Significant Worm and Virus Attacks of The Decade

We certainly thought viruses and digital exploits were a nuisance throughout the 1990s. But there was nothing like the Morris worm that played havoc on Internet users on November 2, 1988. That all changed in the spring of 2000, and what a can of worms the oughts turned out to be. And how quaint the malware of the 1990s looks in comparison.

4 Min Read
Dark Reading logo in a gray background | Dark Reading

We certainly thought viruses and digital exploits were a nuisance throughout the 1990s. But there was nothing like the Morris worm that played havoc on Internet users on November 2, 1988. That all changed in the spring of 2000, and what a can of worms the oughts turned out to be. And how quaint the malware of the 1990s looks in comparison.It was May 2000 when one of the most costly worms of all time struck. And it struck hard. It was the ILOVEYOU worm. I remember booting my PC that morning to find dozens of notes from associates, sources, PR professionals, and co-workers all professing their love for me within the e-mail's subject line. This bug purportedly cost billions to cleanup, by at least one estimate. Computer users hadn't seen anything like it in roughly 12 years. Then, it wasn't until the summer of the following year, July 13, 2001 when the Internet Went Red with another worm, Code Red. The following month, Code Red II struck. And then on September 18, 2001 - as if the country didn't have enough to deal with that week - the Nimda worm struck and infected systems through various vulnerabilities in Windows and backdoors left by Code Red II.

These worms, and their associated hits to productivity and costs to cleanup had caused Microsoft an extraordinary amount of embarrassment. And this led to, in large part, the beginning of that company's Trustworthy Computing Initiative. We covered the beginnings of that movement in this lead news story, Software's Challenge. In those days, malware was highly visible and often deliberately destructive, and the reputation of Microsoft took a hard hit. Today, thanks to its secure coding efforts, Microsoft arguably has the most advanced secure software development practices in place. While flaws are still many, Microsoft has the development processes in place most any ISV could learn from. Although there's plenty of work left undone, to say the least.

Those infamous worms of 2000 and 2001 where quickly followed by a pair of equally infamous worms in 2003. First up, in January of that year, was the SQL Slammer worm, which exploited vulnerabilities in Microsoft SQL Server and MSDE, and caused significant disruption across the Internet. Then in August came Blaster, which struck the same week as the serious NYC blackout.

In the next year, the face of worms would change dramatically with the release of Santy. Santy, was one of the first - if not the first - web worm and propagated through a phpBB vulnerability and found potential victims through Google. It's estimated that more than 40,000 sites were infected by Santy.

While botnets had been a problem since the infamous distributed denial-of-service attacks that temporarily shut down major online properties in 2000, such as CNN and Yahoo, it wasn't until the Storm Worm began propagating in January 2007, social engineering its targets to open an e-mail promising information about a significant storm that had gone through Europe. Users who opened the e-mail and became infected by the payload became part of a huge botnet, up to 10 million systems by the fall of 2007.

The storm worm was followed that same year by Conficker (or Downadup), which became the most significant computer worm since 2003's SQL Slammer, with millions of infected systems around the world, and major updates to the worm occurring through April of this year. The most recent version, known as Conficker E installs a spambot and a copy of a scareware package. In fact, throughout 2009, rogueware and infected web sites went off of the charts.

The biggest change in malware, over the past decade, has been its evolution from viruses and worms that propagated for the sake of propagation or the destruction of data - as they did for about 15 years - to vast silent infections, spyware, and botnets developed for profitability and to become lasting Internet fixtures.

What will the next decade in malware bring? More of the same, only slightly different. Here are a few predictions:

"Malware will grow even more stealthy, with the authors' goal to improve the processes associated with infecting as many systems as possible, for as long as possible without detection. That means more botnets, rootkits, and Trojans. We won't see many more Code Red or SQL Slammer type outbreaks.

Professional attackers will increasingly turn to specialized, highly-targeted attacks designed to compromise an individual, or specific organization.

Malware will have greater impact on physical devices. Think hacking the smart grid and medical devices.

Counterfeit software and hardware will become significant security issues.

At the 2020 RSA Security Conference, Art Coviello will once again give a keynote suggesting that information security needs to be woven into the fabric of the IT infrastructure. It won't happen. IT security efforts will continue to play perpetual catch-up with both new technologies and attack techniques.

"

For security and business-technology observations throughout the day, follow me on Twitter.

About the Author

George V. Hulme, Contributing Writer

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights