Shaun Nichols: Before Conficker came around and got everyone worked into a lather, Storm was the big bad botnet on the block. First appearing in early 2007 as a fake news video on European flooding, the Storm malware menaced users for more than a year.
The huge botnet was also influential for its continued use of social engineering tactics. The malware disguised itself as everything from video files to greeting cards, and attacks were continuously refreshed to coincide with holidays and current news events.
While Storm has since been eclipsed by newer botnets, the name still brings to mind one of the most menacing attacks seen in recent years.
Iain Thomson: When extreme weather hit Europe the damage was bad enough, but the Storm code made things much worse. At a time when many were seriously concerned about the health and safety of friends and family, the last thing anyone needed was an infection.
But Storm was a classic piece of social engineering. At a time when people are concerned they don’t always think of the consequences, be it approving torture or opening an email attachment.
This kind of social networking is nothing new, of course, but the Storm malware did it very well indeed and proved very effective as a result.
Shaun Nichols: It was a classic love story. Boy meets girl, girl dances for money, boy goes home and writes computer virus for girl, computer virus gets out of hand and causes millions of dollars in damage. It’s the Romeo and Juliet of our time.
When a New Jersey hacker wrote a small bit of code named after a stripper he met in Florida, he had no idea of the chaos that would ensue. The Melissa virus, as it came to be known, got way, way out of hand.
The virus spread like wildfire throughout the net, and an unintended effect of the worm led to a glut of email traffic that overflowed servers and caused tons of damage and lost work time to corporate IT systems.
The hacker himself was later caught and sentenced to a year and half in prison. Next time he wants to impress a girl, hopefully he’ll stick to chocolates and jewelery.
Iain Thomson: Now, I’ve done some stupid things to impress girls, things that cause me to bite my fist with embarrassment nowadays and one that left me with a small amount of scar tissue, but writing a computer virus makes these pale by comparison.
The real damage of Melissa was not in the code itself, but in its spamming capabilities. The software caused a massive overload of email systems and generated enough traffic to make it highly visible. Current computer malware writers have taken note of code like Melissa and now fly much lower under the wire to attract less attention.