 1998, CIH is recognized as one of the most dangerous and destructive viruses ever. The virus infected Windows 95, 98, and ME executable files and was able to remain resident in a PC's memory, where it continued to infect other executables.
What made CIH so dangerous is that, shortly after activated, it would overwrite data on the host PC's hard drive, rendering it inoperable. It was also capable of overwriting the BIOS of the host, preventing boot-up. Because it infected executable files, CIH wound up being distributed by numerous software distributors, including a demo version of an Activision game named Sin.
CIH is also known as the Chernobyl virus because the trigger date of certain strains of the virus coincides with the date of the Chernobyl nuclear reactor accident. The virus is not a serious threat today, thanks to increased awareness and the widespread migration to Windows 2000, XP, and NT, none of which are vulnerable to CIH.
Melissa (1999)
Estimated Damage: 300 to 600 million dollars
On Friday, March 26, 1999, W97M/Melissa became front-page news across the globe. Estimates have indicated that this Word macro script infected 15 to 20 percent of all business PCs. The virus spread so rapidly that Intel, Microsoft, and a number of other companies that used Outlook were forced to shut down their entire e-mail systems in order to contain the damage.
The virus used Microsoft Outlook to e-mail itself to 50 names on a user's contact list. The e-mail message contained the sentence, "Here is that document you asked for...don't show anyone else. ;-)," with an attached Word document. Clicking open the .DOC file -- and thousands of unsuspecting users did so -- allowed the virus to infect the host and repeat the replication. Adding insult to injury, when activated, this virus modified users' Word documents with quotes from the animated TV show "The Simpsons."
ILOVEYOU (2000)
Estimated Damage: 10 to 15 billion dollars
Also known as Loveletter and The Love Bug, this was a Visual Basic script with an ingenious and irresistible hook: the promise of love. On May 3, 2000, the ILOVEYOU worm was first detected in Hong Kong. The bug was transmitted via e-mail with the subject line "ILOVEYOU" and an attachment, Love-Letter-For-You.TXT.vbs. Similar to Melissa, the virus mailed itself to all Microsoft Outlook contacts.
The virus also took the liberty of overwriting music files, image files, and others with a copy of itself. More disturbingly, it searched out user IDs and passwords on infected machines and e-mailed them to its author.
An interesting footnote: Because the Philippines had no laws against virus-writing at the time, the author of ILOVEYOU was not charged for this crime.
Code Red (2001)
Estimated Damage: 2.6 billion dollars
Code Red was a computer worm that was unleashed on network servers on July 13, 2001. It was a particularly virulent bug because of its target: computers running Microsoft's Internet Information Server (IIS) Web server. The worm was able to exploit a specific vulnerability in the IIS operating system. Ironically, Microsoft had released a patch addressing this hole in mid-June.
Also known as Bady, Code Red was designed for maximum damage. Upon infection, the Web site controlled by the affected server would display the message, "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!" Then the virus would actively seek other vulnerable servers and infect them. This would go on for approximately 20 days, and then it would launch denial of service attacks on certain IP addresses, including the White House Web server. In less than a week, this virus infected almost 400,000 servers, and it's estimated that one million total computers were infected.
SQL Slammer (2003)
Estimated Damage: Because SQL Slammer erupted on a Saturday, the damage was low in dollars and cents. However, it hit 500,000 servers worldwide, and actually shut down South Korea's online capacity for 12 hours.
SQL Slammer, also known as Sapphire, was launched on January 25, 2003. It was a doozy of a worm that had a noticeable negative impact upon global Internet traffic. Interestingly enough, it didn't seek out end users' PCs. Instead, the target was servers. The virus was a single-packet, 376-byte worm that generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft's SQL Server Desktop Engine, that computer would immediately begin firing the virus off to random IP addresses as well.
With this remarkably effective way of spreading, Slammer infected 75,000 computers in 10 minutes. The outrageously high amounts of traffic overloaded routers across the globe, which created higher demands on other routers, which shut them down, and so on.
Blaster (2003)
Estimated Damage: 2 to 10 billion dollars, hundreds of thousands of infected PCs
The summer of 2003 was a rough time for businesses running PCs. In rapid succession, IT professionals witnessed the unleashing of both the Blaster and Sobig worms. Blaster, also known as Lovsan or MSBlast, was the first to hit. The virus was detected on August 11 and spread rapidly, peaking in just two days. Transmitted via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent.
Hidden in the code of MSBLAST.EXE -- the virus' executable " were these messages: "I just want to say LOVE YOU SAN!!" and "billy gates why do you make this possible? Stop making money and fix your software!!"
By George Jones, TechWeb
Computer viruses are like real-life viruses: When they're flying around infecting every PC (or person) in sight, they're scary. But after the fact...well, they're rather interesting, albeit in a gory kind of way. With this in mind, we shamelessly present, in chronological order, the 10 most destructive viruses of all time.
