Visit Your Local PBS Station PBS Home PBS Home Programs A-Z TV Schedules Watch Video Donate Shop PBS Search PBS

the web site of The NewsHour with Jim Lehrer
Online NewsHourComputer Worms & Viruses: Combating the Cyber ScourgeNewsHour Science Reports
On The NewsHour: Additional Features:
Famous Worms and Viruses
Posted: December 1, 2003

Melissa
Melissa attacked computers in March 1999, infecting machines when users opened a Word document attachment. Though the effect the virus had on individuals' computers was minimal, users of Outlook Express unintentionally sent the virus on to the first 50 people who were in their Global Address Book. For companies, however, the virus had a larger impact. The virus was sent to users with the subject, "Important message from [name]." More than a million users were affected, the BBC reported. The virus also caused $80 million in damage, and was the first virus to travel through e-mail.

Illustration of virus chewing up computer filesDavid Smith, the author of the Melissa virus, was caught a week after Melissa first hit the Internet. Smith pleaded guilty to a state charge of computer theft and a federal charge of spreading a computer virus. He was sentenced to 10 years in a state prison in New Jersey, but because he helped the FBI thwart other virus attacks and helped lead to the arrest of other hackers, his sentence was reduced to 20 months. Smith's scheduled tentative release date is Dec. 10, according to his defense attorney, Edward Borden, Jr.

The state will place Smith on parole, in addition to his three years of federal supervised release and fulfillment of community service hours. The release also restricts Smith from accessing computers unless his probation officer grants him permission to do so.

Love Bug
The Love Bug worm, different from a virus because of its ability to travel independently through networks, flooded the Internet with e-mails in May 2000 with the subject, ILOVEYOU. The body of the deceptive e-mail read, "Kindly check the attached love letter coming from me." When opened, the e-mail wreaked havoc on computers, replicating it automatically, sending copies to everyone in the user's address book, and damaging computer files, such as MP3s.

First detected in Asia, Love Bug spread across the world, infecting U.S. government computers at Congress, the White House and the Pentagon. Officials estimated that the worm affected 80 percent of businesses in Australia, and a similar percentage in the United States.

Months after the Love Bug virus spread, prosecutors in the Philippines had to drop the charges they had filed against a 24-year-old former computer student because the Philippines did not have laws against cyber crimes. Though there were laws against breaking into telecommunication systems, which can carry a 20-year jail sentence, prosecutors said that law only covered fraud, not destruction, the BBC reported.

Onel de Guzman, who masterminded the worm, which caused billions of dollars in damages, was never charged. Since the release of the bug, the Philippines has adopted cyber laws, but Guzman cannot be charged retroactively for his crime.

Code Red
In mid-July 2001, two variants of the Code Red worm began spreading through the Internet. Code Red operated in three stages -- scanning, flooding and sleeping. During the scanning phase, the worm searched for vulnerable computers and ran damaging computer code on them. Next, in the flooding phase, the worm sent bogus data packets to the White House Web site. The White House, however, changed their Web site's IP address and was therefore able to avoid the attack. Experts believed the worm's final sleep mode could last indefinitely, and that even infected machines would not pose a threat to the Internet. The worm also replaced Web site text with the phrase "hacked by Chinese."

At its peak, the worm infected 2,000 machines every minute, and infected 359,000 machines and cost $1.2 billion, according to the BBC. The worm could have affected more computers, but because of a Code Red warning many people were able to protect their machines. Originally, 35 percent of the 3.5 million sites that use Microsoft IIS software were vulnerable, but that number dropped to 15 percent following the warning.

The worm sent copies of itself to the e-mail addresses in an infected computer, deleted files and directories, filled up space on the hard drive and sent out files to the Internet.

Code Red's author or authors have yet to be caught. It was first believed that the worm was part of an ongoing China-U.S. computing hacking war, but Chinese computer experts denied that allegation.

Bugbear
In October 2002, the Bugbear virus infected users running Windows via a security hole in Microsoft Outlook, Microsoft Outlook Express and Internet Explorer. The virus copied itself to the hard drive and on to other computers that shared a network. The virus copied the passwords and credit card number a user typed. Then, it could send a file with the personal information to several e-mail addresses. In its first week, 320,000 infected e-mails were sent.

The virus spread easily because when it sent e-mails of an infected computer's address book, the subject lines read, "just a reminder," "bad news," "interesting" and other subjects that seemed innocent.

In 2003, Bugbear reappeared, but in a far more damaging strain. In 24 hours the newer version, Bugbear.B, caused the same damage that it had taken the previous Bugbear three days to cause. Bugbear.B claimed its new victims quickly because a flaw in Microsoft Outlook meant the program automatically opened e-mail attachments.

The person or people responsible for the virus have not yet been caught.

Blaster
In August 2003, the Blaster worm, also known as Lovesan, wreaked havoc on Microsoft XP, Windows NT 4.0 and Windows Server 2003 users. The worm spread quickly, checking for vulnerable computers and then sending itself to those machines. The worm was intended to attack Microsoft's update Web site. Some users found that their computers were sluggish, but otherwise may have been unaware that they had been infected. On other machines that were infected, however, the computer was forced to reboot after several minutes, according to Microsoft's Web site.

When the worm found a vulnerable computer it attempted to retrieve the file "msblast.exe" When the file was retrieved, the computer began to scan other systems to attack them in a similar manner. Additionally, the worm was designed to launch a "denial-of-service" attack on Microsoft's update Web site, the Computer Emergency Response Team Coordination Center at Carnegie Mellon University reported. A denial-of-service attack prevents users access to a certain service. Microsoft thwarted the attack on the Web site, which the company had encouraged users to visit to download a patch to protect their computers before the worm hit, and afterward to repair it.

The worm affected about 500,000 computers, the Washington Post reported. In November, Microsoft announced it would offer $250,000 for the information leading to the arrest of Blaster's creator. The money would come from a $5 million fund, which was created to catch virus writers responsible for the attacks on Microsoft operating systems. Law enforcement officials have arrested three individuals thought to be responsible for variants of the Blaster worm, but the worm's original writer has not been caught.

-- By Sheryl Silverman, Online NewsHour
Main: The Science Reports
Main: Computer Worms
How Viruses & Worms Work
Famous Worms and Viruses
Avoiding Computer Worms
For Students and Teachers
Combating Computer Worms at School
 
Online Forum
 
Funded by: National Science Foundation
National Science Foundation
 Reports are produced solely by the NewsHour and
do not necessarily reflect the views of the NSF.

The PBS NewsHour is Funded in part by: The John S. and James L. Knight Foundation Additional Foundation and Corporate Sponsors
Program
Support
From:
Copyright © 1996- MacNeil/Lehrer Productions. All Rights Reserved.