a case study of a computer virus

11 real and famous cases of malware attacks

Updated at June 4, 2021
Blog , Threat Research

Many cases of famous hacker attacks use malware at some point. For example, first, the cybercriminal can send you a phishing email . No attachment. No links. Text only. After he gains your trust , in a second moment, he can send you a malicious attachment , that is, malware disguised as a legitimate file.

Malware is a malicious software designed to infect computers and other devices. The intent behind the infection varies. Why? Because the cybercriminal can use malware to make money, to steal secret information that can give strategic advantages, to prevent a business from running or even just to have fun.

Yes, there are hackers who act for pleasure.

In fact, malware is a broad term. It’s like a category. Within this category are different types of threats, such as virus , worm , trojan , and ransomware .

To fight malware delivered via email, here at Gatefy we offer a secure email gateway solution and an anti-fraud solution based on DMARC . You can request a demo or more information .

To get an idea, according to the FBI , damages caused by ransomware amounted to more than USD 29.1 million just in 2020. And one of the most widely used form of malware spreading continues to be via email . As a Verizon report confirmed : 30% of the malware was directly installed by the actor, 23% was sent there by email and 20% was dropped from a web application.

The cases listed below show how malware attacks can work and give you a glimpse of the harm they cause to businesses and individuals.

In this post, we’ll cover the following malware cases:

Icon of the Gatefy's cloud email security solution.

Check out 11 real cases of malware attacks

1. covidlock, ransomware, 2020.

Fear in relation to the Coronavirus (COVID-19) has been widely exploited by cybercriminals. CovidLock ransomware is an example. This type of ransomware infects victims via malicious files promising to offer more information about the disease.

The problem is that, once installed, CovidLock encrypts data from Android devices and denies data access to victims. To be granted access, you must pay a ransom of USD 100 per device.

2. LockerGoga, ransomware, 2019

LockerGoga is a ransomware that hit the news in 2019 for infecting large corporations in the world, such as Altran Technologies and Hydro. It’s estimated that it caused millions of dollars in damage in advanced and targeted attacks.

LockerGoga infections involve malicious emails , phishing scams and also credentials theft. LockerGoga is considered a very dangerous threat because it completely blocks victims’ access to the system.

3. Emotet, trojan, 2018

Emotet is a trojan that became famous in 2018 after the U.S. Department of Homeland Security defined it as one of the most dangerous and destructive malware. The reason for so much attention is that Emotet is widely used in cases of financial information theft, such as bank logins and cryptocurrencies.

The main vectors for Emotet’s spread are malicious emails in the form of spam and phishing campaigns . 2 striking examples are the case of the Chilean bank Consorcio, with damages of USD 2 million, and the case of the city of Allentown, Pennsylvania, with losses of USD 1 million.

4. WannaCry, ransomware, 2017

One of the worst ransomware attacks in history goes by the name of WannaCry , introduced via phishing emails in 2017. The threat exploits a vulnerability in Windows.

It’s estimated that more than 200,000 people have been reached worldwide by WannaCry, including hospitals, universities and large companies, such as FedEx, Telefonica, Nissan and Renault. The losses caused by WannaCry exceed USD 4 billion.

By the way, have you seen our article about the 7 real and famous cases of ransomware attacks ?

5. Petya, ransomware, 2016

Unlike most ransomware , Petya acts by blocking the machine’s entire operating system. We mean, Windows system. To release it, the victim has to pay a ransom.

It’s estimated that the losses involving Petya and its more new and destructive variations amount to USD 10 billion since it was released in 2016. Among the victims are banks, airports and oil and shipping companies from different parts of the world.

6. CryptoLocker, ransomware, 2013

The CryptoLocker is one of the most famous ransomware in history because, when it was released in 2013, it used a very large encryption key, which made the experts’ work difficult. It’s believed that it has caused more than USD 3 million in damage, infecting more than 200,000 Windows systems.

This type of ransomware was mainly distributed via emails, through malicious files that looked like PDF files , but, obviously, weren’t.

7. Stuxnet, worm, 2010

The Stuxnet deserves special mention on this list for being used in a political attack, in 2010, on Iran’s nuclear program and for exploiting numerous Windows zero-day vulnerabilities . This super-sophisticated worm has the ability to infect devices via USB drives, so there is no need for an internet connection.

Once installed, the malware is responsible for taking control of the system. It’s believed that it has been developed at the behest of some government. Read: USA and Israel.

8. Zeus, trojan, 2007

Zeus is a trojan distributed through malicious files hidden in emails and fake websites, in cases involving phishing . It’s well known for propagating quickly and for copying keystrokes, which led it to be widely used in cases of credential and passwords theft, such as email accounts and bank accounts.

The Zeus attacks hit major companies such as Amazon, Bank of America and Cisco. The damage caused by Zeus and its variations is estimated at more than USD 100 million since it was created in 2007.

9. MyDoom, worm, 2004

In 2004, the MyDoom worm became known and famous for trying to hit major technology companies, such as Google and Microsoft. It used to be spread by email using attention-grabbing subjects, such as “Error”, “Test” and “Mail Delivery System”.

MyDoom was used for DDoS attacks and as a backdoor to allow remote control. The losses are estimated, according to reports, in millions of dollars.

10. ILOVEYOU, worm, 2000

The ILOVEYOU worm was used to disguise itself as a love letter, received via email. Reports say that it infected more than 45 million people in the 2000s, causing more than USD 15 billion in damages.

ILOVEYOU is also considered as one of the first cases of social engineering used in malware attacks. Once executed, it had the ability to self-replicate using the victim’s email.

Also see 10 real and famous cases of social engineering .

11. Melissa, virus, 1999

The Melissa virus infected thousands of computers worldwide by the end of 1999. The threat was spread by email, using a malicious Word attachment and a catchy subject: “Important Message from (someone’s name)”.

Melissa is considered one of the earliest cases of social engineering in history. The virus had the ability to spread automatically via email. Reports from that time say that it infected many companies and people, causing losses estimated at USD 80 million.

How to fight malware attacks

There are 2 important points or fronts to fight and prevent infections caused by malware.

1. Cybersecurity awareness

The first point is the issue regarding cybersecurity awareness. You need to be aware on the internet. That means: watch out for suspicious websites and emails . And that old tip continues: if you’re not sure what you’re doing, don’t click on the links and don’t open attachments.

2. Technology to fight malware

The second point involves the use of technology . It’s important that you have an anti-malware solution on your computer or device. For end-users, there are several free and good options on the market.

For companies, in addition to this type of solution, we always recommend strengthening the protection of your email network. As already explained, email is the main malware vector. So, an email security solution can rid your business of major headaches.

Here at Gatefy we offer an email gateway solution and a DMARC solution . By the way, you can request a demo by clicking here or ask for more information . Our team of cybersecurity experts will contact you shortly to help.

Latest news

10 real and famous cases of bec (business email compromise), 8 reasons to use dmarc in your business, what is mail server.

Men hand shaking in one of the potential business email compromise cases

Artificial Intelligence
Generative AI
Business Operations
IT Leadership
Application Security
Business Continuity
Cloud Security
Critical Infrastructure
Identity and Access Management
Network Security
Physical Security
Risk Management
Security Infrastructure
Vulnerabilities
Software Development
Enterprise Buyer’s Guides
United States
United Kingdom
Newsletters
Foundry Careers
Terms of Service
Privacy Policy
Cookie Policy
Member Preferences
About AdChoices
E-commerce Links
Your California Privacy Rights

Our Network

Computerworld
Network World

11 infamous malware attacks: The first and the worst

Whether by dumb luck or ruthless skill, these malware attacks left their mark on the internet..

binary code, magnifying lens, skull and crossbones

Viruses and other malware spreading for sinister or baffling reasons has been a staple of cyberpunk novels and real-life news stories alike for decades. And in truth, there have been computer viruses on the internet since before it was the internet. This article will take a look at some of the most important milestones in the evolution of malware: These entries each represent a novel idea, a lucky break that revealed a gaping security hole, or an attack that turned to be particularly damaging—and sometimes all three.

Creeper virus (1971)
Brain virus (1986)
Morris worm (1988)
ILOVEYOU worm (2000)
Mydoom worm (2004)
Zeus trojan (2007)
CryptoLocker ransomware (2013)
Emotet trojan (2014)
Mirai botnet (2016)
Petya ransomware/NotPetya wiper (2016/7)
Clop ransomware (2019-Present)

1. Creeper virus (1971)

Computer pioneer John von Neumann’s posthumous work Theory of Self-Reproducing Automata , which posited the idea of computer code that could reproduce and spread itself, was published in 1966. Five years later, the first known computer virus, called Creeper , was a written by Bob Thomas. Written in PDP-10 assembly language, Creeper could reproduce itself and move from computer to computer across the nascent ARPANET.

Creeper did no harm to the systems it infected—Thomas developed it as a proof of concept, and its only effect was that it caused connected teletype machines to print a message that said “I’M THE CREEPER: CATCH ME IF YOU CAN.” We’re mentioning it here despite its benign nature because it was the first, and set the template for everything that followed. Shortly after Creeper’s release, Ray Tomlinson, best known for implementing the first email program, wrote a rival program called Reaper that spread from computer to computer eliminating Creeper’s code.

2. Brain virus (1986)

Creeper was designed to leap across computer networks, but for most of the 1970s and ’80s that infection vector was in limited simply because most computers operated in isolation. What malware did spread from computer to computer did so via floppy disks. The earliest example is Elk Cloner , which was created by a 15-year-old as a prank and infected Apple II computers. But probably the most important of this generation of viruses was one that came to be known as Brain, and started spreading worldwide in 1986.

Brain was developed by computer programmers (and brothers) Amjad and Basit Farooq Alvi, who lived in Pakistan and had a business selling medical software. Because their programs were often pirated, they created a virus that could infect the boot sector of pirated disks. It was mostly harmless but included contact information for them and an offer to “disinfect” the software.

Whether they could actually “fix” the problem isn’t clear, but as they explained 25 years later, they soon started receiving phone calls from all over the world , and were shocked by how quickly and how far Brain had spread (and how mad the people who had illegally copied their software were at them, for some reason). Today Brain is widely regarded as the first IBM PC virus, so we’re including it on our list despite its benign nature, and the brothers still have the same address and phone number that they sent out 25 years ago.

3. Morris worm (1988)

1988 saw the advent of a piece of malware called Morris, which could claim a number of firsts. It was the first widespread computer worm , which meant it could reproduce itself without needing another program to piggyback on. It targeted multiple vulnerabilities to help it spread faster and further. While not designed to do harm, it was probably the first malware to do real substantive financial damage, more than earning its place on this list. It spread incredibly swiftly—within 24 hours of its release, it had infected 10 percent of all internet-connected computers —and created multiple copies of itself on each machine, causing many of them to grind to a halt. Estimates of the costs of the attack ranged into the millions.

The worm is named after its creator Robert Morris , who was a Cornell grad student at the time and meant it as a proof-of-concept and demonstration of widespread security flaws. Morris didn’t anticipate that it would spread so quickly or that its ability to infect individual computers multiple times would cause so much trouble, and he tried to help undo the damage, but it was too late. He ended up the unfortunate subject of another first: The first person convicted under the 1986 Computer Fraud and Abuse Act.

4. ILOVEYOU worm (2000)

Unlike the previous malware creators on this list, Onel de Guzman, who was 24 in 2000 and living in the Philippines, crafted his creation with straightforward criminal intent: he couldn’t afford dialup service, so he built a worm that would steal other people’s passwords so he could piggyback off of their accounts. But the malware so cleverly took advantage of a number of flaws in Windows 95—especially the fact that Windows automatically hid the file extensions of email attachments so people didn’t realize they were launching executable files—that it spread like wildfire, and soon millions of infected computers were sending out copies of the worm and beaming passwords back to a Filipino email address . It also erased numerous files on target computers, causing millions of dollars in damage and briefly shutting down the U.K. Parliament’s computer system.

de Guzman was never charged with a crime, because nothing he did was illegal in the Philippines at the time, but he expressed regret in an interview 20 years later , saying he never intended the malware to spread as far as it did. He also ended up being something of a pioneer in social engineering : the worm got its name because it spread with emails with “ILOVEYOU” in the subject line . “I figured out that many people want a boyfriend, they want each other, they want love, so I called it that,” de Guzman said.

5. Mydoom worm (2004)

Mydoom may be almost 20 year old as of this writing, but as of today still holds a number of records. The Mydoom worm infected computers via email , then took control of the victim computer to email out more copies of itself, and did it so efficiently that at its height it accounted for a quarter of all emails sent worldwide, a feat that’s never been surpassed. The infection ended up doing more than $35 billion in damages, which, adjusted for inflation, has also never been topped.

The creator and ultimate purpose of Mydoom remain mysteries today. In addition to mailing out copies of the worm, infected computers were also used as a botnet to launch DDoS attacks on the SCO Group (a company that aggressively tried to claim intellectual property rights over Linux ) and Microsoft , which led many to suspect some rogue member of the open source community . But nothing specific has ever been proven.

6. Zeus trojan (2007)

Zeus was first spotted in 2007, at the tail end of the Web 1.0 era, but it showed the way for the future of what malware could be. A Trojan that infects via phishing and drive-by downloads from infected websites, isn’t just one kind of attacker; instead, it acts as a vehicle for all sorts of malicious payloads. Its source code and operating manual leaked in 2011, which helped both security researchers and criminals who wanted to exploit its capabilities .

You’ll usually hear Zeus referred to as a “banking Trojan,” since that’s where its variants focus much of their energy. A 2014 variant, for instance, manages to interpose itself between a user and their banking website , intercepting passwords, keystrokes, and more. But Zeus goes beyond banks, with another variation slurping up Salesforce.com info .

7. CryptoLocker ransomware (2013)

Zeus could also be used to create botnets of controlled computers held in reserve for some later sinister purpose. The controllers of one such botnet, called Gameover Zeus, infected their bots with CryptoLocker, one of the earliest prominent versions of what became known as ransomware . Ransomware encrypts many of the files on the victim’s machine and demands a payment in cryptocurrency in order to restore access.

CryptoLocker became famous for its rapid spread and its powerful asymmetric encryption that was (at the time) uniquely difficult to break. It also became famous due to something unusual in the malware world: a happy ending. In 2014, the U.S. DoJ and peer agencies overseas managed to take control of the Gameover Zeus botnet , and restore the files of CryptoLocker victims free of charge. Unfortunately, CryptoLocker spread via good old-fashioned phishing as well, and variants are still around.

8. Emotet trojan (2014)

Emotet is another piece of malware whose functionality has shifted and changed of the years that it has remained active. In fact, Emotet is a prime example of what’s known as polymorphic malware , with its code changing slightly every time it’s accessed, the better to avoid recognition by endpoint security programs . Emotet is a Trojan that, like others on this list, primarily spreads via phishing (repeat after us: do not open unknown email attachments ).

Emotet first appeared in 2014, but like Zeus, is now a modular program most often used to deliver other forms of malware, with Trickster and Ryuk being two prominent examples. Emotet is so good at what it does that Arne Schoenbohm, head of the German Federal Office for Information Security, calls it the “king of malware.”

9. Mirai botnet (2016)

All the viruses and other malware we’ve been discussing so far have afflicted what we think of as “computers”—the PCs and laptops that we use for work and play. But in the 21st century, there are millions of devices with more computing power than anything that Creeper could have infected. These internet of things (IoT) devices are omnipresent, ignored, and often go unpatched for years.

The Mirai botnet was actually similar to some of the early malware we discussed because it exploited a previously unknown vulnerability and wreaked far more havoc than its creator intended. In this case, the malware found and took over IoT gadgets (mostly CCTV cameras) that hadn’t had their default passwords changed. Paras Jha, the college student who created the Mirai malware, intended to use the botnets he created for DoS attacks that would help settle scores in the obscure world of Minecraft server hosting, but instead he unleashed an attack that focused on a major DNS provider and cut off much of the U.S. east coast from the internet for the better part of a day.

10. Petya ransomware/NotPetya wiper (2016/7)

The ransomware Trojan dubbed Petra started afflicting computers in 2016. Though it had a clever mechanism for locking down its victims’ data—it encrypts the master file table, which the OS uses to find files—it spread via conventional phishing scams and wasn’t considered particularly virulent.

It would probably be forgotten today if not for what happened the following year. A new self-reproducing worm variant emerged that used the NSA’s leaked EternalBlue and EternalRomance exploits to spread from computer to computer. Originally distributed via a backdoor in a popular Ukrainian accounting software package, the new version— dubbed NotPetya —quickly wreaked havoc across Europe. The worst part? Though NotPetya still looked like ransomware, it was a wiper designed wholly to ruin computers, as the address displayed where users could send their ransom was randomly generated and did no good. Researchers believe that Russian intelligence repurposed the more ordinary Petya malware to use as a cyberweapon against Ukraine—and so, in addition to the massive damage it caused, NotPetya earns its place on this list by illustrating the symbiotic relationship between state sponsored and criminal hackers.

11. Clop ransomware (2019-Present)

Clop (sometimes written Cl0p) is another ransomware variant that emerged on the scene in 2019 and has grown increasingly prevalent since, to the extent that it was dubbed one of the top malware threats of 2022 . In addition to preventing victims from accessing their data, Clop allows the attacker to exfiltrate that data as well. McAfee has a breakdown of the technical details , including a review of ways it can bypass security software.

What makes Clop so interesting and dangerous, however, is not how it’s deployed, but by whom. It’s at the forefront of a trend called Ransomware-as-a-Service , in which a professionalized group of hackers does all the work for whoever will pay them enough (or share in a percentage of the ransomware riches they extract from victims). The earlier entries in this list are from a day when the internet was for hobbyists and lone wolves; today, it seems even cybercrime is largely the province of governments and the professionals.

More from this author

What is swatting criminal harassment falsely involving armed police, ccsp certification: exam, cost, requirements, training, salary, certified ethical hacker (ceh): certification cost, training, and value, whitelisting explained: how it works and where it fits in a security program, download our password managers enterprise buyer’s guide, cism certification: requirements, training, exam, and cost, two-factor authentication (2fa) explained: how it works and how to enable it, what is spear phishing examples, tactics, and techniques, most popular authors.

Show me more

7 open source security tools too good to ignore.

Building the foundation for secure Generative AI

Unlocking the potential of Generative AI starts with a secure foundation

CSO Executive Sessions India with Hilal Lone, CISO, Razorpay

CSO Executive Sessions: The new realities of the CISO role - whistleblowing and legal liabilities

CSO Executive Sessions India with Pradipta Kumar Patro, Global CISO and Head IT Platform, KEC International

MyDoom: The 15-year-old malware that's still being used in phishing attacks in 2019

A destructive form of malware is still actively being distributed, 15 years after it was unleashed causing over $38bn-worth of damage.

Special feature

Cyberwar and the future of cybersecurity.

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.

MyDoom first emerged in 2004 and is still regarded as one of the fastest spreading and most destructive computer viruses of all time – at one point, the worm generated up to a quarter of all emails being sent worldwide.

It spread by scraping email addresses from infected Windows computers and spread to victim's contacts by sending a new version of itself as a malicious attachment. If the attachment was opened, the process would repeat and MyDoom spread to more victims, roping them into a botnet that could perform Distributed Denial of Service (DDoS) attacks.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

Such was the impact of MyDoom that on 26 July 2004, it took down Google, preventing users from conducting web searches for most of the day. Other popular search engines of the time, including Yahoo, Lycos and Alta Vista, also experienced slow performance as a result of the attack.

Exactly a decade and a half on from that day, MyDoom is still active in the wild and according to analysis by Unit 42 – the research division of cybersecurity company Palo Alto Networks – one percent of all emails containing malware sent during 2019 have been MyDoom emails.

It might not sound like much, but it's a large figure considering the sheer number of malicious phishing emails distributed around the globe – and it's testament to the staying power and self-sufficiency of MyDoom that it remains active to this day.

"The main reason for the high and consistent volume of MyDoom malware is that once infected, MyDoom will work aggressively to find other email addresses on the victim's system to send itself on to," Alex Hinchliffe, threat intelligence analyst at Unit 42 told ZDNet.

"MyDoom will work aggressively to find other email addresses on the victim's system to send itself on to. This worm behaviour means, for the most part, the malware is self-sufficient and could continue to do this forever, so long as people open the email attachments".

The vast majority of IP addresses distributing MyDoom in 2019 are in China, with the United States and Great Britain following in second and third place, but together still only accounting for less than 10% of spam emails sent by infected Chinese systems. Those targeted vary, with Palo Alto Networks spotting MyDoom spam being sent across the globe.

MyDoom distribution remains similar to the way it has always worked, with email subject lines designed to dupe the user into opening an attachment sent from a spoofed email address. In many cases, these are based around failed delivery notifications that suggest the user needs to open the malicious document to find out why.

Other subject lines include random strings of characters, 'hello', 'hi' and 'Click me baby, one more time'. The lures sound basic, but they still prove sufficient enough to remain effective. However, with education, this could be countered.

"We should be learning about basic levels of cyber hygiene that may prevent such emails from being successful. Things like spotting suspicious file types and being vigilant to odd-looking email sender addresses," said Hinchliffe.

While relatively simple attacks, worms are still a danger to internet users. Both WannaCry and NotPetya – two of the most destructive cyber attacks in recent years – were powered by worm-like capabilities. NotPetya in particular caused vast amounts of financial damage, costing some of its victims hundreds of millions of dollars .

The best VPN services: Expert tested

The best travel vpns: expert tested, the best cheap vpns: expert tested.

Computer Worm Examples (2024): The 9 Worst Attacks Ever

By Tibor Moes / Updated: January 2024

Computer Worm Examples (2023): The 10 Worst Attacks Ever

Computer worms represent a significant cybersecurity threat, capable of causing widespread damage to digital infrastructures and personal data.

In this article, we will explore the nine most devastating computer worm attacks in history, providing insights into their impact and the lessons learned from each incident.

A computer worm is a type of malicious software program that replicates itself to spread to other computers, often causing harm by consuming bandwidth or corrupting data.

Morris Worm (1988): One of the first worms to gain widespread attention, it quickly infected a significant portion of the early internet’s computers. It caused damage estimated in the millions, affecting around 6,000 computers.
Melissa (1999): This worm spread via email, causing widespread disruption and necessitating costly cleanups. The total damage was estimated at around $80 million.
ILOVEYOU Worm (2000): Disguised as a love letter, this worm rapidly infected millions of Windows PCs worldwide. Over ten million computers were affected.
Code Red Worm (2001): Targeting Microsoft’s IIS web server software, it infected over 359,000 systems in less than 14 hours, causing over $2 billion in damages.
Slapper (2002): A worm targeting Linux systems, it plateaued at about 7,000 infected servers. It was notable for creating a network of compromised computers.
SQL Slammer (2003): This fast-spreading worm affected over 250,000 computers globally, impacting internet speeds and services. It highlighted vulnerabilities in database management systems.
Mydoom Worm (2004): Known for its rapid email-based propagation, Mydoom caused an estimated $38 billion in damages. It infected around 50 million computers worldwide.
Sasser (2004): Exploiting a Windows vulnerability, Sasser infected about 2 million computers. It caused frequent crashes and reboots, disrupting operations globally.
Stuxnet (2010): A sophisticated worm targeting industrial control systems, it ruined one-fifth of Iran’s nuclear centrifuges and degraded 1,000 machines. Over 200,000 computers were infected.

Don’t become a victim of a computer worm. Protect your devices with the best antivirus software and your privacy with the best VPN service .

Computer Worm Examples

1. morris worm (1988).

In the late 1980s, the digital world witnessed one of its first major security crises with the emergence of the Morris Worm. This seemingly innocuous piece of code, created by a Cornell University graduate student, Robert Tappan Morris, quickly spiraled out of control.

Within a mere 24 hours of its release, the worm had infiltrated an estimated 6,000 computers. This number might seem modest by today’s standards, but it was a significant percentage of the roughly 60,000 computers connected to the then-nascent Internet.

The financial repercussions were staggering. As reported by the FBI, initial damage assessments started at a hefty $100,000, but as the full extent of the worm’s impact became clear, these figures skyrocketed into the millions .

The Morris Worm was a wake-up call, highlighting the fragility of interconnected computer systems and the potential havoc that could be wreaked by a single piece of malicious code.

2. Melissa (1999)

Fast forward to 1999, and the digital landscape faced another formidable challenge with the Melissa virus. Named after an exotic dancer from Florida, this virus was the brainchild of David L. Smith.

Melissa masqueraded as an innocuous email attachment but, once opened, it replicated itself by sending messages to the top 50 contacts in the user’s Microsoft Outlook address book. This rapid multiplication caused a massive strain on email servers worldwide.

The FBI estimated the collective damage caused by the Melissa virus at around $80 million. This staggering sum was primarily attributed to the cleanup and repair of the affected computer systems. Melissa’s rampage served as a stark reminder of the vulnerabilities inherent in widely used software and the ease with which a well-crafted virus could disrupt global digital infrastructure.

3. ILOVEYOU Worm (2000)

The turn of the millennium saw the emergence of one of the most infamous computer worms in history: the ILOVEYOU worm. This deceptively named worm wreaked havoc on a global scale, exploiting human curiosity and trust.

Disguised as a love letter sent via email, the worm lured users into opening an attachment that unleashed its malicious payload. According to Wired.com, the ILOVEYOU worm rapidly spread across the globe, infecting over ten million Windows personal computers starting from May 5, 2000.

The simplicity of its distribution method – an email from a known contact with an alluring subject line – played a key role in its widespread impact. The ILOVEYOU worm not only caused substantial data loss by overwriting files but also highlighted the vulnerabilities in email-based communication systems and the need for heightened awareness about digital security practices among individual users.

4. Code Red Worm (2001)

A year after the ILOVEYOU incident, the digital world faced another significant threat: the Code Red worm. This worm targeted computers running Microsoft’s IIS web server software, exploiting a buffer overflow vulnerability to replicate itself and spread across networks.

The speed and scale of its spread were alarming – as reported by researchers David Moore, Colleen Shannon, and Kimberly C. Claffy, Code Red infected over 359,000 systems in less than 14 hours. The worm’s rapid proliferation not only caused internet slowdowns but also compromised the security of affected systems.

The financial toll of the Code Red worm was immense, with the total damage estimated to be over $2 billion. This incident underscored the importance of timely software updates and patches, as well as the need for robust security measures in protecting critical internet infrastructure.

5. Slapper (2002)

In 2002, the digital world encountered a unique threat targeting Linux-based systems: the Slapper worm. Unlike its predecessors that primarily targeted Windows systems, Slapper exploited a vulnerability in the OpenSSL cryptographic software library, used by many servers running Linux. According to CNET.com, the spread of this worm eventually plateaued at around 7,000 servers .

While this number may seem modest compared to other massive outbreaks, the significance of Slapper lay in its method of attack. It created a network of infected computers, known as a botnet, which could be used for coordinated attacks or to spread spam emails.

The Slapper worm was a wake-up call for the Linux community, emphasizing the need for constant vigilance and regular updates even in systems that were considered more secure than their Windows counterparts.

6. SQL Slammer (2003)

The following year, in 2003, the SQL Slammer worm emerged, causing widespread disruption. This worm exploited a vulnerability in Microsoft’s SQL Server and Desktop Engine database products. SQL Slammer was incredibly efficient in its design, allowing it to spread rapidly across the globe. WeLiveSecurity.com reports that globally, over 250,000 computers were thought to have been affected by this worm.

The impact of SQL Slammer was not just in the number of infected systems but also in the collateral damage it caused. It significantly slowed down general internet traffic and even caused outages in some critical services, including ATM withdrawals and airline flight schedules.

The SQL Slammer incident highlighted the far-reaching consequences of cyberattacks on essential services and infrastructure, underscoring the critical need for secure coding practices and timely application of security patches.

7. Mydoom Worm (2004)

In 2004, the Mydoom worm emerged as one of the most damaging malware outbreaks in history. According to NordVPN.com, Mydoom caused an astonishing $38 billion in damages, earning it the notorious title of one of the worst viruses ever.

This worm spread primarily through email, with messages containing deceptive subject lines to entice recipients into opening the attachment, thereby triggering the worm. Once activated, Mydoom replicated and sent itself to email addresses found in the user’s contact list, rapidly multiplying its reach.

Security researchers estimate that Mydoom infected around 50 million computers worldwide , showcasing its devastating efficiency.

The financial impact of Mydoom was felt across various sectors, from individual users to large corporations, highlighting the extensive vulnerabilities in email communication systems and the need for comprehensive security measures.

