John
05-02-2009, 10:24 AM
Unless you've been living in a cave for the last week, you've witnessed the wholesale hysteria being launched over the recent Swine Flu outbreak. Skip related content
All this panic over a simple strain of flu got us thinking about some of the more virulent computer pandemics that have hit in recent years. While a computer virus pales in seriousness to a human outbreak, malware attacks can still take a huge toll on businesses throughout the world.
The viruses below may not have been the most widespread or effective, although many of them were. Instead they are the ones that stick in the mind as being particularly notable. There are been so many over the years, and viruses will always be a part of computing now, but these may bring back memories, not all of them pleasant.
Honourable mention: Creeper
Iain Thomson: Creeper was possibly the very first computer virus, although this is contested. It was invented back in 1971 by Bob Thomas, using the Tenex operating system, and used the precursor of the internet, ARPANET, to spread between DEC PDP 10 systems.
To delete the Creeper program another piece of code, Reaper, was created to hunt it down and destroy it. The first anti-virus virus Reaper was an excellent idea, and one that worked well.
Some don't consider it a virus because it lacked many of the features of modern viruses but I'm counting it anyway because it was an example of the harmlessness of the early age of computers. Creeper did nothing more than display the message "I'm the creeper, catch me if you can!" No payload, no theft, it was an example of a simpler age.
Shaun Nichols: In computer years, 1971 was nearly prehistoric time. No Apple, no Microsoft and the Internet was still a wild, far-off concept. Still, in this era where computer programming was a highly-specialized skill, we saw many firsts.
Perhaps a sign of the early times, Creeper's creator not only released the virus itself, but also a cleaning program called "Reaper" that removed the Creeper code.
Honourable mention: Brain
Iain Thomson: Brain was the first virus written for Microsoft's DOS operating system, back in the mid 1986s. It was originally developed to stop the copying of a medical software program developed by two Pakistani brothers, Basit and Amjad Farooq Alvi.
Brain spread by floppy disc and copied itself into the boot sector of the media. It displayed the names of the creators and suggested the infected recipients got in contact to get disinfected.
It spread quickly and the two brothers were inundated with calls from people around the world demanding that their machines were disinfected. Such was the volume of calls that the two eventually had their phone lines cut off.
Shaun Nichols: Remember how much heat Sony took when it used a rootkit as part of its copy-protection software?
Well, it turns out Sony wasn't the first group to make that mistake. Back in 1986, a pair of developers from Pakistan tried to stop piracy of their biomedical software by including a small snippet of code to track and report possible piracy. That code was soon removed and redistributed as a virus.
This was back in 1986, so the "FAIL" meme had yet to be put into use, but if it had, Brain Computer Services would have no doubt more than earned the tag.
10. Elk Cloner
Iain Thomson: Elk Cloner was written by a 15 year old high school student called Rich Skrenta as a practical joke. Unfortunately for him the joke turned bad very quickly.
The virus was developed for the Apple II system and was a boot sector virus that spread via floppy discs. Apparently Skrenta was a fan of pirated games and would swap them with his friends, sometimes with little messages added. After one too many of these infected discs he devised a way to alter discs automatically and the Elk Cloner virus was invented.
It had little in the way of a payload. Every fiftieth time a person booted an infected disc the software ran a little program on the computer screen, and that was it. Nevertheless it was a serious annoyance and was a harbinger of things to come.
Shaun Nichols: And they say Apple computers don't get viruses.
What Skrenta did not realize was that he was helping to popularize what would later become standard practice for spreading viruses.
Elk Cloner spread through what is now known as a "boot sector" infection. The virus copied itself into the boot sector of a floppy disk and then spread into all future disks. This became a popular attack method for both Apple and PC computers, taking over as the preferred method of infection until the internet came along and email attacks emerged.
9. Klez
Iain Thomson: Klez is a persistent little devil, and variants are still doing the rounds today, seven years after it first turned up.
The most common varient, Klez H, spoofs email addresses by randomly picking one from an infected machine before sending itself on to other users. This makes backtracing the identity of the infected machine particularly difficult, since any email stored for any reason can be used.
It exploits a vulnerability in Outlook that allows it to boot up automatically on unpatched systems. It's a cunning little devil but for all its ingenuity I still want to strangle the writer.
Shaun Nichols: The late 90s-early 2000s were not only the golden age of the internet, they also seemed to be the golden age for malware. Over that time period, few viruses were able to match the reign of Klez.
Like many other viruses of its time, Klez spread through email. Users were duped into opening infected files and, once the malware was installed, the victim's address book was opened and copies of the attack were sent to contacts.
