Hackers and security vendors are engaged in a never-ending game of leapfrog, with the former constantly devising clever viruses and the latter feverishly trying to concoct antidotes. As a result, through the years hundreds of thousands of malignant programs have infected networks around the world. Most have had minimal impact, but a handful have caused hundreds of millions — even billions — of dollars in damage.
Some might mistakenly think viruses are a recent problem, but they have been around for at least 20 years. “Viruses have been around since the early 1980s, and their basic design hasn’t changed much since then,” noted Fred Cohen, a principal analyst with the Burton Group.
In 1980s, one of the first viruses spread by infecting IBM mainframe systems. But the attack did not gain much notice because it did not infect many systems. At the time, mainframes were found only in large corporations, and many had appropriate security checks in place.
The Michaelangelo virus, which sprouted at about the same time, was the first widespread attack centering on PCs. It made its way around the world but did so very slowly because it was transported mainly when users loaded infected floppy disks on uninfected systems.
Roping in the Viruses
Corralling viruses has become much more of a problem with the proliferation of PCs connected to the Internet. Because viruses are designed to identify network vulnerabilities and then replicate through those vulnerabilities, they can spread quickly across the Internet and infect millions of machines in just a few hours.
The potential became evident with the Melissa virus, which hit the Internet in March 1999. Like most viruses, it was sent as an e-mail attachment and was only activated once the recipient opened the attachment. The virus was designed to take advantage of vulnerabilities in macros — short computer scripts — used by Microsoft’s main word-processing application, Word.
“What made Melissa powerful was its ability to replicate itself,” Vincent Weafer, senior director at security vendor Symantec, told TechNewsWorld. After examining the contents in a person’s e-mail address book, the virus would send itself out to all of those listed.
The virus was unleashed on a Friday afternoon and quickly spread around the Internet that weekend. Eventually, 15 to 20 percent of U.S. businesses were impacted, leading to hundreds of millions of dollars in damages as a result of lost productivity, computer downtime and additional IT expenses.
Melissa’s designer, David Smith, was eventually sentenced to 20 months in prison after being charged with interruption of public communications, conspiracy to interrupt public communications, theft of computer services and damage or wrongful access to computer services.
In May 2000, the I Love You virus emerged. Written in Microsoft’s Visual Basic language, it was designed much like Melissa. The malignant software propagated by e-mail, enticing users to open an attached file by featuring an alluring title in the subject field, such as “I Love You” or “Love Letter.” Individuals searching for bliss were then surprised as the virus made its way through their e-mail address books and spread to their friends and colleagues.
One of the nastier side effects of the I Love You virus was that it replaced certain types of files with copies of itself, which would reinfect a computer if a user opened one of the seemingly innocuous music or image files. Also disturbing were the virus’ ongoing attempts to steal passwords and connect users’ browsers to a particular Web page in the Philippines where another strain of the virus was stored. The source of the virus was eventually traced to a couple of disgruntled computer science students in the Philippines. Damage estimates from the virus were $1 billion in the United States and upwards of $15 billion worldwide, with Sweden, Austria and Germany particularly hard hit.
Code Red I and Code Red II, which emerged in the summer of 2001, presented IT staffs with new challenges. With a virus, a user has to download the software and then open up a file before it becomes effective. With a worm, the user only needs to inadvertently download the software, which then can activate itself and spread to other vulnerable computers.
Worms are usually designed to corrupt files, scan in search of new victims, generate bogus traffic and try to knock network equipment offline by launching denial-of-service attacks, in which groups of computers work together to flood a specific target with an overabundance of traffic. Code Red infected more than 1 million computers and resulted in an estimated $2.6 billion in clean-up costs and lost productivity.
In early 2003, two new formidable worms arrived. The SQL Slammer worm was built to attack Microsoft SQL Server database management systems. Using a buffer-overflow function to take over a server, the worm would send out a flood of packets that had an effect similar to a denial-of-service attack. More than 500,000 servers worldwide were infected, there was a general slowdown all over the Internet, and many corporations took their systems offline altogether. South Korea was hit so badly that much of the nation’s fixed-line and mobile Internet users were unable to access Web sites for about 12 hours.
More significant problems occurred as a result of the SoBig virus, which had several variations. SoBig spread through infected e-mail message attachments and unprotected shared folders on computer networks. This virus modified a computer’s operating system so that the worm code ran whenever Windows booted. The latest strain, called SoBig.F, arrived in August this year and produced more than 1 million copies within its first 24 hours of life on the Internet.
America Online scanned more than 40 million e-mail messages per day in the weeks after that worm hit and found 60 percent to be infected with the virus. After generating more than $2 billion in damages in the United States alone, the SoBig virus will end the year in the number-one spot in annual virus rankings.
The security industry has learned much from each major attack, but the general consensus is that there will be more to come. “We haven’t seen the worst virus strike yet,” Burton Group’s Cohen told TechNewsWorld.
Good article, great reviews on interesting viruses. What about the klez worm? and magistr? deserving of honorable mentions I suspect.