The 10 Worst Virus Attacks of All Time
Malware virus attack is big business. In 2006 alone, it resulted in an estimated $13.3 billion in direct damage, including labor costs to roll back its effects, loss of worker productivity, and loss of revenue from system degradation and outage.
These expenses are nothing new to system administrators, who have been dealing with the costs and complexities of malicious code for decades. Here are some of the worst virus attacks of the past, showing that in the malware world, the great offense will always beat great defense — at least until someone creates a patch.
One of the first-ever Internet virus attack worms, Morris was created by Cornell University student Robert T. Morris, who claimed its purpose was to gauge the size of the Internet. Instead, since it used existing flaws in Unix Sendmail and infected a given computer multiple times virus attack, it crippled roughly 6,000 computers with a vicious virus attack (the Internet had an estimated 60,000). Although Morris caused between $10 million and $100 million in damage, he wound up with just three years' probation and a $10,050 fine for the virus attack — along with a sweet teaching gig at MIT.
Allegedly named for a Florida lap dancer whom David L. Smith, its creator, fancied, Melissa, forced major companies such as Microsoft, Intel Corp., and Alcatel-Lucent to shut down their email gateways due to the large volume of traffic the virus attack generated. Smith faced 40 years in prison and enormous fines, which he magically reduced to 20 months and $5,000 by spending a few years undercover helping the FBI catch other virus attacks, and malware authors.
Starting on May 4 in the Philippines, this worm spread worldwide in a single day by using infected computers' email address lists to send large numbers of messages directed at new targets. It is thought to have caused $5.5 billion in damage, mostly in lost staff time, as corporate and government email systems had to be shut down to eradicate the virus.
Code Red, 2001
It began on July 13. Code Red virus attack infected computers running the Microsoft IIS Web server, exploiting a buffer overflow and defacing Web sites with the text, "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!" A fix had been available for this virus attack vulnerability for about a month, limiting its damage — kind of — to just $2.6 billion, but Code Red still managed to cause a "major disruption in connectivity," according to the Internet Storm Center. ("Hacked by Chinese" evolved into a fairly common IT-world putdown, although never as popular as "All your base belong to us. ")
Nimda ("admin" spelled backward) virus attack took just 22 minutes to spread as far and wide as Code Red. Nimda's virus attack secret was using several different propagation vectors: It created masses of emails to transmit the virus attack itself, lured users to infected Web sites, and took advantage of lingering problems with Microsoft IIS security and previously installed Code Red or Sadmind worms. Nimda virus attack cost an estimated $635 million in damage.
SQL Slammer, 2003
On January 25, this virus attack worm began using a buffer-overflow bug in Microsoft SQL Server and MSDE (Microsoft Desktop Engine) database products. This virus attack rapidly distributed copies of itself around the world, causing major denials of service and slowing down the entire Internet. An estimated 150,000 to 200,000 systems were affected. As with Code Red, a patch for the SQL Server flaw had been available for virus attacks for months.
MS Blaster, 2003
Beginning on August 11, Blaster spread via various Windows operating systems virus attack and targeted Microsoft's windowsupdate.com site with DoS (denial-of-service) attacks. It caused widespread virus attack trouble and multiple restarts in machines running Windows NT, Windows XP (64-bit) and Windows 2003, although a patch for this virus attack vulnerability was already available. Virus attack victims included the Federal Reserve Bank of Atlanta, BMW AG, Philadelphia's City Hall, and thousands of home and corporate users. Although its ultimate origin is thought to be Chinese, the Blaster.B variant was created by then-18-year-old Jeffrey Lee Parson, who was caught because he programmed the virus attack to contact a domain registered to his father.
This email-transmitted virus attack, first identified on January 26, virus attack quickly spread by appearing to be an error message with an attachment that, when opened, emailed copies of the virus attack to addresses in the victim's address book, and also propagated itself through the Kazaa file-sharing service. Oddly, it avoided infecting computers at certain universities (University of California, Berkeley; Massachusetts Institute of Technology; Rutgers University and Stanford University) and corporations (Microsoft and Symantec Corp .), but then launched a distributed DoS virus attack against Microsoft and The SCO Group Inc. from about 1 million infected machines. Later versions attacked the Google, AltaVista, and Lycos Inc. search engines.
On April 30, the Sasser virus attack spread among Windows XP and Windows 2000 machines by exploiting a buffer overflow in these operating systems. It had unusually direct physical-world consequences, resulting in Delta Air Lines Inc. canceling 40 trans-Atlantic flights and forcing Australian trains to halt because operators could not communicate with signalmen. Despite this, Sasser's virus attacked the then-teenage German creator who was tried as a juvenile and drew a mere 21-month suspended sentence for releasing Sasser virus attack into the wild.
Detected on March 19, Witty was the first virus attack worm to specifically attack network-protection software, in this case, IBM Internet Security Systems' products (BlackICE, RealSecure Desktop, RealSecure Network, and RealSecure Server Sensor). This virus attack also carried a specifically destructive payload, alternating virus attacks on random IP addresses in batches of 20,000 with overwriting parts of infected computers' hard disks, gradually rendering them unusable. Witty's virus attack overall effects were relatively small because of its vendor-specificity; however, it demonstrated that a virus attack worm could affect a population of machines and networks whose administrators were actively taking steps to improve security.