Menu
homeConnection

The most popular computer viruses. The most dangerous and famous computer viruses

Good day, friends! As you know, security and protection of your electronic friend are pressing issues for a huge number of users. Cunning worms and insidious Trojans are constantly roaming the Internet, trying to sneak through loopholes on your PC and wreak havoc on your hard drive. Today I invite us all to remember the most famous computer viruses of our time.

Eight new-age malware

First, let's make a short list of all these malicious utilities, and then I will talk about each in more detail, including the newest and most tricky ones. So here are these bastards:

  • ILOVEYOU – 2000;
  • Nimda - 2001;
  • SQL Slammer/Sapphire – 2003;
  • Sasser - 2004;
  • Storm Trojan - 2007;
  • Conficker - 2008;
  • Wannacry – 2017;
  • Petya – 2017.

I LOVE YOU

This virus is considered the pioneer of large-scale computer infections around the world. It began spreading on the night of May 5 in the form of emails with a malicious script attached.

When he opened this letter, he immediately began sending himself using the Microsoft Outlook contact sheet (at that time this program was considered the height of perfection for sending emails). Over the next few days, it infected about 3 million PCs around the world and overwrote files on them. The damage from its destructive activities amounted to approximately 1015 billion dollars. For this, the ILOVEYOU virus even entered the Guinness Book of Records, receiving the “honorary” title of the most destructive virus.

Nimda

This malware spread in a matter of minutes. Its scripts were written in such a way that it affected not only the computers of ordinary users, but even servers running Windows NT and 2000, which at that time had quite powerful protection. It penetrated the hard drive through email distribution. The targets of infection were Internet portals that did not have the necessary protection system.

This worm was attributed to the authorship of Al-Qaeda (a terrorist organization banned in the Russian Federation). However, no evidence was received. According to rough estimates, the damage from the virus amounted to more than $50 million, then networks of banks, hotels, federal courts, and so on collapsed.

SQL Slammer/Sapphire

A notable feature of this worm is its small size. It weighed only 376 bytes, but these bytes infected about 75 thousand computers in the world in 10 minutes. As a result of his attack, emergency networks were disabled, many hosts crashed, and access to the Internet disappeared at a nuclear power plant in Ohio, USA.

Sasser

The epidemic of this worm began at the end of April 2004. Within a few days, the worm managed to infect about 250,000 computers around the world. After infecting one device, the worm gained access to the Internet and looked for computers with a vulnerability through which it could get there. The virus did not cause any particular harm or mischief - it just sent the computer into an endless cycle of reboots.


Interestingly, its author was not a bearded hacker with a powerful desktop, but an ordinary 17-year-old teenager from Germany with a home PC. He was identified quickly enough, after which he was sentenced to probation. It is difficult to explain why, because his creation sabotaged the work of airlines, hospitals, post offices, the British coast guard and many other social institutions and caused damage of 18 billion dollars.

Storm Trojan

8% of infected computers out of the total number around the world - this is the result of the march of the Storm Trojan virus across the planet. The principle of its operation is very common - it involved infecting a PC and connecting to the so-called botnet. In it, a huge number of computers were connected into one network, without the knowledge of the owners, which served the only purpose - massive attacks on powerful servers. It was quite difficult to neutralize him, since he independently changed his code every 10 minutes.

Conficker

The Conficker worm exploited operating system vulnerabilities and disabled many services, including security. It is considered the “progenitor” of malicious programs that are distributed via USB drives. In them, he created the autorun.inf file, which I'm sure many of us have seen.

By the way, you can still find a type of virus that hides files on storage media and replaces them with its own shortcuts. I have already described how to restore visibility to such files in the article.

Its purpose is the same as the previous one - uniting infected PCs into a common botnet. In this way, he was able to “subjugate” a huge number of machines and bring down the networks of not only ordinary companies, but also the defense ministries of Germany, France and the UK. According to the most conservative estimates, it caused damage in the amount of $9 billion.

