Occasionally, a computer virus goes way beyond a simple inconvenience and enters cyber-security history as one of the nastiest bugs of all time – and five of the worst are showcased in the video above from SciShow.
You might not be surprised to learn that most of these viruses arrived as innocent-looking emails, and relied on users clicking through on unknown attachments and links. In other words, it was social engineering, where hackers manipulate us to act a certain way to let them in.
Take the first virus in the list, Melissa, from 1999. Using a Word document attachment, it could load up porn sites and forward itself to more email addresses through a macro – a small bit of code used to simplify repetitive tasks in Word.
If you wonder why Word sometimes locks down attachments you receive over email, Melissa is part of the reason why – when it hit, it caused an estimated US$80 million in lost productivity and clean-up costs.
Despite this massive sum, a year later, it seems we still hadn't learned our lesson. The 'I Love You' virus also relied on people's curiosity about what was arriving via email– specifically, an attachment called love-letter-for-you.txt.
That attachment was actually a small program that copied over personal data from your local hard drive, and, like Melissa, could mine email address books for new victims to attack. I Love You ended up infecting roughly 45 million computers, and cost an estimated $10 billion in damage.
Fast forward to 2003, when SQL Slammer almost literally broke the internet. And this time, there was no social engineering involved.
Instead, the virus targeted data servers held by major companies, fooling them into giving it access to their systems, before sending itself out to other computers from its new host.
The snowballing effect of more and more servers getting infected overloaded whole sections of the web, causing an estimated $1.2 billion in damage within the first five days.
Storm Worm, from 2007, used a link inside an email instead of an attachment – a reminder to never click on links in your emails unless you're certain they're genuine.
Once the link was clicked, it could silently install code and hook your computer up to a botnet – a shadowy, hidden network distributed over a number of internet-connected computers.
Botnets can be used for everything from targeting attacks on servers to running spam email campaigns. As they typically involve so many computers, security firms find them difficult to stop.
Mebroot hailed from 2007 too, and it also recruited computers to a botnet. But in this case, the virus used drive-by-downloads to infect machines – downloads that are automatically triggered as soon as a malicious website is opened.
Mebroot was capable of taking control of computers deep inside their operating system, and as a result it was very hard to kill. Basically, it could spy on pretty much anything you did in your browser, and security experts say it only took a year to steal information related to about 500,000 bank accounts.
We might be nine years on from Mebroot, but there's no room for complacency: viruses are only getting more advanced and trickier to catch. So stealthy, in fact, that sometimes they can lurk for several years in systems before they're uncovered.
And all the while we're putting more and more of our lives online and 'in the cloud', meaning we have greater amounts of personal data at stake than ever before.
There's no way to ever be 100 percent protected against a virus or a hack, but there are ways you can minimise the danger.
Be wary of links and attachments sent over email or instant message, and keep all of your software – operating system, browser, email client, antivirus program – up to date at all times.
Stay safe out there, guys!