Although this year has yet to come to an end, some of the malware has already earned themselves a title “the deadliest” of this year. They made the most appearance and inflicted the biggest damages to users around the world and as the year has not ended the cyber community awaits more from them. These are the most dreadful and dangerous malware that have a long history of preying on computers and users.
Below you will find the list of malware that can be considered the deadliest of this year and because they truly have the right to be called so.
This virus which in fact is a worm shows itself to be a very amiable kind of malware. The worm infects victims via email letters that have malicious attachment inside them, subject line which reads “ILOVEYOU” and a message in the main body of an email that goes “kindly check the attached LOVELETTER coming from me.” Once the victim opens the malicious attachment worm will resend the same email letters to everyone on the victim’s Microsoft Outlook address book.
The infection of ILOVEYOU virus results in deletion of MP3, JPEG and certain other files found on the victim’s hard disk. Because Microsoft Outlook is a very broadly used email management application inside many corporate networks across the globe the worm by infecting only one person in a company or organization can spread as fast as any other malware across the entire network thus bringing the most damage.
And in fact, on May 4, 2000 in just about ten days the ILOVEYOU virus managed to infect 45 million users and caused estimated financial losses of nearly $10 billion. The spread of infection was so much quick that one of the biggest enterprises like Microsoft, AT&T, the Ford Motor Company along with several government organizations such as parliaments in the U.K, Denmark, U.S. Army, CIA and Pentagon were forced to shut down for several days in order to take the spread of the virus under control.
ILOVEYOU also comes by the names “love bug worm” and “love letter virus” and as we said it is not the virus, but a worm that doesn’t need human interaction to spread other than for the user to open the malicious attachment. The worm doesn’t even need to attach itself to any specific software but rather it spreads via email more specifically using malicious email attachments. When a user clicks on such email attachment the virus instantly downloads itself into the targeted system and then starts to spread further across the network.
It is a kind of computer virus that attacks Windows operating systems (OS). The virus also goes by the names Kido, Downup or Downadup. Conficker exploits vulnerabilities in system programs and conducts dictionary attacks to get access to administrator password in order to spread further and thus creating a botnet. The first time Conficker was detected was in November 2008 and since then has become the biggest known computer infection after the Welchia infection in 2003.
The virus is hard to detect because it uses numerous advanced virus technologies and therefore Conficker managed to infect millions of computers globally. But even though it has such an immense scope of infection it doesn’t cause much damage or harm. The virus doesn’t delete or destroy data but it only has the main purpose of infecting as many Windows computers as possible. Specialists assume that one of the reasons why such a successful virus didn’t receive any additional functionality is because its developers simply had not dared to use it for more purposes in light of worldwide attention.
Specialists also assume that the name of the virus comes from the two words: English word “configure” and the German word “ficker” (which means “fucker” in English). But Joshua Phillips, an analyst from Microsoft gives another interpretation of the name. He suggests that the name of the virus comes from rearrangement of domain name trafficconverter.biz parts. The domain was used to update the early versions of Conficker.
Since its appearance the virus has managed to target several high profile entities including military of different countries, police and government. In January 2010 Conficker infected the Greater Manchester Police computer network. The police was forced to disconnect the affected network from the Police National Computer for 3 days during which the staff was asked to do the usual checks on vehicles and people.
On March 24, 2009 Conficker infected computers of the House of Commons. The specially issued memo of the UK Parliamentary ICT service warned users and called them not to connect any equipment to the infected network before the situation gets mitigated.
On February 2, 2009 Bundeswehr, the unified armed forces of Germany also became the victim of this malware when nearly 100 computers had been infected. The same month and year Conficker attacked the IT system of Manchester causing nearly 1.5 million pounds of financial losses. Specialists believe that the initial source of the infection was a USB flash drive and since then Manchester banned the usage of them.
Another targets of Conficker included Intramar, a French Navy computer network and NavyStar/N* desktops on multiple Royal Navy warships and submarines.
Even though the virus appeared long ago, specialists report that it still infects computers every year. The virus won’t cause much harm to your device like data loss, but it could significantly affect the performance of your computer like slowing it down and affect the general work performance as well.
