Wednesday, September 5, 2007

Most notorious viruses in PC history

Most notorious viruses in PC history
The computer virus has completed 25 years. The sinister computer programme that still gives computer users jitters has come a long way since the days of 'Elk Cloner', the first computer virus which started circulating in 1982. While some of the early viruses clogged networks, later ones corrupted or wiped documents or had other destructive properties. More recently, viruses have been created to steal personal data such as passwords or to create relay stations for making junk e-mail more difficult to trace. While the earliest viruses spread through floppy disks, the growth of the Internet gave a new way to spread viruses: e-mail. Today, viruses have found several platforms: instant-messaging, file-sharing software, rogue web sites; images etc. As these malicious programmes go more sophisticated and their numbers increase on a daily basis, here's a look into some of the most notorious virus attacks over the last twenty-five years.

Elk Cloner (1982)
Regarded as the first virus to hit personal computers worldwide, "Elk Cloner" spread through Apple II floppy disks. The programme was authored by Rich Skrenta, a ninth-grade student then, who wanted to play a joke on his schoolmates. The virus was put on a gaming disk, which could be used 49 times. On 50th time, instead of starting the game, it opened a blank screen that read a poem that read: "It will get on all your disks. It will infiltrate your chips. Yes it's Cloner! It will stick to you like glue. It will modify RAM too. Send in the Cloner!" The computer would then be infected. Elk Cloner was though a self-replicating virus like most other viruses, it bears little resemblance to the malicious programmes of today. However, it surely was a harbinger of all the security headaches that would only grow as more people get computers -- and connected them with one another over the Internet.

Brain (1986)
"Brain" was the first virus to hit computers running Microsoft's popular operating system DOS. Written by two Pakistani brothers, Basit Farooq Alvi and his brother Amjad Farooq Alvi, the virus left the phone number of their computer repair shop. The Brain virus was a boot-sector virus. It infected the boot records of 360K floppy disks. The virus would fill unused space on the floppy disk so that it could not be used. The first "stealth" virus, it hides itself from any detection by disguising the infected space on the disk. The virus is also known as Lahore, Pakistani and Pakistani Brain. BusinessWeek magazine called the virus the Pakistani flu. The brothers told TIME magazine they had written it to protect their medical software from piracy and it was supposed to target copyright infringers only.

Morris (1988)
Written by a Cornell University graduate student, Robert Tappan Morris, the virus infected an estimated 6,000 university and military computers connected over the Internet. Incidentally, Morris's father was a top government computer-security expert, The computers Morris invaded were part of the Arpanet, an international grid of telephone lines, buried cables, and satellite hookups established by the Department of Defense in 1969. Interestingly Morris later claimed that the worm was not written to cause damage, but to gauge the size of the Internet. An unintended consequence of the code, however, led to the damage caused.

Melissa (1999)
'Melissa' was one of the first viruses to spread over e-mail. When users opened an attachment, the virus sent copies of itself to the first 50 people in the user's address book, covering the globe within hours. The virus known as Melissa -- believed to have been named after a Florida stripper its creator knew -- caused more than $80m in damage after it was launched in March 1999. Computers became infected when users received a particular e-mail and opened a Word document attached to it. First found on March 26, 1999, Melissa shut down Internet mail systems at several enterprises across the world after being they got clogged with infected e-mails carrying the worm.

The worm was first distributed in the Usenet discussion group alt.sex. The creator of the virus, David Smith, was sentenced to 20 months imprisonment by a United States court.

Love bug (2000)
Travelling via e-mail attachments, "Love Bug" exploited human nature and tricked recipients into opening it by disguising itself as a love letter. The virus stunned security experts by its speed and wide reach. Within hours, the pervasive little computer programme tied up systems around the world. The virus which was similar to the earlier Melissa worm, spread via an e-mail with the tantalising subject line, "I Love You." When a recipient opened the attachment, the virus sent copies of itself to his entire address book. It then looked for files with .jpeg, .mp3, .mp2, .css and .hta extensions and overwrote them with itself, changing the extensions to .vbs or .vbe. These files then could not be retrieved in searches. The bug affected companies in Taiwan and Hong Kong -- including Dow Jones Newswires and the Asian Wall Street Journal. Companies in Australia had to close down their email systems to keep the virus from spreading (80 per cent of the companies in Australia reportedly got hit). The victims also included Parliaments of Britain and Denmark. In Italy, the outbreak hit almost the entire country. In the United States too, the e-mail systems were shut down at several companies.

Code Red (2001)

Said to be one of the most expensive viruses in history, the self-replicating malicious code, 'Code Red' exploited vulnerability in Microsoft IIS servers. Exploiting the flaw in the software, the worm was among the first few "network worms" to spread rapidly as they required only a network connection, not a human opening like attachment worms. The worm had a more malicious version known as Code Red II. Both worms exploited a bug in an indexing service shipped with Microsoft Window's NT 4.0 and Windows 2000 operating systems. In addition to possible website defacement, infected systems experienced severe performance degradation. The virus struck multiple times on the same machine. Code Red II affected organizations ranging from Microsoft to the telecom company Qwest to the media giant Associated Press. According to a research firm Computer Economics, the virus caused damage worth above $2 billion. Incidentally, Microsoft had issued a patch to fix the vulnerability almost a month earlier, however, most system operators failed to install it.

Blaster (2003)
'Blaster' (also known as Lovsan or Lovesan) took advantage of a flaw in Microsoft software. The worm alongwith 'SoBig' worm which also spread at the same time prompted Microsoft to offer cash rewards to people who helped authorities capture and prosecute the virus writers.The worm started circulating in August 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster. On August 29, 2003, Jeffrey Lee Parson, an 18-year-old from Hopkins, Minnesota was arrested for creating the B variant of the Blaster worm; he admitted responsibility and was sentenced to an 18-month prison term in January 2005.

Sasser (2004)
Another worm to exploit a Windows flaw, 'Sasser' led to several computers crashing and rebooting themselves. Sasser spread by exploiting the system through a vulnerable network port. The virus, which infected several million computers around the world, caused infected machines to restart continuously every time a user attempted to connect to the Internet. The worm also severely impaired the infected computer's performance.The first version of worm struck on April 30, 2004. The worms three modified versions have followed it since then, known as Sasser.B, Sasser.C and Sasser.D. The companies affected by the worm included the Agence France-Presse (AFP), Delta Air Lines, Nordic insurance company If and their Finnish owners Sampo Bank.