Most Destructive Malware of All Time

[Batu69]

All malware is inherently dangerous, but there are a few threats that stand out amongst the others when it comes to inflicting damage. We took a look at some of the most destructive malware of all time from traditional viruses, worms and Trojans to increasingly prevalent PUAs such as adware and spyware. This list, while covering most of the all-time worst threats, is not all- inclusive. For example, notable threats are not on this list such as the ILOVEYOU bug, although they also rank as highly destructive. How many of these threats do you remember?

1. CIH Virus - 1998

The CIH virus, also known as the "Chernobyl virus", was named after the explosion of the nuclear plant in Russia because it was written to execute on the anniversary of the explosion. The virus worked by wiping data from the hard drives of infected devices and overwriting the BIOS chip within the computer, which rendered the device unusable. BIOS chips, originally manufactured by IBM for PCs, are a type of firmware used when a device is booted or turned on. This virus caused tremendous damage because the BIOS chip was not removable on many PCs, requiring the user to replace the entire motherboard. The virus was created by a student at the Taipei Tatung Institute of Technology, named Chen Ing Hau. Although the virus caused millions of dollars in damages, Chen was never imprisoned or fined and actually got a job at a software company through his resulting infamous creation. 

2. Melissa Worm - 1999

The Melissa worm was a macro virus that caused millions of dollars in damages to infected PCs. The virus spread via email and was supposedly created by David L. Smith, who named the virus after an exotic dancer from Florida. The virus used an enticing subject line to get its victims to open it. Once the email was opened, the virus was able to replicate and send to an additional 50 email addresses accessed through the originally infected computer. 

3. Code Red Worm - 2001

Code Red was a computer worm that affected almost 360,000 computers by targeting PCs that were running Microsoft's IIS web server. The worm was first discovered by two eEye Digital Security employees and was named for the Code Red Mountain Dew they were drinking when they discovered it. The worm targeted a vulnerability in Microsoft's IIS web server using a type of security software vulnerability called a buffer overflow. 

Spread of the Code Red worm from Caida

4. Slammer Worm - 2003

In January of 2003, the Slammer worm struck 75,000 users with a DoS attack. The worm targeted a vulnerability found in Microsoft SQL and spread rapidly. Denial-of-service attacks are used by malware writers to overload a companies' network with meaningless traffic, eventually causing the network to crash. Owen Maresh of Akamai is credited with being the first person to discover the destructive worm from Akamai's Network Operations Control Center. At its height, the Slammer Worm sent 55 million database requests across the globe and is said to have spread within just 15 minutes, surpassing the speed of the Code Red Worm from 2001. 

5. SoBig.F Worm - 2003

The SoBig.F Worm was a piece of malware that appeared only a few weeks before the Slammer worm mentioned above. The SoBig.F worm entered a device via email, which if opened could search the infected computer for additional email addresses, then sending messages to those aliases. The worm caused $37.1 Billion in damages and is credited with bringing down freight and computer traffic in Washington D.C, as well as Air Canada. Email subject lines used to entice users included, "Your details, Thank you!, "Re: Details, Re", "Re: My details", as well as various others. The speed at which the worm spread is said to surpass that of the ILOVEYOU virus and Anna Kournikova worm, both of which also spread via email. The worm's creator still remains unknown.

6. My Doom Worm - 2004

The My Doom worm, known as one of the fastest spreading viruses in history, passes both the ILOVEYOU bug and SoBig worm in speed. It was transmitted via email and usually contained a variety of subject lines including, "Error", "Mail Delivery System", "Test" or "Mail Transaction Failed". Though its creator still remains unknown, some speculate that it originated in Russia. The worm was first discovered and named by an employee at McAfee for the line, "mydom" that appeared in its code. 

7. Stuxnet Worm - 2010

The Stuxnet Worm entered devices through infected USB drives and thus had to be manually inserted into a device in order to spread. The dangerous thing about this particular virus is that internet connectivity was not needed for it to spread, making it particularly fatal for critical infrastructure plants. Once on a device, the worm would then run a check to see if the infected device had access to industrial control systems. If it did, the worm would then take control of plant centrifuges, causing them to eventually fail. The main victims of Stuxnet's payload were Iranian nuclear plants and a uranium enrichment plant. Although not verified, some believe that the United States and Israel were responsible for the creation of the worm, in order to hamper Iranian nuclear development. 