8. Sasser (2004)

Also in 2004, the digital world faced another significant threat from the Sasser worm. Unlike Mydoom, Sasser did not require user interaction to spread. Instead, it exploited a vulnerability in Microsoft Windows. Once a computer was infected, the worm scanned for other vulnerable systems and propagated itself.

According to Wikipedia.org, Sasser and its variants infected about 2 million computers worldwide. The worm caused computers to crash and reboot frequently, leading to significant disruptions in personal, business, and even critical public service operations.

The Sasser outbreak underscored the importance of regular system updates and the potential consequences of unpatched security vulnerabilities. It also highlighted the need for better awareness and preparedness against such threats, especially in critical infrastructure sectors.

9. Stuxnet (2010)

In 2010, the world witnessed a new era of cyber warfare with the discovery of Stuxnet, a highly sophisticated computer worm unlike any seen before. Stuxnet was not just a tool for data theft or system disruption; it was a weapon designed for physical sabotage.

According to M.A.C. Solution, Stuxnet had a devastating impact on Iran’s nuclear program, reportedly ruining almost one-fifth of the country’s nuclear centrifuges . The worm specifically targeted industrial control systems used in critical infrastructure, marking a significant shift in the nature of cyber threats.

Stuxnet infected over 200,000 computers, but its most alarming capability was its ability to cause physical damage. The worm made 1,000 machines physically degrade by manipulating the industrial control processes they were designed to safeguard.

This level of sophistication in Stuxnet’s design allowed it to remain undetected while it carried out its destructive tasks, demonstrating a new level of cyber threat that could bridge the gap between the digital and physical worlds.

The history of computer worms, from the Morris Worm in 1988 to Stuxnet in 2010, underscores a critical aspect of our digital world: the constant and evolving threat posed by malicious software.

These examples, each causing significant damage and disruption, highlight the importance of vigilance and proactive measures in cybersecurity. They serve as stark reminders of the potential vulnerabilities in our interconnected systems and the ongoing need to stay ahead of cyber threats.

In today’s digital age, where threats are ever-evolving and increasingly sophisticated, investing in robust antivirus software is more crucial than ever, especially for users of popular operating systems like Windows 11. Renowned brands like Norton , Avast , TotalAV , Bitdefender , McAfee , Panda , and Avira offer comprehensive protection that goes beyond basic defense mechanisms.

These antivirus solutions provide multi-layered security, including real-time threat detection, system vulnerability assessments, and advanced features like ransomware protection and identity theft safeguards.

By choosing a reliable antivirus program, users can significantly reduce the risk of falling victim to the next generation of computer worms and other cyber threats, ensuring their digital safety and the integrity of their personal and professional data.

Researchgate.net
Welivesecurity.com
Nordvpn.com
MAC-solutions.net

Author: Tibor Moes

Founder & Chief Editor at SoftwareLab

Tibor has tested 39 antivirus programs and 30 VPN services , and holds a Cybersecurity Graduate Certificate from Stanford University.

He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.

You can find him on LinkedIn or contact him here .

Antivirus Comparisons

Best Antivirus for Windows 11 Best Antivirus for Mac Best Antivirus for Android Best Antivirus for iOS

Antivirus Reviews

Norton 360 Deluxe Bitdefender Total Security TotalAV Antivirus McAfee Total Protection

Photography

Professional, images and opinions, writing and photography by ian sommerville.

I live in Edinburgh, the capital of Scotland and I’m interested in photography, hill-walking, and outdoors/environment…

I’ve been interested in photography since I was a student in the 1960s. I was drawn to photography through my interest…

This was originally intended to be a blog of sorts. However, I never managed to post even semi-regularly so it’s simply…

Posts about walks in Edinburgh, Aberdeenshire, the Highlands and elsewhere. Unfortunately, a lot of my posts about walks…

The TGO Challenge

The TGO Challenge is an annual event, held in May, where people walk from the west coast to the east coast of Scotland.…

This is the home page for articles about food. Some recipes and some more general thoughts.

I’m generally interested in technology, especially but not exclusively digital technologies. I started by writing a blog…

I had a long and moderately successful career as a university teacher and researcher with a focus on teaching and…

I’ve written a number of books during my academic career that I’ve listed under the Books link on my professional pages.…

281.412.7766
[email protected]
Learner Dashboard
GET YOUR CAUSE MAPPING TEMPLATE

About Cause Mapping®
What is Root Cause Analysis?
Cause Mapping® Method
Cause Mapping® FAQs
Why ThinkReliability?
Online Workshops
On-Demand Training Catalog
On-Demand Training Subscription
Company Case Study
Upcoming Webinars
Webinar Archives
Public Workshops
Private Workshops
Cause Mapping Certified Facilitator Program
Our Services
Facilitation, Consulting, and Coaching
Root Cause Analysis Program Development
Work Process Reliability™
Cause Mapping® Template
Root Cause Analysis Examples
Video Library
Articles and Downloads
About ThinkReliability
Client List
Testimonials

Case Study: The Morris Worm Brings Down the Internet

In 1988, Robert Morris created and released the first computer worm which significantly disrupted the young internet and served as a wakeup call on the importance of cybersecurity. Read our root cause analysis example to learn more about this disaster and the lessons that can be learned from it.

On November 3, 1988, Robert Morris, a graduate student at Cornell, created and released the first computer worm that could spread between computers and copy itself. Morris didn’t have malicious intent and his worm appears to have been more the result of intellectual curiosity rather than a purposefully destructive cyber-attack, but an error in the program led to it propagating much faster than he intended. The worm significantly disrupted the young internet, introduced the world to the concept of a software worm and served as a wakeup call on the importance of cybersecurity.

Build a Cause Map

A Cause Map, a visual root cause analysis, can be used to create a root cause analysis case study and analyze this incident. A Cause Map is built by asking “why” questions and using the answers to visually lay out the causes that contributed to an issue to intuitively show the cause-and-effect relationships . Mapping out all the causes that contributed to an issues ensures that all facets of a problem are well understood and helps facilitate the development of effective, detailed solutions that can be implemented to reduce the risk of a similar issues in the future.

Known flaws

To create his worm, Morris exploited known software bugs and weak passwords that no one had worried about enough to fix. At the time the Morris worm was released, the internet was in its infancy and only used by academics. There was no commercial traffic on the internet, and websites did not exist. Only a small, elite group had access to the internet, so concerns about cybersecurity hadn’t really come up.

What went wrong

Morris was trying to build a harmless worm to highlight security flaws, but an error in the program led to the worm causing a significant amount of disruption. The worm was intended to infect each computer one time, but the worm was designed to duplicate itself every seventh time a computer indicated it had already been infected to make the worm more difficult to remove. The problem was that the speed of propagation was underestimated. Once released, the worm quickly reinfected computers over and over again until they were unable to function, and the internet came crashing down.

The worm did more damage than Morris had expected and once he realized what he had done, he asked a colleague to anonymously apologize for the worm and explain how to update computers to prevent it from spreading. But the warning came too late to prevent massive disruption.

Impacts of the Morris Worm

In the short term, The Morris worm created a mess that took many computer experts days to clean up. One of the lasting impacts from the Morris worm that is hard to quantify, but is the most significant consequence of this incident, is the impact on cybersecurity. If the first “hacker” had malicious intent and came a little later, it's likely that the damage would have been much more severe. The Morris worm highlighted the need to consider cybersecurity relatively early in the development of the internet.

