attacked computers in March 1999, infecting machines when users
opened a Word document attachment. Though the effect the virus
had on individuals' computers was minimal, users of Outlook Express
unintentionally sent the virus on to the first 50 people who were
in their Global Address Book. For companies, however, the virus
had a larger impact. The virus was sent to users with the subject,
"Important message from [name]." More than a million
users were affected, the BBC reported. The virus also caused $80
million in damage, and was the first virus to travel through e-mail.
Smith, the author of the Melissa virus, was caught a week after
Melissa first hit the Internet. Smith pleaded guilty to a state
charge of computer theft and a federal charge of spreading a computer
virus. He was sentenced to 10 years in a state prison in New Jersey,
but because he helped the FBI thwart other virus attacks and helped
lead to the arrest of other hackers, his sentence was reduced
to 20 months. Smith's scheduled tentative release date is Dec.
10, according to his defense attorney, Edward Borden, Jr.
will place Smith on parole, in addition to his three years of
federal supervised release and fulfillment of community service
hours. The release also restricts Smith from accessing computers
unless his probation officer grants him permission to do so.
Love Bug worm, different from a virus because of its ability to
travel independently through networks, flooded the Internet with
e-mails in May 2000 with the subject, ILOVEYOU. The body of the
deceptive e-mail read, "Kindly check the attached love letter
coming from me." When opened, the e-mail wreaked havoc on
computers, replicating it automatically, sending copies to everyone
in the user's address book, and damaging computer files, such
in Asia, Love Bug spread across the world, infecting U.S. government
computers at Congress, the White House and the Pentagon. Officials
estimated that the worm affected 80 percent of businesses in Australia,
and a similar percentage in the United States.
the Love Bug virus spread, prosecutors in the Philippines had
to drop the charges they had filed against a 24-year-old former
computer student because the Philippines did not have laws against
cyber crimes. Though there were laws against breaking into telecommunication
systems, which can carry a 20-year jail sentence, prosecutors
said that law only covered fraud, not destruction, the BBC reported.
Onel de Guzman,
who masterminded the worm, which caused billions of dollars in
damages, was never charged. Since the release of the bug, the
Philippines has adopted cyber laws, but Guzman cannot be charged
retroactively for his crime.
mid-July 2001, two variants of the Code Red worm began spreading
through the Internet. Code Red operated in three stages -- scanning,
flooding and sleeping. During the scanning phase, the worm searched
for vulnerable computers and ran damaging computer code on them.
Next, in the flooding phase, the worm sent bogus data packets
to the White House Web site. The White House, however, changed
their Web site's IP address and was therefore able to avoid the
attack. Experts believed the worm's final sleep mode could last
indefinitely, and that even infected machines would not pose a
threat to the Internet. The worm also replaced Web site text with
the phrase "hacked by Chinese."
At its peak,
the worm infected 2,000 machines every minute, and infected 359,000
machines and cost $1.2 billion, according to the BBC. The worm
could have affected more computers, but because of a Code Red
warning many people were able to protect their machines. Originally,
35 percent of the 3.5 million sites that use Microsoft IIS software
were vulnerable, but that number dropped to 15 percent following
The worm sent
copies of itself to the e-mail addresses in an infected computer,
deleted files and directories, filled up space on the hard drive
and sent out files to the Internet.
author or authors have yet to be caught. It was first believed
that the worm was part of an ongoing China-U.S. computing hacking
war, but Chinese computer experts denied that allegation.
October 2002, the Bugbear virus infected users running Windows
via a security hole in Microsoft Outlook, Microsoft Outlook Express
and Internet Explorer. The virus copied itself to the hard drive
and on to other computers that shared a network. The virus copied
the passwords and credit card number a user typed. Then, it could
send a file with the personal information to several e-mail addresses.
In its first week, 320,000 infected e-mails were sent.
spread easily because when it sent e-mails of an infected computer's
address book, the subject lines read, "just a reminder,"
"bad news," "interesting" and other subjects
that seemed innocent.
In 2003, Bugbear
reappeared, but in a far more damaging strain. In 24 hours the
newer version, Bugbear.B, caused the same damage that it had taken
the previous Bugbear three days to cause. Bugbear.B claimed its
new victims quickly because a flaw in Microsoft Outlook meant
the program automatically opened e-mail attachments.
or people responsible for the virus have not yet been caught.
August 2003, the Blaster worm, also known as Lovesan, wreaked
havoc on Microsoft XP, Windows NT 4.0 and Windows Server 2003
users. The worm spread quickly, checking for vulnerable computers
and then sending itself to those machines. The worm was intended
to attack Microsoft's update Web site. Some users found that their
computers were sluggish, but otherwise may have been unaware that
they had been infected. On other machines that were infected,
however, the computer was forced to reboot after several minutes,
according to Microsoft's Web site.
When the worm
found a vulnerable computer it attempted to retrieve the file
"msblast.exe" When the file was retrieved, the computer
began to scan other systems to attack them in a similar manner.
Additionally, the worm was designed to launch a "denial-of-service"
attack on Microsoft's update Web site, the Computer Emergency
Response Team Coordination Center at Carnegie Mellon University
reported. A denial-of-service attack prevents users access to
a certain service. Microsoft thwarted the attack on the Web site,
which the company had encouraged users to visit to download a
patch to protect their computers before the worm hit, and afterward
to repair it.
The worm affected
about 500,000 computers, the Washington Post reported. In November,
Microsoft announced it would offer $250,000 for the information
leading to the arrest of Blaster's creator. The money would come
from a $5 million fund, which was created to catch virus writers
responsible for the attacks on Microsoft operating systems. Law
enforcement officials have arrested three individuals thought
to be responsible for variants of the Blaster worm, but the worm's
original writer has not been caught.
By Sheryl Silverman, Online NewsHour