Brought to you by the reinvented two thousand twelve Camray. It's ready. Are you get in touch with technology? With tech stuff from how stuff works dot com. Hi, welcome to the podcast. My name is Chris Poett. I'm an editor here and How Stuff Works and with me is writer Jonathan Strickland. My computer doesn't feel well. Have you taken its temperature? Uh? Actually this is not the one that overheated. This This is the new laptop. The old
one was the one that overheating. That was That was my lame attempt to lead into what we're talking about today. Oh you mean computer viruses. Yes, yes, we recently had an article on the feature on the site the ten worst computer viruses of All Time, and I thought that would be a clever way to lead in. Obviously, Um I was wrong. Well, you know, we had a difficult time choosing which because you know, there's so many really
are they really are? And the ones that that we picked were chosen for different reasons, and some of them were more destructive than others, but others broke new ground in virus world. Shenanigan's Yeah, yeah, they caused brand new headaches for everybody involved. Um, besides the person who wrote them, I suppose. Well, let let's give a little background here. Okay, So, um,
so computer viruses date back quite a ways. Uh. In fact, there's a scientist by the name of John Van Newman who theorized way back in ninety nine that it would be possible to create a program that could self replicate, which is generally what we talk about when we talk
about computer viruses. There are different kinds of computer viruses. Um. The the standard, uh, the original good old computer virus that was that would cause a lot of trouble would be the kind that would infect your computer and then overwrite data and and essentially turn your computer into a useless pile of junk. Right those were Boy, those were the good old days. Yeah. That was really irritating. It
meant that you'd lose everything. Even if you could, um, even if you could fix your computer, you there was a good chance you weren't going to be able to retrieve data that had been stored on that computer up to that point. Um. Those were nasty. But there are other kinds as well that are equally evil. Um. There are the computer worms, uh, and there are the trojan horses. And together these kind of make up everything we think
of when we say computer viruses. The virus is really sort of used as a blanket term um by the security public. I would say, you know, people talk about when you hear people talk about viruses, it may actually be a worm or a trojan that they're talking about. Worm is actually a program that can go by itself and replicate itself, rather than piggybacking on another program, which is what an actual virus is, right right, the old computer viruses usually it was well, I mean always it was.
It was some a little self replicating program that was part of a larger program. So for instance, um, you could corrupt a macro in Microsoft word in the old days and create a computer virus that way. But a worm, yes, as you say, is its own program, it's own applications. So as soon as you execute it, that's when it activates and and begins to to cause issues. Whereas the trojan that gives bad guys the opportunity to really mess with your computer, Yeah, it's a it's a program as
trojan horse you might expect from the name. Uh, it's a program that that looks like one thing that actually does something else. Entirely. Uh So somebody may say, hey, you know, you need to take a look at this file. It's the greatest video ever, and you double click on it, and all of a sudden you're going, hey, wait, this
isn't really a video file. But by that point, your computer may be infected with something nasty, right, And the really clever ones just make you think that whatever program you downloaded just didn't work correctly, and so you may not even be aware that your computer has been infected. You may just think that you've got a hold of a faulty file, and and that's that's the worst of it, when in reality, someone is using your computer either to
access information or or create a zombie computer army. We've talked about that before, or um any number of really evil, icky things that you don't want to happen to your computer. Right, So, I guess we can just dive on in and talk about some of the ones that made the list. I'm sure everyone's just chomping up a bit to find out. Well, the first one we were going to talk about today is as an actual virus. Melissa, Yes, Melissa Melissa, named
after an exotic dancer in Florida. Uh, poetry, really, isn't it? So what a nice sentiment. Yeah, this was created by a guy named David L. Smith. This is uh back in and uh yeah, it's an actual computer virus that spread um through email. And it was a it was a one of the ones we were talking about, like a piggybacking on the Microsoft word document. Yep, yep. This is the reason you get an alert when you open a document and word when it and it has a macro in it, and it goes, hey, are you sure
you want to do this because it has macro's. Well, now you know why. Melissa really brought our awareness up in terms of what a macro. You know what these add ons can do to a simple word document or you know, I guess office document or anything that uses macros. And uh, it didn't do that much damage really, It just it made the list mainly, as you say, because