Klez, however, took this a step further. Not only did the virus send itself to people in your address book, it also pretended to be from other people. Later, the worm wreaked further havoc by pretending to be its own removal tool.
8. Conficker
Shaun Nichols: The global catastrophe that wasn't, the third form of the Conficker attack provided nice theatrics, but little in the way of actual damage.
The premise was pretty simple: Conficker.C would spread to as many machines as possible throughout March. Each infected machine was given a huge list of domains, one of which would be contacted by 1 April.
The deadline made all the difference. Now, Conficker wasn't just a simple malware infection, it was a "Ticking Time Bomb," and a looming menace that would unleash carnage. Or at least that's what the story turned into when unscrupulous security vendors and tech-newbie news outlets got ahold of the story.
Then the deadline passed and, as pretty much every reasonable person in the industry predicted, Conficker didn't do much of anything. The botnet remains in tact and still poses a threat, but nothing near the utter cyber-carnage that many spoke of.
Iain Thomson: Conficker has now started its attacks and has proved to be just another botnet builder just like most other malware.
However, the media panic over Conficker has shown that people are still scared of viruses. As Bruce Schneier pointed out at RSA last week, Conficker hit all the right buttons. It had a funny sounding name, was mysterious and was set to do something on a 'magic' date.
Conficker has however served a useful purpose. It spreads via a vulnerability that had a patch available since last October. If my companies servers got hit by a vulnerability that old my IT manager would be getting a stern talking to, possibly involving a thumbscrew and a hot pair of pliers.
7. ExploreZip
Iain Thomson: ExploreZip was written over a decade ago but is still to be found in the wild today, a good example of how persistent these little programs can be.
ExploreZip, like most viruses of the time, targeted Windows systems and was spread via email. The recipient got an email reading I have received your email and I shall send you a reply ASAP. Till then take a look at the attached zipped docs.
Clicking on the attachment booted the virus onto the user's computer and it immediately spammed itself out to all of the contacts in Outlook. More worryingly it also overwrote Word documents with lines of zeros and did some damage to the operating systems itself. As destructive worms go it wasn't too bad, but in the pre-Millennium days of 1999 it certainly caused a panic.
Shaun Nichols: Often, viruses aren't meant to be overtly destructive. Older viruses often did damage through unintended conflicts, while newer malware tries to remain undetected in order to steal data or hijack programs.
This wasn't the case with ExploreZip, however. Upon receiving the virus, users would open an attachment that would immediately begin damaging the host computer.
This seems pretty scary at first. But when you think about it, a damaged hard drive is still far less serious than a hijacked bank account.
6. Storm
Shaun Nichols: Before Conficker came around and got everyone worked into a lather, Storm was the big bad botnet on the block. First appearing in early 2007 as a fake news video on European flooding, the Storm malware menaced users for more than a year.
The huge botnet was also influential for its continued use of social engineering tactics. The malware disguised itself as everything from video files to greeting cards, and attacks were continuously refreshed to coincide with holidays and current news event stories.
While Storm has since been eclipsed by newer botnets, the name still brings to mind one of the most menacing attacks seen in recent years.
Iain Thomson: When extreme weather hit Europe the damage was bad enough, but the Storm code made things much worse.
At a time when many were seriously concerned about the health and safety of friends and family the last thing anyone needed was an infection. But the Storm was a classic piece of social engineering. At a time when people are concerned then they don't always think of the consequences, be it on approving torture or opening an email attachment.
This kind of social networking is nothing new of course, but the Storm malware did it very well indeed and proved very effective as a result.
5. Melissa
Shaun Nichols: It was a classic love story. Boy meets girl, girl dances for money, boy goes home and writes computer virus for girl, computer virus gets out of hand and causes millions of dollars in damage. It's the Romeo and Juliette of our time.
When a New Jersey hacker wrote a small bit of code he named after a stripper he met Florida, he had no idea the chaos that would ensue. The Melissa virus, as it came to be known, got way, way out of hand.
The virus spread like wildfire throughout the net, and an unintended effect of the worm led to a glut of email traffic that overflowed servers and caused tons of damage and lost work time to corporate IT systems.
The hacker himself was later caught and sentenced to a year and half in prison. Next time he wants to impress a girl, hopefully he'll stick to chocolates and jewelery.
Iain Thomson: Now I've done some stupid things to impress girls, things that cause me to bite my fist with embarrassment nowadays and one that left me with a small amount of scar tissue, but writing a computer virus makes these pale by comparison.
The real damage of Melissa was not in the code itself, but in its spamming capabilities. The software caused massive overload of email systems and generated enough traffic to make it highly visible. Current computer malware writers have taken note of code like Melissa and now fly much lower under the wire to attract less attention.