Wannacry



Today, only those who don’t surf the Internet or watch TV have never heard of Wannacry. It belongs to the Trojan Winlock family of viruses. This cutting-edge, cunning and incredibly clever network worm, also known as ransomware, works as follows: it encrypts the vast majority of files stored on the hard drive, after which it locks the computer and displays a ransom window. It was proposed to transfer the money in the form of bitcoins, a modern cryptocurrency. The worm was able to infect about 500,000 people in 150 countries, with India, Ukraine and Russia being the most affected.

It is known that the hackers were able to obtain $42,000 from their victims. The attack was stopped by accident. It was discovered that before starting to encrypt files, the malware accesses a non-existent domain, and if it does not exist, the process begins. It was a small matter - the domain was registered, and the procession of Wannacry stopped. So the world was saved from the computer apocalypse. At the moment, the damage is estimated at $1 billion. The virus has disrupted the work of many banks, transport companies, and dispatch services. If not for the miraculous rescue, millions of people could have gone bankrupt or died in train and plane accidents. According to experts, this was a significant case. Now it has become clear to everyone how dangerous modern unusually complex and carefully designed fraudulent schemes are.

They began to fight information crime very seriously, including in our country. However, just a month later in June 2017, the Petya virus appeared.

Petya


The Petya ransomware virus is a trend in June 2017. It is very similar to Wannacry, but there is a significant difference - it does not encrypt individual files, but locks the entire hard drive. Its creators relied on fans of unlicensed software, because not every user follows official Microsoft updates, and in one of them a patch was released that closed the hole through which Petya is now getting onto the PC.

It is distributed through attachments in emails. If the user runs this file, the computer will reboot and a simulated disk check for errors will appear on the screen. After this, a red skull will appear in front of your eyes across the entire monitor. To decrypt the hard drive you need to transfer a certain amount in bitcoins.

Experts believe that the more technology develops, the more people will want to use it to deceive their neighbors. This is the harsh reality of the 21st century.

According to statistics, in 2016, about 650,000,000 rubles were stolen from Russians’ bank cards. This is 15% less than in 2015. Sociologists believe that the residents of our country have seen through the majority. However, new, previously unknown ways to lure money out of your wallet appear almost every day.

This is the list of the most famous and dangerous viruses that infect people’s electronic assistants in the 21st century. If you were interested in reading about them, share the article on social networks so that your friends also know about this danger. Also don't forget to subscribe to blog updates!

PS: Amazing facts

Dear reader! You have watched the article to the end.
Have you received an answer to your question? Write a few words in the comments.
If you haven't found the answer, indicate what you were looking for.

Computers can become carriers of viruses. Their attack will not cause harm to a person, but will damage the silent mechanism, the “treatment” of which will cost a decent amount. Experts have compiled the Top 5 most insidious computer viruses. The criteria were not unfounded words, but the cost of damage and the number of affected computers. There is hope that viruses have not penetrated into every laptop, and that we will only become acquainted with them through the news.

In youth circles you can often hear talk about worms, backdoors, rootkits and Trojans. These incomprehensible words refer to computer “pests”, in other words, carriers of harmful software. They are different, but they can be confused with each other since they all affect the Windows operating system. This has been observed from the moment of their appearance to the present day.

1. The very first pest is considered to be a virus that has a carrier program. He "infects" the file by adding code known only to him. Transferring files will contribute to the spread of the virus.

2. The worm is even more insidious. It creates its own server and sends itself to all the files on the computer.

3. The Trojan disguises itself as software and gradually “eats” the device.

4. A backdoor is actually a line in a PHP script. With this line, hackers can gain access to any PC.

5 . The rootkit operates with administrator rights. It finds weaknesses in operating systems and programs.

In 5th place will be the SLAMMER virus, which is also known under other names. Introduced in 2003, it quickly spread and slowed down the Internet.

  1. Slammer affected about two hundred thousand computers, causing damage of over one million dollars.
  2. If users had used the Microsoft patch, the spread of the “pest” could have been avoided.
  3. The virus sent a stream of data that could not be stopped, thereby blocking access to the Internet. As a result, a server at a nuclear power plant in the United States was damaged: the security system did not work.

In 4th place is the CODE RED worm, which acted gradually, moving from one server to another:

  1. The worm had one goal: to replace the meaning of websites.
  2. CODE RED was able to block the White House server.
  3. In one week, the virus was able to infect four hundred thousand servers. The damage amounted to about three billion dollars.