This is another computer virus that targets Microsoft Windows. The first time it was detected was on January 26, 2004. Its names also include WORM_MYDOOM, Win32.Mydoom, W32/Mydoom@MM, Mimail.R, Shimgapi, Mimail.R and Novarg. Specialists estimated that the virus is the fastest spreading malware ever. They say it has surpassed even the previously set records by ILOVEYOU and Sobig worm creating a new record which is yet to be beaten in 2022.
MyDoom is a worm that spreads via emails which contain malicious attachments. These emails also have texts that read “andy; I’m just doing my job, nothing personal, sorry” . Once the attachment is opened the worm will spread further by sending the copies of an email to email addresses found in the local address book. Back in the days the worm managed to infect nearly 500 thousand computers globally.
The worm received its name from Craig Schmugar, an employee of computer security firm McAfee. Schmugar has been analyzing the code of the worm and noticed the text “mydom” which was inserted inside a line of the worm’s code. According to his own words “It was evident early on that this would be very big. I thought having ‘doom’ in the name would be appropriate”. The very first analysis of the malware brought to the idea that it is one of the variants of the Mimail worm; that’s where researchers speculated that the same developers were responsible for the creation of both malware.
Early, many security firms held a belief that the worm originated from Russia, but today the actual author of the malware is still unknown. It appears that the sole purpose of the worm’s creation was to send bulks of spam emails through all infected computers, but the case with SCO Group showed another variant of the worm’s genuine purposes. MyDoom attacked the American software company with a distributed denial-of-service attack and this event even sparked debate on whether the attackers could be someone from Linux or other open source supporter in the light of the Group’s legal actions against Linux.
But this theory was rejected by security researchers. Later the theory was also disproved by law enforcement agencies which were investigating the case and subsequently attributed the responsibility for the attack to organized online crime gangs. The worm doesn’t target certain universities and companies as well.
This is a particular virus that ordinary users don’t have the need to worry about because it only targets critical industries like defense, electrical grids and power production. It’s a peculiar characteristic of this kind of malware to target infrastructures rather than making, for example, money extortions. The malware gained its fame in 2010 after Stuxnet had attacked Iran’s nuclear facilities. It is believed that the worm was developed by Israeli intelligence, the CIA and the U.S. National Security Agency. It is the first known malware capable of damaging hardware.
In 2010 at the Iranian nuclear facilities Stuxnet attacked the programmable logic controllers (PLCs) that were used to automate machine processes. Reportedly, the malware damaged multiple centrifuges in Iran’s Natanz uranium enrichment facility making them just burn themselves out. Since the famous attack the worm mutated to create several other similar variants of malware that can target different kinds of critical industries and energy-producing facilities such as gas lines, power plants, water treatment plants, etc.
Stuxnet was carried on a USB stick and spread itself via Microsoft Windows computers. Every infected PC the virus scanned for Siemens Step 7 software which is used for automation and monitoring of electro-mechanical equipment. After it had found these computers the malware received the update over the internet and started to send damaging instructions to the targeted electro-mechanical equipment. To cover its malicious activity the malware sent fake feedback to the main controller so that the person in charge of monitoring the equipment would not notice anything going wrong.
Although Stuxnet was reportedly set to expire in 2012, the malware has left some legacy behind. Its original code was used to create similar malware like Triton (2017), Industroyer (2016), Havex (2013), Flame (2012) and Duqu (2011).
This is a ransomware that encrypts your files and demands ransom payments to regain access to the lost files. This ransomware mainly spreads via phishing emails that contain its malicious attachment. Usually the emails are designed to look like legitimate correspondence from UPS or FedEx. Users who receive such emails are expected to click on a malicious attachment to initiate the infection. After successful infection is done the victims are then asked to pay the ransom. CryptoLocker was mainly active throughout the period from early September 2013 to late May 2014.
