Released onto the Internet in August 2003, the blaster virus exploited a flaw in Windows to spread itself across the net. The virus, also known as MS-Blast contained the hidden message “billy gates why do you make this possible? Stop making money and fix your software” and was programmed to launch a denial of service attack on Microsoft’s Windows Update web site on August 16. Initially Blaster was able to slip past most anti-virus software, making clear the need for firewalls even on home computers.

First identified in mid-January 2004 the Bagle virus was a fairly standard affair, arriving as an ambiguously named email attachment it infected the machines of those foolish enough to open it and proceeded to email copies of itself to any addresses it found on the local hard drive. The original virus appears to have been little more than a proof of concept, since it did no real damage and featured a built-in expiry date. However, it was subsequently modified and the numerous variants that followed were able to cause significant damage and allow hackers to remotely control infected machines.

Released at the end of January 2004, MyDoom quickly became the fastest spreading virus ever. Disguised as a harmless email attachment the virus was design to launch a denial of service attack on the website of IT company SCO. In a possible attempt to avoid early detection, the virus was deliberately programmed to avoid infecting government and military computers.

When it was launched in February 2004 the original Netsky was a relatively tame email virus which did little more than slow networks by clogging them up with mass emails. However, the potential of Netsky was seized upon by virus writers who produced no less than 30 variants of the programme, capable of causing far greater damage than the original. It is believed that the more recent Sasser virus is a variant of Netsky.

Although it did not achieve the same levels of publicity as the more widespread viruses, when Witty was discovered in March 2004 it caused a lot of problems for some people. Witty was notable in that it was one of the few viruses to actually attempt to destroy infected machines. Most viruses use infected machines to spread themselves further and although they may sometimes destroy data, they ultimately need the machine to keep on running. Witty used infected machines to distribute itself for only a short period and then set about attempting to crash the system.

Sasser hit the web in May 2004. Although it has many of the characteristics of the infamous Blaster virus, many experts pointed to the fact that the underlying code had more in common with Netsky, prompting speculation that Sasser was either produced by the same author or is a variant thereof. Sasser exploits a Windows vulnerability to copy itself onto un-patched PCs. Once it infects a machine, the virus then begins to scan the network for other unprotected PCs to attack. It is this scanning, rather than any deliberately destructive action, that causes infected machines to become unstable. At the time of writing no Sasser variants had been produced, but it is almost certain that virus writers will modify its code to produce a more damaging version.

Related Posts: