Ten most destructive viruses in history
A list of the ten most destructive computer viruses in history, in chronological order, has been published on TechWeb.
CIH (1998)
Approximate damage: $20-80 million, not counting the huge amount of data destroyed.
This virus came from Taiwan in June 1998 and has become one of the most dangerous and destructive viruses in human history. Well-known in Russia "sneeze" infected executable files and multiplied through the computer's RAM. He was especially dangerous because he could rewrite the data in the boot sector of the hard disk, so that the latter failed.
')
Melissa (1999)
Approximate damage: $300-600 million
On Friday, March 26, 1999, the macro virus W97M / Melissa hit the front pages of newspapers in different countries. It turned out that in a very short time, the virus struck from 15 to 20% of business computers in the world. The malware spread through e-mail so quickly that many large corporations, including Intel and Microsoft, were forced to block e-mail traffic on the internal network.
ILOVEYOU (2000)
Approximate damage: $10-15 billion
Also known as Loveletter and The Love Bug, this Visual Basic script exploited one of the basic human weaknesses: the desire to be loved. On May 3, 2000, the virus was first detected in Hong Kong. The program was distributed by e-mail with the subject “I love you” and an attachment as a file with a “double” extension .txt.vbs. The virus multiplied in the same way as Melissa: it sent its copies to addresses from the Microsoft Outlook address book. On the infected computer, the usernames and passwords were searched for and sent to the author of the virus. By the way, the author was found - it turned out to be a citizen of the Philippines. He did not suffer any punishment because there were no laws against this type of crime in the Philippines.
Code Red (2001)
Approximate damage: $ 2.6 billion
The Code Red network worm began to spread rapidly on the Internet on July 13, 2001, exploiting a hole in the Microsoft IIS web server. Tellingly, Microsoft released a patch covering this hole in mid-June, but this did not prevent an epidemic. Created in China, the worm was programmed for maximum damage: it was actively looking for other vulnerable systems to infect the maximum number of servers. On the specified day, a distributed DoS attack on the list of IP addresses, including the servers of the US government, was to begin. In less than a week, the virus infected almost 400 thousand servers.
SQL Slammer (2003)
Approximate damage: since the virus began to spread on Saturday, the damage from the loss of working time was minimal. However, the worm infected half a million servers around the world and disconnected South Korea from the Internet for 12 hours.
The virus began its spread on January 25, 2003, which immediately had a negative impact on global Internet traffic. His targets were servers. The virus was a 376-bit data packet that generated a random IP address and copied itself there. If a server with an unpatched version of the Microsoft SQL Server Desktop Engine was located at this address, then this computer also immediately began to demonstrate the same behavior: mass mailing to random addresses. The worm infected the first 75,000 computers in just 10 minutes, and huge arrays of junk traffic quickly overloaded communication channels around the world.
Blaster (2003)
Approximate damage: $2-10 billion
The summer of 2003 was very favorable for the spread of various viruses. Then several epidemics were registered at once. Almost simultaneously, the Blaster and Sobig viruses began to spread. The first one, also known as Lovsan and MSBlast, was discovered on August 11, and in just two days the epidemic reached a peak. The virus affected personal computers running Windows 2000 and Windows XP, with the result that users saw on the screen a "system" message about the need to reboot.
Sobig.F (2003)
Approximate damage: $5-10 billion, more than 1 million infected PCs.
The Sobig epidemic began immediately after the Blaster epidemic, turning August 2003 into the hardest month for antivirus companies and users around the world. The modification of Sobig.F was the most destructive. She appeared on the Internet on August 19 and set a new world record (soon beaten by MyDoom), infecting more than 1 million computers in 24 hours. The virus multiplied in the traditional way - by e-mail through file attachments. This time they had the extension .pif. Interestingly, on September 10, 2003, the virus self-deactivated and no longer constituted a threat. Despite this, Microsoft has announced a reward of $ 250 thousand for the head of the author, but he has not yet been found.
Bagle (2004)
Approximate damage: tens of millions of dollars, and every day more and more.
The classic Bagle worm (Beagle) appeared on the Web on January 18, 2004. It infects computers through a well-tried mechanism — file attachments via email. After infection, the virus opened the backdoor into the system, so that the attacker had full access to it. To date, it is known from 60 to 100 modifications Bagle. Some of which are still active.
MyDoom (2004)
Approximate damage: at the peak of the epidemic, the average response time on the Internet increased by 10%, and the download speed of sites slowed down by 50%.
In just a few hours on January 26, 2004, the MyDoom epidemic (Norvarg) spread all over the Internet. No virus has previously demonstrated such a spread rate. The worm spread via e-mail through attachments with the subject of the message “Mail Transaction Failed”. He also tried to multiply through the peer network Kazaa. According to experts, at one point every tenth mail message in the world’s mail traffic was infected. The virus, created as an experiment, independently ceased activity on February 12, 2004.
Sasser (2004)
Approximate damage: tens of millions of dollars.
Sasser began to spread on April 30, 2004, and to date it remains the last of the viruses that caused significant damage to humanity. Since then, the situation has been stable for more than two years. In April 2004, however, Sasser led to the blocking of satellite communications by some French news agencies, the cancellation of several Delta flights and the blocking of many computer systems around the world. Unlike previous viruses, Sasser did not spread via email, but used a security hole in Windows 2000 and Windows XP. Hitting the computer, he scanned the ports for new victims. The virus was written by a 17 year old German schoolboy. He released his creation on his birthday when he was eighteen.
