Computer viruses have come a long way from the early days of personal computers, when teenage hackers competed for bragging rights, creating malware designed for mischief or random mayhem. Now, the hackers have gone professional, and their ambitions have grown; rather than amateurs working out of their parents' basement, malware creators are often part of an underworld criminal gang, or working directly for a foreign government or intelligence agency. As the stakes have grown, so too has the potential damage and destruction brought on by malware.
1) Stuxnet (2009-2010) The arrival of Stuxnet was like a cartoon villain come to life: it was the first computer virus designed specifically to cause damage in the real, as opposed to virtual, world. While previous malware programs may have caused secondary physical problems, Stuxnet was unique in that it targeted software that controls industrial systems. Specifically, Stuxnet was designed to damage machinery at Iran’s uranium enrichment facility in Natanz. Based on the available information, including data from the International Atomic Energy Agency, experts believe Stuxnet caused a large number of Iran’s centrifuges—essentially giant washing machines used to enrich uranium—to spin out of control and self-destruct. Though Stuxnet was discovered in 2010, it is believed to have first infected computers in Iran in 2009.
2) Conficker Virus (2009)In 2009, a new computer worm crawled its way into millions of Windows-based PCs around the world, creating a massive botnet army of remotely controlled computers capable of stealing financial data and other information. Its complexity made it difficult to stop, and the virus prompted the creation of a coalition of experts dedicated to stopping its spread. At its height, the Conficker worm infected millions of computers, leading anti-virus researchers to call it the “super bug,” or “super worm.” But the real mystery of Conficker, which still infects a large number of computers, is that no one knows what it was meant to do: the botnet army was never used for any specific purpose, to the best of anyone’s knowledge. Conficker’s real purpose still confounds security experts.
3) agent.btz (2008) This piece of malware’s claim to fame is that it temporarily forced the Pentagon to issue a blanket ban on thumb drives and even contributed to the creation of an entirely new military department, U.S. Cyber Command. Agent.btz spreads through infected thumb drives, installing malware that steals data. When agent.btz was found on Pentagon computers in 2008, officials suspected the work of foreign spies. Former Deputy Secretary of Defense William Lynne later wrote that agent.btz created “a digital beachhead, from which data could be transferred to servers under foreign control.” Though some anti-virus experts have disputed the contention that the virus was the creation of a foreign intelligence agency, its effect was to make cyber war a formal part of U.S. military strategy.
4) Zeus (2007) There is no shortage of malware kits that target personal information, but Zeus has become the go-to tool for many of today’s cyber criminals and is readily available for sale in the cyber crime underworld. It can be used to pilfer passwords as well as files, helping to create a literal underground economy for compromised identities that can be bought and sold for as little 50 cents. In the age of Internet banking and online shopping, a compromised identity is much more than just a name and social security number: it’s your address, date of birth, mother’s maiden name, and even your secret security questions (your first pet, your favorite teacher, or your best friend from grade school).
5) PoisonIvy (2005) PoisonIvy is a computer security nightmare; it allows the attacker to secretly control the infected user’s computer. Malware like PoisonIvy is known as a “remote access trojan,” because it provides full control to the perpetrator through a backdoor. Once the virus is installed, the perpetrator can activate the controls of the targeted computer to record or manipulate its content or even use the computer’s speaker and webcam to record audio and video. Once thought of as a tool for amateur hackers, PoisonIvy has been used in sophisticated attacks against dozens of Western firms, including those involved in defense and chemical industries, according to a white paper written by Symantec, the computer security firm. The attacks were traced back to China.
6) MyDoom (2004) MyDoom muscled its way into the malware world in 2004, quickly infecting some one million computers and launching a massive distributed denial of service attack, which overwhelms a target by flooding it with information from multiple systems. The virus spread through email as what appeared to be a bounced message. When the unsuspecting victim opened the email, the malicious code downloaded itself and then pilfered the new victim’s Outlook address book. From there, it spread to the victim’s friends, family and colleagues. MyDoom spread faster than any worm seen prior.
7) Fizzer (2003) By 2003, many worms were spreading over e-mail, but Fizzer was an entirely new creature. If earlier worms, like Code Red (see below), were about mischief, Fizzer was all about money. While some initially dismissed the seriousness of the worm because it wasn’t as fast moving as Code Red, Fizzer was more insidious. “What makes Fizzer stand out is that it's the first instance of a worm created for financial gain,” says Roel Schouwenberg, a senior researcher at Kaspersky, an anti-virus company. “Computers infected with Fizzer started sending out pharmacy spam.” In other words, Fizzer didn’t just take over your address book to spread for the sake of spreading, it used your address book to send out the now familiar porn and pills spam. Fizzer was followed by better-known spam-inducing worms, like SoBig, which became threatening enough that Microsoft even offered a $250,000 bounty for information leading to the arrest of its creator.
8) Slammer (2003) In January 2003, the fast-spreading Slammer proved that an Internet worm could disrupt private and public services, a harbinger for future mayhem. Slammer works by releasing a deluge of network packets, units of data transmitted over the Internet, bringing the Internet on many servers to a near screeching halt. Through a classic denial of service attack, Slammer had a quite real effect on key services. Among its list of victims: Bank of America’s ATMs, a 911 emergency response system in Washington State, and perhaps most disturbingly, a nuclear plant in Ohio.
9) Code Red (2001) Compared to modern malware, Code Red seems like an almost kinder, gentler version of a threat. But when it swept across computers worldwide in 2001, it caught security experts off guard by exploiting a flaw in Microsoft Internet Information Server. That allowed the worm to deface and take down some websites. Perhaps most memorably, Code Red successfully brought down the whitehouse.gov website and forced other government agencies to temporarily take down their own public websites as well. Though later worms have since overshadowed Code Red, it’s still remembered by anti-virus experts as a turning point for malware because of its rapid spread.
10) Love Letter/I LOVE YOU (2000) Back in 2000, millions of people made the mistake of opening an innocent looking email attachment labeled simply, “I Love You.” Instead of revealing the heartfelt confession of a secret admirer, as perhaps readers had hoped, the file unleashed a malicious program that overwrote the users’ image files. Then like an old-fashioned chain letter gone nuclear, the virus e-mailed itself to the first 50 contacts in the user’s Windows address book. While by today’s standards, Love Letter is almost quaint, it did cause wide-scale problems for computer users. It only took hours for Love Letter to become a global pandemic, in part because it played on a fundamental human emotion: the desire to be loved. In that sense, Love Letter could be considered the first socially engineered computer virus.
Sharon Weinberger is a national security reporter based in Washington, D.C.