Do you want to know the worst Types of Viruses that ever hit computers andhow they completely spoil the system? In this article, we will discuss theworst and most dangerous 11 viruses since the advent of the computer, how ittargeted user systems, and what losses it caused.
These days, having an antivirus program for Virus Prevention to protect yourdevice and your data is very necessary, as these programs provide anintegrated package of features that searches within the system for anyprogram or virus that is considered a threat to the device, and eliminatesit completely.
what is computer virus
Computer viruses are programs that can access system files with thepossibility of damaging or destroying data stored on the device, inaddition to that viruses have the ability to replicate themselves to otherviruses that have the ability to infect other devices.
When you connect to the Internet, there is a very high probability that youwill enter Worms in your computer, now the Internet is the main gateway toyour computer, and from it all viruses will be transmitted to it if yourdevice is not protected by a good protection program.
One of the ways in which different types of computer viruses are transmittedto your device is through
- Opening suspicious or fraudulent websites
- Opening Spam Email
- Downloading games, movies, or music from untrusted sites
- Download files that contain malicious software
- Download via torrent files
The computer sends many signals that inform you that the device is infectedwith a virus, such as irregular behavior of the system or its failure, dataloss or encryption, slow opening of programs and large memory consumption ofthe device, and many other signals.
Since the emergence of the first computer virus in 1971, which is called”System Creeper”, thousands of viruses have continued to infect computersover the years, and even now thousands of new forms of viruses still appeardaily, not only for individuals, but even for companies or institutions.
Because of these viruses, many companies lost a lot of money due to thedamage that resulted from infection with one of these viruses, which meansthat there is enough possibility that you will be threatened if your systemis not properly protected.
MelissaVirus
Named after a dancer from Florida, the “Melissa” virus was developed byDavid L Smith, and who invented it in 1999.
This virus It is spread through emails that contain infected word documentsas attachments.
The content of the emails was designed in an attractive and seductive way sothat the victim could not ignore them and open them on his device, as theemail claimed to contain an attachment containing dozens of free passwordsfor adult websites.
Once the user downloads the document to the device, the Melissa viruscaptures the top 50 email contacts from the victim’s account, then copies itself and sends the email to thevictim’s contacts.
After Melissa virus effects, it was found that no private data of thevictims was stolen because cybersecurity experts contained it, but this doesnot mean that it caused great damage, as records indicate that this virusinfected more than 100K devices, and more than 300 organizations.
It caused $1.1 billion in damages worldwide, and even government agenciescouldn’t protect their systems from this virus, so melissa virus is anexample of what virus can do.
After discovering who was behind this virus, the court charged David L Smithwith 10 years in prison, but the sentence was reduced to less than twoyears, with a fine of $5,000.
Stuxnet virus attack
Stuxnet virus is a multipart malicious worms, developed in 2005, but becameactive in 2010, mostly spread through USB devices and Microsoft Windowscomputers.
The “stuxnet” virus is considered very dangerous because it was targetingenergy industrial facilities, especially the Iranian nuclear plants, withfull control of the equipment automation program.
Receive “stuxnet worms” great attention from the media, because the viruswas given a very large ability to completely disable computers, and the mostimportant event that got media coverage is the establishment of apartnership between the American NSA and the CIA and Israeli intelligence.
I had “stuxnet worms” three modules named (The Worm, The Link File, TheRootKit), the worm executed the routine related to the main attackcomponent, which carried out the malicious activity, and the Link Fileautomatically created multiple copies of the worm.
The RootKit was responsible for hiding malicious files in order to avoid anyvirus detection by antivirus software.
Use stuxnet worm attack on Iranian nuclear facilities, and it has destroyednearly 5 Iranian nuclear centrifuges, and also led to the infection of morethan 200K computers around the world, but Iran received the greatest damage.
My Doom Virus
It is also called “W32.MyDoom@mm”, and it is the first version of the worm,and it was first seen on January 26, 2004, and it is believed that it is ofRussian origin, but its author is not known yet, and the program was writtenin the “C++” language, and it affected Only on Windows devices.
