(In)famous Computer Viruses

Computer viruses, like supercomputers, are frequently used as science fiction cliches and gimmicks to prop up hackneyed political thrillers. In reality, most viruses are little more than spambots and are seldom as dangerous as they are annoying. But there have been and continue to be quite significant exceptions, and it’s these stand outs that have taught us the most about viruses, how they function, and how to protect ourselves against them. This month, let’s look at some of the most (in)famous computer viruses in tech history and why – due to their reach, their financial impact, and the lessons we’ve learned from them – they stand out as “The Worst of the Worst.”

ILOVEYOU (2000)

The world was still enjoying a collective sigh of relief after the Y2K scare when the ILOVEYOU virus reared its ugly head. Spreading via email attachments with the subject line "ILOVEYOU," the so-called “love bug” was a Visual Basic script that, once opened, replicated itself and sent copies to all contacts in the recipient's email address book. It also overwrote various types of files on the infected host’s computer, rendering documents, images, and audio files useless.

ILOVEYOU caused an estimated $10 billion in damages worldwide and infected approximately 45 million computers in just one day, disrupting businesses, governments, and personal communications. The rapid spread and massive impact of ILOVEYOU highlighted the vulnerability of email systems and the importance of having solid cybersecurity measures in place.

Code Red (2001)

Just a year later, Code Red set its sights on Microsoft-specific web servers and exploited a vulnerability which caused a programming anomaly known as a buffer overflow. In computing, a buffer is a region of memory used to store data temporarily while it’s being moved from one place to another; an overflow occurs when a program writes more data to a buffer than it can hold. When this happens, adjacent regions of memory can be overwritten and infected with malicious code, and this is how Code Red would initiate its attack. The virus would deface websites with the message "Hacked by Chinese!" and attempt to spread to other servers. It also launched DDoS attacks on specific IP addresses, including that of the White House.

Code Red infected over 350,000 web servers within hours of its release. The financial impact was estimated to be around $2.6 billion. The rapid spread and high-profile targets of Code Red reaffirmed the importance of securing web servers and patching known vulnerabilities promptly.

Mydoom (2004)

Mydoom is considered one of the fastest-spreading email worms in history, replicating through email attachments and peer-to-peer file sharing networks like LimeWire and BitTorrent. Once executed, Mydoom created a backdoor in the infected computer's operating system, allowing remote access and control by attackers. It also initiated a Distributed Denial of Service (DDoS) attack on certain websites, including the website of the software company SCO Group.

Mydoom caused an estimated $38 billion in damages and, at its peak, was responsible for 30% of all email traffic worldwide, significantly slowing down global internet performance. The virus's ability to open backdoors on infected systems underscored the need for robust network security and regular software updates.

WannaCry (2017)

One of the more recent examples is WannaCry, a ransomware virus that exploited a vulnerability in Microsoft Windows known as EternalBlue. Once WannaCry had successfully infected a computer, it went to work encrypting the user's files and then demanded a ransom payment in Bitcoin to decrypt them. The virus spread rapidly across global networks, causing widespread disruption to businesses, government agencies, and even healthcare institutions. In particular, the UK's National Health Service (NHS) was severely impacted, with numerous hospitals and clinics forced to cancel appointments and divert patients. 

Like other viruses before it, the total damages from WannaCry were estimated to be in the billions of dollars. Interestingly, it was revealed that the EternalBlue exploit was actually developed by the NSA and remains an active vulnerability in hundreds of thousands of unpatched machines. For the ultra curious among us, a great description of EternalBlue and how it works can be found here.