Loveletter “took” third place, but not because of the desire for love, although that’s how it all began. Letters-files were sent to all email inboxes in which the unknown person spoke about love. Having opened the file, the user, without knowing it, released a virus onto his computer, which “loved” his mail and hard drive. Then the following happened:

  1. Using the address book, the virus sent itself to all addresses.
  2. Loveletter also turned out to be a “thief”: passwords from machines suddenly disappeared.
  3. The latest “crime” made all computer owners understand how serious virus programs can be and that only anti-virus software can resist them.
  4. ILOVEYOU infected almost three million computers, causing damage estimated at $15 billion.
  5. It was determined that the virus was launched by hackers living in the Philippine Islands. However, there was no punishment because Philippine laws do not see the crime.

For almost fifteen years, SOBIG.F has been circulating on the Internet, incorporating the features of a worm and a Trojan. During this time he was able to do the following:

  1. Destroyed 2 million cars, worth 37 billion dollars.
  2. It took the virus only a day to send out a million copies of itself.
  3. Not only ordinary PCs were paralyzed, but also Washington's email. Some world-famous companies had to cancel flights.
  4. A reward ($250,000) was offered for anyone who could find the creator of the virus, but the author of SOBIG.F proved elusive.

The worst was the MYDOOM virus, which disappears and leaves no traces:

  1. The virus enters the computer through the “Bounced Email” notification.
  2. Page loading speed dropped by half, Internet speed by one tenth.
  3. Two million PCs were affected. The damage caused by MyDoom reached $38 billion.

The announced reward of a quarter of a million dollars “on the head” of the creator of the virus remained unclaimed.

The first computer virus in the history of technology was created back in 1983, and three years later, malicious programs began to be used to damage computer networks, damage and steal information.

More and more advanced viruses appear every year, and high-speed Internet allows them to spread at tremendous speed. Today's top ten includes the most dangerous computer viruses throughout their entire history.

It was the world's first virus targeting IBM-compatible computers and caused a global epidemic in 1986. It was written by two Pakistani programmers and quickly spread beyond Pakistan.

9.Win95.CIH

The virus was discovered in 1998. It contained a logic bomb designed to corrupt the contents of the BIOS and destroy information on hard drives. The program always worked on April 26, the day of the accident at the Chernobyl nuclear power plant. Win95.CIH became the first virus that corrupted not only programs, but also computer hardware.

8.LoveLetter

This virus appeared in 2000 and was the only one included in the Guinness Book of Records. Within a few hours, LoveLetter hit millions of PCs around the world. By email, the victim received a letter with the subject line ILOVEYOU. The virus was triggered when the vbs file LOVE-LETTER-FOR-YOU.TXT attached to the letter was launched. At the same time, the virus sent itself to addresses found in MS Outlook on the infected computer.

7. Ramen

In January 2001, a virus infected hundreds of corporate systems running Linux within a few days. The worm is dangerous because it disrupts the operation of the http server by destroying the contents of index.html files, prohibiting anonymous ftp access to the server itself, and removing restrictions on access through hosts.deny. Ramen has destroyed the previously existing myth that Linux viruses do not exist.

6. Cabir

This network worm was discovered in 2004. The virus spread via Bluetooth and infected mobile phones running Symbian OS. Cabir was the first of many viruses for mobile devices.

5. Kido

In 2009, Kido infected millions of computers using multiple penetration paths - through flash drives, network password guessing, and holes in Windows MS08-067. To combat the virus, the Conficker Working Group was created, which included antivirus companies, Internet providers, research organizations and regulators. The weapon was found only in 2012.

4. Wiper

This Trojan caused panic in Iran in 2012, destroying databases in dozens of organizations. The work of the country's largest oil terminal was stopped for several days, and data on all oil contracts was destroyed. The virus is written so professionally that after activation it leaves no traces that can be used to investigate the incident.

3.Flame

This worm was designed for cyber espionage. The program was discovered by Kaspersky Lab specialists during an investigation into an incident involving the deletion of data on corporate computers in the Middle East. Flame is a huge package, including software modules whose total size is almost 20 MB.

