The most dangerous computer viruses of the time

Twenty years have passed since the first computer virus appeared, there were many new viruses born but typically only 14 of the most dangerous viruses and cause the highest level of damage.

What is a computer virus?

Computer virus is a software program that can copy itself from one infected object to another infectious object (the infected object can be program files, text files .). After infecting the computer, the virus can slow down the computer, damage infected files, lose data, cause system errors .

1. Virus CIH (1998)

Estimated losses: $ 20-80 million worldwide (excluding destroyed PC data).

Originating from Taiwan (June 1998), CIH was identified as one of the most dangerous and devastating viruses of the era. This virus attacks executable files of Windows 95,98 and ME operating systems; Capable of residing on computer memory to infect and other executable files.

CIH is dangerous in that after a short period of time, it can overwrite data on the computer hard drive, turning data into a useless bunch. CIH also has the ability to override BIOS information , preventing the computer from starting. Because of its ability to infect executable files, CIH can be widely distributed.

CIH is also known by another name, Chernobyl virus, by the time of activation coinciding with the occurrence of the Chernobyl atomic explosion.

Today, CIH virus is no longer dangerous because new operating system platforms such as Windows 2000, XP and NT have been improved.

2. Melissa virus (1999)

Estimated damage: 300-600 million USD

On Friday, March 26, 1999, the W97M / Melissa virus was infected globally. Statistics show that this type of macro script virus in Word has infected 15/20 corporate computers worldwide. Melissa spread so fast that Intel, Microsoft and several other software vendors using Outlook were forced to shut down the entire e-mail system to limit the damage.

Melissa uses Microsoft Outlook to send email attachments (in Word files) the virus version to 50 e-mail addresses in the user contact list. The message of the e-mail has the sentence: " " Here is that document you asked for . don't show anyone else. ;-) "". When the attached .DOC file is clicked, the virus will begin to infect the computer and repeat the above spreading cycle.

3. Virus ILOVEYOU (2000)

Estimated damage: 10-15 million USD

Also known as Loveletter and The Love Bug , this virus is a Visual Basic script with a very beautiful name: a promise of love.

On May 3, 2000, the ILOVEYOU worm was first discovered in Hong Kong, then quickly spread via e-mail with the subject line "ILOVEYOU " with the attachment: Love-Letter-For-You.TXT .vbs. Like Melisa, ILOVEYOU virus automatically sends mail to Microsoft Outlook contacts .

Virus ILOVEYOU overwrites music, photo files and some other formats with its own copy. More dangerous, the virus also searches user names and passwords and sends them to e-mail authors.

The author of the virus was not convicted because the Philippines did not have a law against computer crime at that time.

4. Virus Code Red (2001)

Estimated damage: 2.6 million USD

Code Red is a type of computer worm that infects network servers, starting July 13, 2001. This type of virus is extremely malicious because its target is computers running Internet Information Server (IIS) Web server software.

Code Red worm is able to exploit a vulnerability in IIS . The funny thing is that Microsoft issued this vulnerability patch from the middle of June before.

Code Red is also called Bady, designed with the purpose of destroying as much as possible. Once infected, the website hosted on the affected server will display the message: "" HELLO! Welcome to http://www.worm.com! Hacked By Chinese! " After that, the virus will look for servers that fail and continue to infect. In the next 20 days, the virus will trigger denial of service (DoS) attacks on IP addresses. Of course, including the White House server, it took less than a week to infect about 400,000 servers worldwide, with an estimated 1 million computers being attacked by the virus.

5. SQL Slammer virus (2003)

Estimated damage: Because SQL Slammer is activated on Saturday (day off), the estimated damage (about money) is not high. However, the virus has also " knocked out" 500,000 servers worldwide, and is a factor in the massive "storm" of data, causing the entire Korean Internet to collapse in 12 hours.

SQL Slammer is also known as Sapphire , which was activated on January 25, 2003. SQL Slammer has a very bad impact on the entire Internet traffic worldwide. Interestingly, this virus does not look for end-to-end PCs but only on servers. SQL Slammer is a single data packet and sends itself to IP addresses . If the IP address is a computer running an unpatched version of SQL Server Desktop Engine, the server will immediately become infected with the virus and become a tool to attack other IP addresses.

With this method of infection, Slammer can attack 75,000 computers in just 10 minutes, clogging the entire Internet, causing routers to stop working.

6. Blaster virus (2003)

Estimated losses: $ 2-10 billion, hundreds of thousands of computers are infected.

The summer of 2003 was a difficult time for the enterprise computer network due to the proximity of the Blaster and Sobig worms. Blaster is also known as Lovsan or MSBlast , a blockbuster that broke out first. The virus was discovered on August 11 and quickly infected on a global scale in just 2 days.

Spread over the Internet and Internet traffic, Blaster exploited a flaw in Windows 2000 and Windows XP; and when enabled, the worm will show a "deadly" message box that the computer will be turned off after a few minutes.

Hidden in the source file MSBLAST.EXE is the message of the author: "Bill Gates, why did you make this happen. Stop making money and repair your software."

Blaster also contains the activation code of DoS attack on Microsoft's windowsupdate.com website on April 15.

