I was reading an article about the most devastating viruses and worms that can ever hit a windows machine:
1. ILOVEYOU
The ILOVEYOU worm (a.k.a. VBS/Loveletter and Love Bug worm), a computer worm written in VBScript, is considered by many as the most damaging worm ever. It started in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet and causing about $5.5 billion in damage. Most of the "damage" was the labor of getting rid of the virus. The worm arrived in e-mail boxes with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations.
2. Mydoom
Mydoom, also known as W32.MyDoom@mm, Novarg, Mimail.R and Shimgapi, is a computer virus affecting Microsoft Windows. It was first sighted on January 26, 2004 and became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm.
3. Blaster
The Blaster Worm (also known as Lovsan or Lovesan) was a computer worm that spread on computers running the Microsoft operating systems, Windows XP and Windows 2000. The worm was first noticed and started spreading on August 11, 2003. The rate that it spread increased until the number of infections peaked on August 13, 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster.
The worm was programmed to start a SYN flood on August 15, 2003 against port 80 of windowsupdate.com, thereby creating a distributed denial of service attack (DDoS) against the site. The damage to Microsoft was minimal as the site targeted was windowsupdate.com instead of windowsupdate.microsoft.com to which it was redirected. Microsoft temporarily shut down the targeted site to minimize potential effects from the worm. Although the worm can only spread on systems running Windows 2000 or Windows XP (32 bit) it can cause instability in the RPC service on systems running Windows NT, Windows XP (64 bit), and Windows Server 2003. If the worm detects a connection to the Internet (regardless of dial-up or broadband), this can even lead to the system becoming so unstable that it displays the following message and then restarts (usually after 60 seconds).
The worm contains two messages hidden in strings. The first:
I just want to say LOVE YOU SAN!!
This is why the worm is sometimes called the Lovesan worm. The second:
billy gates why do you make this possible ? Stop making money
and fix your software!!
It is a message to Bill Gates, Microsoft co-founder.
4. Sobig Worm
The Sobig Worm was a computer worm that infected millions of Internet-connected, Microsoft Windows computers in August 2003. It was written using the Microsoft Visual C++ compiler, and subsequently compressed using a data compression program called tElock. There are plenty of variants of the Sobig worm, but the most destructive and widespread of all is called Sobig.F.
5. Code Red
The Code Red worm was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server. The most in-depth research on the worm was performed by the programmers at eEye Digital Security. They also gave the worm the phrase "Hacked By Chinese!" with which the worm defaced websites. Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000.
6. CIH
CIH, also known as Chernobyl or Spacefiller, is a computer virus written by Chen Ing Hau of Taiwan. It is considered to be one of the most harmful widely circulated viruses, overwriting critical information on infected system drives, and more importantly, in some cases corrupting the system BIOS.
7. Klez
Klez is a computer worm that propagates via e-mail. It first appeared in the end of 2001. A number of variants of the worm exist. Klez infects Microsoft Windows systems, exploiting vulnerability in Internet Explorer's Trident layout engine, used by both Microsoft Outlook and Outlook Express to render HTML mail.
8. Melissa
The Melissa worm, also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", is a mass-mailing macro virus, hence leading some to classify it as a computer worm. First found on March 26, 1999, Melissa shut down Internet mail systems that got clogged with infected e-mails propagating from the worm. Melissa was not originally designed for harm, but it overflowed servers and caused unplanned problems.
9. Sasser
Sasser (sometimes known as the Big One) is a computer worm that affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000. Some machines running Windows 98 were infected. Like other worms, Sasser spreads by exploiting the system through a vulnerable network port. Thus it is particularly potent in that it can spread without user intervention, but it is also easily stopped by a properly configured firewall or by downloading system updates from Windows Update. Sasser was first noticed and started spreading on April 30, 2004. This worm was named Sasser because it spreads by exploiting a buffer overflow in the component known as LSASS (Local Security Authority Subsystem Service) on the affected operating systems.
10. Bagle
Bagle (also known as Beagle) is a mass-mailing computer worm written in pure assembly and affecting all versions of Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variation, Bagle.B is considerably more virulent. Bagle uses its own SMTP engine to mass-mail itself as an attachment to recipients gathered from the victim computer.
0 comments:
Post a Comment