2.Win32/Stuxnet

The virus, discovered in 2010, is different in that it infects not only user PCs, but also entire industrial automated systems. This means that, at the will of the creators of the virus, it is possible not only to steal data, but also to destroy complex electronic systems, for example, those controlling a nuclear reactor.

1. Regin

Symantec announced the discovery of this virus in November 2014. According to experts, years of work were spent creating the virus. Regin is directed against telecommunications companies, as well as Internet providers in Russia, Mexico, Saudi Arabia, Iran and Ireland. The virus is often compared to Stuxnet, but it is recognized that it is a much more advanced product.

The computer virus was distributed via email in an attached file, and after the user opened this file, the virus sent itself to the first 50 addresses in the email program's address book Microsoft Outlook.

Today " Melissa“You can’t scare anyone anymore. But they will remember her for a long time. Basically, the same as about the next nine viruses. About the latter, by the way, in honor of “ Melissa“And we remember. Read.

Brain

This virus is the most harmless in this hit parade. All because he was one of the first. Distributed via floppy disks. The development lies with the brothers Amjat and Basit Alvi ( Amdjat and Basit Faroog Alvi). These guys started it in 1986. But discover “ something's wrong“The specialists succeeded only a year later in the summer.

They say that the virus infected more than 18 thousand computers in the United States alone. Fun fact: the development was based entirely on good intentions. That is, the brothers wanted to punish local pirates who were stealing their company's software.

And also Brain took pride of place as the world's first stealth virus. When trying to read an infected sector, it “ substituted“ his uninfected original. It was very difficult to catch one.

Source: securelist.com

Jerusalem

The second name is “ Friday the 13th“. And the first arose thanks to the country of its origin - Israel ( in 1988). Why is this dangerous? Friday“? The one that was downloaded from a floppy disk. And as soon as the time came X ( Friday the 13th) - the virus immediately deleted absolutely all data from the hard drive. In those days, few people believed in the existence of computer viruses. There were almost no anti-virus programs at all. That's why Jerusalem terrified users.


Source: classifieds.okmalta.com

Morris worm

And this one “ worm“ went on a rampage in November 1988. It blocked the operation of computers with its chaotic and uncontrolled reproduction. Because of him, in fact, the whole ( not too global for those times) Net. Please note: the failure did not last long, but it managed to cause serious damage. Experts valued them at $96 million.


Source: intelfreepress.com

Michelangelo (“March6“)

Michelangelo“ was rowdy in 1992. He penetrated the boot sector of the disk through floppy disks, and sat quietly there until March 6th arrived. As soon as the time came for X, “ Mark“I immediately formatted the hard drive. Its appearance was beneficial to all companies developing anti-virus software. They then fanned the hysteria to incredible proportions. Although, the virus mocked only 10 thousand machines.


Source: macacosabetudo.com

Chernobyl (CIH)

It was created by a Taiwanese student ( in 1998). This malicious software was named after the latter’s initials. The essence of the software: through the Internet, email and disks, the virus entered the computer and hid inside other programs. And on April 26 it was activated. And it not only erased all the information on the hard drive, but also damaged the computer hardware.

Peak Chernobyl“came in April 1999. More than 300 thousand cars were damaged then ( mostly East Asia). And even after everyone trumpeted the information about the presence of such a pest, it hid on computers for a long time and continued its dirty deeds.


Source: softpedia.com

Melissa

We return again to “ Melissa“. It was created by then 30-year-old David Smith. The amount of damage caused to the programmer's brainchild is more than $100 million. For this, the attacker was put behind bars for a term of 46 to 57 months.

Then Smith was released on bail of $100 thousand, and the case began to be put on hold. The hearings have been postponed several times, and the prosecutors who launched the case so loudly have now remained silent. Jim Smith himself and his lawyer are also silent.


Source: jrwhipple.com

ILOVEYOU (“Letter of happiness”)

Someone in 2000 thought of writing a pretty cute virus. It arrived in the mail in the form of a message “I LOVE YOU” with an attached file. Users downloaded it and... A script settled on the hard drive that:

  • randomly sent letters in incredible quantities;
  • deleted important files on PC.