4. Nimda
Iain Thomson: A week after the September 11th atrocities a new virus hit the internet in a big way. Nimda was one of the fastest propagating viruses in history, going from nowhere to become the most common virus online in 22 minutes according to some reports.
The reason for this speed was that Nimda used every trick in the book to spread itself. It used email, open network shares, used IIS vulnerabilities and even used web sites to spread. It hit pretty much every version of Windows available and appeared all over the place.
In the paranoid days after the terrorist attack some speculated that this was a digital September 11th, and some security consultants got fat speaking fees for suggesting just that. In fact, it was nothing of the sort and was just another attempt at large scale infection.
Shaun Nichols: In the days following the September 11 th attacks, everyone was on edge and all types of threats were given plenty of attention. This, in part, helps to explain why the Nimda worm got the attention it did.
Nimda not only played on hype, the worm was also especially virulent due to the sheer number of methods it used to propagate. In addition to spreading via e-mail, Nimda also used web site exploits to infect HTML pages and local machine exploits to spread between individual files.
The result was an extremely effective virus circulating at a time when people were more sensitive to all types of threats, both online and offline.
3. MyDoom
Shaun Nichols: Ahh yes, the old "infect the host then resend to the entire address book" attack method. Like many other attacks, MyDoom used the tried-and-true practice of spreading through email and address books.
Aside from social engineering through e-mail, MyDoom went a step further and also targeted peer-to-peer networks. The worm not only spread itself through address books but also through the shared folder of users who ran the Kazaa file sharing application.
While definitely skilled programmers, MyDoom's creators also seemed to be fans of good old-fashioned vigilante justice. One of the early tasks performed by infected users was to take part in a denial of service attack against SCO, the infamous software vendor that once tried to lay claim to the patents for Linux.
Iain Thomson: MyDoom was interesting because it was one of the first to use peer to peer as a transmission device, as Shaun notes.
Kazaa was at the peak of its popularity and was causing headaches for not only Hollywood but also the security community. If I had a pound for each time a security expert would rant about the stupidity of using peer to peer networks I'd be a rich man. Downloading a file onto your computer from an untrusted source madness.
The attack on SCO was also fascinating. SCO was, and to an extent still is, the most hated IT company among users, even more than Microsoft at the time. A worm that attacked a company was something new and raised all sorts of possibilities.
All this panic over a simple strain of flu got us thinking about some of the more virulent computer pandemics that have hit in recent years. While a computer virus pales in seriousness to a human outbreak, malware attacks can still take a huge toll on businesses throughout the world.
The viruses below may not have been the most widespread or effective, although many of them were. Instead they are the ones that stick in the mind as being particularly notable. There are been so many over the years, and viruses will always be a part of computing now, but these may bring back memories, not all of them pleasant.
Honourable mention: Creeper
Iain Thomson: Creeper was possibly the very first computer virus, although this is contested. It was invented back in 1971 by Bob Thomas, using the Tenex operating system, and used the precursor of the internet, ARPANET, to spread between DEC PDP 10 systems.
To delete the Creeper program another piece of code, Reaper, was created to hunt it down and destroy it. The first anti-virus virus Reaper was an excellent idea, and one that worked well.
Some don't consider it a virus because it lacked many of the features of modern viruses but I'm counting it anyway because it was an example of the harmlessness of the early age of computers. Creeper did nothing more than display the message "I'm the creeper, catch me if you can!" No payload, no theft, it was an example of a simpler age.
Shaun Nichols: In computer years, 1971 was nearly prehistoric time. No Apple, no Microsoft and the Internet was still a wild, far-off concept. Still, in this era where computer programming was a highly-specialized skill, we saw many firsts.
Perhaps a sign of the early times, Creeper's creator not only released the virus itself, but also a cleaning program called "Reaper" that removed the Creeper code.
Honourable mention: Brain
Iain Thomson: Brain was the first virus written for Microsoft's DOS operating system, back in the mid 1986s. It was originally developed to stop the copying of a medical software program developed by two Pakistani brothers, Basit and Amjad Farooq Alvi.
Brain spread by floppy disc and copied itself into the boot sector of the media. It displayed the names of the creators and suggested the infected recipients got in contact to get disinfected.
It spread quickly and the two brothers were inundated with calls from people around the world demanding that their machines were disinfected. Such was the volume of calls that the two eventually had their phone lines cut off.
Shaun Nichols: Remember how much heat Sony took when it used a rootkit as part of its copy-protection software?
