Mikko Hypponen is one of the world’s most prominent cyber security experts. Described as a “virus hunter” in a Vanity Fair profile called “The Code Warrior”, Hypponen has spent nearly 25 years with F-Secure protecting people from computer viruses, worms, trojans, and other types of malware.
In 2011, Hypponen travelled to Pakistan to meet the men behind the first known PC virus – Brain.A.
The Brain virus was released in January of 1986, making January 2016 the 30th anniversary of this milestone in malware history. I thought it would be interesting to reach out to Mikko and ask him about other families of malware that standout as being noteworthy. So here’s Mikko’s list of some of the most infamous malware families (including viruses, worms, trojans, etc) that’ve pestered, frustrated, and even extorted computer users over the past few decades.
Form – Form was a common computer virus identified in 1990, and for several years, was arguably the most prominent computer virus in the world. Spread through 3.5” floppy disks, it infected millions of computers throughout the world, and is possibly one of the most widespread viruses in history.
Michelangelo – Michelangelo earns a place on the list for being the first truly global virus scare. It was named after the famous artist because the virus remained dormant until March 6 (the artist’s birthday), when it would awaken and overwrite sections of infected hard disks, thereby making the information inaccessible and the computer unusable. The virus was never particularly prominent compared to some of its contemporaries, but its destructive nature and subtlety helped spread Michelangelo Madness throughout the globe.
Concept – Concept was the very first macro virus – a type of virus that infects applications such as Microsoft Word. It was a very prominent security concern in the mid-nineties, and even though it was successful in propagating itself organically during this time, it hasn’t been seen in over a decade.
As the first macro virus, it was notable in that it spread by hiding itself as a Word doc and then infecting computers as those documents were shared. By using Word, it could use both Windows PCs and Macs to spread infections, as the software could run on both platforms.
Melissa – Melissa, supposedly named after an exotic dancer, was a computer virus that sent infected Word documents to contacts in victims’ Outlook address book. While the virus was not designed to be particularly destructive, its rapid proliferation through the Internet wreaked considerable havoc on corporate servers and infrastructure. Some accounts claim that it infected twenty percent of computers globally, and the man eventually convicted of releasing the virus into the wild admitted to causing eighty million dollars in financial losses.
Loveletter – Loveletter, also widely known as ILOVEYOU, was a prominent email worm that was able to spread itself throughout the globe in a matter of hours by promising victims a little bit of love. Disguising itself as a chain, love-themed email to recipients helped it quickly spread from its Filipino origin through Asia, Europe and North America. To this date, it is one of the largest malware outbreaks of all time, and responsible for an estimated 5.5 billion dollars of damage.
Code Red – Code Red was the first fully-automated network worm for Windows. As in users would not have to interact with a machine in order to spread the infection. Code Red’s most infamous day was July 19th, 2001, when it successfully infected 300,000 servers. The worm was programmed to spread itself on certain days, and then execute distributed denial-of-service (DDoS) attacks on others, and was used against several different targets (including The White House).
Slammer, Lovsan, and Sobig – Ok, so there’s three here and not just one. But they all occurred very close together, and unfortunately, all three were worms responsible for massive, global malware outbreaks. Slammer targeted servers so it’s presence wasn’t readily apparent to end users (save some lagging when they were attempting to access an infected server). Lovesan, however was able to infect end users running Windows ME or Windows XP, and use the infected machines in DDoS attacks. Sobig spread itself through email and network drives, and contained a trojan in order to cause more headaches for infected users. However, it appears that the trojan feature did not function as expected.
These three worms infected millions of machines, and made headlines all over the world.
Sasser – A computer worm that can be considered as the last large “hobbyist” outbreak. This is significant as it signaled the end of an era when most malware was written by people who were simply curious to see what the malware could do. Nowadays, malware has a more specific, insidious purpose, such as stealing information or making money.
Warezov – A two-year email worm campaign perpetuated by professional criminals, Warezov gained notoriety for downloading new versions of itself from remote servers – sometimes as frequently as every 30 minutes, according to a 2006 interview with Mikko.
Storm Worm (also called Small.dam) – Storm Worm was a trojan that was spread as an attachment to spam emails. But more importantly, it was a combination of complex and advanced virus techniques that criminals were able to use to make money by using infected machines as part of a botnet.
Cryptolocker – A notorious ransomware family, Cryptolocker was spread through malicious email attachments, as well as the infamous Gameover Zeus botnet. Infected victims would find their hard drives suddenly encrypted, essentially locking them out of their devices and data until they paid a ransom to the perpetrators.
While the FBI, in cooperation with other law enforcement agencies and security companies (including F-Secure), were able to disrupt the operation, the perpetrators were able to use Cryptolocker to extort about 3 million dollars from victims before being stopped.
Other notable mentions include the 2005 Sony rootkit (for being distributed on Sony BMG CD-ROMs on their behalf), the still prominent Downadup worm from 2008 (for infecting millions, including armed forces of several countries and police departments), and the well-known Stuxnet virus from 2010 (for both its sophistication and its apparent state-sponsorship).
If you want to know more about the history of computer viruses, you can check out Computer Invaders: The 25 Most Infamous PC Viruses of All Time!