7. Sobig.F Virus (2003)

Estimated damage: 5-10 billion USD; More than 1 million computers are infected.

Sobig appeared shortly after the "Blaster " storm , turning August 2003 into the " worst " month for business and home computer users, the most dangerous version of the virus is Sobig.F, played Spread widely on August 19 and set a new record (then surpassed by MyDoom) to create more than 1 million copies of the worm in the first 24 hours only.

The virus infects the computer via an e-mail attachment , such as: application.pif, thank_you.pif . When enabled, the worm will send itself to the e-mail addresses stored on it. victim computer.

On September 10, 2003, Sobig " decomposed" itself and was no longer a threat. Microsoft has suspended the $ 250,000 prize for those who provide information leading to the capture of the Sobig worm, but so far, no one has been able to do so.

8. Virus Bagle (2004)

Estimated damage: Tens of millions of dollars.

Bagle is an example of a computer worm with a sophisticated mechanism of action, which appeared on January 18, 2004.The malicious code of the worm infects the system via e-mail, and then searches the e-mail address on the computer's hard drive for distribution.

The danger of Balge (and 60-100 deep variants) is that when infecting computers, worms will open a backdoor at the TCP port to remotely control hackers (access, steal data). material .).

Bagle.B version is designed to stop Bagle's entire operation after January 28, 2004; however, until now, discrete variants of this virus are still spreading online.

9. MyDoom Virus (2004)

Estimated damage: Making the global Internet slow 10%; increase website download time (load) by 50%.

It took only a few hours (January 26, 2004), MyDoom's " wave " was available worldwide by traditional distribution: via e-mail.

MyDoom is also called Norvarg , capable of infecting itself in a special way: sending itself a copy of the worm in an e-mail called " Mail Transaction Failed " (a form of common server response message Mail when errors occur during mail delivery. When clicking on the attached file, the worm will spread to the email addresses found on the victim computer. MyDoom also infects the shared folders of Kazaa peer-to-peer network accounts.

MyDoom's cloning capability is so effective that security companies report that every 10 e-mails sent have a "sticky " e-mail. MyDoom was programmed to stop working on February 12, 204.

10. Sasser virus (2004)

Estimated damage: Millions of dollars.

Sasser began to infect on April 30, 2004, and was strong enough to knock down satellite communications by several French news agencies. Sasser was also the reason for the delay of several Delta airline flights because of computer malfunction.

Unlike previous worms, Sasser does not spread via e-mail and does not require user interaction to infect. Instead, the worm exploits a security vulnerability in Windows 2000 and Windows XP that has not been upgraded to attack the system. Once successfully cloned, the worm will scan other computer systems and send copies to themselves. Sasser infection systems continue to experience problems and instability.

11. Conficker virus

This is a computer worm programmed to attack Microsoft operating systems in 2008. Conficker is hard to detect and it can be infected via email, USB, external hard drive or even a phone. minh. After infection, the worm will connect the computer to a botnet controlled by the worm creator. This botnet can then be used to perform a denial of service (DoS) attack or to collect important financial information.

12. Virus Storm Worm

Storm Worm is a virus that acts as a Conficker worm, infecting computers and forcing them to join a botnet . It began to spread in 2006 via an e-mail titled ' 230 people died when a storm swept across Europe' and was later replaced by several headlines such as ' Bad news' or World War Tuesday has begun . The virus has spread very quickly with about 10 million computers becoming its victims.

13. Stuxnet virus

This is not a computer worm created to steal credit card information, passwords or other common things. It is a network weapon developed jointly by the US and Israel to destroy Iran's nuclear plant as well as slow or destroy Tehran's nuclear weapons development program.

Iran discovered the Stuxnet worm in its control system for nuclear plants in 2010, but they believed it had appeared a year earlier. It destroys by increasing the speed of nuclear centrifuges and gradually destroying them, while responding to information about the central control that everything is working normally. Stuxnet destroyed a fifth of centrifuges at Iran's Natanz nuclear plant.

After attacking the Natanz nuclear plant, Stuxnet quickly spread over the internet and infected computers all over the world.Its source code can be downloaded and edited by anyone with programming knowledge. It is used to attack control systems of large projects such as reservoirs, power plants, nuclear plants.

14. Virus Wannacry

Most recently is the extremely dangerous virus called Wannacry.

WannaCry is a form of "extortion" software that blocks data on a user's computer, then encrypts them so that users cannot access those data anymore.

Wannacry can hack into a user's computer, then search for more connections with other computers to spread the malicious code as much as possible.

With WannaCry, the software encrypts user data, requiring users to pay ransom using virtual currency Bitcoin to gain access to the encrypted data.

However, security experts warn, even if the user accepts payment of ransom, they may not be able to access their data again. Some extortion software will continue to encrypt data for a few more days to get more ransom or else the data will be deleted.

WannaCry is not only a extortion virus software, it is also considered a "deep" computer type. In other words, it can invade a user's computer, then search for more connections with other computers to spread the malicious code as much as possible.

This extortion software is always changing so that there are many ways to break into computer systems or deal with security software.