[b]This Topic Only Gives Information [/b] [b]The CIH virus in 1998[/b] Estimated Damage: $20 to $80 million worldwide; countless amounts of PC data destroyed It was unleashed from Taiwan in June of 1998. What made CIH so dangerous was that it would overwrite data on the host PC's hard drive. It would no longer work. It would also overwrite the BIOS of the host, preventing boot-up. [b]Melissa in 1999[/b] Estimated Damage: $1 billion Melissa spread through Microsoft Word 97 and Word 2000. It cleverly used a mass e-mail process where it would access the first 50 entries from a user's address book in Outlook 97/98 (the e-mail program) when the document was opened. Melissa would randomly insert quotes from "The Simpsons" television show into documents on the host computer and it deleted critical Windows files. [b]ILOVEYOU in 2000[/b] Estimated Damage: $5.5 billion to $8.7 billion in damages; ten percent of all Internet-connected computers hit It took your contacts from your Outlook list. If you saw the e-mail message "I LOVE YOU" and opened it, it would copy and send out the message again and again. Recipients, who didn't know what was happening, would execute the document only to have most of their files overwritten. [b]Code Red in 2001[/b] Estimated Damage: Code Red and Code Red II are two worms with damages estimated at $2 billion; a rate of $200 million in damages per day Released on Friday the 13th in July of 2001, the worm took advantage of buffer overflow vulnerability in Microsoft IIS servers and would self-replicate by exploiting the same vulnerability in other Microsoft IIS machines. Buffer overflows occur when too much information is sent to a computer it can't handle, and it causes a shutdown. [b]SQL Slammer in 2003[/b] Estimated Damage: shut down South Korea's online capacity for 12 hours; affected 500,000 servers worldwide The virus affected servers, not PCs. As viruses go, it was very small: a 376-byte worm. It generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft's SQL Server Desktop Engine, that computer would begin firing the virus off to other random IP addresses. Slammer infected 75,000 computers in 10 minutes. It sent so much traffic that it overloaded network routers across the globe, which created higher demands on other routers, which shut them down, and the cascade was on. [b]MSBlast in 2003[/b] Estimated Damage: between $2 and $10 billion; hundreds of thousands of infected PCs Microsoft announced a Windows vulnerability in 2003. A short while later, that Windows vulnerability was exploited with a worm called MSBlast; it included a personal message from the author to Bill Gates. "Billy Gates why do you make this possible? Stop making money and fix your software!!" A Trivial File Transfer Protocol server was installed on the computer and downloaded code onto the infected host. Over 25 million hosts were still known to be infected six months later. [b] Sobig in 2003[/b] Estimated Damage: 500,000 computers worldwide; as much as $1 billion in lost productivity The worm entered a computer in the form of harmless e-mail attachment. The attachment was often a *.pif or *.scr file that would infect any host if downloaded and executed. Sobig-infected hosts would then activate their own SMTP host, gathering email addresses and constantly sending additional messages. It would flood the Internet with e-mails. [b]Sasser in 2004[/b] Estimated Damage: tens of millions of dollars; shut down the satellite communications for some French news agencies; several Delta airline flights were cancelled; shut down numerous companies' systems worldwide Sasser began spreading on April 30, 2004; it exploited a security flaw in non-updated Windows 2000 and Windows XP systems. When successfully replicated, the worm would scan for other unprotected systems and transmit itself to them. [b]MyDoom in 2004[/b] Estimated Damage: slowed global Internet performance by 10 percent and Web load times by up to 50 percent On Jan. 26, 2004, the MyDoom worm spread across the Internet via e-mail. The worm also transmitted itself as an attachment in what appeared to be an e-mail error message containing the text "Mail Transaction Failed." Clicking on the attachment spammed the worm to e-mail addresses found in address books. [b]Bagle in 2004[/b] Estimated Damage: tens of millions of dollars Bagle infected users' systems using an e-mail attachment but then scoured Windows files for e-mail addresses it could use to replicate itself. However, the real damage came when it opened a back door to a TCP port that can be used by remote users and applications to access any kinds of data on the infected system.