Throwback Thursday - Old Malware Threats
Full blog at: MSP Blog
1. BonziBuddy (1999) - My Own Brush with Malware
OK so maybe he doesn't rank with the rest of the big malware names of the day, but who else remembers that purple gorilla from Hell named BonziBuddy? As I learned in my earlier years, this desktop agent was anything but a pal. Sure, he wormed his way into all our hearts with his charming juggling tricks and musical numbers like Bicycle Built for Two, but these were cheap ploys to gain our trust. Make no mistake, he was no Clippy. There was and will only ever be one Clippy, and he mysteriously vanished into thin air. All mourning for digital office supplies aside, BonziBuddy was originally advertised to Microsoft users as a sidekick available to help with Internet browsing. Instead, after his release into the wild in 1999, Bonzi Foe terrorized PCs, flinging poop (no, not actually though it's not hard to imagine when we have a poop emoji on our phones) and crashing programs.
Sadly, I learned this the hard way when I gave the McCoy family computer the swine flue of viruses after downloading the adware as a child. A step up from my collection of animal figurines, my friendship with Bonzi started out strong. He performed backflips for me, and I giggled and continued to click for more. Then one night, after he took everything he wanted, Bonzi turned on me and didn't even have the decency to return his friendship bracelet. All of a sudden, our computer kept freezing and required a major clean-up. Now widely recognized as malware of yesteryear, BonziBuddy taught a young Mary that all downloads have consequences. After that, I was much more discerning of online scams. The same can't always be said for your clients, can it? Teach them how to identify malware warning signs, detect foul play, and then help establish security policies and procedures that can be tested regularly!
Now that I've got that out of my system, let's continue our stroll down malware memory lane with these other more notable bugs...
2. ILOVEYOU (2000)
Suffice it to say users weren't feeling the love when they were hit with this computer worm, one of the first big email malware of its kind, back in 2000. Also commonly known as Love Letter, the email appeared to come from a secret admirer with its "ILOVEYOU" subject line. Like many phishing email schemes perpetuated today, the worm infected computers through a malicious email attachment. The file attached in the original version, LOVE-LETTER-FOR-YOU.TXT.vbs, masqueraded as a TXT file, but was actually script the hackers used to attack those who opened it. The vbs extension was not visible to email recipients because at the time, Windows hid all file extensions by default. Just like attackers do now, the masterminds behind the ILOVEYOU virus exploited a system vulnerability to gain access to computers. So what was the damage? In 10 Worst Computer Viruses of All Time, Jonathan Strickland cites McAfee, sharing the various ways the worm infected victims. A few examples include the virus copying itself and hiding in several folders on users' hard drives, downloading a password-stealing application and adding new files to victims' registry keys. All in all, Love Letter cost $10 billion in damages, and what's more? The two believed to be the original perpetrators of the bug - which originated in the Philippines - were never charged.
3. Code Red (2001)
This next virus was named after the Mountain Dew beverage the two eEye Digital Security employees were drinking when they discovered it fifteen years ago. Like the ILOVEYOU virus, Code Red hackers exploited an existing system weakness - this time within the OS - to carry out their attack. Targeting computers with Microsoft IIS web server installed, the computer worm took advantage of a buffer overflow problem in Windows 2000 and Windows NT. Essentially, once a machine reached its buffer capacity, it would start to overwrite adjacent memory. Once launched, the Code Red worm executed code from within the IIS server and was virtually undetectable on hard disks because it was able to run solely on memory. So how did it behave? Once a computer was compromised, Code Red attempted to make a hundred copies of itself. Due to a bug in programming, however, it actually infected many more devices, maxing out CPU loads and exhausting system resources. The worm even launched a distributed denial of service (DDoS) attack on the White House, attempting to crash its web servers by flooding them with simultaneous traffic requests from infected computers. According to HONGKIAT's 10 Most Destructive Computer Viruses, Code Red impacted one to two million IIS servers, alarming given that there were around six million at the time. It's not surprising then that the virus resulted in two billion dollars lost in productivity.
See the rest of the list
@GlennBarley I remember my friend had a BonziBuddy on his computer and I would get PUMPED whenever I went to his house to play on the computer. I guess he wasn't so pumped...
DustinB3403 last edited by
I remember people asking for BonziBuddy to be installed on their PC's at work...
@DustinB3403 Oof. That's not good. For the computers and the productivity!