Placeholder Image

Subtitles section Play video

  • This episode of SciShow might make you a little paranoid about computer viruses and internet

  • security. But that’s probably a good thing.

  • When we talk about a computer virus, we usually mean any kind of code that’s designed to

  • do harm and spread itself to more computers.

  • Theyre created by malicious programmers who might want to use your computer to attack

  • other targets, or make money by stealing your personal information. They could also just

  • be trying to see how far their virus will spread.

  • Different viruses can affect Windows, Mac, and Linux computers, and even the data servers

  • that keep companies, and the internet itself, running.

  • Antivirus programs help, but they can have trouble dealing with threats theyve never

  • seen before.

  • Over the years, there have been thousands and thousands of viruses spread online, and

  • theyve caused billions of dollars of damage from lost productivity, wasted resources,

  • and broken machines.

  • A few dozen of those viruses stand out, some spread especially quickly, or affected a lot

  • of people, or created a ton of damage all by themselves. Some did all of the above.

  • Since a lot of viruses were very bad, in a lot of different ways, it’s hard to pick out

  • which ones were objectively the worst.

  • But with that in mind, here are 5 of those extra-destructive viruses. These are snippets

  • of code that changed the way people thought about computer security, both the people designing

  • the viruses, and the people trying to protect against them.

  • Say it’s May 1999.

  • Youre an unsuspecting computer user who’s never gotten a virus, let alone been trained

  • to look for the signs that an email might be malicious.

  • You get an email from someone you know, with a subject line that says it’s an important

  • message.

  • The message inside just saysHere's that document you asked for ... don't show anyone

  • else,” with a winking emoticon.

  • The attachment is a word document labeledLIST.”

  • So you click on it, because youre curiousand a list of porn sites pops up.

  • At this point, you realize the email was probably some kind of virus. But it’s

  • too late, the first 50 people in your address book have already gotten a copy of the exact

  • same email, with a subject line saying that the message is from you.

  • That was the Melissa virus.

  • It spread through Microsoft’s Outlook email program, and even though the attachment seemed

  • like an innocent Word document, it was able to infect computers because of something called

  • a macro.

  • A macro is a specific kind of computer program that’s used to create shortcuts.

  • In Word, theyre meant to make it easier to edit a document. Instead of manually making

  • a set of changes to the document one by one, a macro is a piece of code that will let you do

  • it all with one click.

  • The problem is, that functionality gives macros a lot of power over your computer. So a macro

  • that’s actually a virus, like Melissa, takes advantage of that power using malicious code.

  • In just a few days, Melissa spread to hundreds of thousands of computers. It didn’t do

  • any damage to the computers themselves, but it did make email services slow WAY down,

  • and cost companies about $80 million overall.

  • Eventually, IT professionals and antivirus programs put safeguards in place to stop the

  • virus, both by preventing the emails from sending, and by keeping them from reaching

  • other people’s inboxes if they DID send.

  • The programmer behind the virus, David L. Smith, was caught about a week after Melissa

  • was first released. He spent 20 months in prison and paid a $5000 fine.

  • Why Melissa? Apparently that was the name of a stripper he met in Florida.

  • Melissa spread very quickly because of social engineering: it was designed to make people

  • curious enough to open the attachment.

  • The ILOVEYOU virus, which spread about a year later, in May of 2000, was also successful

  • because of social engineering. It reached around 45 million computers in just two days,

  • and caused about $10 billion dollars in damage.

  • The infected email had the subject lineILOVEYOU”, and came with an attachment titledlove

  • letter for you.txt”.

  • When you clicked on the attachment, the virus would go through your system’s files, looking

  • for media like documents, images, and audio files.

  • Then it would overwrite them with copies of itself, so if you didn’t have your files

  • backed up, you’d lose all your data.

  • Meanwhile, the virus would send itself to everyone in your address book.

  • ILOVEYOU was a type of virus called a worm, which means that it was a standalone program

  • that didn’t use a host program to run, the way Melissa used Microsoft Word.

  • It looked like a text document, so opening it seemed relatively harmless, but thelove

  • letter for youfile was actually a type of file called a visual basic script, which

  • uses the file extension .vbs.

  • Users couldn’t see the vbs at the end of the filename, though, because the Windows

  • operating system they were using was hiding file extensions by default.

  • Visual basic scripts send your computer a list of instructions to execute. So if theyre

  • meant to cause harm, they can be very dangerous, and do things like delete all of your files.

  • Like Melissa, the ILOVEYOU worm was mostly contained after a few days. It was filtered

  • out of people’s inboxes and companies released fixes for machines that had been infected.

  • But plenty of damage had already been done.

  • The virus was attributed to two programmers in the Philippines. But even though they were

  • both arrested, they were released because at the time, there weren’t any laws against

  • what they’d done.

  • ILOVEYOU showed just how easily, and quickly, a worm could spread, and how much damage it

  • could do.

  • On January 25, 2003, just before 6 AM, the internet broke.

  • South Korea lost both internet and cell phone service. 300,000 people in Portugal couldn’t

  • connect to the internet. Airlines couldn’t process tickets and had to cancel flights.

  • Bank ATMs went down. 911 in Seattle had to start using paper to log calls.

  • Even for a lot of devices that were still connected to the internet, the connections

  • had become suddenly very slow, even by 2003 standards.

  • So what happened?

  • As you can probably guess by now, all of this chaos was caused by a virus. But it wasn’t

  • the kind of virus that spreads through email, or infects the sort of computer most people

  • have at home.

  • Slammer was a worm that targeted SQL servers, which store databases using a piece of Microsoft

  • software calledMicrosoft SQL Server.

  • It worked by taking advantage of a bug in the software: it sent the server a specially-formatted

  • piece of code, one that looked like it was just an ordinary request for information,

  • but actually reprogrammed the server to send out more copies of the same worm.

  • The worm spread faster than any other virus ever had, infecting 75,000 servers in just

  • 10 minutes.

  • Those servers were all sending requests to thousands of other servers, which couldn’t

  • handle all the traffic.

  • In all, millions of servers were affected, and the internet went kaput for a while.

  • Slammer is thought to have caused about $1.2 billion in damage before it was stopped, and

  • the programmer behind it was never caught.

  • The whole mess could have been prevented, though, six months earlier, Microsoft released

  • a fix for the bug that Slammer exploited, but lots of people just hadn’t installed it yet.

  • The 2007 Storm Worm was another worm that spread through email. But its purpose wasn’t

  • to destroy your computer or information, it wanted to take over your computer instead.

  • The original subject line read “230 dead as storm batters europe,” which is where

  • the virus gets its name.

  • But instead of an attachment, the email contained a link to a website, which promptly downloaded

  • the virus onto the user’s machine.

  • And thennothing happened. Or at least, nothing the user could see.

  • Storm Worm was designed to be as invisible as possible, so that you wouldn’t detect

  • and destroy it. This way, it was able to use your computer to do all kinds of stuff in

  • the background.

  • The virus would connect your machine to what’s known as a bot-net, a collection of computers

  • that form a network.

  • A bot-net can do all kinds of things, from launching coordinated attacks that slow down

  • or disable the web servers that keep a company going, to stealing passwords, banking, and

  • identity information.

  • But at first, the network didn’t actually do very much, it just grew.

  • Antivirus and IT companies knew it was there, but it was hard to stop it.

  • For one thing, different machines in the network had different jobs. Only a small fraction

  • of infected computers were in charge of spreading the virus.

  • Another small set of computers served as the command-and-control centers, which sent out

  • instructions and helped control the rest of the bot-net. The rest just followed those

  • instructions.

  • So even if you shut down most of the computers spreading the virus, the network would still

  • be out there, doing its thing.

  • But it was hard to stop Storm Worm from spreading in the first place. Sure, it started out as

  • an email about a storm in Europe, but soon there were emails with all kinds of different

  • headlines.

  • And since they were coming from someone in your address book, they seemed relatively

  • innocent.

  • To make matters worse, antivirus programs had trouble finding the virus on an infected

  • machine. The code for Storm Worm was designed to change every half hour, so it always looked

  • different.

  • At its peak, the Storm Worm bot-net consisted of about 1.5 million machines.

  • The programmers didn’t seem to be using it for anything nefarious, though,

  • they just sold the network to other criminals and scammers.

  • After a while, companies did figure out how to stop the virus from spreading. They removed

  • it from infected machines, and by late 2008, the bot-net was mostly gone.

  • But, like with Slammer, the people behind it were never caught.

  • Mebroot is also a virus that slowly started to spread in 2007. And its main goal was also

  • to hook you up to a bot-net, called Torpig.

  • Both are especially sophisticated.

  • Mebroot usually gets into your computer via a drive-by download, where you visit a malicious

  • web page and the program downloads in the background without you even knowing it.

  • From there, it overwrites what’s known as the Master Boot Record, the part of your computer’s

  • hard drive that stores the instructions that tell your computer how to start up.

  • Being able to control the Master Boot Record gives mebroot a lot of power, because it can

  • tell your computer what to do right from the start.

  • And what it tells your computer, is to connect to the Torpig bot-netwhich then steals

  • all of your information.

  • Torpig uses a spying technique known as Man-in-the-Browser, which is as creepy as it sounds.

  • It lurks in your browser, logging everything you do and any private information

  • you happen to enter.

  • Itll also try to actively steal information, using fake websites that look and behave exactly

  • like the originals, but send the data to the Torpig servers instead.

  • And all the while, you’d never know it was there.

  • By late 2008, Torpig had stolen info connected to 500,000 bank accounts, and again, the people

  • who created it haven’t been caught.