it it really raised awareness. Before that point, computer viruses were usually spread by someone handing you a floppy disk that had a corrupted file on it and you ran it that way. Um. You know, that was the pre internet days, so it was all social engineering. It was all hey, I've got this great game on this U why don't you run it? And then you screw up your computer. So Melissa really took it to the next level,
you know, mass distribution. Don't take floppy discs from strangers. No, And and that kind of leads us to the social engineering is not is not just from the old days. I mean, it's still happening today. Uh. And the next one is a kind of a good example of that. That's the I Love you bug um, which would spread through email and you would get a message saying I love you, and I think most of us feel warm
and comforted when we hear those words. Uh, and so we you your natural inclination was to open up the email find out what this little ghili bob was, and you click on it, and that's when it activated. The bug. Yeah, it copied itself, It added files to your computer's registry, replaced other files on your computer with copies of itself, and then it started sending itself around to other people via email or our Internet relay chat. Yeah I r C. Yeah it's pretty bad. And then it downloaded and and
would execute a password stealing program. So if you started, you know, you have all your passwords stored on your computer for different different applications, all of a sudden, it's sending him back to the originator of the virus, right, and this one, the originator of the virus, is one of those kind of mysteries we think we know who did it, but it's kind of it's impossible to say for sure. Now, allegedly the man responsible was Onnell the
Guzman from the Philippines. But the thing was when when he was first being investigated, he was under age and so could not be tried as an adult, and uh, and it just kind of kind of faded away. And then when he became of age, he's sort of in a circumspect way kind of but not really admitted to being to be the perpetrator. So we're fairly certain that he's the man responsible, But you know, it could just
be a lot of talk. Well I'll tell you, if I had done created a virus that did ten billion dollars worth of damages over the Internet, I probably wouldn't be, you know, willing to raise my hand up and go, hey I did this right. No, maybe under a handle, yeah, but not not with your real name. So I guess we can move on to the next one. I've been talking about about moving on. Um. This was one that I heard a lot about when I worked in the computer security industry. UM. It's s QL slammer, also known
as sequel slammer. UM. And this, this was a fast moving virus. This is this was a classic. In fifteen minutes after it was detected, it had already infected nearly half of the Internet servers, which uh, in terms of you compare that to Melissa or I Love you. They were they spread and they spread pretty widely, but not like this. This was a big old eye opener for the industry. Caused about a billion dollars worth of damage. And it uh, it exploitedvulnerabilities within the system. It wasn't
necessarily a program designed. It wasn't like a self replicating program in the traditional sense. It was one that that exploited of vulnerability that the the virus programmer whom who knows who this this guy is, we don't know. Um uh. He discovered it and took advantage of it. And there there are people who do this for a living, who actually look for vulnerabilities that can be exploited. UM. Those
we usually call white hats. And then we've got the people who look for vulnerabilities in order to exploit them and actually take advantage of them, not to fix them. Those are the black hats, so good old cowboy imagery there um from the you know, the wild wild Internet. Yeah. Actually, in general, a virus or you know whatever malware if you will, um, it's going to take advantage of some
vulnerability in your system. Basically, when they when the developers right code, whether at your operating system or a program that runs on your operating system, there's a hole in there somewhere and somebody can go in a white hat or black hat or both. A lot of times they'll publish these vulnerabilities. They're they're picking apart the code and going, you know what, if I did this here at this
right time, I could gain control the entire computer. And that's uh, that's why you you know, look down and you see your even Mac computers or Windows computers both have these things, and they go, hey, there's a new software security update. You need to download this update your system. Well, that's that's why these these vulnerabilities come to light and then you end up patching your system. Well, I guess we can move on to the next one. The the
Sasser virus. Um. Yeah, the speaking of underage hackers. Um. The person that developed Sasser and net ski worms was a seventeen year old German who never actually spent any time in jail because he was under age. But Sasser, he apparently wrote both of these worms. But sassor would scan, would get on your computer and scan random addresses Internet addresses to find other vulnerable computers that it could download
and copy itself to. So it actively was seeking out other machines that it could could do that too, and would actually make it impossible for you to turn off your machine, right, so it didn't want you to stop it from doing its work. You had to unplug your computer if you wanted to uh to get it to cut it out. And this is a Microsoft Windows virus, we should say. It was specifically looking at Windows vulnerabilities.
