informa
/
4 MIN READ
Feature

The 10 Most Destructive PC Viruses Of All Time

Causing close to $100 billion in damage to businesses worldwide, PC viruses have brought the world a massive headache. We name the 10 most destructive of the past 20 years.
Sobig.F (2003)

Estimated Damage: 5 to 10 billion dollars, over 1 million PCs infected

The Sobig worm hit right on the heels of Blaster, making August 2003 a miserable month for corporate and home PC users. The most destructive variant was Sobig.F, which spread so rapidly on August 19 that it set a record (which would later be broken by MyDoom), generating over 1 million copies of itself in its first 24 hours.

The virus infected host computers via innocuously named e-mail attachments such as application.pif and thank_you.pif. When activated, this worm transmitted itself to e-mail addresses discovered on a host of local file types. The end result was massive amounts of Internet traffic.



E-mails with innocuously named attachments launched Sobig. Courtesy of
F-Secure.
Click image to enlarge and to launch image gallery.

On September 10, 2003, the virus deactivated itself and is no longer a threat. Microsoft has announced a $250,000 bounty for anyone who identifies Sobig.F's author, but to date, the perpetrator has not been caught.


20 Years Of PC Viruses


 Introduction

 A Brief History Of Viral Time

 The 10 Most Destructive Viruses

      •  CIH
•  Blaster

      •  Melissa
•  Sobig.F

      •  ILOVEYOU
•  Bagle

      •  Code Red
•  MyDoom

      •  SQL Slammer
•  Sasser

 Early Days On The Antivirus Front

 What To Do In A Malware Attack


 Virus Image Gallery

 Virus Timeline

Bagle (2004)

Estimated Damage: Tens of millions of dollars...and counting

Bagle, a classic but sophisticated worm, made its debut on January 18, 2004. The malicious code infected users' systems via the traditional mechanism -- an e-mail attachment -- and then scoured Windows files for e-mail addresses it could use to replicate itself.

The real danger of Bagle (a.k.a. Beagle) and its 60 to 100 variants is that, when the worm infects a PC, it opens a back door to a TCP port that can be used by remote users and applications to access data -- financial, personal, anything -- on the infected system. According to an April 2005 TechWeb story, the worm is "usually credited with starting the malware-for-profit movement among hackers, who prior to the ground-breaking worm, typically were motivated by notoriety."

The Bagle.B variant was designed to stop spreading after January 28, 2004, but numerous other variants of the virus continue to plague users to this day.

MyDoom (2004)

Estimated Damage: At its peak, slowed global Internet performance by 10 percent and Web load times by up to 50 percent

For a period of a few hours on January 26, 2004, the MyDoom shockwave could be felt around the world as this worm spread at an unprecedented rate across the Internet via e-mail. The worm, also known as Norvarg, spread itself in a particularly devious manner: It transmitted itself as an attachment in what appeared to be an e-mail error message containing the text "Mail Transaction Failed." Clicking on the attachment spammed the worm to e-mail addresses found in address books. MyDoom also attempted to spread via the shared folders of users' Kazaa peer-to-peer networking accounts.

The replication was so successful that computer security experts have speculated that one in every 10 e-mail messages sent during the first hours of infection contained the virus. MyDoom was programmed to stop spreading after February 12, 2004.

Sasser (2004)

Estimated Damage: Tens of millions of dollars

Sasser began spreading on April 30, 2004, and was destructive enough to shut down the satellite communications for some French news agencies. It also resulted in the cancellation of several Delta airline flights and the shutdown of numerous companies' systems worldwide.

Unlike most previous worms, Sasser was not transmitted via e-mail and required no user interaction to spread. Instead the worm exploited a security flaw in non-updated Windows 2000 and Windows XP systems. When successfully replicated, the worm would actively scan for other unprotected systems and transmit itself to them. Infected systems experienced repeated crashes and instability.



Sasser caused frequent system crashes. Courtesy of
F-Secure.
Click image to enlarge/launch image gallery.

Sasser was written by a 17-year-old German high school student, who released the virus on his 18th birthday. Because he wrote the code when he was a minor, a German court found him guilty of computer sabotage but gave him a suspended sentence.

George Jones is a technology writer and computer-games consultant based in San Francisco.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing