The 10 best (or should that be worst?) malware attacks

Malware attacks have caused major damage over the years. Viruses, worms, Trojan horses and ransomware have the power to bring networks to their knees, wreaking havoc across business, government and personal computers.

Masked by internet anonymity, cybercriminals are evolving quickly, constantly unleashing new and improved malware that's a threat to our online safety. Paranoid? You probably should be. Christian Slater's exploits as The Wolf in HP Studios' security web series are just the tip of the iceberg - here are ten of the biggest and best (or is that worst?) real-life malware attacks.

Melissa (1999)

Melissa might seem quaint by today's sophisticated malware standards, but it's an early demonstration of just how destructive viruses can be. Posing as a Word file containing passwords to adult sites, it stoked curiosity and, when opened, executed a macro to resend the virus to the first 50 people in each user's address book.

A surge in email traffic hit governments and corporations, including Microsoft and Intel. All in all, Melissa was reportedly responsible for $1.1 billion in damages. Its creator, David L. Smith, was sentenced to ten years, but released after 20 months after aiding the FBI in their hunt for other virus creators.

SQL Slammer (2003)

The scary thing about SQL Slammer is how fast it spread. Exploiting a vulnerability in Microsoft's SQL Server and Desktop Engine database products, the DDoS (distributed denial-of-service) attack essentially crashed the internet within its first 15 minutes out in the wild. Consequently, it coined the term "Warhol worm" thanks to those precious moments of fame.

The damage lasted much longer, though. Bank of America's ATMs were rendered useless, while Continental Airlines were forced to cancel flights and take reservations on good old fashioned pen and paper. At the time, London-based marketing intelligence firm Mi2g reported that the worm caused between $950 million and $1.2 billion in damage.

Mydoom (2004)

Mydoom earned the title of fastest spreading malware in history when it first emerged in 2004, outpacing the ILOVEYOU and Anna Kournikova viruses. Using email subject lines like "Error" and "Mail Delivery System" to entice users to open, it pinballed across the web at speed, reportedly infecting 16-25% of all emails.

Infected users saw programs launch at random and network openings created allowing others access to their machines. Mydoom hit tech companies hard, with DDoS attacks affecting Google, Microsoft, AltaVista and Lycos. It's reportedly the most costly virus to date, causing $38.5 billion in damages.

Zeus (2007)

This Trojan horse was first detected in July 2007 when it was used to swipe data from the US Department of Transportation. Two years later it had compromised 74,000 FTP accounts from corporations and banks such as Amazon, Bank of America and Cisco. Using man-in-browser keystroke logging, the Zeus botnet (to date the largest on the internet) has been deployed to steal login details for social networks, bank and email accounts.

Estimates have claimed that more than 1 million computers were infected, and the Zeus cyber theft ring - with the central hub located in Eastern Europe - had stolen as much as $70 million. The alleged orchestrator of Zeus, Algerian hacker Hamza Bendelladj, was sentenced to 15 years in prison in 2016.

Operation Aurora (2009)

This targeted malware attack exploited a vulnerability in Internet Explorer to strike at the heart of major tech companies including Google, Adobe and Yahoo. It stemmed from China, dropping malware onto computers in a bid to steal corporate intellectual property.

Google revealed the attacks in an early 2010 blog post, before stating that unless they could launch an uncensored version of their search engine in China they'd close their offices in the country. The diplomatic incident was stirred further when then US secretary of state, Hillary Clinton, said that countries engaging in cyber attacks "should face consequences and international condemnation".

Stuxnet (2010)

A chilling look at the future of cyberwarfare. Stuxnet was deployed through a USB flash drive, infecting software controlling centrifuges at a nuclear facility in Iran. The attack caused chaos with the country's nuclear programme, and it's been heavily speculated (although never officially confirmed) that the Stuxnet virus was a politically-motivated joint project between the US and Israel.

Journalist Holger Stark described Stuxnet as the "first digital weapon of geopolitical importance", and the whole terrifying affair is the subject of Alex Gibney's gripping 2016 documentary Zero Days.

CryptoLocker (2013)

This particularly nasty ransomware spread rapidly through email attachments and encrypted users' files to prevent access. Infected computers presented a request for a decryption key in return for a $400 ransom fee. The 500,000 affected were told to pay up within 72 hours or see the key to unscrambling their files destroyed.

CryptoLocker's ringleader Evgeniy Bogachev was eventually taken down in June 2014 by Operation Tovar - a joint collaboration between law enforcement agencies from across the globe - but not before the ransomware raked in an estimated $3 million from its victims.

Sony Pictures hack (2014)

The Sony Picture hack wasn't the first major cyberattack to hit the corporation. Three years earlier the PlayStation Network saw 77 million users' personal details compromised, and the service being taken offline for 20 days.

Fast-forward to 2014 and hacker group Guardians of Peace brought down Sony's film division with malware that rendered computers inoperable for two hours, then rebooted them whilst wiping all their data. Although North Korea denied any involvement, one of GOP's main aims was to stop the release of The Interview, Sony's comedy about an American talk show duo hired to assassinate Kim Jong-un.

Mirai (2016)

Taking its name from the Japanese word for "the future", Mirai scanned the Internet of Things for vulnerable devices and struck them with malware that increased bandwidth use and reinfected after every reboot. The Mirai botnet executed multiple DDoS attacks in late 2016, hitting DNS service provider Dyn and causing inaccessibility to websites like Netflix, Twitter and Reddit.

What makes Mirai particularly dangerous is the fact that its source code has been published on hacker forums. Since the code made it out into the open, cybercriminals have been using it to adapt into other malware projects.

WannaCry (2017)

Dubbed the biggest malware attack in history, WannaCry infected 230,000 computers across 150 countries when it was unleashed in May 2017. How did they do it? Through a security vulnerability in older versions of Windows. The chief victim was the NHS, which saw 70,000 devices hit, including computers, MRI scanners and blood storage refrigerators.

As with CryptoLocker, the WannaCry ransomware encrypted files then demanded a fee to unlock them. With sensitive patient data at risk, panic naturally set in. However, British web security researcher, Marcus Hutchins, stumbled on a kill switch by registering a domain name found in the code. The Wolf-like hack fizzled out quickly, but not before more than $130,000 in ransom fees had been paid.

Find out how to keep your business safe from attackers like The Wolf...


ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.