I’m not going to preach about the benefits of anti-virus software. If you want to stay safe, you can do it all by yourself. Don’t click on random links, use common sense when surfing the net, try to wash your cookies from time to time, flush your DNS. Just stay away from computer viruses and don’t pray for herd immunity. Your network doesn’t work like that.
Protecting your computer is no easy task. Usually, OS manufacturers try to defend their users the best they can from malicious attacks. You get some sort of defense against computer viruses, trojans, crypto lockers, and other threats right out of the box.
The bad news is that malicious code will be created as soon as new defenses are devised. The good news is that stuff moves so fast, that sometimes they don’t get to infect your machine. Sometimes a new virus pops up in the morning, just to be another footnote in an update of an antiviral program around noon.
Companies learned to protect themselves and their products from cyber-attacks, they adapted and they are constantly striving to never have another SONY incident, although, we all know it’s inevitable.
Most of the times we forget our passwords or what we did in the first place. Sometimes we can’t remember the encryption key, other times we lock ourselves out of the device because we set the antivirus to some insane level of protection and now it has a mind of its own.
Just remember, if you get infected, it is 99% your fault. Malicious programs usually cast a very wide net in the hopes of catching unsuspecting users. Sometimes the code is so complex that full functions of a web-based service are cut out until the problem is resolved. There are also the cases where the system is shut down to fix or remake it from the ground up. The Sony Playstation Hack comes to mind, or the recent Logan Youtube Chanel-Wanna Be Friends that Google is experiencing.
Nothing is sacred ground, and there is a way to hack or attack any system. On that basis, here are some of the worst computer viruses in the last 10 years.
Stuxnet is the first cyberattack to cause physical damage in the real world and impact international relationships. This digital worm could be found in the data banks of Power Plants, Traffic Control Systems and factories, and targeted the machines used to run these sites.
Stuxnet was the most advanced code at that time. It could turn on turbines in power plants, or influence the machines that turned uranium into fuel or switch off oil pipelines. All while reporting back to the sysadmin that everything is right in the real world.
All it took to mess with the Iranian Nuclear Program was some stolen permission from one of the most reputable companies in the World: Realtek.
Using Realtek’s security clearance, the worm embedded itself into the Iranian Nuclear Program and, from there on it spread to the Internet, infecting more than 100 countries.
Exploiting the security clearance and more than 20 Zero-Day Vulnerabilities, Stuxnet dug deep into the system but never got activated for normal users. His target was the centrifuges that spin nuclear material at Iran’s enrichment facilities.
Stuxnet was the basis of a huge array of other cyber worms, some of them aimed to destroy oil pipelines, others to crash power grids, or switch railways. All of these were a direct result of the appearance of the worm in cyberspace.
It is widely speculated that the USA or Israel were the creator of Stuxnet, and, given that the worm affected Iran’s power grid and nuclear development, it’s a possibility. Stuxnet almost started a war; but with no proof, no side was ready to use nuclear deterrent or start a full-scale war.
Also known as W32.DistTrack, it was targeting the 32-bit NT kernel versions of Windows, new at the time, and laid waste to any infected system. Shamoon was a particular inconvenience because of its ability to infect other machines in the network.
The moment the system was compromised, the virus proceeded to assemble a list of files from precise locations on the system, upload them to the attacker, and erase them.
After that, it overwrote the master boot record of the infected computer, making it unusable. Fun, huh…?!
Although Shamoon infected many users, it actually targeted several points of interest in the Middle East. This was digital warfare against oil companies from Saudi Arabia and Qatar, particularly the Saudi Aramco and RasGas.
We even had a villain, a group called “Cutting Sword of Justice” that claimed responsibility for an attack on 35,000 Saudi Aramco workstations and other systems at RasGas.
On August 15, the virus began its assault and Saudi Aramco announced the attack on its Facebook page. The rest is history. A Middle Eastern journalist leaked photographs taken on September 2, 2012, showing kilometers of petrol trucks unable to be loaded due to backed business systems still inoperable.
The ransomware malware, also known as the CryptoLocker, is one of the nastiest ways to compromise your system and data. This little bugger encrypts your data and asks for ransom in return for a key to decrypt the lost info.
Using URLs from Mailing lists or existing botnets, a CryptoLocker can infect thousands of systems in no time, and the worst part is that the malware can delete itself, leaving all the files encrypted in its wake.
CryptoLocker is smart in what it targets, being Office Files, Pictures, work-related files for AutoCAD, Photoshop, or Premiere. In essence, anything that you might save and consider valuable.
The BBC published an article which states that victims can get their files unlocked for free, with the help of the FBI, Interpol, and the IT company Fox-IT.
As of the publishing of this article, the website that offered the service is offline. But free services are available online for decrypting your data, provided you want to share it with the one that decrypts it.
Reign was a very clever way of spreading a Peeping Tom onto your computer using fake websites. The malware circulates via infected flash drive and fake web pages and, at its core, a Trojan Horse can be found.
As soon as it is in your system, Reign starts downloading other malicious programs that monitor your PC and send a comprehensive report to the root of the infection. In this case, the attacker, the NSA.
It is a mass monitoring Trojan and a good one at what it does. It took a while for antivirus programs to detect its presence, in the meantime, thousands of accounts were compromised.
The malware, also known as Prax or QWERTY, proved to be a toolkit used by the NSA and its British counterpart, GCHQ, to gather data and send back any relevant info considered problematic by the agencies, using a flagging system.
Amongst computers affected by Reign, 28% were in Russia, 24% in Saudi Arabia, 9% in Mexico and Ireland, and 5% in India, Afghanistan, Iran, Belgium, Austria, and Pakistan.
All the information derives from secret documents obtained by former NSA worker Edward Snowden.
Tiny Banker Trojan (2016)
Tiny Banker Trojan (TBT) was a real problem for infected systems with this malware. It was found to have infected more than two dozen major banking institutions in the United States, and at its core, is based on a modified and scaled-down version of another virus known as Banker Trojans.
TBT infects the system and the browser using various methods, proceeds to archive the data that is sent between you and the banking site, and after you login into the website, it generates a fraudulent pop-up requesting for the login credentials using the original logo and the name of the real site.
To note, TBT was listed as one of the Top 10 Most Wanted Malware in 2016 by Check Point Software Technologie and it’s estimated that it infected almost 60,000 systems only in Turkey.
The source code for Tiny Banker was released on a website, and following the incident, new iterations of the malware have continued to appear. In 2016, it was one of the most destructive malware to ever hit the banking world, and it had an impact on how we do our online banking since then.
If you’ve been hit by any of these viruses, tell us your story in the comments below.