Well, it turns out Sony wasn't the first group to make that mistake. Back in 1986, a pair of developers from Pakistan tried to stop piracy of their biomedical software by including a small snippet of code to track and report possible piracy. That code was soon removed and redistributed as a virus.
This was back in 1986, so the "FAIL" meme had yet to be put into use, but if it had, Brain Computer Services would have no doubt more than earned the tag.
10. Elk Cloner
Iain Thomson: Elk Cloner was written by a 15 year old high school student called Rich Skrenta as a practical joke. Unfortunately for him the joke turned bad very quickly.
The virus was developed for the Apple II system and was a boot sector virus that spread via floppy discs. Apparently Skrenta was a fan of pirated games and would swap them with his friends, sometimes with little messages added. After one too many of these infected discs he devised a way to alter discs automatically and the Elk Cloner virus was invented.
It had little in the way of a payload. Every fiftieth time a person booted an infected disc the software ran a little program on the computer screen, and that was it. Nevertheless it was a serious annoyance and was a harbinger of things to come.
Shaun Nichols: And they say Apple computers don't get viruses.
What Skrenta did not realize was that he was helping to popularize what would later become standard practice for spreading viruses.
Elk Cloner spread through what is now known as a "boot sector" infection. The virus copied itself into the boot sector of a floppy disk and then spread into all future disks. This became a popular attack method for both Apple and PC computers, taking over as the preferred method of infection until the internet came along and email attacks emerged.
9. Klez
Iain Thomson: Klez is a persistent little devil, and variants are still doing the rounds today, seven years after it first turned up.
The most common varient, Klez H, spoofs email addresses by randomly picking one from an infected machine before sending itself on to other users. This makes backtracing the identity of the infected machine particularly difficult, since any email stored for any reason can be used.
It exploits a vulnerability in Outlook that allows it to boot up automatically on unpatched systems. It's a cunning little devil but for all its ingenuity I still want to strangle the writer.
Shaun Nichols: The late 90s-early 2000s were not only the golden age of the internet, they also seemed to be the golden age for malware. Over that time period, few viruses were able to match the reign of Klez.
Like many other viruses of its time, Klez spread through email. Users were duped into opening infected files and, once the malware was installed, the victim's address book was opened and copies of the attack were sent to contacts.
Klez, however, took this a step further. Not only did the virus send itself to people in your address book, it also pretended to be from other people. Later, the worm wreaked further havoc by pretending to be its own removal tool.
8. Conficker
Shaun Nichols: The global catastrophe that wasn't, the third form of the Conficker attack provided nice theatrics, but little in the way of actual damage.
The premise was pretty simple: Conficker.C would spread to as many machines as possible throughout March. Each infected machine was given a huge list of domains, one of which would be contacted by 1 April.
The deadline made all the difference. Now, Conficker wasn't just a simple malware infection, it was a "Ticking Time Bomb," and a looming menace that would unleash carnage. Or at least that's what the story turned into when unscrupulous security vendors and tech-newbie news outlets got ahold of the story.
Then the deadline passed and, as pretty much every reasonable person in the industry predicted, Conficker didn't do much of anything. The botnet remains in tact and still poses a threat, but nothing near the utter cyber-carnage that many spoke of.
Iain Thomson: Conficker has now started its attacks and has proved to be just another botnet builder just like most other malware.
However, the media panic over Conficker has shown that people are still scared of viruses. As Bruce Schneier pointed out at RSA last week, Conficker hit all the right buttons. It had a funny sounding name, was mysterious and was set to do something on a 'magic' date.
Conficker has however served a useful purpose. It spreads via a vulnerability that had a patch available since last October. If my companies servers got hit by a vulnerability that old my IT manager would be getting a stern talking to, possibly involving a thumbscrew and a hot pair of pliers.
7. ExploreZip
Iain Thomson: ExploreZip was written over a decade ago but is still to be found in the wild today, a good example of how persistent these little programs can be.
ExploreZip, like most viruses of the time, targeted Windows systems and was spread via email. The recipient got an email reading I have received your email and I shall send you a reply ASAP. Till then take a look at the attached zipped docs.
Clicking on the attachment booted the virus onto the user's computer and it immediately spammed itself out to all of the contacts in Outlook. More worryingly it also overwrote Word documents with lines of zeros and did some damage to the operating systems itself. As destructive worms go it wasn't too bad, but in the pre-Millennium days of 1999 it certainly caused a panic.
Shaun Nichols: Often, viruses aren't meant to be overtly destructive. Older viruses often did damage through unintended conflicts, while newer malware tries to remain undetected in order to steal data or hijack programs.
This wasn't the case with ExploreZip, however. Upon receiving the virus, users would open an attachment that would immediately begin damaging the host computer.
