Virus/Trojan/Worm Hall of Fame
Viruses, trojans and worms, oh my! This trio of threats has plagued users for some time now, and they’re still getting us after all these years. During the time they’ve been around, some of them have risen to international prominence, and a few have even garnered the kind of media hysteria one might associate with, say, a wardrobe malfunction during a Super Bowl halftime performance or an celebrity’s over-the-top appearance on a daytime talk show. Let’s take a trip down memory lane and overview some of these high-profile cyber menaces:
Most overrated: Michelangelo Virus
The Michelangelo Virus was malicious code designed to damage MS-DOS systems. Because it predated mass usage of the Internet, it was intended to proliferate via infected floppy discs, which were themselves infected by hard drives’ master boot records that carried the virus. Once there, the virus would hide until the computer booted on March 6, the birthday of its namesake, when it would erupt and commence overwriting the hard disc with unsystematic data. Michelangelo was first discovered in 1991, but it didn’t really come into the public’s consciousness until the beginning of the following year, when the media pounced on the story that a few software and hardware manufacturers had shipped infected products.
In truth, it shouldn’t have ever been that famous (or infamous). The reason behind the subsequent frenzy was the fact that a few “expert” talking heads—probably many of the same ones who would hype up Y2K just a few years later—gravely intoned on national TV about the millions of computers that would be infected as a result. (Just where do they find these guys, anyway? And why do they keep popping up again and again?) The hysteria grew more intense as March 6, 1992 approached. When that fateful day did arrive, though, fewer than 20,000 computers worldwide reported data loss from Michelangelo. Like the Renaissance artist’s statue of David, this virus just petered out.
In January 2004, several e-mails with words such as “Error,” “Mail Transaction Failed” and “Test” in the subject line began to be transmitted from spammers in Russia. These messages carried attachments containing what would become known as the MyDoom worm. It also could replicate through peer-to-peer file sharing. Interestingly, this might be the only attack that ever contained an apology—imbedded in the text is the message “andy; I’m just doing my job, nothing personal, sorry.”
In spite of this contrite sentiment, MyDoom was kind of freaky. What made it scary—besides its ominous name—was its speed and scale. It was the fastest-spreading worm in history, and at its peak on January 28, 2004, close to 20 percent of all e-mails carried MyDoom. In fact, for a few hours, it managed to slow Web pages’ load times by half on average. It also employed a two-pronged strike, by opening up a backdoor on the infected PC and distributing denial-of-service attacks against sites belonging to Microsoft, the SCO Group and a number of information security vendors. Fortunately, the A and B variants of these worms were programmed to stop spreading a few weeks after they were released, although the back doors for both stayed open. Other versions of MyDoom were launched a few months afterwards, but none were as effective as these initial worms.
Most effective: TIE—ILOVEYOU/Sasser Worm
The ILOVEYOU worm—named for the subject line of the e-mails that carried it—was one of the best and earliest examples of social engineering, in that it emotionally registered with recipients and caused many of them to let their guard down and open the malicious attachment. It was created by Filipino computer science student Onel A. de Guzman, who used Visual Basic Scripts to make the worm technically effective. ILOVEYOU, which was launched in 2000, caused more than $10 billion in damage to corporations and even resulted in a denial-of-service attack on the official Web site of the White House.
The Sasser worm was written by Sven Jaschan, a 17-year-old German boy who also made Netsky.AC, a modification of the Netsky worm. This nastily precocious runt released four different versions of Sasser over the course of a few days in April and May of 2004, just as MyDoom was beginning to wind down. The effects of the worm were wide-ranging. Delta Air Lines had to cancel several trans-Atlantic flights after its systems were hit especially hard, and the British Coastguard’s electronic-mapping service was disabled for several hours as a result. Goldman Sachs, Agence France-Presse, the European Commission and the postal service of Taiwan also suffered operational and financial setbacks as a result. The worst part is that much of the damage caused by Sasser was preventable. Days earlier, Microsoft had released a patch for the vulnerable network port it exploited in Windows, but it could have been stopped by a suitably configured firewall.
Funniest: Back Orifice
Everything about Back Orifice is humorous, except for the potential for malicious usage. The name itself comes from a play on Microsoft’s BackOffice Server, and the logo…well, you’ll just have to see it yourself. It was created by a guy who goes by the nickname Sir Dystic (who’s evidently big on puns), a member of the white-hat hacking organization CULT OF THE DEAD COW. Back Orifice was unveiled at DEF CON 6 back in 1998 to show the security problems within Windows 98, but has since been used as a “platform” upon which to build malware.
-Brian Summerfield, firstname.lastname@example.org