Do you want to know the worst Types of Viruses that ever hit computers and how they completely spoil the system? In this article, we will discuss the worst and most dangerous 11 viruses since the advent of the computer, how it targeted user systems, and what losses it caused.
These days, having an antivirus program for Virus Prevention to protect your device and your data is very necessary, as these programs provide an integrated package of features that searches within the system for any program or virus that is considered a threat to the device, and eliminates it completely.
what is computer virus
Computer viruses are programs that can access system files with the possibility of damaging or destroying data stored on the device, in addition to that viruses have the ability to replicate themselves to other viruses that have the ability to infect other devices.
When you connect to the Internet, there is a very high probability that you will enter Worms in your computer, now the Internet is the main gateway to your computer, and from it all viruses will be transmitted to it if your device is not protected by a good protection program.
One of the ways in which different types of computer viruses are transmitted to your device is through
- Opening suspicious or fraudulent websites
- Opening Spam Email
- Downloading games, movies, or music from untrusted sites
- Download files that contain malicious software
- Download via torrent files.
The computer sends many signals that inform you that the device is infected with a virus, such as irregular behavior of the system or its failure, data loss or encryption, slow opening of programs and large memory consumption of the device, and many other signals.
Since the emergence of the first computer virus in 1971, which is called "System Creeper", thousands of viruses have continued to infect computers over the years, and even now thousands of new forms of viruses still appear daily, not only for individuals, but even for companies or institutions.
Because of these viruses, many companies lost a lot of money due to the damage that resulted from infection with one of these viruses, which means that there is enough possibility that you will be threatened if your system is not properly protected.
MelissaVirus
Named after a dancer from Florida, the "Melissa" virus was developed by David L Smith, and who invented it in 1999.
This virus It is spread through emails that contain infected word documents as attachments.
The content of the emails was designed in an attractive and seductive way so that the victim could not ignore them and open them on his device, as the email claimed to contain an attachment containing dozens of free passwords for adult websites.
Once the user downloads the document to the device, the Melissa virus captures the top 50 email contacts from the victim's account, then copies itself and sends the email to the victim's contacts.
After Melissa virus effects, it was found that no private data of the victims was stolen because cybersecurity experts contained it, but this does not mean that it caused great damage, as records indicate that this virus infected more than 100K devices, and more than 300 organizations.
It caused $1.1 billion in damages worldwide, and even government agencies couldn't protect their systems from this virus, so melissa virus is an example of what virus can do.
After discovering who was behind this virus, the court charged David L Smith with 10 years in prison, but the sentence was reduced to less than two years, with a fine of $5,000.
Stuxnet virus attack
Stuxnet virus is a multipart malicious worms, developed in 2005, but became active in 2010, mostly spread through USB devices and Microsoft Windows computers.
The "stuxnet" virus is considered very dangerous because it was targeting energy industrial facilities, especially the Iranian nuclear plants, with full control of the equipment automation program.
Receive "stuxnet worms" great attention from the media, because the virus was given a very large ability to completely disable computers, and the most important event that got media coverage is the establishment of a partnership between the American NSA and the CIA and Israeli intelligence.
I had "stuxnet worms" three modules named (The Worm, The Link File, The RootKit), the worm executed the routine related to the main attack component, which carried out the malicious activity, and the Link File automatically created multiple copies of the worm.
The RootKit was responsible for hiding malicious files in order to avoid any virus detection by antivirus software.
Use stuxnet worm attack on Iranian nuclear facilities, and it has destroyed nearly 5 Iranian nuclear centrifuges, and also led to the infection of more than 200K computers around the world, but Iran received the greatest damage.
My Doom Virus
It is also called "W32.MyDoom@mm", and it is the first version of the worm, and it was first seen on January 26, 2004, and it is believed that it is of Russian origin, but its author is not known yet, and the program was written in the "C++" language, and it affected Only on Windows devices.
The My Doom virus spreads in the same way as the Melissa virus, and also through P2P networks, as after entering the device, a backdoor will be created in the operating system for other malicious programs to infiltrate.
My Doom infected mails usually contain a sending error with subject lines ("Error" - "Mail Delivery System", "Test", "Mail Transaction Failed"), and it uses different languages to avoid the chance that the victim will ignore opening the message.
"My Doom" is considered to be the fastest spreading email-based worms virus, and it has cost the world $38 billion in damages, and it is still going on, earning it a reputation as the worst destructive virus to date.
Fun fact is that the My Doom virus has a song dedicated to it by a British IDM musician named Aphex Twin, and he has some other songs about some other viruses.
ILOVEYOU Virus
“ILOVEYOU Virus” is a Famous Viruses, this Worm Virus that has the ability to replicate itself, “Lovebug” and “Love Letter Of You” are other names of the virus, it was created in the Philippines, and it has affected more than 10M Windows devices around the world.
Lovebug used websites and file-sharing methods to spread to victims' devices, but it was e-mail messages that accelerated the spread of the virus to many devices, as these messages looked like love letters from secret admirers.
These messages usually contain attachments that contain the virus, and once opened, "Love Letter Of You" will send itself back to all contacts in the victim's Microsoft Outlook address book.
The "ILOVEYOU" virus destroys JPEG and Mp3 files on the victim's device, in addition to other file formats, in addition to copying itself inside the system, hiding its files inside the device's hard disk, and adding new files to the recording files.
The virus affected more than 500K systems in the year 2000, and caused damages of more than 15 billion dollars, of which 5.5 billion dollars were calculated only in the first week of its spread, and it is believed that the virus had infected 10% of the computers in the world.
The strange thing about it is that even 20 years after this virus appeared, it is still used in one form or another, because it still works amazingly well.
Nimda Virus
The Nimda computer virus is one of the most dangerous and widespread viruses, as records say that it took only 22 minutes for Nimda Virus to reach the top of recorded attacks from the first moment it entered the Internet.
Nimda Virus, which is the word "Admin" inverted, appeared on September 18, 2001, and was developed in China, and was written in C++, and emails, open network sharing, and hacked sites were one of the methods used by the virus to spread.
With the sole purpose of attacking not only individual users, but also Internet servers and crawling web traffic, Nimda created a backdoor into operating systems, giving the attacker control over system functions to the extent allowed to the original user.
For example, if you are a user with limited access to the system, the hacker can only make changes within the same restrictions as the original user, but if the user has full access to the system, the hacker will have those same full powers.
FleeceWare Virus
Usually, people feel safe when downloading apps from official app stores like Play Store or Apple Store, however, it does not mean that you will avoid the chance of installing malware on your device while downloading it from one of these stores.
FleeceWare Virus is a little different from other viruses, as it is a kind of malicious application that infects smartphone devices, but it does not steal any personal data or harm the device, it works like a normal advertised application, but with extra hidden subscription fees.
FleeceWare app developers usually use fake accounts to boost the ratings of their apps and increase the number of downloads on the App Store, as users easily fall prey to these malicious apps.
Fake Windows Update
Again, emails are to blame here, as the attacker sends malicious emails containing an attachment in the form of a JPG sent by Microsoft, and asks the user to update their operating system from the link in the message.
After opening the link and downloading the files on the device, the ransomware will be installed on the victim's computer, so that it will encrypt all your files, and the user will not be able to access his files if not pays a certain amount to the owner of the virus in order to decrypt his files.
Emails
of this type usually include two lines identifying the new update and a
single sentence that begins with two capital letters in the first word.
The
program in the infected mail is named "Cyborg", which encrypts files on
the device.
After the device is infected, a text attachment called "Cyborg-DECRYPT.txt" will appear on the surface of the user's device, which requires payment of $500 as ransom money.
The virus also leaves behind a copy of it called "bot.exe" that hides in
the root of the infected system.
You should know that not all
operating systems send their updates via e-mail.
If you receive a similar message about an available update, you must contact technical support to make sure that the message you received was sent by them.