The results are simply shocking: the damage caused by this “ by letter“, “slammed“ 10% of all computers that existed at that time. In monetary terms it is $5.5 billion.


21.11.2013

The history of computer viruses begins in 1983, when the American scientist Fred Cohen, in his dissertation work devoted to the study of self-replicating computer programs, first coined the term “computer virus.” The exact date is even known - November 3, 1983, when at a weekly seminar on computer security at the University of Southern California (USA) a project was proposed to create a self-propagating program, which was immediately dubbed"virus" . Debugging it required 8 hours of computer time on a VAX 11/750 machine running the Unix operating system, and exactly a week later, on November 10, the first demonstration took place. Based on the results of these studies Fred Cohen published the work ComputerViruses: theory and experiments with a detailed description of the problem.

The foundations of the theory of self-propagating programs were laid back in the 40s of the twentieth century in the works of the American scientist John von Neumann, who is also known as the author of the basic principles of operation of a modern computer. These works described the theoretical foundations of self-reproducing mathematical automata.

Here we will talk about the most dangerous samples of malware in our long history.

Before discussing them, let's define what is meant by the most dangerous?

From the user's point of view, this is the virus that caused the maximum damage to him. And from the point of view of an information security officer, this is a virus that you have not yet been able to detect.

We will be guided by this criterion in the future.

In my opinion, most dangerous malware - one that opens up new opportunities for infection.

Creeper

The first Creeper network virus appeared in the early 70s on the military computer network Arpanet, the prototype of the Internet. The program was able to independently access the network via a modem and save a copy of itself on a remote machine. On infected systems, the virus revealed itself with the message: I "M THE CREEPER: CATCH ME IF YOU CAN. In general, the virus was harmless, but it annoyed the staff.

To remove an annoying, but generally harmless virus, an unknown person created the Reaper program. In fact, it was also a virus that performed some functions characteristic of an antivirus: it spread across a computer network and, if the body of the Creeper virus was detected, it destroyed it.

The appearance of Creeper not only marked the beginning of modern malware, but also gave rise to a stage in the development of viruses, during which virus writing was the lot of a few talented programmers who did not pursue any material goals.

Brain

Brain (1986) - the first virus for IBM-compatible computers, causing a global epidemic. It was written by two programmer brothers - Basit Farooq Alvi and Amjad Alvi from Pakistan. Its about distinctive The feature was the function of replacing the infected sector with an uninfected original at the moment the infected sector was accessed. This gives us the right to call Brain the first known stealth virus.

Within a few months, the program expanded beyond Pakistan, and by the summer of 1987 the epidemic had reached global proportions. In fact, this was the first and, alas, far from the last virus epidemic for the IBM PC. In this case, the scale of the epidemic was certainly not comparable to current infections, but the Internet era was still ahead.

Virdem

German programmer Ralf Burger in 1986 discovered the possibility of a program creating copies of itself by adding its code to executable DOS files in COM format. A prototype of the program, called Virdem, was demonstrated at the computer underground forum - Chaos Computer Club (December, 1986, Hamburg, Germany). This was the impetus for the writing of hundreds of thousands of computer viruses that partially or fully used the ideas described by the author. In fact, this virus marked the beginning of mass infections.

Jerusalem

The most famous modification of the viral family of resident file viruses, Suriv (1987), the creation of an unknown programmer from Israel, Jerusalem, became the cause of a global viral epidemic, the first real pandemic caused by the MS-DOS virus. Thus, it was with this virus that the first computer pandemics began (from the Greek pandemía - the whole people) - epidemics characterized by spreading to the territory of many countries of the world.

It is thanks to this virus that the combination “Friday the 13th” still makes the hearts of system administrators beat faster. It was on Friday, May 13, 1987, that this virus began to destroy infected files when they tried to run them. He has proven himself in Europe, the USA and the Middle East. This virus was also named Jerusalem, “Friday the 13th 1813”, Hebrew University, Israeli and Suriv 3.

Jerusalem had several malicious features. The most famous was the one that deletes everything from the computer programs, launching on Friday the 13th. Since the coincidence of Friday with the 13th of the month does not happen very often, most of the time Jerusalem spread unnoticed, without any interference in the actions of users. However, 30 minutes after loading into memory, the virus slowed down the speed of XT computers by 5 times and displayed a small black rectangle in the text mode of the screen.

