Most Expensive Computer Viruses of All Time

When talking about the most expensive computer viruses of all times its important to understand that from time to time the cyberspace experiences different security challenges. One of the foremost challenge has been the computer virus. If you scan through the World Wide Web, you would come to know about thousands of different computer viruses. However, from such a huge list only few have been successful in affecting computer systems and networks globally. Only few have succeeded in causing damages worth billions of dollars. This article presents the list of 5 most expensive computer viruses of all time.

1. MyDoom- over $38.5 billion in damages

Mydoom is primarily transmitted via e-mail, appearing as a transmission error, with subject lines including "Error", "Mail Delivery System", "Test" or "Mail Transaction Failed" in different languages, including English and French. The mail contains an attachment that, if executed, resends the worm to e-mail addresses found in local files such as a user's address book. It also copies itself to the “shared folder” of peer-to-peer file-sharing application KaZaA in an attempt to spread that way.

Mydoom avoids targeting e-mail addresses at certain universities, such as Rutgers, MIT, Stanford and UC Berkeley, as well as certain companies such as Microsoft and Symantec. Some early reports claimed the worm avoids all .edu addresses, but this is not the case.

The original version, Mydoom.A, is described as carrying two payloads:

• A backdoor on port 3127/tcp to allow remote control of the subverted PC (by putting its own SHIMGAPI.DLL file in the system32 directory and launching it as a child process of the Windows Explorer); this is essentially the same backdoor used by Mimail.
• A denial-of-service attack against the website of the controversial company SCO Group, timed to commence 1 February 2004. Many virus analysts doubted if this payload would actually function. Later testing suggests that it functions in only 25% of infected systems.

A second version, Mydoom.B, as well as carrying the original payloads, also targets the Microsoft website and blocks access to Microsoft sites and popular online antivirus sites by modifying the hosts file, thus blocking virus removal tools or updates to antivirus software. The smaller number of copies of this version in circulation meant that Microsoft's servers suffered few ill effects

2. SoBig - $37 Billion in damages

The Sobig Worm was a computer worm that infected millions of Internet-connected, Microsoft Windows computers in August 2003.

Although there were indications that tests of the worm were carried out as early as August 2002, Sobig.A was first found in the wild in January 2003. Sobig.B was released on May 18, 2003. It was first called Palyh, but was later renamed to Sobig.B after anti-virus experts discovered it was a new generation of Sobig. Sobig.C was released May 31 and fixed the timing bug in Sobig.B. Sobig.D came a couple of weeks later followed by Sobig.E on June 25. On August 19, Sobig.F became known and set a record in sheer volume of e-mails.

The worm was most widespread in its "Sobig.F" variant.

Sobig is not only a computer worm in the sense that it replicates by itself, but also a Trojan horse in that it masquerades as something other than malware. The Sobig.F worm will appear as an electronic mail with one of the following subjects:

• Re: Approved
• Re: Details
• Re: Re: My details
• Re: Thank you!
• Re: That movie
• Re: Wicked screensaver
• Re: Your application
• Thank you!
• Your details

It will contain the text: "See the attached file for details" or "Please see the attached file for details." It also contains an attachment by one of the following names:

• application.pif
• details.pif
• document_9446.pif
• document_all.pif
• movie0045.pif
• thank_you.pif
• your_details.pif
• your_document.pif
• wicked_scr.scr

3. ILOVEYOU - $15 Billion in damages

ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after 5 May 2000[1] local time in the Philippines

Common name	Love Letter
Type	Computer worm
Point of origin	Philippines
Operating system(s) affected	Windows 95, Windows 98, Windows NT, Windows 2000
Written in	VBScript

when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The latter file extension (in this case, 'VBS' - a type of interpreted file) was most often hidden by default on Windows computers of the time, leading unwitting users to think it was a normal text file. Opening the attachment activated the Visual Basic script. The worm did damage on the local machine, overwriting random types of files (including Office files, image files, and audio files; however after overwriting MP3 files the virus would hide the file), and sent a copy of itself to all addresses in the Windows Address Book used by Microsoft Outlook. In contrast, the Melissa virus only sent copies to the first 50 contacts.

4. Conficker - $9.1 Billion in damages

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008.It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 Welchia

Aliases	Mal/Conficker-A (Sophos) Win32/Conficker.A (ESET) Win32/Conficker.A (CA) W32.Downadup (Symantec) W32/Downadup.A (F-Secure) Conficker.A (Panda) Net-Worm.Win32.Kido.bt (Kaspersky) W32/Conficker.worm (McAfee) Win32.Worm.Downadup.Gen (BitDefender) Win32:Confi (avast!) WORM_DOWNAD (Trend Micro) Worm.Downadup (ClamAV)
Classification	Unknown
Type	Computer virus
Subtype	Computer worm

5. Code Red - $2 Billion

Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server.

The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh, the Code Red worm exploited a vulnerability discovered by Riley Hassell. They named it "Code Red" because Code Red Mountain Dew was what they were drinking at the time.[1]

Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000

Common name	Code Red
Technical name	CRv and CRvII
Type	Server Jamming Worm
Isolation	July 15, 2001

The payload of the worm included:

• defacing the affected web site to display:

HELLO! Welcome to http://www.worm.com! Hacked By Chinese!

• Other activities based on day of the month:
• Days 1-19: Trying to spread itself by looking for more IIS servers on the Internet.
• Days 20–27: Launch denial of service attacks on several fixed IP addresses. The IP address of the White House web server was among those.
• Days 28-end of month: Sleeps, no active attacks.

When scanning for vulnerable machines, the worm did not test to see if the server running on a remote machine was running a vulnerable version of IIS, or even to see if it was running IIS at all. Apache access logs from this time frequently had entries such as these:

GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNN

%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801

%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3

%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0

The worm's payload is the string following the last 'N'. Due to a buffer overflow, a vulnerable host interprets this string as computer instructions, propagating the worm.

About the Author : Indranath Mitra (Partner, Star Softwares) I discussed about the Most Expensive Computer Viruses of All Time. Now that you have a better understanding of these risks, what options do you have to better protect your PC against them?