This episode of SciShow might make you a little
paranoid about computer viruses and internet security. But that’s probably a good thing. When we talk about a computer virus, we usually
mean any kind of code that’s designed to do harm and spread itself to more computers. They’re created by malicious programmers
who might want to use your computer to attack other targets, or make money by stealing your
personal information. They could also just be trying to see how far their virus will
spread. Different viruses can affect Windows, Mac,
and Linux computers, and even the data servers that keep companies, and the internet itself,
running. Antivirus programs help, but they can have
trouble dealing with threats they’ve never seen before. Over the years, there have been thousands
and thousands of viruses spread online, and they’ve caused billions of dollars of damage
from lost productivity, wasted resources, and broken machines. A few dozen of those viruses stand out, some
spread especially quickly, or affected a lot of people, or created a ton of damage all
by themselves. Some did all of the above. Since a lot of viruses were very bad,
in a lot of different ways, it’s hard to pick out which ones were objectively the worst. But with that in mind, here are 5 of those
extra-destructive viruses. These are snippets of code that changed the way people thought
about computer security, both the people designing the viruses, and the people trying to protect
against them. Say it’s May 1999. You’re an unsuspecting computer user who’s
never gotten a virus, let alone been trained to look for the signs that an email might
be malicious. You get an email from someone you know, with
a subject line that says it’s an important message. The message inside just says “Here's that
document you asked for ... don't show anyone else,” with a winking emoticon. The attachment is a word document labeled
“LIST.” So you click on it, because you’re curious
… and a list of porn sites pops up. At this point, you realize the email
was probably some kind of virus. But it’s too late, the first 50 people in your address
book have already gotten a copy of the exact same email, with a subject line saying that
the message is from you. That was the Melissa virus. It spread through Microsoft’s Outlook email
program, and even though the attachment seemed like an innocent Word document, it was able
to infect computers because of something called a macro. A macro is a specific kind of computer program
that’s used to create shortcuts. In Word, they’re meant to make it easier
to edit a document. Instead of manually making a set of changes to the document one by one,
a macro is a piece of code that will let you do it all with one click. The problem is, that functionality gives macros
a lot of power over your computer. So a macro that’s actually a virus, like Melissa, takes
advantage of that power using malicious code. In just a few days, Melissa spread to hundreds
of thousands of computers. It didn’t do any damage to the computers themselves, but
it did make email services slow WAY down, and cost companies about $80 million overall. Eventually, IT professionals and antivirus
programs put safeguards in place to stop the virus, both by preventing the emails from
sending, and by keeping them from reaching other people’s inboxes if they DID send. The programmer behind the virus, David L.
Smith, was caught about a week after Melissa was first released. He spent 20 months in
prison and paid a $5000 fine. Why Melissa? Apparently that was the name
of a stripper he met in Florida. Melissa spread very quickly because of social
engineering: it was designed to make people curious enough to open the attachment. The ILOVEYOU virus, which spread about a year
later, in May of 2000, was also successful because of social engineering. It reached
around 45 million computers in just two days, and caused about $10 billion dollars in damage. The infected email had the subject line “ILOVEYOU”,
and came with an attachment titled “love letter for you.txt”. When you clicked on the attachment, the virus
would go through your system’s files, looking for media like documents, images, and audio
files. Then it would overwrite them with copies of
itself, so if you didn’t have your files backed up, you’d lose all your data. Meanwhile, the virus would send itself to
everyone in your address book. ILOVEYOU was a type of virus called a worm,
which means that it was a standalone program that didn’t use a host program to run, the
way Melissa used Microsoft Word. It looked like a text document, so opening
it seemed relatively harmless, but the “love letter for you” file was actually a type
of file called a visual basic script, which uses the file extension .vbs. Users couldn’t see the vbs at the end of
the filename, though, because the Windows operating system they were using was hiding
file extensions by default. Visual basic scripts send your computer a
list of instructions to execute. So if they’re meant to cause harm, they can be very dangerous,
and do things like delete all of your files. Like Melissa, the ILOVEYOU worm was mostly
contained after a few days. It was filtered out of people’s inboxes and companies released
fixes for machines that had been infected. But plenty of damage had already been done. The virus was attributed to two programmers
in the Philippines. But even though they were both arrested, they were released because
at the time, there weren’t any laws against what they’d done. ILOVEYOU showed just how easily, and quickly,
a worm could spread, and how much damage it could do. On January 25, 2003, just before 6 AM, the internet broke. South Korea lost both internet and cell phone
service. 300,000 people in Portugal couldn’t connect to the internet. Airlines couldn’t
process tickets and had to cancel flights. Bank ATMs went down. 911 in Seattle had to
start using paper to log calls. Even for a lot of devices that were still
connected to the internet, the connections had become suddenly very slow, even
by 2003 standards. So what happened? As you can probably guess by now, all of this chaos was caused by a virus. But it wasn’t the kind of virus that spreads through email,
or infects the sort of computer most people have at home. Slammer was a worm that targeted SQL servers,
which store databases using a piece of Microsoft software called … Microsoft SQL Server. It worked by taking advantage of a bug in
the software: it sent the server a specially-formatted piece of code, one that looked like it was
just an ordinary request for information, but actually reprogrammed the server to send
out more copies of the same worm. The worm spread faster than any other virus
ever had, infecting 75,000 servers in just 10 minutes. Those servers were all sending requests to
thousands of other servers, which couldn’t handle all the traffic. In all, millions of servers were affected,
and the internet went kaput for a while. Slammer is thought to have caused about $1.2
billion in damage before it was stopped, and the programmer behind it was never caught. The whole mess could have been prevented,
though, six months earlier, Microsoft released a fix for the bug that Slammer exploited,
but lots of people just hadn’t installed it yet. The 2007 Storm Worm was another worm that
spread through email. But its purpose wasn’t to destroy your computer or information, it
wanted to take over your computer instead. The original subject line read “230 dead
as storm batters europe,” which is where the virus gets its name. But instead of an attachment, the email contained
a link to a website, which promptly downloaded the virus onto the user’s machine. And then … nothing happened. Or at least,
nothing the user could see. Storm Worm was designed to be as invisible
as possible, so that you wouldn’t detect and destroy it. This way, it was able to use
your computer to do all kinds of stuff in the background. The virus would connect your machine to what’s
known as a bot-net, a collection of computers that form a network. A bot-net can do all kinds of things, from
launching coordinated attacks that slow down or disable the web servers that keep a company
going, to stealing passwords, banking, and identity information. But at first, the network didn’t actually
do very much, it just grew. Antivirus and IT companies knew it was there,
but it was hard to stop it. For one thing, different machines in the network
had different jobs. Only a small fraction of infected computers were in charge of spreading
the virus. Another small set of computers served as the
command-and-control centers, which sent out instructions and helped control the rest of
the bot-net. The rest just followed those instructions. So even if you shut down most of the computers
spreading the virus, the network would still be out there, doing its thing. But it was hard to stop Storm Worm from spreading
in the first place. Sure, it started out as an email about a storm in Europe, but soon
there were emails with all kinds of different headlines. And since they were coming from someone in
your address book, they seemed relatively innocent. To make matters worse, antivirus programs
had trouble finding the virus on an infected machine. The code for Storm Worm was designed
to change every half hour, so it always looked different. At its peak, the Storm Worm bot-net consisted
of about 1.5 million machines. The programmers didn’t seem to be using
it for anything nefarious, though, they just sold the network to other criminals
and scammers. After a while, companies did figure out how
to stop the virus from spreading. They removed it from infected machines, and by late 2008, the
bot-net was mostly gone. But, like with Slammer, the people behind
it were never caught. Mebroot is also a virus that slowly started
to spread in 2007. And its main goal was also to hook you up to a bot-net, called Torpig. Both are especially sophisticated. Mebroot usually gets into your computer via
a drive-by download, where you visit a malicious web page and the program downloads in the
background without you even knowing it. From there, it overwrites what’s known as
the Master Boot Record, the part of your computer’s hard drive that stores the instructions that
tell your computer how to start up. Being able to control the Master Boot Record
gives mebroot a lot of power, because it can tell your computer what to do right from the
start. And what it tells your computer, is to connect
to the Torpig bot-net … which then steals all of your information. Torpig uses a spying technique known as Man-in-the-Browser, which is as creepy as it sounds. It lurks in your browser, logging everything
you do and any private information you happen to enter. It’ll also try to actively steal information,
using fake websites that look and behave exactly like the originals, but send the data to the Torpig
servers instead. And all the while, you’d never know it was there. By late 2008, Torpig had stolen info connected
to 500,000 bank accounts, and again, the people who created it haven’t been caught. By now, you might be wondering whether
a worm will make the internet go down tomorrow, or whether your computer is secretly part
of a bot-net. And I don’t really blame you. There are things you can do to avoid getting
viruses: install an antivirus program. Don’t click on suspicious links or emails from Nigerian
princes. Keep your operating system and computer programs updated with the latest security
patches. Computers are amazing, but they just do what
they’re told, and when viruses tell them to do bad things, it can create a lot of damage. Thanks for watching this episode of SciShow, brought to you by our patrons on Patreon. If you want to help support the
show, just go to patreon.com/scishow. And don’t forget to go to youtube.com/scishow and subscribe!
