Five viruses that changed computing history

In the past ten years, cyber crime has evolved. Attacks have gone from electronic infections which were often unleashed by accident to carefully targeted attacks used not just by criminals but by nations.

Britain's foreign secretary William Hague said this week, "It has never been easier to become a cyber criminal. Today, such attacks are crisscrossing the globe from north to south and east to west - in all directions, recognising no borders, with all countries in the firing line."

In just a few years, viruses, worms and trojans have gone from being a sort of digital spray-can that geeky vandals used to leave their mark on the world - to a terrifying weapon whose full potential has not yet been unleashed.

[Related: Is the world on the brink of cyber war?]

Below are five landmark attacks which show how hackers have evolved from mere pranksters to digital gangsters - and how much damage their attacks have caused.



Melissa – 1999

Damage: Email systems crash worldwide
Motivation: Vandalism

The Melissa virus was typical of earlier viruses – a kind of electronic vandalism, written by lone hackers, and designed to secure fame for their geeky creators. But Melissa arrived just as the internet made this sort of 'playful' attack horribly destructive.

Named after a Miami stripper, the Melissa virus spread so rapidly that it brought down email servers around the world, including Microsoft’s. It caused £48 million (€59m) worth of damage.

It spread via a document that supposedly offered passwords to pornographic websites. Its creator, David L Smith, made no money at all from Melissa, but detectives rapidly traced the virus back to him from a post he made on a sex forum, and he was sentenced to 20 months in prison.


                                         [Related: Watch Cybergeddon here]

Zeus – 2006
Damage:  Multiple cyber bank robberies, including one $78 million (£48m / €59m)
Motivation: Theft

The Zeus trojan marked a new dawn for malicious software. It's not designed to crash machines, or win notoriety for teenage hackers. The Trojan – spread largely through infected emails - is designed to infect machines and remain there, unseen, stealing information and then money.

In one attack on banks, hackers stole $78 million. Six years later, it’s still running rampant around the world, in new ‘stealth’ versions that are ever more difficult to detect. Customised versions of Zeus are still sold today on illegal cybercrime forums in Russia and around the world.

Several million PCs in the U.S. are still infected with Zeus, including thousands within major companies.
The trojan records key strokes from infected PCs, and has been used to steal information from companies around the world including dozens of banks, Nasa, and Amazon.

‘It was only a matter of time before someone sought to make money off their skills,’ says Norton’s Director of Security, Kevin Haley. ‘Criminal entrepreneurs stepped it up. The second half of the 2000s brought an explosion of banking Trojans. Crime paid.’

Koobface – 2009
Damage: Thousands of stolen bank details, earning $1 million (£600k / €760k) a year
Motivation: Theft

The Koobface worm earned its creators $1 million a year, and ushered in a new era for PC infections – with attacks that spread rapidly through social networks. Koobface is an anagram of ‘Facebook’ – a tribute to  how the worm spread. Today, attacks which spread through contaminated links on Facebook and Twitter are common.

Links to videos would prompt users to download a new version of their video player – actually a worm that infected their computer, which earned money by stealing bank details. This sort of attack has become increasingly common.

‘The Facebook system doesn’t really filter malicious postings,’ says Tom Beale, an security expert who works preventing cyber attacks at Vigilante Bespoke. ‘Your only defence is thinking, “Would they really post that?”

The ‘Koobface’ gang, which distributed malicious software via fake links on Facebook, are said to be ‘adult’ webmasters from St Petersburg in Russia. Their network of compromised PCs was estimated to be earning $1 million a year, by siphoning off bank details.

But despite Facebook taking the unusual step of publishing addresses, office details and even photographs of the alleged criminals, none has ever been prosecuted.

Hydraq - 2010
Damage: Possibly billions in stolen corporate secrets
Motivation: Corporate espionage

‘Hydraq wasn’t the first time malware was used for industrial espionage, but as recent events have made clear, it was also not the last,’ says Kevin Haley, Norton’s director of security response.

The Hydraq Trojan appeared on computers owned by Google employees in China, and stole information including details from human rights activists.

It was widely thought to have been part of a state-sponsored attack on Western businesses. Twenty companies were reportedly targeted in the same attack.

Google said it was hit by a ‘highly sophisticated and targeted attack on our corporate infrastructure’. Part of it was aimed at the Gmail accounts of ‘Chinese human rights activists’. Google withdrew its search business from China shortly afterwards.



Stuxnet - 2010
Damage: Attack on Iranian nuclear plant
Motivation: Cyber warfare

The Stuxnet worm appeared in computer equipment in Iran’s Busehr nuclear plant. It was a warning that computer viruses could cause very real damage. The worm was so sophisticated that it is thought to have required at least six months to create, and required the resources of a nation state.

Many defence commentators have pointed the finger at America and Israel. Security companies suspect that the cyber weapon is just one of a family of similar attacks – and that several have not been detected yet.

Stuxnet was designed to make centrifuges at the plant spin out of control, damaging them beyond repair - it was built to spread to relatively unsophisticated industrial computer systems, carried on USB sticks or infected laptops. Many plants are still controlled by similar networked equipment.

As concern has mounted over similar 'cyber weapons', the US military established its Cyber Command in 2009, and the UK invested £600 million (€744m) in cyber defence.