Malware is big business. In 2006 alone, it resulted in an estimated $13.3 billion in direct damage , including labor costs to roll back its effects, loss of worker productivity, and loss of revenue from system degradation and outage.
These expenses are nothing new to system administrators, who have been dealing with the costs and complexities of malicious code for decades. Here are some of the worst virus attacks of the past, showing that in the malware world, great offense will always beat great defense — at least until someone creates a patch.
One of the first-ever Internet worms, Morris was created by Cornell University student Robert T. Morris, who claimed its purpose was to gauge the size of the Internet. Instead, since it used existing flaws in Unix sendmail and infected a given computer multiple times, it crippled roughly 6,000 computers (the Internet had an estimated 60,000). Although Morris caused between $10 million and $100 million in damage , he wound up with just three years' probation and a $10,050 fine — along with a sweet teaching gig at MIT .
Allegedly named for a Florida lap dancer whom David L. Smith, its creator, fancied, Melissa forced major companies such as Microsoft , Intel Corp. and Alcatel-Lucent to shut down their email gateways due to the large volume of traffic the virus generated. Smith faced 40 years in prison and enormous fines, which he magically reduced to 20 months and $5,000 by spending a few years undercover helping the FBI catch other malware authors.
Starting on May 4 in the Philippines, this worm spread worldwide in a single day by using infected computers' email address lists to send large numbers of messages directed at new targets. It is thought to have caused $5.5 billion in damage, mostly in lost staff time, as corporate and government email systems had to be shut down to eradicate the virus.
Code Red, 2001
It began on July 13. Code Red infected computers running the Microsoft IIS Web server, exploiting a buffer overflow and defacing Web sites with the text, "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!" A fix had been available for this vulnerability for about a month, limiting its damage — kind of — to just $2.6 billion , but Code Red still managed to cause a "major disruption in connectivity ," according to the Internet Storm Center . ("Hacked by Chinese" evolved into a fairly common IT-world putdown , although never as popular as "All your base are belong to us. ")
Nimda ("admin" spelled backwards) took just 22 minutes to spread as far and wide as Code Red. Nimda's secret was using several different propagation vectors: It created masses of emails to transmit itself, lured users to infected Web sites, and took advantage of lingering problems with Microsoft IIS security and previously installed Code Red or Sadmind worms. Nimda cost an estimated $635 million in damage .
SQL Slammer, 2003
On January 25, this worm began using a buffer-overflow bug in Microsoft SQL Server and MSDE (Microsoft Desktop Engine) database products. It rapidly distributed copies of itself around the world, causing major denials of service and slowing down the entire Internet. An estimated 150,000 to 200,000 systems were affected. As with Code Red, a patch for the SQL Server flaw had been available for months.
MS Blaster, 2003
Beginning on August 11, Blaster spread via various Windows operating systems and targeted Microsoft's windowsupdate.com site with DoS (denial-of-service) attacks. It caused widespread trouble and multiple restarts in machines running Windows NT, Windows XP (64-bit) and Windows 2003, although a patch for this vulnerability was already available. Victims included the Federal Reserve Bank of Atlanta, BMW AG, Philadelphia's City Hall, and thousands of home and corporate users. Although its ultimate origin is thought to be Chinese, the Blaster.B variant was created by then-18-year-old Jeffrey Lee Parson, who was caught because he programmed it to contact a domain registered to his father.
This email-transmitted virus, first identified on January 26, quickly spread by appearing to be an error message with an attachment that, when opened, emailed copies of the virus to addresses in the victim's address book, and also propagated itself through the Kazaa file-sharing service. Oddly, it avoided infecting computers at certain universities (University of California, Berkeley; Massachusetts Institute of Technology; Rutgers University and Stanford University) and corporations (Microsoft and Symantec Corp .), but then launched a distributed DoS attack against Microsoft and The SCO Group Inc. from about 1 million infected machines. Later versions attacked the Google, AltaVista and Lycos Inc. search engines.
On April 30, Sasser spread among Windows XP and Windows 2000 machines by exploiting a buffer overflow in these operating systems. It had unusually direct physical-world consequences, resulting in Delta Air Lines Inc. canceling 40 trans-Atlantic flights and forcing Australian trains to halt because operators could not communicate with signalmen. Despite this, Sasser's then-teenage German creator was tried as a juvenile and drew a mere 21-month suspended sentence for releasing Sasser into the wild.
Detected on March 19, Witty was the first worm to specifically attack network-protection software, in this case IBM Internet Security Systems' products (BlackICE, RealSecure Desktop, RealSecure Network and RealSecure Server Sensor). It also carried a specifically destructive payload, alternating attacks on random IP addresses in batches of 20,000 with overwriting parts of infected computers' hard disks, gradually rendering them unusable. Witty's overall effects were relatively small because of its vendor-specificity; however, it demonstrated that a worm could affect a population of machines and networks whose administrators were actively taking steps to improve security.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more