Saturday 23 June 2012

The Coolest Malware of All Time

For the last couple of weeks, businesses around the world have reported their printers have been spewing out countless sheets of paper with only garbage characters printed on them. Turns out, a little virus called Trojan Milicenso was to blame.

According to Symantec, the virus was designed primarily as a delivery method for other malware--typically adware, but, because of a coding fluke, has caused some infected computers to go bonkers on the printer. Admittedly, it's a kind of cool little quirk. 

And this got me thinking. What are the coolest pieces of malware of all time? I know, I know, when you're the one with the infected computer, it's never "cool" to have malware. But, from an outside perspective, you've got to admire the ingenuity behind some of this software, as damaging as it can be. So without further ado, here is The Coolest Malware of all Time:

The Creeper

The granddaddy of all malware, Creeper was the worm that started it all. Written and deployed in 1971 by an engineer named Bob Thomas, Creeper was released on Arpanet – the precursor to the internet. In total fairness, Creeper is not technically malware since it was never designed to actually do any kind of harm – it was merely an experiment in mobile programs. That said, it is the program all other viruses, worms, and Trojans are based off of, so it’s definitely worth noting.
The Creeper was named after a
Scooby Doo villain

The worm infected DEC PDP-10 minicomputers and caused them to display the message, “I’m the creeper, catch me if you can!” Appropriately, a program called “Reaper” was written and deployed to wipe out Creeper.


NIMDA (admin read backwards) was the fastest spreading computer malware ever. And when we say fast, we mean fast. Within 22 minutes of hitting the internet, NIMDA hit the top of the list of reported attacks, becoming the world’s most widespread worm.

The brilliance behind NIMDA was the ways it propagated. Where most malware spread through only one avenue, NIMDA took a multi-pronged approach, spreading through email, shared files, Microsoft IIS security holes, and file transfers. Furthermore, NIMDA would infect thousands of files on each system and even re-infect files already carrying the worm several times over, making it very difficult to get rid of.

NIMDA’s ultimate goal was to create a backdoor for the malware’s author to access the infected computer. However, the real damage was felt in networks being brought to a standstill and entire servers crashing from the heavy traffic load. NIMDA essentially became a mobile Distributed Denial of Service attack.


Commwarrior-A was the first actually relevant virus for mobile devices. Where previous pieces of malware could only spread via Bluetooth (you had to be near another phone to infect it), Commwarrior-A was capable of spreading among Samsung Symbian Series 60 phones through the Mobile Messaging System (MMS). In this way, Commwarrior-A acted a lot like traditional computer viruses that were frequently transmitted in emails. In the end, Commwarrior-A only infected about 50 cell phones and because it didn’t carry a payload, it’s largely believed it was a proof-of-concept, setting the stage for future mobile malware.


Often referred to as “Love Letter”. ILOVEYOU originated on May 5, 2000 in the Philippines and would ultimately spread to tens of millions of computers worldwide through a blank email with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt."

I never knew you felt this way!
Once the probably lonely message receiver opened the attachment, ILOVEYOU would install and begin writing over image files on the infected computer with copies of itself. The worm would then propagate by sending the original email message to the first 50 contacts in Microsoft Outlook’s Address Book.

Entire governments had to shutdown their email systems and billions were spent in response to the damage ILOVEYOU caused. (Most of the money was spent trying to recover overwritten files.)


If you haven’t heard about this, you’ve been living under a rock. Stuxnet was the U.S.-Israel project codenamed “Olympic Games” designed to take out Iran’s uranium enrichment facilities.

Iran’s uranium enrichment facilities – specifically the Natanz facility – consist of large underground centrifuges operated by control systems. If a control system could be compromised, a virus could damage the centrifuge. This is exactly what Stuxnet did.
Centrifuges at the Natanz Uranium Enrichment Facility

The malware was injected originally by a combination of spies and “unwitting accomplices” through a thumb-drive and would subsequently spread through windows networks and into Siemens industrial software. Once installed, Stuxnet would quietly record what normal enrichment activity looked like, send centrifuges spinning out of control and send back false reports of normal operation. Consequences? The damage caused by Stuxnet forced the head of Iran's Atomic Energy Organization, Gholam Reza Aghazadeh, to resign and it’s estimated that the program successfully destroyed about 1,000 of the 6,000 centrifuges.

No comments:

Post a Comment