The Morris worm also had a significant impact on its creator, Robert Morris, who became the first person to be indicted under the 1986 Computer Fraud and Abuse Act. He was hit with a $10,050 fine, 400 hours of community service and a three-year probation. After this initial hiccup, Morris went on to have a successful career and now works in the MIT Computer Science and Artificial Intelligence Laboratory.

Download a copy of our Cause Map of the incident.

Share This Post With A Friend

READ BY - - - - - - - - - -

Other Resources - - - - - - - - - -

What Is an Outlook Digital Signature (Digital ID)? A 90-Second Overview

Mitigating Session Data Exposure: Perfect Forward Secrecy Explained

11 WordPress Security Best Practices & Tips to Do on Your Lunch Break

PKI 101: All the PKI Basics You Need to Know in 180 Seconds

The TLS Handshake Explained [A Layman’s Guide]

2018 Top 100 Ecommerce Retailers Benchmark Study

5 Ridiculous (But Real) Reasons IoT Security is Critical

Comodo CA is now Sectigo: FAQs

8 Crucial Tips To Secure Your WordPress Website

What is Always on SSL (AOSSL) and Why Do All Websites Need It?

How to Install SSL Certificates on WordPress: The Ultimate Migration Guide

The 7 Biggest Data Breaches of All Time

Hashing vs Encryption — The Big Players of the Cyber Security World

How to Tell If a Website is Legit in 10 Easy Steps

What Is OWASP? What Are the OWASP Top 10 Vulnerabilities?

Most commented

Cyber Security
Web Security
WordPress Security
SSL Certificates
Code Signing
Email Certificates
PCI Compliance
CodeGuard Backup

Spyware Examples: 4 Real Life Examples That Shook 2021

Not sure how spyware works or what damage it can cause want to get up to date with the latest spyware examples and industry trends let’s explore several of the biggest spyware threats that surfaced in 2021.

If you’re looking for spyware examples, you’ve come to the right place. Of course, this means you probably already know that spyware is malicious software used to spy on people — the name gives it away. But do you know that spyware has powers beyond stealing your photos and data?

Spyware is malware that also can be used to:

Lock your screen,
Disable antivirus programs,
Record videos using your phone’s camera, and
Cause a variety of other issues — sometimes without leaving a trace .

In this article, we’ll look at four spyware real life examples that were discovered or observed in 2021, including how they invade victims’ devices, what damage they cause, and what techniques we can use to treat and prevent these dangerous infections.

Don't make the same mistakes

Yahoo, equifax, home depot,, linkedin, and ericsson did.

Get our free 15-point checklist and

avoid the same costly pitfalls.

Afghanistan
Antigua & Deps
Bosnia Herzegovina
Cape Verde
Central African Rep
Congo {Democratic Rep}
Costa Rica
Czech Republic
Dominican Republic
East Timor
El Salvador
Equatorial Guinea
Guinea-Bissau
Ireland {Republic}
Ivory Coast
Korea North
Korea South
Liechtenstein
Marshall Islands
Netherlands
New Zealand
Papua New Guinea
Philippines
Russian Federation
St Kitts & Nevis
St Lucia
Saint Vincent & the Grenadines
San Marino
Sao Tome & Principe
Saudi Arabia
Sierra Leone
Solomon Islands
South Africa
South Sudan
Sri Lanka
Switzerland
Trinidad & Tobago
Turkmenistan
United Arab Emirates
United Kingdom
United States
Vatican City

Contact details collected on InfoSec Insights may be used to send you requested information, blog update notices, and for marketing purposes. Learn more...

Spyware Example 1: PhoneSpy

On Nov. 10, 2021, researchers at Zimperium zLabs published a report about a spyware app they found in South Korea affecting Android devices in the wild. Called PhoneSpy, this malicious program masquerades as a regular application so it can gain access to your infected machine to steal data and remotely control it. This spyware is estimated to have infected more than 1,000 Android devices.

How PhoneSpy Infects Your Device

Unknown. PhoneSpy was found in 23 legitimate-seeming apps like Yoga learning, video streaming, and messaging apps. Because these apps are not in the Google Play Store, zLabs researchers believe that the malware was distributed via other third-party platforms that attackers shared via social engineering and phishing techniques.

What Happens When PhoneSpy Infects Your Device

Not sure what happens when spyware like PhoneSpy gets installed on your device? Here’s a quick overview of what risks are associated with this spyware example and what it can do:

Steal login credentials, images, contact lists, call logs, and messages
Record video and take pictures using a device’s front and rear cameras
Record or transmit your GPS location
Download files and documents from the hacker-controlled command and control server (C&C server)
View device information like IMEI (i.e., serial number), brand, device name, and Android version
Lead victims to phishing websites to trick them into sharing credentials

How to Protect Your Device Against This Spyware Example

PhoneSpy carries out its activities without leaving a trace and conceals itself by hiding the infected app icon from the device menu. Hence, victims aren’t aware that their device has been compromised. There is no information on how much data is stolen or how they are misused.

On Nov. 22, 2021, Zimperium posted that PhoneSpy’s command and control server had been taken down and is no longer active. So, in theory, PhoneSpy should no longer be a threat. It’s possible that this spyware example was used for espionage and the campaign ended when the mission was completed. Nevertheless, you should avoid installing apps from anywhere other than official app stores (Google Play, Apple App Store, etc.) and exercise caution if anyone asks you to do so.

Spyware Example 2: Android/SpyC23.A

Advanced persistent threats (APT) are well-planned, well-organized, multi-staged attacks. They usually target government agencies and corporate giants and are operated by groups of hackers working together. As espionage is one of the main goals for APT attacks, hackers often use innovative spyware to deploy them.

One infamous APT group is ATP-C-23. ATP-C-23 use many types of attack, including Android/SpyC23. On Nov. 23, 2021, Sophos published a report stating that they’d discovered a new, powerful variant of spyware called Android/SpyC23.A. The malicious program is used by an infamous threat actor group known as ATP-C-23. Previous versions of this malware are known as VAMP , FrozenCell , and GnatSpy .

Once installed onto the target device via a compromised app, the spyware tricks the user into granting admin permission to the hackers. This access allows the attacker to:

View your sensitive files,
Lock the device,
Install or uninstall apps, and
Disable security notifications (so you’re unaware of their activities).

The new variant has the power to connect to other C&C servers in case the main server is taken down. It also hides notifications coming from security apps and the Android system, which means the victim isn’t alerted of the threat — even if their mobile has already detected the malware.

How Android/SpyC23.A Infects Your Device

Android/SpyC23.A is delivered through infected apps and distributed via SMS or similar mediums. It may be disguised as:

App updates
System apps updates
Android update intelligence

After infecting a device, Android/SpyC23.A changes its display icon and name to another well-known app to disguise itself. Sophos reports that some examples of the apps this spyware commonly impersonates include:

Google Play

What Happens When Your Device Becomes Infected?

Now that we know what Android/SpyC23.A is and how it infects your device, it’s time to explore its effects:

Read messages, documents, contacts, and call logs
Record incoming and outgoing calls
Take screenshots and pictures
Record video of the screen
Read app notifications
Block notifications from Android and security apps

Only download apps from the App Store or Play store, never from SMS, WhatsApp, or emails. Don’t give admin permissions/superuser/root access to any apps. We haven’t found any antispyware program claiming yet that they can remove Android/SpyC23.A, so the best way to mitigate the threat is to avoid infection.

