Top 10 Most Destructive Computer Viruses

View previous topic View next topic Go down

Top 10 Most Destructive Computer Viruses

Post by Test on Fri Sep 25, 2009 4:13 pm

The 10 Most Destructive PC Viruses Of All Time

Causing close to
100 billion dollars in damage to businesses worldwide, PC viruses have
brought the world a massive headache. We name the 10 most destructive
of the past 20 years.

CIH (1998)

Estimated Damage: 20 to 80 million dollars worldwide, countless amounts of PC data destroyed

from Taiwan in June of 1998, CIH is recognized as one of the most
dangerous and destructive viruses ever. The virus infected Windows 95,
98, and ME executable files and was able to remain resident in a PC's
memory, where it continued to infect other executables.

made CIH so dangerous is that, shortly after activated, it would
overwrite data on the host PC's hard drive, rendering it inoperable. It
was also capable of overwriting the BIOS of the host, preventing
boot-up. Because it infected executable files, CIH wound up being
distributed by numerous software distributors, including a demo version
of an Activision game named Sin.

CIH is also known as the
Chernobyl virus because the trigger date of certain strains of the
virus coincides with the date of the Chernobyl nuclear reactor
accident. The virus is not a serious threat today, thanks to increased
awareness and the widespread migration to Windows 2000, XP, and NT,
none of which are vulnerable to CIH.

Melissa (1999)

Estimated Damage: 300 to 600 million dollars

Friday, March 26, 1999, W97M/Melissa became front-page news across the
globe. Estimates have indicated that this Word macro script infected 15
to 20 percent of all business PCs. The virus spread so rapidly that
Intel, Microsoft, and a number of other companies that used Outlook
were forced to shut down their entire e-mail systems in order to
contain the damage.

The virus used Microsoft Outlook to e-mail
itself to 50 names on a user's contact list. The e-mail message
contained the sentence, "Here is that document you asked for...don't
show anyone else. ;-)," with an attached Word document. Clicking open
the .DOC file -- and thousands of unsuspecting users did so -- allowed
the virus to infect the host and repeat the replication. Adding insult
to injury, when activated, this virus modified users' Word documents
with quotes from the animated TV show "The Simpsons."


Estimated Damage: 10 to 15 billion dollars

known as Loveletter and The Love Bug, this was a Visual Basic script
with an ingenious and irresistible hook: the promise of love. On May 3,
2000, the ILOVEYOU worm was first detected in Hong Kong. The bug was
transmitted via e-mail with the subject line "ILOVEYOU" and an
attachment, Love-Letter-For-You.TXT.vbs. Similar to Melissa, the virus
mailed itself to all Microsoft Outlook contacts.

The virus also took the liberty of overwriting music files, image
files, and others with a copy of itself. More disturbingly, it searched
out user IDs and passwords on infected machines and e-mailed them to
its author.

An interesting footnote: Because the Philippines had
no laws against virus-writing at the time, the author of ILOVEYOU was
not charged for this crime.

Code Red (2001)

Estimated Damage: 2.6 billion dollars

Red was a computer worm that was unleashed on network servers on July
13, 2001. It was a particularly virulent bug because of its target:
computers running Microsoft's Internet Information Server (IIS) Web
server. The worm was able to exploit a specific vulnerability in the
IIS operating system. Ironically, Microsoft had released a patch
addressing this hole in mid-June.

Also known as Bady, Code Red
was designed for maximum damage. Upon infection, the Web site
controlled by the affected server would display the message, "HELLO!
Welcome to hxxp://! Sarap dito!ed By Chinese!" Then the
virus would actively seek other vulnerable servers and infect them.
This would go on for approximately 20 days, and then it would launch
denial of service attacks on certain IP addresses, including the White
House Web server. In less than a week, this virus infected almost
400,000 servers, and it's estimated that one million total computers
were infected.

