A Malware Hall of Fame
A couple of weeks ago, just prior to taking off on a vacation, I was asked by one of our marketing folks for a list of significant and/or famous malware.
So, I spent some time thinking about what examples I would include in a "Malware Hall of Fame" if I were in charge of the museum, and came up with the following two lists of favorite and/or significant malware...
Memorable/significant attacks from the "old days":
- An unnamed file-infecting virus that showed up on my first job (back in the IBM PC days of late 80's), via a program on a floppy disk from a European partner. This was the first malware sample I ever reverse-engineered, and I was immensely pleased with myself when I figured out a nice code signature I could add to whatever virus scanner we were using back then. (IIRC, it was a scanner from IBM, and it included a config file where you could add your own signatures.)
- The Pakistani "brain" virus (one of the first boot-sector [floppy disk] viruses).
- The "michaelangelo" virus (one of the first "time bomb" viruses).
- The Morris worm (first internet worm, IIRC).
- The "i love you" worm (first big e-mail worm). I got one of these from a friend who fell for it, since he'd received it from his network admin, and so he'd trusted it and opened it...
- The "Code Red" and "Nimda" worms (the first time I fell in love with checking logs for malicous traffic).
- Zeus (longtime king of the botnet kits; good representative for the "malware as a business" genre)
- Conficker (first big worm attack in a long time; also spread on USB drives -- shades of boot floppy viruses!; also pioneered massive phone-home domain name generation...)
- Aurora attack (put APTs on the top of the worry list for companies everywhere)
- Stuxnet (first cyberweapon; forced anybody running any sort of computer system to think about cyber attacks)
- Flashback (wake-up call for Mac users; no one should be feeling smug and safe these days)
Later, I got a list of current major botnets and threats from Patrick, and I like some of his suggestions:
- TDL4/TDL3/TDSS/ALUREON and MEBROOT/SINOWAL/TORPIG (representative of sophisticated modern rootkits)
- Koobface (not as prominent these days, but made a lot of noise in the early days of Facebook)
- Blackhole Exploit Kit (most famous of the exkits; another great example of the "malware as a business" model)
Quite the rogues gallery... Am I missing any important ones?