GameOver Zeus
GameOver Zeus or "GOZ" first discovered in 2011, is a P2P extension of Zeus Trojan, also called "Zbot", one of the most successful bots in the world.
GameOver Zeus uses spam emails and hacked websites to attack its victims.
GOZ is designed to steal a victim's personal information, such as passwords and credit card information as well as sensitive customer and corporate information.
White Zbot was sophisticated enough to steal information from well-known organizations such as NASA and Banck of America, with the virus infecting thousands of companies and nearly 1.2 million computers before it was completely wiped out.
Being an advanced variant of the Zeus family, the GameOver Zeus is a polymorphic malware with low detection rates, which has made it a persistent threat, which is what has made it one of the most successful and widespread botnets around.
The new version of Necurs contained a RootKit, which made it difficult to remove unless you formatted and reinstalled the system, but it was easy to get infected again since the malware was still somewhere in the P2P network.
It can only be controlled through intelligent software like Heimdal, which blocks access to infected addresses, websites or computers, as it identifies infections by examining communication attempts between machines.
Plugx Virus
Plugx is a full-featured Remote Access Trojan or "RAT" virus, an early sample of which can be traced back to 2008, and researchers have recently discovered a new variant of this malware called "KorPlug".
This malicious program opens backdoors that give the hacker full authority to manage the hacked device, and he can fully control the device with the ability to execute commands from a remote location such as:
- Retrieve device information
- Take screenshots from the device
- Reboot the system
- Upload, download or modify files
- Managing operations within the device
- Entering new records within the system
- Logging of keystrokes
Like most other known viruses, PlugX spreads through malicious emails, which appear to be sent from legitimate service providers carrying signed application or executable files.
In most cases, endpoint security products do not flag them, so if those emails carry a copy of a legitimate antivirus application, Endpoint Security may actually whitelist them and allow the program to complete the installation process.
PlugX Virus attachments carry three different attachments that make up the components of the program, and the program has usually targeted government institutions and major industry centers.
Cop Ransomware
Like other ransomware, Cop Ransomware also creates a backdoor with encryption of all system files, blocking access to system processes and services, and demanding a ransom to decrypt the system and files.
What makes it even more dangerous is that malware evolves over time, and its developer is constantly using innovative techniques to make it more sophisticated.
First discovered by MalwareHunter teams, in February 2019, Cop Ransomware is a variant of the "Crypto max Clop" family, which is the Russian word for "bug", and uses spam, malicious ads, and hacked websites.
As "Clop" infects the system, it immediately closes Windows system services and processes, disables anti-virus software, and then closes all system files to start the encryption process.
The program targeted Windows operating systems, especially English-speaking users, however, the Cop Ransomware virus targets entire networks, not just individuals.
CryptoLocker Virus
CryptoLocker Virus is considered one of the worst viruses known to the Internet, and Evgeniy Bogacher was the leader of the CryptoLocker gang, as it first appeared on September 5, 2013, and this virus continued to spread until June 2014 when it was completely removed.
Although CryptoLocker was similar to other ransomware, once it
infects the victim's device, it is effective as if you lost your files
forever, in addition to affecting USB and shared network drives.
CryptoLocker also uses the same techniques as other ransomware, and usually the malicious file contains a Word or PDF attachment that is legitimate for the user, but has an additional hidden malicious extension.
The program encrypts all files using asymmetric encryption, as it locks your files with a public key, but you will need a private and unique key to unlock information or files, which can only be obtained by the owner of the program.
Conclusion
As a general rule, do not open any attachments that come to you, and always check the source before downloading any file to your own device, and the most important thing is to take care of the security of your files and sensitive information stored on your device.
As you've seen, many malware and ransomware have managed to bypass systems and antivirus software, so you should only rely on multi-level protection, and make sure your important data is backed up.
You now realize that email is one of the most common ways that malware relies on infiltrating systems and devices, so be careful and do not open any attachment from an unknown source.
No comments: