Before CryptoLocker, CryptoWall and other ransomware - like the kind that Hollywood Presbyterian Medical Center recently fell victim to - ruled the malware kingdom, these five other notorious attacks tried your patience for end users and loved ones. Which worms, Trojans, adware, viruses, etc. made our list? Hint: one destroyed my love for animated monkeys, save for Curious George, Diddy Kong and Abu. Spanning the last two decades, here are some of the worst cases of malware that rocked the worlds of system administrators and IT service providers. Hop into our blog time machine, and relive the malware that you can now hopefully laugh at.
1. BonziBuddy (1999) - My Own Brush with Malware
image source: https://www.youtube.com/watch?v=x6-okLezz4s
OK so maybe he doesn't rank with the rest of the big malware names of the day, but who else remembers that purple gorilla from Hell named BonziBuddy? As I learned in my earlier years, this desktop agent was anything but a pal. Sure, he wormed his way into all our hearts with his charming juggling tricks and musical numbers like Bicycle Built for Two, but these were cheap ploys to gain our trust. Make no mistake, he was no Clippy. There was and will only ever be one Clippy, and he mysteriously vanished into thin air. All mourning for digital office supplies aside, BonziBuddy was originally advertised to Microsoft users as a sidekick available to help with Internet browsing. Instead, after his release into the wild in 1999, Bonzi Foe terrorized PCs, flinging poop (no, not actually though it's not hard to imagine when we have a poop emoji on our phones) and crashing programs.
Sadly, I learned this the hard way when I gave the McCoy family computer the swine flue of viruses after downloading the adware as a child. A step up from my collection of animal figurines, my friendship with Bonzi started out strong. He performed backflips for me, and I giggled and continued to click for more. Then one night, after he took everything he wanted, Bonzi turned on me and didn't even have the decency to return his friendship bracelet. All of a sudden, our computer kept freezing and required a major clean-up. Now widely recognized as malware of yesteryear, BonziBuddy taught a young Mary that all downloads have consequences. After that, I was much more discerning of online scams. The same can't always be said for your clients, can it? Teach them how to identify malware warning signs, detect foul play, and then help establish security policies and procedures that can be tested regularly!
Now that I've got that out of my system, let's continue our stroll down malware memory lane with these other more notable bugs...
2. ILOVEYOU (2000)
image source: http://www.anvari.org/fun/Computer/I_Love_You_Virus.html
Suffice it to say users weren't feeling the love when they were hit with this computer worm, one of the first big email malware of its kind, back in 2000. Also commonly known as Love Letter, the email appeared to come from a secret admirer with its "ILOVEYOU" subject line. Like many phishing email schemes perpetuated today, the worm infected computers through a malicious email attachment. The file attached in the original version, LOVE-LETTER-FOR-YOU.TXT.vbs, masqueraded as a TXT file, but was actually script the hackers used to attack those who opened it. The vbs extension was not visible to email recipients because at the time, Windows hid all file extensions by default. Just like attackers do now, the masterminds behind the ILOVEYOU virus exploited a system vulnerability to gain access to computers. So what was the damage? In 10 Worst Computer Viruses of All Time, Jonathan Strickland cites McAfee, sharing the various ways the worm infected victims. A few examples include the virus copying itself and hiding in several folders on users' hard drives, downloading a password-stealing application and adding new files to victims' registry keys. All in all, Love Letter cost $10 billion in damages, and what's more? The two believed to be the original perpetrators of the bug - which originated in the Philippines - were never charged.
3. Code Red (2001)
image source: https://www.youtube.com/watch?v=9xIqF0La6Ik
This next virus was named after the Mountain Dew beverage the two eEye Digital Security employees were drinking when they discovered it fifteen years ago. Like the ILOVEYOU virus, Code Red hackers exploited an existing system weakness - this time within the OS - to carry out their attack. Targeting computers with Microsoft IIS web server installed, the computer worm took advantage of a buffer overflow problem in Windows 2000 and Windows NT. Essentially, once a machine reached its buffer capacity, it would start to overwrite adjacent memory. Once launched, the Code Red worm executed code from within the IIS server and was virtually undetectable on hard disks because it was able to run solely on memory. So how did it behave? Once a computer was compromised, Code Red attempted to make a hundred copies of itself. Due to a bug in programming, however, it actually infected many more devices, maxing out CPU loads and exhausting system resources. The worm even launched a distributed denial of service (DDoS) attack on the White House, attempting to crash its web servers by flooding them with simultaneous traffic requests from infected computers. According to HONGKIAT's 10 Most Destructive Computer Viruses, Code Red impacted one to two million IIS servers, alarming given that there were around six million at the time. It's not surprising then that the virus resulted in two billion dollars lost in productivity.
4. Conficker (2008)
Next, we jump forward in time to 2008 with Conficker, sometimes referred to as Downup or Downadup. Like Code Red, it used flaws in Windows OS to compromise machines. Conficker also targeted systems with weak passwords, guessing administrator credentials to obtain access to local networks and spread. Additionally, according to PC World, "the worm infect[ed] removable devices and network shares with an autorun file that execute[d] as soon as a USB drive or other infected device [wa]s connected to a victim PC." One of the reasons why the botnet generating worm was so dastardly is because advanced malware techniques made it hard to suppress and contain. In fact, once computers were infected, Conficker triggered the installation of additional malware. On top of this, one infected computer put all other machines connected to the same network at risk. By being so contagious and resilient, the malware is one of the most significant worm infections to date and reportedly compromised nine million computers.
5. Flashback (2011)
This fifth example, while last in this post, certainly doesn't complete the list of most notable malware. Still, it's a good one to flag for proving Macs aren't invincible to viruses. Only a few years ago, antivirus company Intego discovered Flashback, a Trojan that posed as a fake Flash install, targeting systems running Mac OS X. Victims meant to download a trusted browser plug-in for video streaming, but actually installed code that collected their personal information to send back to attackers. By designing the malicious installer to be indistinguishable from legitimate Adobe downloads, the hackers successfully employed social engineering tactics to coax users into downloading the malware. Their infected machines then became part of larger botnets, distributing the virus further. Eventually the Trojan evolved into a more sophisticated variant that self-installed on Java enabled machines, which only helped grow the number of infected computers. In total, more than 600,000 Macs suffered from Flashback, 22,000 of which were still compromised three years later.
The IT Community's Malware Memories
We also asked members of Spiceworks and MangoLassi to share examples of malware their clients fell victim to. See below for highlights, including one response which was already referenced in the above list. Can you guess which one?
With the prevalence of cybercrime and online threats, having a strong antivirus solution is not an option. Look for AV software that detects and protects clients from both major threats like CryptoLocker and minor vulnerabilities which could escalate later, doesn't consume too much network bandwidth or PC disk capacity, doesn't slow down processing speed and provides a hassle-free end user experience. The right endpoint security suite will be your greatest defense against malware and other outside attacks.
What malicious programs and schemes still haunt you? Leave a comment below!
By Meaghan Moraes
By Gretchen Hoffman
By Meaghan Moraes