Since the beginning of processing for the masses, endless computer viruses have been released. Today an expected one million viruses are available for use and thousands are made each month.
Get within, the track on probably the most prominent and the most noticeably bad PC viruses ever:
1988 – The Morris Worm
In 1988 Robert Morris, a college understudy, released a worm which influenced 10 percent of the considerable number of PCs associated with the web.
The Virus backed the PC off to a creep and brought every one of the machines utilized by the Massachusetts Institute of Technology to a stop.
Inside days it turned into the most far-reaching viruses the world had ever observed, as individuals shared Word Documents through email.
The concept virus accidentally shipped on a CD-ROM provided by the Microsoft in 1995.
This one is the principal viruses to infect Microsoft Word Documents.
It was the first to increase critical predominant press consideration.
It likewise brought about the principal lawful offense conviction in the US under the 1986 Computer Fraud and Abuse Act.
Morris later became an associate professor at MIT.
According to its maker, Robert Tappan Morris, the Morris worm was not composed to bring about harm, but rather to gauge the extent of the Internet.
The worm was released from MIT in the expectation of recommending that its maker examined there, which Morris did not (however Morris later turned into a tenured educator at MIT in 2006).
It worked by abusing known vulnerabilities in UNIX Sendmail, Finger, and rsh/rexec, and also frail passwords.
Because of dependence on rsh (typically crippled on untrusted systems), fixes to Sendmail, Finger, the across the board utilization of system separating, and enhanced attention to the threats of powerless passwords, it ought not to prevail on a current, appropriately designed system.
And as far as anyone knows unintended the outcome of the code, notwithstanding, made it be all the more harming.
A PC could be infected different circumstances and each extra procedure would back the machine off, in the long run to the point of being unusable.
This would have an indistinguishable impact from a Fork Bomb and crash the PC a few times.
The primary body of the worm could just infect DEC VAX machines running 4BSD, and Sun-3 systems.
A versatile C “Grappling Hook” segment of the worm was utilized to pull over (download) the principle body, and the hooking snare could keep running on different systems, stacking them down and making them fringe casualties.
1999 – Melissa
Melissa was spread by means of a file to a Usenet aggregate called “alt.sex”, and the document contained passwords for 80 pornographic sites.
The virus is named after a Miami-based stripper.
It infected a large number of machines.
It was a mass-mailing large scale virus. As it was not an independent program, it is not a worm.
This destructive and across the board PC virus was found on Friday, March 26, 1999.
This virus has spread everywhere throughout the globe inside hours of the underlying disclosure, evidently spreading speedier than whatever other viruses some time recently.
Melissa works with Microsoft Word 97, Microsoft Word 2000 and Microsoft Outlook 97 or 98 email client.
You don’t need Microsoft Outlook to get the viruses in an email, however, it won’t spread itself further without it.
Melissa won’t work under Word 95 and won’t spread further under Outlook Express.
Melissa can infect Windows 95, 98, NT and Macintosh clients. On the off chance that the infected machine does not have Outlook or web access by any means, the viruses will keep on spreading locally inside the client’s own archives.
When the email beneficiary opened the document, the worm endeavored to mail itself to the initial 50 email addresses it could take from the PC.
Its creator, David L Smith was restricted from going close to a PC without consent from the court.
Melissa was at first circulated in an internet discussion group called “alt.sex”.
The virus was sent in a file called “LIST.DOC”, which contained passwords for X-rated sites.
At the point when clients downloaded the file and opened it in Microsoft Word, a full scale inside the report executed and messaged the “LIST.DOC” document to 50 individuals’ files in the user’s email alias file (“address book”).
The email resembled this:
From: (name of infected user)
Subject: Important Message From (name of infected user)
To: (50 names from alias list)
Body: Here is that document you asked for … don’t show anyone else 😉
Do see that Melissa can arrive in any archive, not really just in this “LIST.DOC” where it was spread at first.
The vast majority of the beneficiaries are probably going to open the document, as it, for the most part, originates from somebody they know.