So if you were using a different operating system, um you were, you were okay, uh from this particular kind of worm. UM. That's that's actually an interesting point we should make too. I guess we can make it right here. You hear a lot about viruses attacking PCs and not as many attacking max uh, and you might think, well, does that mean that the mac is is autumn etically a more secure machine. Well, that's that's not necessarily the case.
There's this concept called security through obscurity. UM. Part of that is if you if not that many people are using your system, then there's lesson than incentive to create an attack that targets that system. I mean, you're not going to hit as many people, So why spend that time and energy developing an attack when you could do it for a different system that's going to hit a
lot more people. Yeah, and part of the uh, I'm just guessing that part of the reason that hackers create these viruses in the first place is to gain the notoriety and you know, be the person that took down the Internet. So I mean, if you're only gonna take down you know, five million computers versus the entirety of the Internet, you know, why would you go after the
small batch? Why wouldn't you try to get as much damage as you're you know, you can possibly do if you have another ulterior motive, like let's say you've got a personal vendetta against a specific website and you want to create a zombie network to attack that website and bring it down. Obviously you want to try and go for whichever system has the widest audience because that will
make it more effective attack in the long run. Because a lot of these viruses, that's exactly what the end goal is is to to try and bring down specific entities. So we've seen this happened to websites like Yahoo and and CNN. Uh, it's it's not unusual, which kind of brings us up to the uh. The last one we're gonna talk about right now, the the the infamous storm worm. Yeah. This Uh. Jonathan is saying that this is my my pet worm, if you will. But I think it's because
it's interesting to me. Um. It's it's not really called the storm worm. There's actually another pretty mild worm called the storm worm, but it's it's known as its real name, if you will. These are named by the security firms, so um. One of them calls it pea Calm, another calls it new War. Uh. But basically it's called the storm warm because it propagates through email primarily. UM, it's a trojan. So you think you were downloading the newest
video or some other kind of file. And actually one of the original subject lines was, you know, a huge storm kills millions in China, and so it was the idea was to try and trick you into clicking on a on a specific thing within the email um by masking it as a news story. Yeah, that's that's your social engineering at work again. They're trying to convince you that this is a very topical moment. Uh. There were some that went out a few months ago about the Olympics.
You know, they were news headlines, and they're trying to get you to do this, or they'll they'll use uh, you know, particularly um inflammatory comments, so things like political statements like Obama punches Clinton. See the video now and you go, oh my gosh, really did that really happen? And you go click on it. Then you've downloaded the trojan. But the really weird thing about this one is this trojan can actually carry different payloads. It could turn your
computer into a zombie. Uh, it could actually set use your computer to send spam to create a denial of service attack, and it has been known to carry spam denial of service attack payloads that attack specific sources. So you know, if there's somebody that speaks out against this storm warm and tries to draw attention to it it has been I read an article several months ago about this, how it has been known to go after those sites to try to to shut them up, which is pretty sophisticated,
very insidious. Yeah right, well, that's that's gonna wrap up our discussion about the computer viruses for today. But but the article does mention others um the code read viruses, the klass virus, nimda uh leap a or up as mac mac mac virus, and my doom is also on there. So certainly go over to how stuff works and check out the ten worst computer viruses of all time. You'll definitely learn something that's live right now on how stuff
works dot com. We'll talk to you again soon. For more on this and thousands of other topics, visit how stuff works dot com. Let us know what you think. Send an email to podcast at how stuff works dot com. Brought to you by the reinvented two thousand twelve camera. It's ready, are you