Top 10 Worst Computer Worms of All Time
Photo by Isaac Mao. Its name comes from the city in which it was first detected, the city of Jerusalem.
The worm, which infects DOS, increases the file size of all files run within DOS (with the exception of COMMAND.COM).
Jerusalem is a variant of the Suriv virus, which also deletes files at random periods during the year (April Fool's Day and/or Friday the 13th depending on the variant). The Jerusalem worm inspired a host of similar worms that grow by a specified file size when executed. Another variant, Frère, plays the song Frère Jacques on the 13th day of the month.
While Jerusalem and its relatives were quite common in their day, they became less of a threat when Windows was introduced.
9. MichelangeloIn 1991, thousands of machines running MS-DOS were hit by a new worm, one which was scheduled to be activated on the artist Michelangelo's birthday (March 6th). On that day, the virus would overwrite the hard disk or change the master boot record of infected hosts.
When the worm came to mainstream attention, mass hysteria reigned and millions of computers were believed to be at risk. After March 6th, however, it was realized that the damage was minimal. Only 10,000 to 20,000 cases of data loss were reported.
Ironically, however, because of the media hype, the period before March 6, 1992 became known as "Michelangelo Madness," with users buying anti-virus software in droves, some for the very first time. In a way, the "madness" led many people to prepare for the outbreak and helped minimize the actual damage caused by the worm.
Photo by TresspassersWill One of the newest worms to hit the Internet was the Storm Worm, which debuted in January of 2007. Its name came from a widely circulated email about the Kyrill and the computers that are part of the botnet are consistently being updated with the fast flux DNS technique. Consequently, it has been difficult for infected machines to be isolated and cleaned.
7. SobigIn 2003, millions of computers were infected with the Sobig worm and its variants. The worm was disguised as a benign email. The attachment was often a *.pif or *.scr file that would infect any host if downloaded and executed. Sobig-infected hosts would then activate their own SMTP host, gathering email addresses and continually propagating through additional messages.
Sobig depended heavily on public websites to execute additional stages of the virus. Fortunately, in earlier cases, these sites were shut down after the discovery of the worm. Later, when Geocities was found to be the primary hosting point for Sobig variants, the worm would instead communicate with cable modems that were hacked that would later serve as another stage in the worm's execution.
Photo by Mot (Trivial File Transfer Protocol) server and downloaded code onto the infected host. Within several hours of its discovery, it had hit nearly 7,000 computers. Six months later, over 25 million hosts were known to be infected. The Windows Blaster Worm Removal Tool was finally launched by Microsoft in January of 2004 to remove traces of the worm.
Photo by malpractice for 20 months and fined $5,000.
4. Code RedFriday the 13th was a bad day in July of 2001; it was the day Code Red was released. The worm took advantage of a buffer overflow vulnerability in Microsoft IIS servers and would self-replicate by exploiting the same vulnerability in other Microsoft IIS machines. Web servers infected by the Code Red worm would display the following message:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!After 20 to 27 days, infected machines would attempt to launch a denial of service on many IP addresses, including the IP address of www.whitehouse.gov.
A market research firm estimated that Nimda caused $530 million in damages after only one week of propagation.
Photo by eggrollboy.vbs, started a worm that spread like wildfire by accessing email addresses found in users' Outlook contact lists. Unsuspecting recipients, believing the email to be benign, would execute the document only to have most of their files overwritten.
Photo by MotorBoat4107 that include imprisonment for 6 months to 3 years and a fine of at least 100,000 pesos (USD $2000).
1. Morris Worm (also known as the Great Worm)How big is the Internet, you ask? In 1988, Cornell University student named Robert Tappan Morris launched 99 lines of code in his quest for the answer. While his intentions were not malicious, there were bugs in his code that caused affected hosts to encounter a plethora of stability problems that effectively made these systems unusable. The result was increased load averages on over 6,000 UNIX machines across the country which caused between $10,000,000 and $100,000,000 of damage.
|Printer friendly Cite/link Email Feedback|
|Date:||Nov 21, 2007|