CIH (1998)
Estimated Damage: 20 to 80 million dollars worldwide, countless amounts of PC data destroyed
Unleashed from Taiwan in June of 1998, CIH is recognized as one of the most dangerous and destructive viruses ever. The virus infected Windows 95, 98, and ME executable files and was able to remain resident in a PC's memory, where it continued to infect other executables.
What made CIH so dangerous is that, shortly after activated, it would overwrite data on the host PC's hard drive, rendering it inoperable. It was also capable of overwriting the BIOS of the host, preventing boot-up. Because it infected executable files, CIH wound up being distributed by numerous software distributors, including a demo version of an Activision game named Sin.
CIH is also known as the Chernobyl virus because the trigger date of certain strains of the virus coincides with the date of the Chernobyl nuclear reactor accident. The virus is not a serious threat today, thanks to increased awareness and the widespread migration to Windows 2000, XP, and NT, none of which are vulnerable to CIH.
Melissa (1999)
Estimated Damage: 300 to 600 million dollars
On Friday, March 26, 1999, W97M/Melissa became front-page news across the globe. Estimates have indicated that this Word macro script infected 15 to 20 percent of all business PCs. The virus spread so rapidly that Intel, Microsoft, and a number of other companies that used Outlook were forced to shut down their entire e-mail systems in order to contain the damage.
The virus used Microsoft Outlook to e-mail itself to 50 names on a user's contact list. The e-mail message contained the sentence, "Here is that document you asked for...don't show anyone else. ;-)," with an attached Word document. Clicking open the .DOC file -- and thousands of unsuspecting users did so -- allowed the virus to infect the host and repeat the replication. Adding insult to injury, when activated, this virus modified users' Word documents with quotes from the animated TV show "The Simpsons."
ILOVEYOU (2000)
Estimated Damage: 10 to 15 billion dollars
Also known as Loveletter and The Love Bug, this was a Visual Basic script with an ingenious and irresistible hook: the promise of love. On May 3, 2000, the ILOVEYOU worm was first detected in Hong Kong. The bug was transmitted via e-mail with the subject line "ILOVEYOU" and an attachment, Love-Letter-For-You.TXT.vbs. Similar to Melissa, the virus mailed itself to all Microsoft Outlook contacts.
The virus also took the liberty of overwriting music files, image files, and others with a copy of itself. More disturbingly, it searched out user IDs and passwords on infected machines and e-mailed them to its author.
An interesting footnote: Because the Philippines had no laws against virus-writing at the time, the author of ILOVEYOU was not charged for this crime.
Code Red (2001)
Estimated Damage: 2.6 billion dollars
Code Red was a computer worm that was unleashed on network servers on July 13, 2001. It was a particularly virulent bug because of its target: computers running Microsoft's Internet Information Server (IIS) Web server. The worm was able to exploit a specific vulnerability in the IIS operating system. Ironically, Microsoft had released a patch addressing this hole in mid-June.
Also known as Bady, Code Red was designed for maximum damage. Upon infection, the Web site controlled by the affected server would display the message, "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!" Then the virus would actively seek other vulnerable servers and infect them. This would go on for approximately 20 days, and then it would launch denial of service attacks on certain IP addresses, including the White House Web server. In less than a week, this virus infected almost 400,000 servers, and it's estimated that one million total computers were infected.
SQL Slammer (2003)
Estimated Damage: Because SQL Slammer erupted on a Saturday, the damage was low in dollars and cents. However, it hit 500,000 servers worldwide, and actually shut down South Korea's online capacity for 12 hours.
SQL Slammer, also known as Sapphire, was launched on January 25, 2003. It was a doozy of a worm that had a noticeable negative impact upon global Internet traffic. Interestingly enough, it didn't seek out end users' PCs. Instead, the target was servers. The virus was a single-packet, 376-byte worm that generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft's SQL Server Desktop Engine, that computer would immediately begin firing the virus off to random IP addresses as well.
With this remarkably effective way of spreading, Slammer infected 75,000 computers in 10 minutes. The outrageously high amounts of traffic overloaded routers across the globe, which created higher demands on other routers, which shut them down, and so on.
Blaster (2003)
Estimated Damage: 2 to 10 billion dollars, hundreds of thousands of infected PCs
The summer of 2003 was a rough time for businesses running PCs. In rapid succession, IT professionals witnessed the unleashing of both the Blaster and Sobig worms. Blaster, also known as Lovsan or MSBlast, was the first to hit. The virus was detected on August 11 and spread rapidly, peaking in just two days. Transmitted via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent.
Hidden in the code of MSBLAST.EXE -- the virus' executable " were these messages: "I just want to say LOVE YOU SAN!!" and "billy gates why do you make this possible? Stop making money and fix your software!!"
The virus also contained code that would trigger a distributed denial of service attack on windowsupdate.comon April 15, but Blaster had already peaked and was mostly contained by then.
Have you read it? Dangerous isn't it? ok i got a collection of virus here.. i share this not to infect you or the others but to give you an idea what is virus really look like.. dont you even try to pass this to others this are already been detected by the anti-virus program. if you don't to put yourself into trouble behave yourself!