Spyware Example 3: Pegasus

It’s safe to say that Israel-based NSO Group’s Pegasus spyware disrupted the world of espionage, making headlines all over the world. Although the company claims that it helps nations fight terrorism and crime, evidence suggests that people are using Pegasus software for their personal agendas. It is used to spy on activists, political rivals, workers, bloggers, media employees − anyone the client wants.

The latest attack, FORCEDENTRY affects targeted Apple users. On Sept. 13, 2021, a scientist at Citizen Lab published a report about a zero-click exploit that exploits a vulnerability in iOS’s CoreGraphics to deliver Pegasus spyware. Along with spying on the victim’s devices, it was deleting the pieces of evidence from the phone’s DataUsage.sqlite file, too.

NSO Group has clients in many countries, including the United States, United Kingdom, Saudi Arabia, United Arab Emirates, Hungary, France, and India. You can see all the latest developments related to Pegasus Spyware on The Guardian ’s website.

How Pegasus Spyware Infects Your Device

Pegasus spyware is distributed via three main methods:

Spear phishing via text messages or emails
Zero-click attacks that exploit vulnerabilities in apps and operating systems
Over a wireless transceiver located near a target

What Happens When Pegasus Gets Onto Your Phone

After infecting a device, Pegasus can:

View SMS messages, address books, call history, and calendar entries
Read and tamper with internet browsing history
Monitor actions and conversations
Turn on the camera to record in real-time
Activate the microphone to record conversations
Track GPS location

Pegasus spyware is used to spy on targeted users and is not currently a threat to most of us. If you think you could be a target of Pegasus spyware, it’s best to get help from a trusted cybersecurity expert. Because this spyware is used in highly sophisticated attacks, you won’t be able to prevent it due to the vulnerabilities that exist on your phone.

However, to avoid infection, be vigilant when opening unknown videos, messages, or links. If you think your device is infected, you can always perform a factory reset to get rid of many types of malware .

Spyware Example 4: Ghost RAT

Ghost RAT (also written as Gh0st RAT) is a trojan horse made for spying. RAT stands for “remote administration tool.” This name is appropriate considering that Ghost RAT’s operators, GhostNet System, use a C&C server to control victims’ devices remotely.

The latest Ghost RAT attack was on NoxPlayer, a free Android game emulator for PC and Mac from a company named BigNox. On Feb. 1, 2021, WeLiveSecurity published a report indicating that attackers breached BigNox’s API infrastructure to host and deliver Ghost RAT and other two types of malware. It targeted users from Taiwan, Hong Kong, and Sri Lanka.

How Ghost RAT Infects Your Device

Attackers use phishing and social engineering scams to trick potential victims into downloading the infected software. Because Ghost RAT is a trojan, the payload doesn’t work until users download, install, and activate the software.

What Happens When Ghost RAT Gets Installed

After a user installs Gh0st RAT, the spyware’s author (i.e., the hacker) can:

Access the infected device remotely
Turn on the device’s camera, video recording, and audio recording functions
Steal their stored data
Use encrypted TCP channels to avoid detection

The basic steps for protecting your device against Gh0st RAT spyware are the same as with any other malware:

Install software and apps only from legitimate sources
Carefully read reviews on the app store if you’re installing an unknown app
Keep track of the apps on your device
Uninstall suspicious apps
Keep your devices updated and patched
Recognize the difference between fake and legitimate software programs

How to Recognize Legitimate Software to Avoid Spyware (and Other Types of Malware)

Legitimate companies use code signing certificates to validate the authenticity of their software. Organizations that request these publicly trusted digital certificates must first be vetted by a third-party certificate authority (CA). The CA verifies specific types of information about your organization prior to issuing the certificate. This offers a level of trust and validity to both your organization and software by attaching your verified organization information to your software.

But how do you know whether an application is digitally signed? A dialogue box will appear that displays your verified organization’s name in the publisher’s field when a user downloads or tries to install your software.

Compare this to an example of the “unknown publisher” message that displays when a user attempts to install unsigned software:

Code signing certificates come in two varieties: standard validation and extended validation . What’s the difference between the two?

A standard code signing certificate displays your organization’s verified identity information (as shown in the graphic above).
Ann EV certificate bypasses the warning altogether because it’s automatically trusted by Windows browsers and operating systems.

Final Words on Spyware Examples in 2021 and What This Means for 2022

There’s a misconception that only influencers and politically active people can become the target of spyware. But spyware operators have many other goals besides espionage, and virtually no one is a potential target. Cybercriminals can use spyware to use as blackmail after stealing your sensitive data. They also can sell the data they gain to advertisers who want to gain a better understanding of your likes, interests, and buying preferences.

To avoid spyware infections, always be vigilant in your downloads and when clicking links or and granting app permissions. Don’t hesitate to take experts’ help if you think your device is infected with spyware. We hope these latest spyware examples provided you with an idea of how the spyware situation was in 2021, and what you can do to protect yourself and your data in 2022.

Manage Certificates Like a Pro

15 Certificate Lifecycle Management Best Practices to keep your organization running, secure and fully-compliant.

#spyware examples

About the author

Medha Mehta

Medha is a regular contributor to InfoSec Insights. She's a tech enthusiast and writes about technology, website security, cryptography, cyber security, and data protection.

How to Set Up SSH Without a Password in Linux

How to Tell If You’re Using a Secure Connection in Chrome

TLS Handshake Failed? Here’s How to Eliminate This Error in Firefox

Years’ Old Unpatched Python Vulnerability Leaves Global Supply Chains at Risk

Search infosec insights, latest articles, recommended posts.

DevSecOps: A Definition, Explanation & Exploration of DevOps Security

Best 15 Tips... for Easy Certificate Management

Stop expensive data breaches, expired certificates, browser warnings & security lapses before they happen .
Yahoo, Facebook & LinkedIn could have saved millions by simply following this 15-point checklist.
Finally remove all the guess work out of managing your security certificates' lifecycles.

Info missing - Please tell us where to send your free PDF!

Free Guide to Certificate Lifecycle Management

Manage your certificates like a pro with these 15 best practices.

This instant PDF download will help:

Prevent costly data breaches
Protect your brand and aid compliance
Avoid downtime

Skip to main content
Keyboard shortcuts for audio player

25 Years of Computer Viruses

In 1982, "Elk Cloner," the first known computer virus to spread in the "wild," made its way from one Apple II computer to another, producing annoying poetry as it spread. A computer security researcher discusses the history of viruses, and why it's been so hard to lock down systems against attacks.

Richard Ford, director, Center for Security Science; associate professor, Computer Sciences, Florida Institute of Technology

Case studies – malware attacks

As our lives increasingly move online, cybersecurity is an important consideration for all businesses, including financial advice businesses. For many financial advisers understanding how to protect sensitive client information from cyber attacks is becoming an important part of sound practice management.

A cyber attack is essentially an attempt by hackers to damage or destroy a computer network or system. One of the ways they can do this, is by installing malware (also known as malicious software)on your computer that allows unauthorised access to your files and can allow your activity to be watched without you knowing. Cyber criminals can then steal personal information and login details for secure websites to commit fraudulent activities.