The My Doom virus spreads in the same way as the Melissa virus, and alsothrough P2P networks, as after entering the device, a backdoor will becreated in the operating system for other malicious programs to infiltrate.
My Doom infected mails usually contain a sending error with subject lines(“Error” – “Mail Delivery System”, “Test”, “Mail Transaction Failed”), andit uses different languages to avoid the chance that the victim will ignoreopening the message.
“My Doom” is considered to be the fastest spreading email-based worms virus,and it has cost the world $38 billion in damages, and it is still going on,earning it a reputation as the worst destructive virus to date.
Fun fact is that the My Doom virus has a song dedicated to it by a BritishIDM musician named Aphex Twin , and he has some other songs about some other viruses.
ILOVEYOU Virus
“ILOVEYOU Virus” is a Famous Viruses, this Worm Virus that has the abilityto replicate itself, “Lovebug” and “Love Letter Of You” are other names ofthe virus, it was created in the Philippines, and it has affected more than10M Windows devices around the world.
Lovebug used websites and file-sharing methods to spread to victims’devices, but it was e-mail messages that accelerated the spread of the virusto many devices, as these messages looked like love letters from secretadmirers.
These messages usually contain attachments that contain the virus, and onceopened, “Love Letter Of You” will send itself back to all contacts in thevictim’s Microsoft Outlook address book.
The “ILOVEYOU” virus destroys JPEG and Mp3 files on the victim’s device, inaddition to other file formats, in addition to copying itself inside thesystem, hiding its files inside the device’s hard disk, and adding new filesto the recording files.
The virus affected more than 500K systems in the year 2000, and causeddamages of more than 15 billion dollars, of which 5.5 billion dollars werecalculated only in the first week of its spread, and it is believed that thevirus had infected 10% of the computers in the world.
The strange thing about it is that even 20 years after this virus appeared,it is still used in one form or another, because it still works amazinglywell.
Nimda Virus
The Nimda computer virus is one of the most dangerous and widespreadviruses, as records say that it took only 22 minutes for Nimda Virus toreach the top of recorded attacks from the first moment it entered theInternet.
Nimda Virus, which is the word “Admin” inverted, appeared on September 18,2001, and was developed in China, and was written in C++, and emails, opennetwork sharing, and hacked sites were one of the methods used by the virusto spread.
With the sole purpose of attacking not only individual users, but alsoInternet servers and crawling web traffic, Nimda created a backdoor intooperating systems, giving the attacker control over system functions to theextent allowed to the original user.
For example, if you are a user with limited access to the system, the hackercan only make changes within the same restrictions as the original user, butif the user has full access to the system, the hacker will have those samefull powers.
FleeceWare Virus
Usually, people feel safe when downloading apps from official app storeslike Play Store or Apple Store, however, it does not mean that you willavoid the chance of installing malware on your device while downloading itfrom one of these stores.
FleeceWare Virus is a little different from other viruses, as it is a kindof malicious application that infects smartphone devices, but it does notsteal any personal data or harm the device, it works like a normaladvertised application, but with extra hidden subscription fees.
FleeceWare app developers usually use fake accounts to boost the ratings oftheir apps and increase the number of downloads on the App Store, as userseasily fall prey to these malicious apps.
Fake Windows Update
Again, emails are to blame here, as the attacker sends malicious emailscontaining an attachment in the form of a JPG sent by Microsoft, and asksthe user to update their operating system from the link in the message.
After opening the link and downloading the files on the device, theransomware will be installed on the victim’s computer, so that it willencrypt all your files, and the user will not be able to access his files ifnot pays a certain amount to the owner of the virus in order to decrypt hisfiles.
Emails of this type usually include two lines identifying the new update and asingle sentence that begins with two capital letters in the first word.
Theprogram in the infected mail is named “Cyborg”, which encrypts files on thedevice.
After the device is infected, a text attachment called “Cyborg-DECRYPT.txt”will appear on the surface of the user’s device, which requires payment of$500 as ransom money.
The virus also leaves behind a copy of it called “bot.exe” that hides in theroot of the infected system.
You should know that not all operatingsystems send their updates via e-mail.
If you receive a similar message about an available update, you must contacttechnical support to make sure that the message you received was sent bythem.
GameOver Zeus
GameOver Zeus or “GOZ” first discovered in 2011, is a P2P extension of ZeusTrojan, also called “Zbot”, one of the most successful bots in the world.
GameOver Zeus uses spam emails and hacked websites to attack its victims.
GOZ is designed to steal a victim’s personal information, such as passwordsand credit card information as well as sensitive customer and corporateinformation.
White Zbot was sophisticated enough to steal information from well-knownorganizations such as NASA and Banck of America, with the virus infectingthousands of companies and nearly 1.2 million computers before it wascompletely wiped out.
Being an advanced variant of the Zeus family, the GameOver Zeus is apolymorphic malware with low detection rates, which has made it a persistentthreat, which is what has made it one of the most successful and widespreadbotnets around.
The new version of Necurs contained a RootKit, which made it difficult toremove unless you formatted and reinstalled the system, but it was easy toget infected again since the malware was still somewhere in the P2P network.
It can only be controlled through intelligent software like Heimdal, whichblocks access to infected addresses, websites or computers, as it identifiesinfections by examining communication attempts between machines.
Plugx Virus
Plugx is a full-featured Remote Access Trojan or “RAT” virus, an earlysample of which can be traced back to 2008, and researchers have recentlydiscovered a new variant of this malware called “KorPlug”.
This malicious program opens backdoors that give the hacker full authorityto manage the hacked device, and he can fully control the device with theability to execute commands from a remote location such as:
- Retrieve device information
- Take screenshots from the device
- Reboot the system
- Upload, download or modify files
- Managing operations within the device
- Entering new records within the system
- Logging of keystrokes
Like most other known viruses, PlugX spreads through malicious emails, whichappear to be sent from legitimate service providers carrying signedapplication or executable files.
In most cases, endpoint security products do not flag them, so if thoseemails carry a copy of a legitimate antivirus application , Endpoint Security may actually whitelist them and allow the program tocomplete the installation process.
PlugX Virus attachments carry three different attachments that make up thecomponents of the program, and the program has usually targeted governmentinstitutions and major industry centers.
Cop Ransomware
Like other ransomware, Cop Ransomware also creates a backdoor withencryption of all system files, blocking access to system processes andservices, and demanding a ransom to decrypt the system and files.
What makes it even more dangerous is that malware evolves over time, and itsdeveloper is constantly using innovative techniques to make it moresophisticated.
First discovered by MalwareHunter teams, in February 2019, Cop Ransomware isa variant of the “Crypto max Clop” family, which is the Russian word for”bug”, and uses spam, malicious ads, and hacked websites.
As “Clop” infects the system, it immediately closes Windows system servicesand processes, disables anti-virus software , and then closes all system files to start the encryption process.
The program targeted Windows operating systems, especially English-speakingusers, however, the Cop Ransomware virus targets entire networks, not justindividuals.
CryptoLocker Virus
CryptoLocker Virus is considered one of the worst viruses known to theInternet, and Evgeniy Bogacher was the leader of the CryptoLocker gang, as it first appeared on September5, 2013, and this virus continued to spread until June 2014 when it wascompletely removed.
Although CryptoLocker was similar to other ransomware, once it infectsthe victim’s device, it is effective as if you lost your files forever, inaddition to affecting USB and shared network drives.
CryptoLocker also uses the same techniques as other ransomware, and usuallythe malicious file contains a Word or PDF attachment that is legitimate forthe user, but has an additional hidden malicious extension.
The program encrypts all files using asymmetric encryption, as it locks yourfiles with a public key, but you will need a private and unique key tounlock information or files, which can only be obtained by the owner of theprogram.
Conclusion
As a general rule, do not open any attachments that come to you, and alwayscheck the source before downloading any file to your own device, and themost important thing is to take care of the security of your files andsensitive information stored on your device.
As you’ve seen, many malware and ransomware have managed to bypass systemsand antivirus software , so you should only rely on multi-level protection, and make sure yourimportant data is backed up.
You now realize that email is one of the most common ways that malwarerelies on infiltrating systems and devices, so be careful and do not openany attachment from an unknown source.