2000 – ILoveYou
It here and there alluded to as “Love Letter”.
It was a PC worm that assaulted a huge number of Windows PCs on and after 5 May 2000.
The “IloveYou” virus spread when it was downloaded as an email connection. It then began replicating itself a few times and stored away in envelopes on the hard drive.
In the Philippines when it started spreading as an email message with the subject line “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.txt.vbs”.
The file extension (for this situation, “VBS” – a kind of interpreted file) was regularly covered up of course on Windows PCs of the time, driving unwitting clients to think it was a typical content document.
Opening the connection enacted the Visual Basic Script.
The worm damaged on the local machine, overwriting irregular sorts of documents (counting Office files, picture documents, and sound files. Nonetheless, in the wake of overwriting MP3 files the virus would conceal the document) and sent a duplicate of itself to all locations in the Windows Address Book utilized by Microsoft Outlook.
Conversely, the Melissa viruses just sent duplicates to the initial 50 contacts.
It did about $10 billion worth of harm, quickly infecting systems around the globe.
The ILOVEYOU Script (the attachment) was composed in Microsoft Visual Basic Scripting (VBS) which keeps running in Microsoft Outlook and was empowered of course.
The script included Windows Registry information for program startup on system boot.
The worm then ventures the majority of the associated drives and replaces the files with expansions JPG, JPEG, VBS, VBE, JS, JSE, CSS, WSH, SCT, DOC, HTA, MP2 and MP3 with duplicates of itself.
While affixing the extra file extension VBS, making the client’s PC unbootable.
However, MP3s and other sound related files were concealed instead of overwritten.
The worm spread itself by conveying one duplicate of the payload to every passage in the Microsoft Outlook address book (Windows Address Book).
It additionally downloads the Barok Trojan renamed for the event as “WIN-BUGSFIX.EXE”.
The way that the virus was composed in VBS given clients an approach to change the virus.
A client could undoubtedly alter the virus to supplant critical documents in the system and demolish it.
This permitted numerous varieties of ILOVEYOU to spread over the web, everyone doing various types of harm.
Some mail messages sent by ILOVEYOU:
Important! Read Carefully!!
2001, February – Anna Kournikova
The Anna Kournikova PC worm was a PC worm composed by a Dutch software engineer named Jan de Wit on February 11, 2001.
Jan De Wit made a virus that deceived the beneficiary into opening a message that firmly recommended they would be aware of a look at Russian Tennis Star – Anna Kournikova’s curves.
It was intended to trap email clients into opening a mail message purportedly containing a photo of the tennis player Anna Kournikova, while really concealing a malicious program.
The worm arrives in an email with the headline “Here you have, ;0)” and an attached file called AnnaKournikova.jpg.vbs.
At the point when propelled under Microsoft Windows the file does not show a photo of Anna Kournikova but rather dispatches a viral Visual Basic Script that advances itself to everyone in the Microsoft Outlook address book of the victim.
The worm was made utilizing a basic and broadly accessible Visual Basic Worm Generator Program created by an Argentinean programmer called “Alamar”.
While like the ILOVEYOU worm that struck a year before, in 2000, the Anna Kournikova worm did not degenerate information on the infected PC.
Evidently, the creator made the worm in a matter of hours. “The young fellow had downloaded a program on Sunday, February 11, from the Internet and later that day, around 3:00 p.m., set the worm free in a newsgroup”.
De Wit handed himself over to experts in the town of Sneek situated in the northern territory of Friesland in the Netherlands. “When he comprehended what the worm did, he had met with his folks and chose to hand himself over to the police.”
Th endeavors of another virus writer working undercover for the FBI, David L. Smith (creator of the Melissa virus), prompted the distinguishing proof of Jan de Wit and that the FBI passed the data to experts in the Netherlands.
De Wit handed himself over to the police in the place where he grew up Sneek on February 14, 2001, a couple days after the worm was released.
Apparently, and taking after the instances of another PC virus writers, just a couple days after the fact the leader of Sneek, Mayor Sieboldt Hartkamp, made a speculative job offer to De Wit, citing his programming aptitudes.
