We are familiar, either first or secondhand, with the nightmare of viruses. They are varied and many, and can wipe out data, slow things to a crawl, replicate themselves and enter other systems.
Three years ago, MarketWatch estimated that consumer losses from viruses were over $8 billion. Since then, it has grown. For hackers who invent them, it’s a game, a power play, spread with ease by the open internet.
A virus is usually a program that modifies the working of a computer. Even the virus itself can mutate, and malware, spyware and adware have become commonplace. A worm is an application that replicates itself and trojan horses are programs that don’t do what they say but something different.
Some virus are time-triggered. For example, Niyxem hits on the 3rd of every month; the Jerusalem virus is activated every Friday 13th; Michelangelo launched on his birthday, 6th March and Chernobyl started on the 13th anniversary of the nuclear disaster, 26th April 1999.
Not all attacks come through computers. Smartphones have been targets and Fox News reported in 2008 that some equipment had left factories with viruses pre-installed.
There is no telling how it all will go on, but a little look at some of the most unpleasant examples is worth reminding ourselves about.
1. The Melissa Virus
This came in 1999, when David L Smith created a virus based on a Microsoft Word macro, spread through email. CNN said it was named after ‘an exotic dancer from Florida’. It replicated itself once opened onto people in the recipient’s address book.
The FBI reported it as wreaking ‘havoc on government and private sector networks’. Smith got 20 months in jail and was fined $5000.
2. ILOVE YOU
In 2000 a new digital threat was born in the Philippines. It was a worm, disguised as a love letter email, with a fatal attachment, in vbs (visual basic scripting). Onel de Guzman was investigated but not prosecuted through lack of evidence, and never admitted his complicity. It is thought it did damage to the tune of $10 billion.
McAfee described the attack targets:
It copied itself several times and hid the copies in several folders on the victim’s hard drive.
It added new files to the victim’s registry keys.
It replaced several different kinds of files with copies of itself.
It sent itself through Internet Relay Chat clients as well as e-mail.
It downloaded a file called WIN-BUGSFIX.EXE from the Internet and executed it. Rather than fix bugs, this program was a password-stealing application that e-mailed secret information to the hacker’s e-mail address.
3. The Klez virus
This one appeared first in 2001 and like its predecessors infected through emails and then replicated. Some versions carried other programs that destroyed computers, acting as a virus, a worm or a trojan horse. Symantic said it could ‘even disable virus-scanning software and pose as a virus-removal tool’.
Once it gathered momentum, some hackers adapted it so it was more deadly. It ransacked address books, and created ‘spoofing’, emails that came from sources different from those in the ‘from box’. Klez could be programmed to spam recipients with multiple emails.
4. The Code Red and Code Red II Worms
These menaces took advantage of vulnerability in operating systems running Windows 2000 and Windows NT, that memory could be overwritten when machine buffers were overloaded. The White House was the highest profile victim, when all machines were overloaded.
The worm makes a backdoor into the computer’s system (a system-level compromise) to allow the person who put in the bug to operate it. Infected machines obey instructions from that source. Crimes can be committed this way.
5. Nimda Virus
From 2001, Nimda (admin spelt backwards) was the fastest, most ruthless replicating attack up to that time, taking, according to some estimates, about 20 minutes from being released on the internet to the top attack reported.
Whatever access a computer’s user had on any network, the worm operator had the same. It slowed the entire web to a crawl; many systems crashed entirely.
6. SQL Slammer/Sapphire
In 2003 the Slammer virus also known as Sapphire hit the net, doubling its infections every few seconds. Within a quarter of an hour, half of the internet servers were hit. Bank of America, the City of Seattle and Continental Airlines were among the high profile US victims. Total damage was in the region of a billion dollars.
Anti-attack devisers realised that hackers will always exploit any weakness in any system, so there is no foolproof defence.
As ominous as its name (also Novarg), this one had two triggers. One caused a denial of service (DoS) attack in 2004 and the second ordered it to stop distributing itself eleven days later. By then enough backdoors had been opened for the virus to remain potent.
Months later a second outbreak was aimed mainly at clogging search engines. It shared with Klez an ability to spoof emails.
8. Sasser and Netsky
Unusually, authorities were able to track this pair of worms. 17 year old German, Sven Jaschan, repeated some codes in both. Sasser attacked through a Microsoft Windows weakness, scanning for random IP addresses. Netsky went through emails with spoofs, causing DoS attacks through huge volumes of traffic.
Svenson escaped prison, getting twenty months on probation as he was a minor when arrested.
9. Leap-A/Oompa-A Virus
In general most Mac users feel relatively relaxed about the safety of their machines. Because Apple produce both hardware and software, the systems are closed or ‘obscure’. There are also fewer Macs than PCs so hackers don’t have such a big target to hit.
However, in 2006 hackers got in through iChat instant messaging program with a corrupted file that looked like an innocent JPEG image. As Macs become more common, there will be more attacks on their integrity.
10. Storm Worm
This virus was named after the fact that an email message carrying it was headed ‘230 dead as storm batters Europe’. Fake headings about current news are what trick most users into opening the dangerous email. As there was already a 2001 W32.Storm.Worm virus, companies like McAfee called it Nuwar and Symantec called it Peacomm.
Whatever it’s called, it’s a trojan horse in several different forms. Persons behind it can control infected computers which behave like ‘zombies’ or ‘bots’. It can create a ‘botnet’ to send mass spam.
11. Click Jacking
Operation Ghost Click was the FBI’s code for a two year investigation (2009-2011) that has just caught six Estonians (and a Russian has not yet been caught). They ran a network of more than 4 million infected computers in 100 countries that rerouted users from big name websites like Amazon and Apple iTunes, to sites that were pure advertising. The gang received a ‘referral fee’ every time it happened.
Federal law officers labelled them ‘international cyber-bandits’ who netted about £9 million over four years gave new meaning to the term ‘false advertising’. The crime has also confirmed a new word in web speak language, click jacking.
Besides actual viruses, worms and trojans, there are virus hoaxes. They do no damage at all, and their purpose is that the inventors hope everybody will take them seriously and react accordingly. Why? Some people just like to destroy the calm, work and happiness of others.