Morris worm

Robert Morris

Morris Worm (November 1988) - the first network worm to cause an epidemic. It was written by 23-year-old Cornell University (USA) student Robert Morris, who exploited security flaws in the Unix operating system for the VAX and Sun Microsystems platforms. In order to surreptitiously penetrate computer systems connected to the Arpanet network, passwords were selected (from a list containing 481 options). The total cost of damage is estimated at $96 million. The damage would have been much greater if the worm had originally been created for destructive purposes.

This malware showed that the Unix OS is as vulnerable to password guessing as other operating systems.

Chameleon

Chameleon (early 1990) - the first polymorphic virus. Its author, Mark Washburn, took information about the Vienna virus from the book Computer Viruses as a basis for writing the program. The Disease of High Technologies Ralph Burger and added to them improved principles of self-encryption of the Cascade virus - the ability to change the appearance of both the virus body and the decryptor itself.

This technology was quickly adopted and, in combination with Stealth and Armored technologies, allowed new viruses to successfully resist existing antivirus packages.

With the advent of this technology, fighting viruses has become much more difficult.

Concept

Concept (August, 1995) - the first macro virus to infect Microsoft Word documents. It was in 1995 that it became clear that not only executable files, but also document files could become infected.

The the specimen was no different itself malignant, its epidemic was very sluggish (for several years), and it did not affect so many computers ("Kaspersky Lab" registered only 800 customer complaints about this virus). Compared to today, the scale of Concept looks very modest. But for 1995- 1997 gg. the result was very impressive. Like a small stream that gives strength to a stormy river, macroviruses predetermined the rapid emergence of viruses on the world stage.

There is an opinion among users that a macrovirus is just a harmless subroutine, capable only of minor dirty tricks such as replacing letters and punctuation marks. In fact, a macro virus can do a lot: formatting a hard drive or stealing something valuable is not a problem for it.

Win95.CIH

In June 1998, a virus of Taiwanese origin, Win95.CIH, was discovered, containing a logic bomb to destroy all information on hard drives and damage the contents of the BIOS on some motherboards. The date of operation of the program (April 26) coincided with the date of the accident at the Chernobyl nuclear power plant, as a result of which the virus received a second name - “Chernobyl”. It was this virus that showed the vulnerability of BIOS rewriting systems. Thus, it suddenly turned out that dangerous software can disable not only information, but also computer hardware.

The Win95.CIH virus was unique for its time. And not only because it became the first of the viruses that really spoil hardware. It does not change SYSTEM.INI and does not write. VXD files on Windows System, it only infects PE files... and (sometimes) erases Flash BIOS and hard drives... This is the first « truly resident» Win95/98 virus.

It is activated on April 26 (the date of the disaster at the Chernobyl nuclear power plant and the date of birth of the author of the virus).

LoveLetter

LoveLetter is a script virus that, on May 5, 2000, broke the record of the Melissa virus for the speed of spread. In just a few hours, millions of computers were affected - LoveLetter entered the Guinness Book of Records.

The situation developed rapidly. The number of requests (and the number of victims) grew exponentially.

This virus spread through email messages and IRC channels. A letter with a virus is easy to highlight. The subject of the letter is ILOVEYOU, which immediately catches your eye. The letter itself contains the text kindly check the attached LOVELETTER coming from me and an attached file named LOVE-LETTER-FOR-YOU.TXT.vbs. The virus only triggered when the user opened the attached file.

The virus sent itself to all addresses that it found in the address book of the MS Outlook mail program of the infected computer, and also wrote copies of itself to files on the hard drive (thereby irreversibly overwriting their original content). The victims of the virus were, in particular, pictures in JPEG format, Java Script and Visual Basic Script programs, as well as a number of other files. And the virus also hid video and music files in MP2 and MP3 formats.

In addition, the virus performed several actions to install itself into the system and to install individual additional virus modules, which it downloaded from the Internet.