Specialists identified this ransomware as trojan virus (malicious program that pretends to be useful and helpful). Its targets were computers running different versions of Windows. The initial access was gained via malicious emails that were disguised as coming from UPS or FedEx. Once this access was received the ransomware began to look for data and files to encrypt such as network file shares, external hard drives, USB drives, shared network drives and even cloud storage drives. In November, 2013 CryptoLocker managed to infect nearly 34,000 computers, most of them belonging to English speaking countries. Specialists released a free encryption tool in 2014, but different reports say that before the key the ransomware already managed to extort nearly $27 million.
It is one of the oldest self replicating computer worms that back in the days, more precisely in 1988 caused denial-of-service for nearly 10% of the 60,000 machines that were connected to ARPANET. The worm was written by Robert Tappan Morris, a student at Cornell University. On November 2, 1988 he released the worm from MIT. To spread the Morris Worm used vulnerabilities in UNIX send mail, rsh/rexec, finger while also guessing weak passwords. During the infection process the worm checks if the current machine has not been already infected and reinfects it again up to seven times to ensure the user could not have the possibility to create a fake Morris Worm process and to pretend to be infected by the worm. In 1991 The United States v. Morris court case convicted Robert Tappan Morris under the 1986 Computer Fraud and Abuse Act which resulted in a sentence of him spending three years in prison.
Another old school virus that was active in early 1999. This mass-mailing macro virus targeted Outlook-based systems and Microsoft Word based systems. At that time it was the fastest spreading malware that for the first time brought the general awareness about all possible damages and risks of unsolicited emails. At the same time the virus became the prototype for all other kinds of malware. Melissa brought such devastating issues that just a few months after its first time rampage the virus creator was arrested and received a sentence in prison. Also, the Federal Bureau of Investigation (FBI) started a new national Cyber Division that was solely focused on online crimes. The virus managed to infect up to hundreds of networks among them Microsoft and the United States Marine Corps.
The very first virus to target enterprise networks on a large scale. Virus appeared on July 15, 2001 and attacked computers that were running with Microsoft’s IIS web server. eEye Digital Security employees Ryan Permeh and Marc Maiffret were the first ones who discovered and made research on the virus. A vulnerability which this virus exploited was discovered by Riley Hassell. The virus received its name after the Mountain Dew Code Red drink that the researchers were drinking at the time of working with this malware. The worm was released on July 13 and by July 19, 2001 Code Red had infected nearly 359,000 hosts.
The Zeus Trojan is a collection of malicious programs that can conduct various malicious tasks like collecting sensitive information, spying on you and infecting the targeted machine in order to create a botnet of the same infected computers that could be controlled remotely. In 2011 someone leaked the source code for Zeus and later many Zeus-based malware were spreading causing damage. The peak of activity for Zeus was in the early 2010 making it one of the most notorious malware ever existed.
Zeus is a Trojan kind of malware meaning it pretends to be some useful and popular program, but instead it hides within itself the malicious payload. Zeus has the two main ways of infecting its victims — via phishing emails and malicious downloads. In phishing attacks people are lured to open the malicious attachment and thus activate the malicious payload. In other cases the Zeus phishing emails contain malicious links to infected websites. Once the victim clicks either on malicious attachment or link the Zeus payload gets downloaded. The malware sometimes may reside in malicious online ads that once a user clicks on them the malware downloads itself onto their computer. In addition to these infection vectors there is also a malicious website which infects users with the malware when they visit it besides it also other legitimate looking malicious downloads exist.
Initially the main purpose for cybercriminals to develop Zeus was to steal sensitive banking information. In 2009 Zeus attacked Amazon, NASA, Bank of America and various other companies/ organizations. Specialists estimated that at that time the malware managed to infect up to 3.6 million computers of all targets. In 2010 the FBI successfully investigated the Zeus malicious operations which led to the arrest of over 100 people in Ukraine, the US and the UK. Before the arrest the group behind Zeus managed to steal over $70 million from their victims.
Although the malware was stopped it spawned its own predecessors like Terdot, Atmos, Citadel, Cthonic and even Gameover ZeuS botnet. All of them used Zeus code and botnet is based the most on it. Gameover ZeuS botnet was often employed to send phishing emails or spam or in other cases to conduct DDoS attacks.MalwareTrojan VirusVirus