2. Sasser
Shaun Nichols: Just how much damage can a virus do? Well, take the Sasser worm as one example. This relatively simple little attack managed to cripple airlines, news agencies and even knocked out government systems.
Perhaps most frustrating, however, was that Sasser infection was very easy to prevent. The vulnerability which the attack exploited had been patched for months, and all users had to do was install the most recent security updates from Microsoft.
Sasser was a stark warning that has yet to be heard by many. Unpatched systems are still pervasive around the world, leaving users vulnerable to Sasser and countless other malware attacks that target patched vulnerabilities.
Iain Thomson: I remember the Sasser outbreak well, as I was on holiday and staying with friends in New York when it struck. Being the token geek I spent a good few hours fixing my friend’s computer and cursing the fool who wrote the worm that had me sitting in front of a computer screen when I could be sipping cocktails in Greenwich Village.
The worm caused havoc, not just shutting down a news agency’s systems but causing Delta to cancel some flights and leaving the British coastguard crippled for hours, putting lives at risk. If I’d been a seaman in peril I’d want serious words with the 17-year old author, Sven Jaschan. He was caught after Microsoft put a bounty on his head, something they should do more often.
Jaschan got away with a suspended sentence because he wrote the code before reaching the age of 18. He also caused a storm by accepting a job with a security company in his German homeland. This is not done in the security industry and caused the company, Securepoint, to be shunned by others in the field
1. I Love You
Shaun Nichols: They say you always hurt the ones you love. In 2000, this was taken to extremes when the ILoveYou attack racked up some $5.5bn in damages.
The concept was pretty simple: a user receives a file from a known email contact under the title ‘LoveLetter’ or ‘ILoveYou’. When the attachment is opened, the virus is launched. After infecting the host, the virus then took control of the user’s email program and sent the same ‘ILoveYou’ message to every user in the host’s address book.
Love must have been in the air, because the virus was potent enough to infect some 10 per cent of internet-connected machines at its peak. At a time when many users were still trying to learn the finer points of the internet, ILoveYou was a major wakeup call to some of the dangers on the web.
Iain Thomson: Everybody wants to be loved and ILoveYou was brilliant social engineering. It helped that the virus was spammed out in the early days of internet use and there were a lot of newbies online who had only a vague idea about viruses and how dangerous they could be.
Email was a trusted format and, because the messages came from people the recipient actually knew, the likelihood of them being opened was much higher.
Things are different today, although there are still plenty of people who get caught by social engineering attacks, but ILoveYou makes it so high in the list because it was a brilliant piece of social engineering.