This seems pretty scary at first. But when you think about it, a damaged hard drive is still far less serious than a hijacked bank account.
6. Storm
Shaun Nichols: Before Conficker came around and got everyone worked into a lather, Storm was the big bad botnet on the block. First appearing in early 2007 as a fake news video on European flooding, the Storm malware menaced users for more than a year.
The huge botnet was also influential for its continued use of social engineering tactics. The malware disguised itself as everything from video files to greeting cards, and attacks were continuously refreshed to coincide with holidays and current news event stories.
While Storm has since been eclipsed by newer botnets, the name still brings to mind one of the most menacing attacks seen in recent years.
Iain Thomson: When extreme weather hit Europe the damage was bad enough, but the Storm code made things much worse.
At a time when many were seriously concerned about the health and safety of friends and family the last thing anyone needed was an infection. But the Storm was a classic piece of social engineering. At a time when people are concerned then they don't always think of the consequences, be it on approving torture or opening an email attachment.
This kind of social networking is nothing new of course, but the Storm malware did it very well indeed and proved very effective as a result.
5. Melissa
Shaun Nichols: It was a classic love story. Boy meets girl, girl dances for money, boy goes home and writes computer virus for girl, computer virus gets out of hand and causes millions of dollars in damage. It's the Romeo and Juliette of our time.
When a New Jersey hacker wrote a small bit of code he named after a stripper he met Florida, he had no idea the chaos that would ensue. The Melissa virus, as it came to be known, got way, way out of hand.
The virus spread like wildfire throughout the net, and an unintended effect of the worm led to a glut of email traffic that overflowed servers and caused tons of damage and lost work time to corporate IT systems.
The hacker himself was later caught and sentenced to a year and half in prison. Next time he wants to impress a girl, hopefully he'll stick to chocolates and jewelery.
Iain Thomson: Now I've done some stupid things to impress girls, things that cause me to bite my fist with embarrassment nowadays and one that left me with a small amount of scar tissue, but writing a computer virus makes these pale by comparison.
The real damage of Melissa was not in the code itself, but in its spamming capabilities. The software caused massive overload of email systems and generated enough traffic to make it highly visible. Current computer malware writers have taken note of code like Melissa and now fly much lower under the wire to attract less attention.
4. Nimda
Iain Thomson: A week after the September 11th atrocities a new virus hit the internet in a big way. Nimda was one of the fastest propagating viruses in history, going from nowhere to become the most common virus online in 22 minutes according to some reports.
The reason for this speed was that Nimda used every trick in the book to spread itself. It used email, open network shares, used IIS vulnerabilities and even used web sites to spread. It hit pretty much every version of Windows available and appeared all over the place.
In the paranoid days after the terrorist attack some speculated that this was a digital September 11th, and some security consultants got fat speaking fees for suggesting just that. In fact, it was nothing of the sort and was just another attempt at large scale infection.
Shaun Nichols: In the days following the September 11 th attacks, everyone was on edge and all types of threats were given plenty of attention. This, in part, helps to explain why the Nimda worm got the attention it did.
Nimda not only played on hype, the worm was also especially virulent due to the sheer number of methods it used to propagate. In addition to spreading via e-mail, Nimda also used web site exploits to infect HTML pages and local machine exploits to spread between individual files.
The result was an extremely effective virus circulating at a time when people were more sensitive to all types of threats, both online and offline.
3. MyDoom
Shaun Nichols: Ahh yes, the old "infect the host then resend to the entire address book" attack method. Like many other attacks, MyDoom used the tried-and-true practice of spreading through email and address books.
Aside from social engineering through e-mail, MyDoom went a step further and also targeted peer-to-peer networks. The worm not only spread itself through address books but also through the shared folder of users who ran the Kazaa file sharing application.
While definitely skilled programmers, MyDoom's creators also seemed to be fans of good old-fashioned vigilante justice. One of the early tasks performed by infected users was to take part in a denial of service attack against SCO, the infamous software vendor that once tried to lay claim to the patents for Linux.
Iain Thomson: MyDoom was interesting because it was one of the first to use peer to peer as a transmission device, as Shaun notes.
Kazaa was at the peak of its popularity and was causing headaches for not only Hollywood but also the security community. If I had a pound for each time a security expert would rant about the stupidity of using peer to peer networks I'd be a rich man. Downloading a file onto your computer from an untrusted source madness.
The attack on SCO was also fascinating. SCO was, and to an extent still is, the most hated IT company among users, even more than Microsoft at the time. A worm that attacked a company was something new and raised all sorts of possibilities.