De Wit was attempted in Leeuwarden and was accused of spreading information into a PC network with the expectation of bringing about harm, a wrongdoing that conveyed the greatest sentence of four years in jail and a fine of 100,000 guilders (US$41,300).
The legal advisors for Jan de Wit required the rejection of charges against him, contending that the worm brought about negligible harm.
The FBI submitted confirmation to the Dutch court and recommended that US$166,000 in harms was brought about by the worm.
De Wit conceded he made the worm utilizing a worm creation toolbox. In any case, told the court when he presented the viruses on a newsgroup he did it “without thinking and without overseeing the consequences”.
He denied any purpose of bringing about the harm.
De Wit was sentenced to 150 hours community service or 75 days in prison.
It turns out to be so notorious to the point that it highlighted in a scene of Friends.
2001, September – Nimda
“Nimda” is “Admin” spelled in reverse.
Nimda is one of the complex viruses with a mass mailing worm segment which spreads itself in email connections named README.EXE.
It influences Windows 95, Windows 98, Windows Me, Windows NT 4 and Windows 2000 clients.
It infects email and sent itself out to email contacts; broke into web servers and infected documents on sites.
In 25 minutes of its discharge, it had turned into the webs most across the board worm.
It seemed one week after 9/11 prompting hypothesis that it was made by state performing artists or even fear based oppressor bunches.
The lifecycle of Nimda can be partitioned into four sections:
1) File Infection: Nimda finds EXE documents from the local machine and infects them by putting the file inside its body as an asset, hence “assimilating” that file. These documents then spread the contamination when individuals trade projects, for example, games.
2) Mass Mailer: Nimda finds email addresses by means of MAPI from your email client and in addition scanning local HTML documents for extra addresses. At that point, it sends one email to each address. These emails contain a document called README.EXE, which may be executed naturally on a few systems.
3) Web Worm: Nimda begins to examine the web, attempting to find www servers. Once a web server is found, the worm tries to infect it by utilizing a few known security holes. In the event that this succeeds, the worm will change irregular website pages on the web page. The final product of this alteration is that web surfers perusing the webpage will get consequently infected by the worm.
4) LAN Propagation: The worm will look for file partakes in the local network, either from file servers or from end client machines. When discovered, it will drop a concealed file called RICHED20.DLL to any index which has DOC and EML files. At the point when different clients attempt to open DOC or EML documents from these indexes, Word, WordPad or Outlook will execute RICHED20.DLL bringing on an infection of the PC. The worm will likewise infect remote documents in the event that it was begun on a server.
2003 – SQL Slammer
Slammer brought on a denial of service on Internet hosts and drastically backed off the internet, infecting the greater part of its 75,000 victims inside 10 minutes.
It brought on about $10 billion worth of harm, quickly infecting networks around the globe.
15 after its first assault, the Slammer virus infected almost 50% of the servers that hold up the web.
Although titled “SQL Slammer Worm”, the program did not utilize the SQL language. It abused a buffer overflow bug in Microsoft’s flagship SQL Server and Desktop Engine database products. For which a fix had been released six months earlier in MS02-039. Different names incorporate W32.SQLExp.Worm, DDOS.SQLP1434.A, The Sapphire Worm, SQL_HEL, W32/SQL Slammer and Helkern.
The worm depended on evidence of concept code showed at the Black Hat Briefings by David Litchfield.
David had initially discovered the buffer overflow vulnerability that the worm exploited.
It is a small piece of code that does minimal other than generating random IP addresses and send it out to those addresses.
On the off chance that a chose to deliver happens to have a place with a host that is running an unpatched copy of Microsoft SQL Server Resolution Service listening on UDP port 1434, the host quickly ends up plainly infected and starts showering the Internet with more duplicates of the worm program.
Home PCs are generally not vulnerable to this worm unless they have MSDE installed.
The worm is so small to the point that it doesn’t contain code to think of itself to circle, so it just remains in memory, and it is anything but difficult to expel.