All this indicates that the VBS.LoveLetter virus is very dangerous! Along with direct data corruption and violation of the integrity of the operating system's protection, he sent out a large number of messages - copies of himself. In some cases, the virus has paralyzed the work of entire offices.

Ramen

Ramen (January, 2001) is a virus that in a matter of days infected a large number of large corporate systems based on the Linux operating system.

This dangerous Internet worm attacked servers running the Red Hat Linux 6.2 and Red Hat Linux 7.0 operating systems. The first reports of the appearance of this worm were received from Eastern European countries, which suggests its Eastern European origin. To propagate, the worm uses some weaknesses in applications of these operating systems.

The worm is an archive named ramen.tgz, containing 26 different executable files and shell scripts. Each executable file is archived in two copies: compiled to run on Red Hat 6.2 and compiled to run on Red Hat 7.0. The archive also contains an executable file named wu62, which is not used by the worm.

Although outwardly harmless, this worm is extremely dangerous, as it disrupts the normal functioning of the server. The operation of the http server will be disrupted by the destruction of the contents of all index.html files, anonymous ftp access to the server will be prohibited, the RPC and LPD services will be deleted, access restrictions through hosts.deny will be lifted.

The worm uses in its code many slightly modified exploits that were previously available on hacker sites, as well as on sites dedicated to network security.

It should be noted that the worm uses “holes” in attacks, the most recent of which has been known since the end of September 2000. However, when installing a system, vulnerable services are installed on it, and many users and administrators do not properly monitor warnings about “weak spots” » systems and they are not fixed in a timely manner, makes the worm more than viable.

It was with its appearance that the myth that there are no viruses under Linux was destroyed.

CodeRed

CodeRed (July 12, 2001) is a representative of a new type of malicious code that can actively spread and work on infected computers without using files. During operation, such programs exist exclusively in system memory, and when transferred to other computers - in the form of special data packets.

The most detailed and prompt description and analysis of the worm was made by programmers from the eEye Digital Security group. They also gave the virus a name - a nod to the type of Mountain Dew drink and a warning phrase in the Hacked By Chinese virus! (“Hacked by the Chinese!”) is a reference to communist China, although in reality the virus was most likely written by ethnic Chinese in the Philippines. With this phrase, the worm replaced the content of websites on the infected server.

The worm exploited a vulnerability in the indexing utility that came with the Microsoft IIS web server. This vulnerability was described by the vendor - Microsoft - on their website MS01-033 (English). In addition, a month before the epidemic, a corresponding patch was published.

eEye experts claim that the worm began its spread from Makati City in the Philippines.

In fact, this virus marked the beginning of a whole series of viruses (and this, alas, continues to this day). Its distinctive feature turned out to be that viruses appear some time after the corresponding updates from software manufacturers appear.

According to CERT (Community Emergency Response Team) estimates, the number of computers infected by the Code Red worm reaches approximately 350 thousand. The traffic it created on the Internet, as infected computers looked for new victims, left a significant imprint on the overall speed of the Internet.

Code Red's original intent was to use all computers infected by it to launch a DOS attack against Whitehouse.gov (the White House website).

This marked the beginning of exploitation of system administrators' careless attitude towards installing software updates.

Cabir

Cabir (June, 2004) is the first network worm to spread via the Bluetooth protocol and infect mobile phones running Symbian OS. With the appearance of this worm, it became clear that from now on not only PCs, but also smartphones are infected. These days, threats to smartphones already number in the millions. And it all started back in 2004.

Kido

The main epidemic of 2009 was caused by the Kido (Conficker) worm, which infected millions of computers around the world. It used several methods to penetrate the victim’s computer: guessing passwords to network resources, spreading through flash drives, and using the Windows MS08-067 vulnerability. Each infected computer became part of a zombie network. The fight against the created botnet was complicated by the fact that Kido implemented the most modern and effective virus writing technologies. In particular, one of the modifications of the worm received updates from 500 domains, the addresses of which were randomly selected from a daily created list of 50 thousand addresses, and P2P connections were used as an additional update channel.