Stuxnet Diagram from L-Dopa

8. Cryptolocker Trojan - 2013

The Cryptolocker Trojan is ransomware that encrypts its victims' hard drives and then demands a payment. When the ransom message appears on the victim's computer, they are given a time limit in which they must pay the ransom in order to unlock their files. The Trojan enters a user's system through an email, supposedly sent by a logistics company. Within the email, there is an attached zip file which contains a PDF that requires the user to enter a provided password to open. Once opened, the Trojan begins its attack on the victim's computer. By posing as a legit company, the ransomware uses social engineering to trick the user into performing the required actions.

Cryptolocker Screenshot from Bleeping Computer

9. ZeroAccess Botnet - 2013

Known as one of the largest botnets in history, ZeroAccess affected over 1.9 million computers, using them to earn revenue through bitcoin mining and click fraud. Botnets involve a group of computers, also known as zombies, that are controlled by malicious software and used to send SPAM emails or launch HTML attacks, the first of which was utilized by the ZeroAccess Botnet. These controls are orchestrated by the BotMaster or the command center of the botnet. The SPAM emails sent by the botnets often contain malware that is then used to infect more computers. 

10. Superfish Adware - 2014

Superfish adware made its claim to fame through a class action lawsuit filed against Lenovo, the largest maker of PCs in the world. Superfish spyware came pre-installed on Lenovo machines without Lenovo customers being told of its existence. Superfish installed its own root certificate authority which allowed it to void SSL/TLS connections, creating an opening or "hole" for attackers. This exposed Lenovo users to potential cyber criminals while providing Superfish and Lenovo with a way to target unsuspecting users with tailored advertisements.

 

References:

1. ESET Reference
2. TCM Resource
3. PC Mag Reference
4. F-Secure Reference
5. WIRED Reference
6. CNN Reference
7. Naked Security Reference
8. IEEE Spectrum
9. Panda Security Reference
10. ZDNet Reference
11. CNET Reference

 

Article source

[AP1972]

4 hours ago, Batu69 said:

10. Superfish Adware - 2014

Superfish adware made its claim to fame through a class action lawsuit filed against Lenovo, the largest maker of PCs in the world. Superfish spyware came pre-installed on Lenovo machines without Lenovo customers being told of its existence. Superfish installed its own root certificate authority which allowed it to void SSL/TLS connections, creating an opening or "hole" for attackers. This exposed Lenovo users to potential cyber criminals while providing Superfish and Lenovo with a way to target unsuspecting users with tailored advertisements.

It has been and information in press

but they removed this error.

ESET - the best for me today, plus the human brain / very user.

[straycat19]

Quote

ESET - the best for me today

 

Another fanboy comment that can't be backed up by test results.  Whether it was removed or not is not relevant, the fact that they foisted this crap on its users without responsibly foreseeing the possible results of its actions is the crux of the matter.  It didn't pertain to us because we do not allow Lenovo computers (nor Apple devices) on our networks.

[jbleck]

i had/remember CIH... what a nightmare... 

[danicadanica]

I was looking at the ILOVEYOU vbs file where russia and US temporarily shutdown their computer assets in the military to remove it and cost billions of dollar for recovery.

[steven36]

6 hours ago, danicadanica said:

I was looking at the ILOVEYOU vbs file where russia and US temporarily shutdown their computer assets in the military to remove it and cost billions of dollar for recovery.

Yes  this came at a time when most Antivirus could not prevent it or remove it.. only it could be detected,, if you caught  it was best to reformat . You got it from opening emails  . Many people were infected  and didn't know it.  If it were possible  to make something like this today  it would reek havoc on the whole internet.

 

This  why i always never liked  outlook  and  this virus  was spread as a fix from Symantec once even.
 

Quote

 

The attachment in the ILOVEYOU virus is a VBScript program that, when opened (for example, by double-clicking on it with your mouse), finds the recipient's Outlook address book and re-sends the note to everyone in it. It then overwrites (and thus destroys) all files of the following file types: JPEG, MP3, VPOS, JS, JSE, CSS, WSH, SCT and HTA. Users who don't have a backup copy will have lost these files. (In March 1999, a virus named Melissa virus also replicated itself by using Outlook address books, but was less harmful in destroying user files.) The ILOVEYOU virus also resets the recipient's Internet Explorer start page in a way that may cause further trouble, resets certain Windows registry settings, and also acts to spread itself through Internet Relay Chat (Internet Relay Chat).

 

One of the first steps companies used to ward off the ILOVEYOU virus was to screen out notes with ILOVEYOU in the subject line. However, hackers quickly introduced copycat variations with subject lines variously identifying "JOKE" and "Mother's Day!" as the content, but containing the same or similar VBScript code. At least 12 variations have been identified. The most sinister mutation is undoubtedly the one with the subject line containing "VIRUS ALERT!!!" Posing as a virus fix from Symantec, the note starts out with "Dear Symantec Customer." The attachment (which should not be opened) is "protect.vbs."