Two key perspectives added to SQL Slammer’s fast propagation. The worm infected new has over the session less UDP protocol, and the whole worm (just 376 bytes) fits inside a solitary bundle. Subsequently, each infected host could rather just “fire and forget” packets as quickly as would be prudent (generally hundreds every second).
2004, January – Mydoom
Mydoom is a worm that spreads over email and the Kazaa Peer-to-Peer (P2P) network.
It was spread through an email attachment which more often than not had a harmless title, for example, ‘Mail Delivery System’ or ‘Mail Transaction Failed’.
It was the fastest spreading viruses ever.
A €250,000 reward to find its maker – he was never found.
In February 2004, it infected 1 in 12 emails with 100,000 interceptions occurring each hour.
Whenever executed, the worm opens up Windows’ Notepad with garbage data in it.
When spreading, the irresistible email used to convey the worm duplicates utilize variable subjects, bodies and attachment names.
The worm encrypts the vast majority of the strings in its UPX-packed body with ROT13 Method, i.e. the characters are pivoted 13 locations to the right in the abecedary, beginning from the earliest starting point if the position is past the last letter.
The worm opens up a backdoor to infected PCs. This is finished by planting another SHIMGAPI.DLL file to system32 registry and propelling it as a child process of EXPLORER.EXE.
Mydoom is modified to quit spreading on February 12th.
The worm will dispatch a Notepad window with garbage contents.
2004, April – Sasser
This worm was named Sasser on the grounds that it spreads by exploiting a buffer overflow in the component known as Local Security Authority Subsystem Services (LSAS) on the affected operating systems.
Sasser made it hard to shut down machines and infected numerous PCs.
Its maker Sven Jaschan released Sasser into the wild on his 18th birthday.
Sasser spreads by exploiting the system through a vulnerable port.
It is especially harmful in that it can spread without user intervention, but it is likewise effectively ceased by an appropriately configured firewall or by downloading system updates from Windows Update.
The specific hole Sasser exploits is documented by Microsoft in its MS04-011 Bulletin, for which a patch had been released 17 days before.
The worm filters distinctive scopes of IP addresses and connects to victims’ PCs primarily through TCP port 445.
Microsoft’s examination of the worm demonstrates that it might likewise spread through port 139.
A few variants called Sasser.B, Sasser.C and Sasser.D showed up inside days (with the first named Sasser.A).
2006 – Leap_A
The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A.
It is an application-infecting, LAN-spreading worm for Mac OS X, found by the Apple security firm Intego on February 14, 2006.
Leap can’t spread over the Internet, and can just spread over a Local Area Network utilizing the Bonjour Protocol.
On most systems, this limits it to a single IP subnet.
It demonstrated that Apple is not all that safe all things considered.
In the wake of infecting through PC, it looked through iChat and sent every individual on the iChat list a message which contained a corrupted file that showed up as a JPEG picture.
Utilizing the iChat instant messaging program Leap_A spread crosswise over vulnerable Mac PCs.
The basic strategy for securing against this sort of Computer Worm is abstaining from propelling documents from untrusted sources.
2007 – Storm Trojan
The worm is otherwise called:
- Small.dam or Trojan-Downloader.Win32.Small.dam (F-Secure)
- CME-711 (MITRE)
- W32/Nuwar@MM and Downloader-BAI (specific variation) (McAfee)
- Troj/Dorf and Mal/Dorf (Sophos)
- Trojan.Peacomm (Symantec)
- TROJ_SMALL.EDW (Trend Micro)
- Win32/Nuwar (ESET)
- Win32/Nuwar.N@MM!CME-711 (Windows Live OneCare)
- W32/Zhelatin (F-Secure and Kaspersky)
- Trojan.Peed, Trojan.Tibs (BitDefender)
Through an email attachment, it inundated thousands of computers creating a huge global network of computers enslaved.
Every PC would then attempt to infect different PCs.
Its peak: up to 10 million CPUs infected.