At the same time, the creators of Kido did not show much activity until March 2009, although, according to various estimates, by that time it had already been able to infect up to 5,000 thousand computers around the world. And on the night of April 8-9, 2009, the infected PCs were given a command to update using a P2P connection. In addition to the Kido update, two additional programs were downloaded onto infected PCs: an email worm of the Email-Worm.Win32.Iksmas family, which sends spam, and a false antivirus of the FraudTool.Win32.SpywareProtect2009 family, which demands money for removing supposedly found programs.

To combat this threat, a special Conficker Working Group was created, bringing together antivirus companies, Internet providers, independent research organizations, educational institutions and regulatory authorities. This is the first example of such widespread international cooperation, going beyond the usual contacts between antivirus experts.

The Kido epidemic continued throughout 2009. In November, the number of infected systems exceeded 7,000 thousand.

In 2012, cyber weapons appeared.

Wiper

At the end of April 2012 Iran greatly alarmed "mystical" Trojan: Having appeared from nowhere, it destroyed many databases in dozens of organizations. One of those hit hardest was Iran's largest oil terminal, which was shut down for several days after oil contract data was destroyed.

The creators of Wiper made every effort to destroy absolutely all data that could be used to analyze incidents. Therefore, in none of analyzed by us In the cases we had after activating Wiper, there were almost no traces left of the malicious program.

There is no doubt that there was a malware program known as Wiper that was attacking computer systems in Iran (and possibly other parts of the world) until the end of April 2012. It was written so professionally that, once activated, it would not left behind no data. Therefore, despite the fact that traces of infection were discovered, the malicious program itself remains unknown: no information has been received about any other incidents of overwriting the contents of the disk, which occurred in the same way as when infecting Wiper, as well as Not a single detection of this dangerous software by proactive defense components included in security solutions has been recorded.

All this, in general, leads to the idea that this solution is more likely a product of the activities of technical laboratories for conducting computer wars in one of the developed countries, rather than simply the fruit of the development of attackers.

Flame

Flame is a very sophisticated set of attack tools, much more sophisticated than Duqu. This is a Trojan program - a backdoor, which also has features characteristic of worms and allows it to spread across a local network and through removable media upon receiving an appropriate order from its owner.

After infecting a system, Flame begins to perform a complex set of operations, including analyzing network traffic, taking screenshots, audio recording conversations, intercepting keystrokes, etc. All this data is available to operators through Flame command and control servers.

The Flame worm, created for cyber espionage, came to the attention of Kaspersky Lab experts while conducting research at the request of the International Telecommunication Union (ITU), which asked for assistance in finding an unknown malicious program that deleted confidential data from computers located in the Middle East. Although Flame has different functionality than the notorious cyber weapons Duqu and Stuxnet, all of these malicious programs have much in common: the geography of attacks, as well as a narrow target focus combined with the use of specific software vulnerabilities. This puts Flame on par with the “cybernetic superweapons” being deployed in the Middle East by unknown attackers. Without a doubt, Flame is one of the most sophisticated cyber threats ever. The program is large and incredibly complex in structure. It forces us to rethink concepts such as “cyber warfare” and “cyber espionage.”

The Flame worm is a huge package consisting of software modules, the total size of which, when fully deployed, is almost 20 MB. And therefore, the analysis of this dangerous program is very difficult. The reason Flame is so large is that it includes many different libraries, including code compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), as well as a Lua virtual machine.

Gauss

Gauss is a complex set of cyber espionage tools implemented by the same group that created the malicious Flame platform. The complex has a modular structure and supports remote deployment of new functionality implemented in the form of additional modules.

Gauss is a government-created “banking Trojan” with dangerous functionality of unknown purpose.” In addition to stealing a variety of data from infected Windows computers, it contains an as yet unknown malicious function, the code of which is encrypted and which is activated only on systems of a certain configuration.

Currently known modules perform the following functions:

Interception of cookies and passwords in the browser;

Collecting and sending system configuration data to attackers;

Infection of USB storage devices with a module designed to steal data;

Creating lists of the contents of system drives and folders;

Theft of data necessary to access accounts of various banking systems operating in the Middle East;

Interception of data on accounts on social networks, email services and instant messaging systems.

In general, readers should understand that no one will ever be able to create a complete list of all the most dangerous examples of malware, because the most dangerous virus for you will be the one you never managed to detect!