 

Companies and users are advised to get or update anti-virus software that can help screen for the virus and remove it for users whose systems have been infected. Users are always advised never to open an e-mail attachment without screening it with anti-virus software or knowing exactly who sent it and what it is.

 

http://searchsecurity.techtarget.com/definition/ILOVEYOU-virus

[steven36]

11 hours ago, AP1972 said:

It has been and information in press

but they removed this error.

ESET - the best for me today, plus the human brain / very user.

I started testing ESET  since  way back there Its pretty  good now days but i think its due  too windows is patched much better  than it use to be Dennis Technology Labs Windows Updates vs. Web Threats test there research stated

Quote

Updating Windows improves system security by over 90 per cent
93 per cent of the threats used in this test were rendered harmless by updating the Windows 7 systems fully.
Updating third-party applications separately and in isolation increased security slightly, but not in addition to
the security levels obtained through applying Windows Updates regularly.

 I  know back in the day ESET were not as good as Kaspersky  i think you could find this out today by running test with no windows updates  that its still not. I don't  really think it matters witch one you use as long as you patch windows  and use something.

 

But  the human brain is not going get you  but so far  for years sometimes people get a virus  thorough  windows updates  its self. like  the The Flame Virus back in 2012 and they were attacks on windows updates all the way back since XP sp1 that i remember . So you could think you're installing something legitimate  and get yourself a dose  of undetected malware .

 

Even in 2015  it were possible to get malware trough windows updates.

http://thehackernews.com/2015/08/windows-update-malware.html

 

Anything on the internet can be laced  with malware and the human brain cant detect malware 

 

[Pequi]

18 minutes ago, steven36 said:

Even in 2015  it were possible to get malware trough windows updates.

http://thehackernews.com/2015/08/windows-update-malware.html

 

Anything on the internet can be laced  with malware and the human brain cant detect malware 

 

From your article:

"If you think that the patches delivered through Windows update can not be laced with malware, think again.

Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations."

 

Which is why I never let ANY program update itself. I always download and check on Jotti first (or check the SHA256, if available).

 

[steven36]

Only  thing the Human brain can do for you is tell you not to install something  but the hash checker  tells if its the right hash. Right?

 

Just like if you practice safe surfing  i don't really believe  there's such thing anymore  even Google  , Bing and yahoo  have served up ads laced with malware . any site can be compromised . Only thing you can do is install extra security and pray it  works out for you witch what i use has worked  good for me so far i see no reason to change unless it were to fail me . Ive not had no problem with malware  since I stop using XP  and  a x86  environment .

[straycat19]

Through research and testing, the one thing that seems to stop malware dead in it's tracks is to stop anything from being able to run from the %appdata% folder.  It becomes a pain when a program downloads an update and it has to be moved out of the folder to the desktop or somewhere else before you can run it, but it seems that almost every piece of malware downloads to a location in the appdata folder and runs it from there.  

[VileTouch]

I had to fight off a Sality infestation once in a rather big network. one would say, but how?? if it is so "cleanable" these days. well, turns out some AVs don't even see it for some reason. namely avast and mcaffee (others too but these were the case). the corporate antivirus was mcaffee and the vast majority of users had free avast in their computers (because fuckme, right? and fuck them it did) someone got it at home and brought it in a thumb drive or cellphone. from there it started infecting every executable in the network through some irresponsible accounts with full system access (might as well have been intentional). those computers, in turn infected other people's thumbdrives and cellphones and then their home computers. at the end of the week, when the board finally admitted there was a problem, there were tens of thousands of computers basically bricked. and they only decided to do something about it because nothing worked, everything was corrupted, no way to recover infected files. even backups had it. so apart from locking down everything (most computers didn't work anyway) we set up a cleaning kiosk at the entrance and started distributing a "cleaning" tool for that specific threat (on hind sight, it wasn't such a great idea, because most home computers were littered with all kinds malware apart from sality and as i said before, it couldn't actually clean corrupted files, just delete anything infected.) but that also impact productivity, because people couldn't bring new material (even cds were infected and had to be destroyed) in the end, the whole AV "solution" was changed and the outbreak slowly subsided. but not without large losses.

 

moral of the story:

• if your antivirus says EVERYTHING's always honky dory then there's DEFINITELY something wrong.
• convincing people to change their crappy and outdated antivirus is almost impossible and then they wonder why they break
• nobody wants to pay for security software
• when PCs break it is always IT dept.'s fault.

[DKT27]

No mention of conficker.

 

As per Wiki:

 

Quote

The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 Welchia.

 

Was probably the first big time malware that worried me. Checked for it everytime my PC got infected. Reasons being me exploring unknown territories for knowledge of them.

 

My PC has got infected many times, AVG Free and ESET to blame here. With MSRT being the best in business to remove them. I know ESET is not the best out there, but I keep it for stopping common malware. Another main reason being no other AV has satisfied me.

[steven36]

1.32.77 percent of the world's computers could be infected with malware

2. The antivirus  industry are trying sell you this snake oil even though there's a 32%  chance you're infected any ways.

3. If  you want false positives to tell you're infected  when you're  not it wont cost you a dime just install Avast or avira  free.

4. If you have a IT at home means you don't know nothing about computers no way.

[DKT27]

What people might not know is that some AV companies have actually produced malware to infect computers with malware so they can sell their product.

 

Still, still, I recommend an AV. It's not always black and white in this.

[steven36]

9 minutes ago, DKT27 said:

What people might not know is hat some AV companies have actually produced malware to infect computers with malware so they can sell their product.

 

Still, still, I recommend an AV. It's not always black and white in this.

Me too I always recommenced  a good antivirus . Years ago  I recommended Kaspersky but it became so bloated  I switched to Avast for some years now i use NOD32 . My mom still buys Kaspersky  because I recommended it too her.  Always I run other on demand scanners  to make sure NOD32  didn't miss nothing i always come up clean  i also use  a script blocker  and ad blocker ,   and some other stuff like a firewall  and vpn .

 

I changed  with the times so im not beyond  change .

[Holmes]

Those are some destructive malware I think the most destructive malware are those created by a nation state state sponsored malware.  ESET is considered the best anti-virus by virus bulletin most successes very low amouunt of fails very low amount of false positives.  Back in the day ESET Kaspersky and norman were considered the best according to vvirus bulletin and virus bulletin has nevver been in the news for negative testing.  The flame malware was state-sponsored believed to have been written by the United States and Israel and it was coded in a way that the source code looked like the source code belonging to a business database system not malware to throw security researchers off.  Writing these kind of destructive viruses malware today is possible new viruses are created like them every year.  THe I Love you virus was a destructive virus as well as conficker and alot of these viruses infect computers through e-mail.  There was a virus or malware that infected a computer if it was online forgot what that malware is called.  Kaspersky got nailed by duqu two point zero and has it in its virus definitions.  I never used outlook myself to many viruses spread through outlook.  Cyberlocker ransomware isnt as data destructive as it is financially destructive.

[x3r0]

I always thought Virut (https://www.symantec.com/security_response/writeup.jsp?docid=2007-041117-2623-99) is one of destructive one...

[vibranium]

14 hours ago, VileTouch said:

moral of the story:

• when PCs break it is always IT dept.'s fault.

 

Not if you managed to catch the unfortunate fellow who first brought the damned virus in!

[VileTouch]

43 minutes ago, vibranium said:

 

Not if you managed to catch the unfortunate fellow who first brought the damned virus in!

oh yes, there was an investigation and heads did roll, but the actual vector was never established.

[asf]

23 hours ago, straycat19 said:

Through research and testing, the one thing that seems to stop malware dead in it's tracks is to stop anything from being able to run from the %appdata% folder.  It becomes a pain when a program downloads an update and it has to be moved out of the folder to the desktop or somewhere else before you can run it, but it seems that almost every piece of malware downloads to a location in the appdata folder and runs it from there.  

How do you that?

 

Thanks

[Holmes]

I remember virut have always considered it in the same line as the weapons of mass cyber destruction.  Thats why you take the computer with the virus on it replace it with a hard drive so the person can use there computer and go back to it later on I did that with my moms old hard drive she got a virus on facebook or something and it eats resources takes fortyfive minutes to a hour to login FUN.  I used gmer no symptoms I just had a hutch and gmer detected a red file I made the mistake of not taking care of it right then and there and the problem is the virus unhooked itself I restarted and there were additional red files.  It did what the empire did in the movie dracula untold and hid behind the regular soldiers.  I meant to go and disinfect it I forgot to now Im going to this year.  It goes to show that the most destructive malware is the Hypervisor bootkit I think the most or one of the most destructive bootkit like malware is the blue pill created by joanna rutkowska:

 

http://www.pcworld.com/article/237437/the_undetectable_malware_that_real_hackers_dont_seem_to_want.html

 

This is a blog post by the author:

 

http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html

 

Trusted Computing technology can help prevent this you need a intel iseven processor that supports Trusted Execution Technology.  My next processor is going to have this I have a intel iseven right now its only fourth generation and doesnt have Trusted Execution Technology makes me sad.