CIH (1998)
Approximate damage: $
This virus came from Taiwan in June 1998 and has become one of the most dangerous and destructive viruses in human history. Well-known in Russia "sneeze" infected executable files and multiplied through the computer's RAM. He was especially dangerous because he could rewrite the data in the boot sector of the hard disk, so that the latter failed.
')
Melissa (1999)
Approximate damage: $
On Friday, March 26, 1999, the macro virus W97M / Melissa hit the front pages of newspapers in different countries. It turned out that in a very short time, the virus struck from 15 to 20% of business computers in the world. The malware spread through e-mail so quickly that many large corporations, including Intel and Microsoft, were forced to block e-mail traffic on the internal network.
ILOVEYOU (2000)
Approximate damage: $
Also known as Loveletter and The Love Bug, this Visual Basic script exploited one of the basic human weaknesses: the desire to be loved. On May 3, 2000, the virus was first detected in Hong Kong. The program was distributed by e-mail with the subject “I love you” and an attachment as a file with a “double” extension .txt.vbs. The virus multiplied in the same way as Melissa: it sent its copies to addresses from the Microsoft Outlook address book. On the infected computer, the usernames and passwords were searched for and sent to the author of the virus. By the way, the author was found - it turned out to be a citizen of the Philippines. He did not suffer any punishment because there were no laws against this type of crime in the Philippines.
Code Red (2001)
Approximate damage: $ 2.6 billion
The Code Red network worm began to spread rapidly on the Internet on July 13, 2001, exploiting a hole in the Microsoft IIS web server. Tellingly, Microsoft released a patch covering this hole in mid-June, but this did not prevent an epidemic. Created in China, the worm was programmed for maximum damage: it was actively looking for other vulnerable systems to infect the maximum number of servers. On the specified day, a distributed DoS attack on the list of IP addresses, including the servers of the US government, was to begin. In less than a week, the virus infected almost 400 thousand servers.
SQL Slammer (2003)
Approximate damage: since the virus began to spread on Saturday, the damage from the loss of working time was minimal. However, the worm infected half a million servers around the world and disconnected South Korea from the Internet for 12 hours.
The virus began its spread on January 25, 2003, which immediately had a negative impact on global Internet traffic. His targets were servers. The virus was a 376-bit data packet that generated a random IP address and copied itself there. If a server with an unpatched version of the Microsoft SQL Server Desktop Engine was located at this address, then this computer also immediately began to demonstrate the same behavior: mass mailing to random addresses. The worm infected the first 75,000 computers in just 10 minutes, and huge arrays of junk traffic quickly overloaded communication channels around the world.
Blaster (2003)
Approximate damage: $
The summer of 2003 was very favorable for the spread of various viruses. Then several epidemics were registered at once. Almost simultaneously, the Blaster and Sobig viruses began to spread. The first one, also known as Lovsan and MSBlast, was discovered on August 11, and in just two days the epidemic reached a peak. The virus affected personal computers running Windows 2000 and Windows XP, with the result that users saw on the screen a "system" message about the need to reboot.
Sobig.F (2003)
Approximate damage: $
The Sobig epidemic began immediately after the Blaster epidemic, turning August 2003 into the hardest month for antivirus companies and users around the world. The modification of Sobig.F was the most destructive. She appeared on the Internet on August 19 and set a new world record (soon beaten by MyDoom), infecting more than 1 million computers in 24 hours. The virus multiplied in the traditional way - by e-mail through file attachments. This time they had the extension .pif. Interestingly, on September 10, 2003, the virus self-deactivated and no longer constituted a threat. Despite this, Microsoft has announced a reward of $ 250 thousand for the head of the author, but he has not yet been found.
Bagle (2004)
Approximate damage: tens of millions of dollars, and every day more and more.
The classic Bagle worm (Beagle) appeared on the Web on January 18, 2004. It infects computers through a well-tried mechanism — file attachments via email. After infection, the virus opened the backdoor into the system, so that the attacker had full access to it. To date, it is known from 60 to 100 modifications Bagle. Some of which are still active.
MyDoom (2004)
Approximate damage: at the peak of the epidemic, the average response time on the Internet increased by 10%, and the download speed of sites slowed down by 50%.
In just a few hours on January 26, 2004, the MyDoom epidemic (Norvarg) spread all over the Internet. No virus has previously demonstrated such a spread rate. The worm spread via e-mail through attachments with the subject of the message “Mail Transaction Failed”. He also tried to multiply through the peer network Kazaa. According to experts, at one point every tenth mail message in the world’s mail traffic was infected. The virus, created as an experiment, independently ceased activity on February 12, 2004.
Sasser (2004)
Approximate damage: tens of millions of dollars.
Sasser began to spread on April 30, 2004, and to date it remains the last of the viruses that caused significant damage to humanity. Since then, the situation has been stable for more than two years. In April 2004, however, Sasser led to the blocking of satellite communications by some French news agencies, the cancellation of several Delta flights and the blocking of many computer systems around the world. Unlike previous viruses, Sasser did not spread via email, but used a security hole in Windows 2000 and Windows XP. Hitting the computer, he scanned the ports for new victims. The virus was written by a 17 year old German schoolboy. He released his creation on his birthday when he was eighteen.
Source: https://habr.com/ru/post/4141/
All Articles