There is proof, as per PCWorld that the Storm Worm was of Russian origin, perhaps traceable to the Russian Business Network.
It was in the end contained by antivirus organizations.
2008 – Conficker
Conficker, otherwise called Downup, Downadup, and Kido.
The cause of the name Conficker is thought to be a mix of the English term “Configure” and the German pejorative term Ficker (English – fucker).
It caused chaos & panic and Microsoft made a prominent industry gathering to counter the virus.
It utilizes flaws in Windows OS software and dictionary attacks on administrative passwords to propagate while shaping a Botnet.
The Conficker worm infected a large number of PCs including government, business, and home PCs in more than 190 nations, making it the biggest known PC worm disease since the 2003 Welchia.
Showed up in 2008 and infected up to 15 million PCs.
Its fundamental impact was to keep individuals from introducing Windows updates and antivirus software.
It downloaded extra code that could commandeer PCs and take personal data.
5 variations of the Conficker virus are known and have been named Conficker A, B, C, D, and E.
They were discovered on 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, individually.
The Conficker Working Group utilizes namings of A, B, B++, C, and E for similar variations individually.
This implies (CWG) B++ is comparable to (MSFT) C and (CWG) C is identical to (MSFT) D.
2010 – Stuxnet
Stuxnet is a noxious PC worm, initially recognized in 2010, that targets industrial PCs and was in charge of making generous harm to Iran’s nuclear program.
The product was intended to erase itself in 2012 in this way restricting the extent of its belongings.
The worm is accepted by numerous specialists to be a mutually constructed American-Israeli cyber weapon, although no association or state has formally conceded obligation.
It was the main virus to explicitly target critical national infrastructure.
Stuxnet driver was signed with an endorsement stolen from Realtek Semiconductor Corp.
Overall, Stuxnet exploits five different vulnerabilities, four of which were 0-days – LNK (MS10-046), Print Spooler (MS10-061), Server Service (MS08-067), Privilege escalation via Keyboard layout file, Privilege escalation via Task Scheduler.
Caused centrifuges at Iran’s Natanz nuclear enrichment facility to turn crazy and adequately self-destruct.
Intended to self-destruct in June 2012, it was invaded into Natanz by means of a USB stick. A comparative assault utilizing Stuxnet was propelled at North Korea – it failed.
2013 – CryptoLocker
An especially awful bit of malware that made personal infections.
CryptoLocker is a Ransomware Trojan.
It targets PCs running Microsoft Windows.
It accepted to have first been presented on the Internet on 5 September 2013.
It’s propagated via infected email connections and a current Botnets.
Whenever initiated, the malware encodes certain sorts of files stored on local and mounted network drives utilizing RSA Public-Key Cryptography, with the Private-Key stored only on the malware’s control servers.
The malware then shows a message which offers to decrypt the data if a payment (through either Bitcoin or a pre-paid cash voucher) is made by a stated deadline.
It will threaten to erase the private key if the due date passes.
On the off chance that the due date is not met, the malware offered to decrypt data through an online service provided by the malware’s administrators, at an essentially higher cost in Bitcoin.
But the fact is CryptoLocker itself can be effectively expelled.
The infected files remained encrypted in a way which researchers considered unfeasible to break.
Many said that the ransom ought not to be paid, but rather did not offer any approach to recover files.
Others said that paying the ransom was the only way to recover files that had not been backed up.
A few victims claimed that paying the ransom did not lead to the files being decrypted.
Conveyed through an email attachment, CryptoLocker would freeze up a user’s personal files including photographs and reports, and request a ransom so as to discharge them.
Its encryption technique was viewed as unbreakable bringing on much caution and an expected aggregate ransom of $27 million paid in one three month time spans.
In the end, it was halted when its database of encryption keys was found and posted on the web. However, it brought forth various clones that are as yet dynamic today.
Note: – This computer viruses’ guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.
We hope that HACKAGON provided a healthy knowledge about The Worst Computer Viruses In History. So, if you like this article then don’t forget to share it. With your friends and always feel free to drop a comment below for any query or feedback.