Robert Morris's worm infected 10% of computers online at the time—around 6,000 machines. Morris built the virus to test the size of the Internet, when he was a grad student at Cornell. The bug slowed infected computers to a halt, prompting the government to sue. Under the Computer Fraud and Abuse Law, in December 1990, Morris became the first virus-maker convicted in U.S. court. This first criminal hacker's legal troubles were ironic: His dad, a coauthor of UNIX, was the former chief scientist of the National Computer Security Center for the NSA.
The harm was done by mistake: Morris designed his bug to replicate in 14% of cases, even if it detected a copy of itself, as a safeguard against security programs trying to outsmart it. This extra load of viral copies drew administrators' notice, and inadvertently clogged infected computers.
Due to "potential loss in productivity," the Morris worm cost between $200 and $53,000 per infected system, authorities estimated. Morris was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.
Morris bounced back in later years. In 1995, he cofounded Viaweb, a startup that made software for building online stores. Viaweb sold for $48 million in 1998, to Yahoo. The next year, he got his PhD from Harvard.
In 2006, the once-infamous hacker cofounded Y Combinator, the seed-stage startup funding firm. The next year, he got tenure as a computer science prof at the hacker school where his rep might be best appreciated: MIT.
Chernobyl gets its name from its trigger date: April 26, the anniversary of the 1988 nuclear disaster. Created far from the former USSR, in Taiwan, the virus is only associated with the incident by coincidence—a red herring to investigators.
Chernobyl, also known as CIH, effectively paralyzes a computer by overwriting a chip inside PCs. The author, Chen Ing-hau, then a college student at Tatung University, was caught by Taiwanese police. His virus infected 60 million computers and caused U.S. $1.6 billion in damages. Since the Taiwanese government was unable to prosecute Chen—no victims came forward to sue—the virus led to new anti-malware legislation in Taiwan.
Chernobyl is sometimes called "spacefiller" because it works differently than other computer worms, in a way that brings to mind DNA insertion by biological viruses. While most viruses add their code to the end of an infected file, this one looks for gaps in code to add its own. Since the "insertion" doesn't change the infected file's size, it makes the virus harder to detect. Chernobyl is an example of how computer viruses, much like the organic ones that give them their name, evolve to exploit weaknesses in their hosts.
If you want a virus with personality, look no further than Melissa: Named for a Miami stripper, she was made by a porn-fiend fan of The Simpsons, who ended up behind bars when his email-Frankenstein invaded Microsoft and Intel. By the time the 30-year-old was arrested, Melissa was the worst computer virus outbreak to date.
The first ever email-aware virus hid inside an attachment called "List.DOC," which contained a list of 80 passwords to porn sites. Spreading through Microsoft Outlook emails, it hijacked infected address books, sending itself to the first 50 contacts. In a subset of cases—whenever the day of the month and minute coincided—Melissa printed a line of text at the current cursor position in a Microsoft Word doc:
"Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game's over. I'm outta here": a quote from Bart Simpson about Scrabble.
Unleashed by New Jersey hacker David L. Smith on the alt.sex newsgroup, the quirky virus wasn't meant to do harm, just mischief. But Melissa got out of hand: On March 26, she clogged Microsoft's and Intel's email servers. The tech juggernauts sought vengeance, after an estimated $80 million worth of damages: The FBI, New Jersey state police, AOL, and a Swedish computer scientist collaborated to hunt down the horny hacker, who was arrested on April 1.
Melissa cost her maker a 10-year prison sentence (he served 20 months), plus a $5.000 fine. She showed hackers the potential real-world consequences of cyber play.
Imagine a computer virus that operates like a lover-boy con artist: It exploits lonely people, stealing by seducing. This bug isn't a cyber spy, terrorist, or identity thief, but in a way, it's more malicious: It gets in your head. And takes your stuff when it leaves.
The Trojan Horse that arrived in millions of email boxes on the morning of May 5, 2000 carried an email attachment labeled "I Love You." Recipients expecting a secret admirer's confession got a rude surprise: When the doc was opened, all image files on the computer were overwritten. Photos of family, friends, lovers and pets—all deleted in a flash by the would-be Internet Romeo. The psychological weapon then launched anew, sending itself to the first 50 contacts in the user's Windows address book.
I LOVE YOU spread like a sexually transmitted disease out of southeast Asia. It was unleashed on May 5, 2000 near Manila, in the Philippines, and chased daybreak across the world: first to Hong Kong, then Europe, and finally the U.S., when people began work that Friday morning. It was later estimated to have caused U.S. $5.5-8.7 billion in damages internationally and cost around $15 billion to remove.
To protect themselves, the CIA, Pentagon, and many major corporations chose to shut down their email systems. The worm ended up affecting 45 million computers, making I LOVE YOU one of history's most dangerous computer disasters.
The Filipino authorities arrested two college students alleged to have released I LOVE YOU, but the hackers couldn't be charged since the state had no law against malware. In July 2000, two months after the outbreak, the Philippine Congress passed its E-Commerce Law to protect against future worms.
You might call it the Miss Lonelyhearts virus, after the novel by Nathaniel West: a bug that preys on the human desire for love. The intensity of that longing drove the book's protagonist, a romance advice columnist, out of his mind. So might I LOVE YOU.
Code Red forced the White House's website to shut down temporarily on June 19, 2001, along with several other government agencies. Red exploited a flaw in the Microsoft Internet Information server, which allowed it to vandalize websites with its graffiti:
"HELLO! Welcome to (URL redacted)! Hacked By Chinese!"
Since the virus targeted U.S. government websites, it was seen as a potential cyber-attack by terrorists or a foreign government (like... China?), but the hacker is unknown.
This cyber villain got its name, as usual for computer viruses, from a coincidence. The security investigators at eEye Digital Security who first chased the bug were drinking Code Red Mountain Dew at the time.
Red infected 359,000 computers at its peak, on June 19. "Hacked By Chinese!" became an Internet meme representing online defeat. Its claim to fame is that it was the first virus to push around the White House— though its sophomoric vandalism would be upstaged by its more sinister successor, agent.btz. Check out Virus #9 for more information.
The Anna Kournikova Worm posed as a photograph of the sexy tennis player, but was actually a virus made by Dutch fanboy Jan de Wit, on February 11, 2001.
"Here you have, ;0)" was the subject, "Hi: Check This!" the body of the message that carried de Wit's worm. The bait was a file labeled "AnnaKournikova.jpg.vbs." Kournikova was a tempting lure, no doubt, for male recipients: at the time, she was the face of the sports-bra maker Berlei, in its "Only the ball should bounce" billboard campaign. People voted her one of the 50 Most Beautiful People in 1998 and ESPN.com voted her "hottest female athlete."
Kournikova was the most searched athlete on the Internet through 2008, the eighth most searched woman in 2001, and even one of the most searched terms on the Internet for a while. Net surfers searched her not so much for her tennis prowess, which was good but not great (ESPN voted her the #1 "most overrated athlete" and #18 in the "25 Biggest Sports Flops of the Past 25 Years"), but for her image. The 2004 Swimsuit Issue featured photos of her which are still famous today, along with photos in Maxim and FSM. The year after the worm, she would place first in FHM's 100 Sexiest Women in The World.
So, the timing could not have been riper for an Anna Kournikova worm than when it hit.
De Wit was 20 when he made the virus, using a bug-making toolkit he got online from an Argentinian coder. Anna was similar to I LOVE YOU, but it didn't corrupt or delete any files on infected computers. Anna spread fast enough, though, that she got the FBI’s attention. They used David L. Smith— author of the Melissa virus, now finished his 20-month prison sentence and still collaborating with anti-virus investigators—to find the real name, home address, and email of the coder called “OnTheFly.”
De Wit turned himself in on February 14, after conferring with his parents. He was prosecuted in Dutch court, and given a community service sentence—despite the FBI arguing that US$166,000 of damages were caused by Anna. The mayor of de Wit's town, Sneek, calling the virus "a joke," said his town should be proud to have produced such a talented kid, and that the tech crew at his office should interview him for a job when he finished school.
Bank of America ATMs, a 9-1-1 Emergency Response system in Washington state, and an Ohio nuclear plant were all victims of this "denial of service" attack—a flood of robo-zombie information packets that overwhelms an automated system with noise.
Slammer wrought havoc fast: The virus slammed 75,000 machines within 10 minutes of being released. Like the ingenious mind-child of a deranged James Bond villain, the bug burrowed into America's electronic systems of cash-flow, public safety, and energy, and tried to break them down. If it had succeeded—particularly in the case of the nuclear facility—the costs in money, injury, and even human life could have been catastrophic.
The source of the bug is unknown. Ten years later, Slammer holds the record for the fastest spreading virus to date.
German teenager Sven Jaschen was arrested on May 7, 2004 for spreading 70% of all malware on the Internet at the time.
The coder admitted he'd written the viruses, known as Netsky and Sasser, but insisted he never intended harm: He saw himself as an avenger, a virus hunter. His fast-moving bugs were designed to infect computers in order to delete other viruses.
The high school student learned about viruses in a computer class he was taking. At the time, the virus MyDoom had just exploded onto the Internet, eclipsing I LOVE YOU as the fastest spreading bug. MyDoom's creator, believed to be a programmer in Russia, is unknown, but its effect was to spam millions of email boxes with the message "andy; I'm just doing my job, nothing personal, sorry." It seemed like a Distributed Denial of Service (DDoS) attack, aimed at companies, programmed to flood their systems with noise mail.
When MyDoom was launched on January 26, 2004, Jaschen was a 17-year-old novice programmer, and he took the virus as a call to arms. What if he could write a bug that would outpace MyDoom and delete it? He'd become a hacker hero.
The Terminator inspired Jaschen's first virus. Netsky gets its name from Skynet, the computer network that Arnold Schwarzenegger's android character fights in the Terminator movies. It was written in 2000 lines of code, which took the novice programmer weeks of after-school sessions to write. Netsky's mission was woven into the lines of code: "we are the skynet- you can't hide! - we kill malware writers (they have no chance!) - [LaMeRz—>] - MyDoom is a thief of our idea! —<-<- ->->"
Jaschen built Netsky in his parents' basement, where he chugged seltzer and listened to MTV. Netsky had some success at deleting MyDoom, until the virus writers caught on, and redoubled with new code. Jaschen countered with Sasser, which he released on his 18th birthday, April 29, and then went to sleep.
The next morning is when the anti-virus virus got out of control. Since it was crudely written by a newbie coder, it accidentally caused infected machines to reboot constantly. Jaschen tried to fix the bugs in his bug by releasing frantic follow-ups, but to no avail. Within 48 hours, Sasser infected 1.3 million PCs—especially groups of PCs linked together in Windows-based local area networks common in business offices.
Sasser halted rail service in Australia, paralyzed one third of Taiwan's post office, forced Finland's Sampo Bank to shut down 130 branches, and prompted Delta Airlines to cancel several transatlantic flights. Its effects were so intense, so fast, that many businesses opted to install a new Microsoft security patch immediately.
Police arrested Jaschen at his home on May 7. A year later he was sentenced to 21 months of probation, plus 30 hours of community service at a retirement home. Microsoft paid two of his high school classmates $250,000 for information leading to his arrest.
On September 1, 2004, just four months after his arrest for virus-making, 18 year old Jaschen was hired as an "ethical hacker" by Securepoint, a German security company.
Think of this virus next time you change clothes or share a bed in front of your laptop, edit private documents, or surf embarrassing websites: Poison Ivy may be watching. This "remote access Trojan" (R.A.T.) gives the hacker full control of the hijacked computer, to record or edit content—documents, pictures, passwords, online purchases—or even use the speaker and webcam to record audio and video.
Ivy can bring "eyes and ears" into your home, the way FBI surveillance characters do on the TV shows The Wire and Homeland—only this bug is wireless. It spreads by email, quietly infecting unsuspecting computers. You may be bugged without knowing it, as you read these words. Watch out.
Ivy has been used to infiltrate U.S. defense and chemical industries, according to the security firm Symantec. Nobody knows who created it, but it has been traced back to China—perhaps designed by Chinese hackers to spy on foreign governments.
Ivy is very much a DIY virus, popular with amateur hackers. YouTube tutorials show cyber voyeurs how to install and use Poison Ivy from home, after disclaimers like “don’t be dumb!” The PoisonIvy-RAT.com website provides support for users, led by a mysterious character called Codius, whose email address is email@example.com. So it’s not just China: Anybody with computer skills who wants eyes inside your computer has a tool to try.
Agent.btz sparked a security scare which forced the Pentagon to issue a temporary ban on thumb drives. The U.S. Cyber Command unit, a new military group to fight online spying, was created soon after, motivated by this worst-ever cyber breach. The outbreak started with a thumb drive left in the parking lot of a U.S. base in the Middle East.
Agent.btz spreads through infected thumb drives, installing software that steals data. It works by copying existing files and replacing them with viral software, while storing the original in the background. Foreign spies presumably designed the virus, as former Deputy Secretary of Defense William Lynn III claimed in Foreign Affairs in October 2010, when the issue was declassified. The bug invaded when it was inserted into laptop at the base, which was connected to and uploaded itself onto a network run by U.S. Central Command.
America’s traditional Middle Eastern enemies, like Al Quaeda, Iran, or Afghanistan, are obvious suspects. But the government either never learned the source of the thumb drive attack, or they never told us.
This little beauty was built by engineers working for the governments of the United States and Israel to fight the “bad guys.” Iran, to be specific.
Stuxnet was the first computer virus to cause damage not online or in computers, but in the outside world—by obstructing Iranian nukes from getting made. Stuxnet traveled by thumb drive, like agent.btz—only this time the victim wasn't U.S. Central Command, but Iran's nuclear program. The virus worked as military sabotage in ways that previously could only be done by physical bombing, rockets, or a human spy planting explosives or snipping wires.
Stuxnet targeted software controlling industrial systems in a uranium enrichment facility in Natanz, Iran. By mucking up machines, it made their centrifuges spin out of control and self-destruct, according to data from the International Atomic Energy Agency.
The New York Times described the virus's development through anonymous interviews with current or previous workers on the classified project. At Stuxnet's peak, soon after the virus spread beyond Iran and was discovered, it shut down around 1,000 of the 5,000 centrifuges at Natanz. U.S. officials argued that Stuxnet set the Iranian nuclear program back between 18 months and two years. Others consider this an overstatement, and caution that U.S. involvement in cyber-warfare may give our enemies justification for their own. The case has even been made that this cyber-weapon was a net benefit to Tehran.
Good or evil aside, Stuxnet set a new standard for cyber sabotage. In the evolution of computer viruses, Stuxnet is the bleeding edge. Begging the question: What's next?
[Image: Flickr user Mr.Roach]