Most Famous Viruses of All Time

1. Loveletter ILOVEYOU

Loveletter ILOVEYOU is one of the most well-known and in 2000 it was the most damaging malware event of all time.

The virus came in an email with a subject line that said “I love you”. in today’s time we most probably won’t open this kind of mail but in 2000 people was unaware of this kind of threats an opened it. As a curious people were clicking on it and opened attachment called ‘LOVE-LETTER-FOR-YOU.TXT.vbs’. ILOVEYOU overwrote system files and personal files and spread itself over and over and over again. Loveletter opens the Outlook email program, and scans for email addresses in the Address book. It sends the email with an attached copy of itself

ILOVEYOU was so effective it actually held the Guinness World Record as the most ‘virulent’ virus of all time.

2. MY DOOM

MyDoom is considered to be the most damaging virus ever released and it holds a record, just like ILoveYou, as a fastest spreading virus of all time. It hits big known companies like Microsoft and SCO with Distributed Denial of Services attack.

Beside that MyDoom targeted big tech companies it also spammed junk mail through infected computers, with the text “andy; I’m just doing my job, nothing personal, sorry”.

It caused slowdowns of internet traffic worldwide.

3. CryptoLocker

Cryptolocker ransomware was a cyber attack that is used infected email attachments and spreading trough existing botnet. When activated this ransomware encrypts files on local and shared drives, and displayed a message which offered to decrypt the data if a payment was made. There was no guarantee that payment would release the encrypted content.

Code of a virus

“First, the virus determines if it is to spread; if so, it locates a set of target files it is to infect, and copies itself into a convenient location within the target file. It then alters portions of the target to ensure the inserted code will be executed at some time. For example, the virus may append itself just beyond the end of the instruction space and then adjust the entry points used by the loader so that the added instructions will execute when the target program is next run. This is the infection phase It then performs some other action (the execution phase). Finally, it returns control to the program currently being run. Note that the execution phase can be null and the instructions still constitute a virus; but if the infection phase is missing, the instructions are not a virus.”

HOW TO FIGHT

10 Steps to Cyber Security

The National Cyber Security Centre recommends you review this regime — together with the nine associated security areas described below, in order to protect your business against the majority of cyber attacks.

1. Network Security

Protect your networks from attack. Defend the network perimeter, filter out unauthorized access and malicious content. Monitor and test security controls.

2. User education and awareness

Produce user security policies covering acceptable and secure use of your systems. Include in staff training. Maintain awareness of cyber risks.

3. Malware prevention

Produce relevant policies and establish anti-malware defenses across your organization.

4. Removable media controls

Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system.

5. Secure configuration

Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.

6. Managing user privileges

Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.

7.Incident management

Establish an incident response and disaster recovery capability. Test your incident management plans. Provide specialist training. Report criminal incidents to law enforcement.

8. Monitoring

Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyse logs for unusual activity that could indicate an attack.

9. Home and mobile working

Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices. Protect data both in transit and at rest.

Set up your Risk Management Regime

Assess the risks to your organization’s information and systems with the same vigor you would for legal, regulatory, financial or operational risks. To achieve this, embed a Risk Management Regime across your organization, supported by the Board and senior managers.