Computer malware has caused huge amounts of damage over the decades. These six pieces of malware have truly terrible track records. It’s estimated that these six programs have logged combined damages of $95 billion between them. Each one used what was then innovative methods of getting into systems.
The ILOVEYOU virus was released in May 2000. It was an email with the header “I Love you”, or variations thereof, and an attachment that read “Love letter for you”. The attachment was a program written in visual basic. The extension “.vbs”, which exploited a windows quirk that hides known file extensions. When users clicked on it, it overwrote local files and sent copies of itself off to every email address on the machine.
It infected millions of computers, causing an estimated $6 billion in damage. The perpetrators, two Filipino programmers named Reonel Ramones and Onel de Guzman, escaped prosecution because the laws of the time didn’t cover their offence.
MyDoom (or Novarg, or W32) is a worm that creates backdoors in the target, allowing for the system to be taken over. It was also spread through email and used to set up networks of slave computers that coordinated in Distributed Denial of Service (DDoS) attacks. In a DDoS attack, a network is overwhelmed by a huge number of computers demanding to connect at the same time. It was probably created by a Russian programmer with a grudge. While the original version was discovered in 2004, variants continued to be used in DDoS attacks for many years.
SoBig was another worm circulated through emails circa 2003. It could copy files, email itself to others, and damage software. Microsoft still has an outstanding reward offer of $250,000 for information leading to identification of the creator.
WannaCry was pioneering ransomware cryptoworm. It encrypted data and set up backdoors on systems. The malware is believed to have been used on multiple attacks across 150 nations. It almost crippled the UK’s National Health Service and caused over $4 billion in global damages. Dark Tequila is phishing malware. It steals bank credentials and sensitive corporate data. It’s believed to have cost billions in the phishing attacks that followed in its wake.
BlackEnergy is perhaps the most fascinating of this dirty half-dozen. It was discovered in 2007. It’s a rootkit that is near undetectable, since it pretends to be part of the operating system. The original version was probably designed by a Russian hacking gang.
Later variants have been used by all sorts of people, including at least two national security agencies in cyber-warfare. BlackEnergy can be used to take over machines, or to execute destructive programs. A version of it took down the power grid of the Ukraine in 2015. Other versions are suspected to have been used by North Korea.
Modern anti-malware programs will detect these programs. But, of course, there are successors. The principles of staying safe remain the same. Avoid opening email attachments from people you don’t know; avoid downloading programs from untrusted sources; don’t download pirated video, music and PDF files. This is easy to advise and hard to practise on a 24x7 basis. Sooner or later, somebody will create a PoC version II and that will feature malware that has caused at least as much damage.