SQL Slammer (2003)

Estimated Damage: Because SQL Slammer
erupted on a Saturday, the damage was low in dollars and cents.
However, it hit 500,000 servers worldwide, and actually shut down South
Korea's online capacity for 12 hours.
SQL Slammer, also known as
Sapphire, was launched on January 25, 2003. It was a doozy of a worm
that had a noticeable negative impact upon global Internet traffic.
Interestingly enough, it didn't seek out end users' PCs. Instead, the
target was servers. The virus was a single-packet, 376-byte worm that
generated random IP addresses and sent itself to those IP addresses. If
the IP address was a computer running an unpatched copy of Microsoft's
SQL Server Desktop Engine, that computer would immediately begin firing
the virus off to random IP addresses as well.
With this remarkably
effective way of spreading, Slammer infected 75,000 computers in 10
minutes. The outrageously high amounts of traffic overloaded routers
across the globe, which created higher demands on other routers, which
shut them down, and so on.

Blaster (2003)

Estimated Damage: 2 to 10 billion dollars, hundreds of thousands of infected PCs

The virus also contained code that would trigger a distributed denial
of service attack on windowsupdate,com on April 15, but Blaster had
already peaked and was mostly contained by then.

Sobig.F (2003)

Estimated Damage: 5 to 10 billion dollars, over 1 million PCs infected
Sobig worm hit right on the heels of Blaster, making August 2003 a
miserable month for corporate and home PC users. The most destructive
variant was Sobig.F, which spread so rapidly on August 19 that it set a
record (which would later be broken by MyDoom), generating over 1
million copies of itself in its first 24 hours.

The virus
infected host computers via innocuously named e-mail attachments such
as application.pif and thank_you.pif. When activated, this worm
transmitted itself to e-mail addresses discovered on a host of local
file types. The end result was massive amounts of Internet traffic.

On September 10, 2003, the virus deactivated itself and is no longer a
threat. Microsoft has announced a $250,000 bounty for anyone who
identifies Sobig.F's author, but to date, the perpetrator has not been

Bagle (2004)

Estimated Damage: Tens of millions of dollars...and counting
a classic but sophisticated worm, made its debut on January 18, 2004.
The malicious code infected users' systems via the traditional
mechanism -- an e-mail attachment -- and then scoured Windows files for
e-mail addresses it could use to replicate itself.

The real
danger of Bagle (a.k.a. Beagle) and its 60 to 100 variants is that,
when the worm infects a PC, it opens a back door to a TCP port that can
be used by remote users and applications to access data -- financial,
personal, anything -- on the infected system. According to an April
2005 TechWeb story, the worm is "usually credited with starting the
malware-for-profit movement among Sarap dito!ers, who prior to the
ground-breaking worm, typically were motivated by notoriety."

Bagle.B variant was designed to stop spreading after January 28, 2004,
but numerous other variants of the virus continue to plague users to
this day.

MyDoom (2004)

Estimated Damage: At its peak, slowed global Internet performance by 10 percent and Web load times by up to 50 percent
a period of a few hours on January 26, 2004, the MyDoom shockwave could
be felt around the world as this worm spread at an unprecedented rate
across the Internet via e-mail. The worm, also known as Norvarg, spread
itself in a particularly devious manner: It transmitted itself as an
attachment in what appeared to be an e-mail error message containing
the text "Mail Transaction Failed." Clicking on the attachment spammed
the worm to e-mail addresses found in address books. MyDoom also
attempted to spread via the shared folders of users' Kazaa peer-to-peer
networking accounts.

The replication was so successful that
computer security experts have speculated that one in every 10 e-mail
messages sent during the first hours of infection contained the virus.
MyDoom was programmed to stop spreading after February 12, 2004.

Sasser (2004)

Estimated Damage: Tens of millions of dollars
began spreading on April 30, 2004, and was destructive enough to shut
down the satellite communications for some French news agencies. It
also resulted in the cancellation of several Delta airline flights and
the shutdown of numerous companies' systems worldwide.

most previous worms, Sasser was not transmitted via e-mail and required
no user interaction to spread. Instead the worm exploited a security
flaw in non-updated Windows 2000 and Windows XP systems. When
successfully replicated, the worm would actively scan for other
unprotected systems and transmit itself to them. Infected systems
experienced repeated crashes and instability.

Sasser was written by a 17-year-old German high school student, who
released the virus on his 18th birthday. Because he wrote the code when
he was a minor, a German court found him guilty of computer sabotage
but gave him a suspended sentence.


Posts : 28
Reputation : 0
Join date : 2009-07-28
Location : Baguio

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum