Tech feature: 10 computer virus attacks that made news

Jan 19, 2017, 09:00 IST | mid-day online correspondent

The first IBM PC computer virus dubbed Brain, was released on this day in 1986.. On this occasion, we look at other computer malware that wreaked havoc in cyberspace over the years

Computer virus attacks
Representational picture

Brain: The Brain boot sector virus also known as Pakistani Brain, and Pakistani flu was created in 1986 in Lahore, Pakistan by 19-year-old programmer Basit Farooq Alvi, and his brother, Amjad Farooq Alvi. It was the first IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. Brain affects the IBM PC computer by replacing the boot sector of a floppy disk with a copy of the virus. The real boot sector is moved to another sector and marked as bad. Infected disks usually have five kilobytes of bad sectors. The disk label is changed to ©Brain with a modified message. The virus came complete with the brothers' address and three phone numbers, and a message that told the user that their machine was infected and to call them for inoculation. When the brothers began to receive a large number of phone calls from people in United States, United Kingdom and elsewhere, demanding that they disinfect their machines, they were stunned and tried to explain to the outraged callers that their motivation had not been malicious.

ILOVEYOU: Also known as as Love Letter, or VBS, or Love Bug worm, it it infected millions of Windows computers worldwide within a few hours of its release on May 5, 2000. Created by a Filipino computer science student, the ILOVEYOU is considered to be one of the most damaging worms ever. The worm, started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The .vbs file extension was most often hidden by default on Windows computers of the time, leading unwitting users to think it was a normal text file. Opening the attachment activated the Visual Basic script, which did damage on the local machine, overwriting image files, and sent a copy of itself to all addresses in the Windows Address Book used by Microsoft Outlook.

Michelangelo: First discovered in February 1991 the virus was programmed to activate on March 6 every year, the birthday of Renaissance artist Michelangelo. Although designed to infect DOS systems, the virus can easily disrupt other operating systems installed on the system since, like many viruses, the Michelangelo infects the master boot record of a hard drive. Once a system became infected, any floppy disk inserted into the system became immediately infected. The Michaelangelo virus first came gained widespread international attendance in January 1992, when it was revealed that a few computer and software manufacturers had accidentally shipped products infected with it. According to the mass media hysteria, a digital apocalypse was expected on March 6, with millions of computers having their information wiped. However, on that day only 10,000 to 20,000 cases of data loss were reported. In later years, users were advised not to run their computers on March 6. Eventually, the news media lost interest, and the virus was quickly forgotten.

Creeper: Generally accepted as the first computer virus, the Creepers system was an experimental self-replicating program written in 1971 by Bob Thomas at BBN Technologies. Thomas wanted to test mathematician John von Neumann's 1949 "Theory of self-reproducing automata", which was a design for a self-reproducing computer program causing many to consider him the theoretical father of computer virology. Creeper infected DEC PDP-10 computers running the TENEX operating system by gaining access via the ARPANET and copying itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed. Bob Thomas designed Creeper to demonstrate a mobile application. The Reaper program was later created to delete Creeper.

Elk Cloner: This 1981 program created by American computer programmer Richard Skrenta, then a 15-year-old student as a prank was written for Apple II systems. It is one of the first known microcomputer viruses that spread "in the wild", i.e., outside the computer system or laboratory in which it was written. The Elk Cloner virus attached itself to the Apple II operating system and spread by floppy disk. It is considered the first known version of a boot sector virus. It's design design combined with public ignorance about what malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history.

Pikachu: The Pikachu virus, also known as the Pokey virus was the first computer malware to be targeted towards children. Disguised as an email message with an attachment of a pensive Pikachu image, a popular character from the Japanese animated series, 'Pokemon', it also contained a program, written in Visual Basic 6 that modifies the AUTOEXEC.BAT file and adds a command for removing the contents of directories C:\Windows and C:\Windows\System at computer's restart. But, a message would pop up during startup, asking the user if they would like to delete the contents. The affected operating systems are Windows 95, Windows 98 and Windows Me.

Conficker: This virus infects anywhere from 9 to 15 million Microsoft server systems running everything from Windows 2000 to the Windows 7 Beta. Among those affected were the French Navy, UK Ministry of Defence (including Royal Navy warships and submarines), Sheffield Hospital network, German Bundeswehr and the Norwegian Police. A bounty of USD 250,000 was set by Microsoft, for information leading to the capture of the worm's authors. Five main variants of the Conficker worm are known and have been dubbed Conficker A, B, C, D and E, which were discovered 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, respectively. Microsoft released the KB958644 on December 16, 2008, patching the server service vulnerability responsible for the spread of Conficker.

Flame: Also known as Flamer, sKyWIper and Skywiper this modular computer malware was discovered in 2012. It is being used for targeted cyber espionage in Middle Eastern countries and has been called by experts as, "the most sophisticated malware... arguably, it is the most complex malware ever found." Flame attacks computers running the Microsoft Windows operating system and can spread to other systems over a local network (LAN) or via USB stick. It can record audio, screenshots, keyboard activity, network traffic, Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices. This data, along with locally stored documents, is sent on to one of several command and control servers that are scattered around the world. The program then awaits further instructions from these servers.

CryptoLocker: This Trojan Horse, discovered on September 2013 encrypts the files on a user's hard drive, then prompts them to pay a ransom to the developer in order to receive the decryption key, making it the first true ransomware.

Regin: This Trojan Horse named after the Norse Mythology character Regin, first came to prominence in November 2014 when it primarily spread via spoofed Web pages. Once downloaded, Regin quietly downloads extensions of itself, making it difficult to be detected via anti-virus signatures. It is suspected to have been created by the United States and United Kingdom over a period of months or years, as a tool for espionage and mass surveillance.

Did you know?
American computer scientist Frederick B. Cohen coined the term 'virus' to describe self-replicating computer programs in 1983. Cohen used the phrase "computer virus" for the first time in 1984 as suggested by his teacher Leonard Adleman to describe the operation of such programs in terms of "infection". Frederick Cohen defined a virus as a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself. He demonstrated a virus-like program on a VAX11/750 system at Lehigh University. The program could install itself in, or infect, other system objects.

Go to top