In this article we discuss steps financial advisers can take to protect themselves from cyber attacks and explore different scenarios that demonstrate what a cyber attack can look like and how it can be prevented.

How can financial advisers improve their cyber security?

Turn on auto-updates for your business operating system – such as windows or Apple’s ios, and be sure to keep computer security up to date with anti-virus and anti-spyware, as well as a good firewall.
Back up important data – to an external hard drive, to a USB or a cloud to protect your business from lost data.
Enable multi-factor authentication – start using two or more proofs of identity such as a PIN, passphrase, card or token, or finger print before access is enabled.
Implement premissions on a ‘need to know’ basis – your employees don’t need to access everything. Be selective about what permissions are allowed to which staff.
Conduct regular employee cyber training. Show staff how to ‘recognise, avoid, report, remove and recover’. Your employees can be your defence against cyber crime. Reward staff for their efforts; and
Always be cautious of the below when receiving emails: - requests for money, especially urgent or overdue - Bank account changes - Attachments, especially from unknown or suspicious email addresses - Requests to check or confirm login details

Case studies - malware attacks

Protect yourself and your business

Cyber security assessment tool

The Department of Industry, Science, Energy and Resources has developed a tool to help you identify your business' cyber security strengths and areas where your business can improve. This tool will ask you a series of questions about how you manage your cyber security risks and based on your answers, you will receive a list of recommendations to action. You can download the recommendations as a PDF and access the tool here.

Scenario 1 – Advisory practices attacked by a trojan virus

Scenario 2 - Adviser subject to a malware attack causing account lock

Scenario 3 - opening email attachment causes all pcs in the office to shutdown, scenario 1 - advisory practices attacked by a trojan virus.

In this scenario, a number of advisory practices were subject to a targeted malware attack via a Trojan virus. This virus helped the cyber criminals access several advisers’ PCs and obtain the login details for systems that had been used.

This attempted fraud took place while the practice was closed over the Christmas holidays.

"We locked up the office that afternoon just before Christmas and went home. We were all looking forward to a nice long break, it’d been a busy year. We wouldn’t be back in the office until the New Year."

Transactions were submitted to the platform over the Christmas period using several advisers’ user IDs.

Direct credit (EFT) bank account details were edited to credit the cyber criminals' ‘mule’ Australian bank account. From this account the cyber criminals would be free to transfer the funds overseas.

Luckily for the practice, the fraud was uncovered before any funds were paid out.

"Even though we were on holiday, we all continued to check our transaction updates via the platform each day. We called the platform right away and they were able to stop the fraudulent payments in time."

Preventing this type of fraud

Be diligent about checking platform transaction updates sent by email or displayed online. Specifically look out for withdrawal requests, new accounts opened, asset sell downs and changes to contact details.
When taking annual leave, nominate a colleague to check platform transaction updates on your behalf in your absence.
Call us immediately if you suspect fraud or malware on your system. We’ll suspend your login ID to attempt to prevent further fraudulent transactions.
Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

A Melbourne advisory practice was the target of a malware attack, having found malware on their system which locked their access to the platform. The malware allowed the cyber criminal to gain access to an adviser’s login details for all systems he had used recently.

The cyber criminals now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook.

The next time the adviser tried to log in to his platform desktop software, he was locked out.

He rang our account executive team to report his access was locked. He couldn’t login, even though he was using his correct user name and password.

The platform reset his password. The next day when the adviser tried again to login, he was locked out of the system again.

It became obvious that the adviser’s user ID had been compromised. At this point, the user ID was deleted.

Where you have had your platform access locked or you suspect fraud or malware on your system call us immediately as part of your reporting response so we can suspend your login ID to attempt to prevent further fraudulent transactions. Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

Be on the lookout for requests to check and confirm login details.
Increase the strength of your identifiers and ensure two or more proofs of identity are required before access to company systems is enabled.
Use virus protection software to prevent hackers from accessing your information and to help protect you if you click on a suspicious link or visit a fake website.
Schedule regular training for employees so that they can better detect malicious links or avoid downloading content from untrustworthy sources.

A staff member in an advisory practice opened a file attached to an email received one morning.

It turned out the attachment contained a ‘worm’ that infected not only the staff member’s PC, it also spread to all other PCs in the practice network.

This malware caused all PCs in the office to shut down.

The adviser needed to use the platform software that day to ensure his clients participated in a Corporate Action that was closing the following day.

With help from their Business Development Manager, the office worked through the issue so they were able to log into the platform software to complete this critical work from a home laptop that hadn’t been infected with the virus.

Never open attachments in emails if you don’t know or trust the source.
Ensure your office network is protected with up-to-date anti-virus software.
Call us immediately if you suspect fraud or malware on your system. We’ll suspend your login ID to attempt to prevent any further criminal activity.
Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

Whitepaper: The critical trends impacting the future of US Wealth Advisory

Technology and advice landscapes, the power of perspective.

Threats and vulnerabilities

Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. A ransomware attack can shut down a business for days, even weeks and -- even when the company pays the ransom -- there's no guarantee it will ever get its assets back, or that it won't be attacked again. This guide covers the history and basics of ransomware, identifies the most common targets and offers expert instructions on how to prevent an attack. Or, if the worst happens, how to recognize an attack's taken place and remove the ransomware as swiftly as possible.

Ransomware case study: recovery can be painful, in ransomware attacks, backups can save the day and the data. even so, recovery can still be expensive and painful, depending on the approach. learn more in this case study..

Alissa Irei, Senior Site Editor

Seasoned IT consultant David Macias will never forget the day he visited a new client's website and watched in horror as it started automatically downloading ransomware before his eyes. He quickly disconnected his computer from the rest of the network, but not before the malware had encrypted 3 TB of data in a matter of seconds.

"I just couldn't believe it," said Macias, president and owner of ITRMS, a managed service provider in Riverside, Calif. "I'm an IT person, and I am [incredibly careful] about my security. I thought, 'How can this be happening to me?' I wasn't online gambling or shopping or going to any of the places you typically find this kind of stuff. I was just going to a website to help out a client, and bingo -- I got hit."

Macias received a message from the hackers demanding $800 in exchange for his data. "I told them they could go fly a kite," he said. He wiped his hard drive, performed a clean install and restored everything from backup. "I didn't lose anything other than about five days of work."

Ransomware case study: Attack #2

A few years later, another of Macias' clients -- the owner of a direct-mail printing service -- called to report he couldn't access his server. Macias logged into the network through a remote desktop and saw someone had broken through the firewall. "I told the client, 'Run as fast as you can and unplug all the computers in the network,'" he said. This short-circuited the attack, but the attacker still managed to encrypt the server, five out of 15 workstations and the local backup.

This article is part of

What is ransomware? How it works and how to remove it

Which also includes:
The 10 biggest ransomware attacks in history
How to recover from a ransomware attack
How to prevent ransomware in 6 steps

"What made this ransomware attack so bad was that it attacked the private partition that lets you restore the operating system," Macias added. Although the ransom demanded was again only $800, he advised against paying , since attackers often leave backdoors in a network and can return to steal data or demand more money.

What made this ransomware attack so bad was that it attacked the private partition that lets you restore the operating system. David Macias President, ITRMS

Fortunately, Macias had a full image-based backup of the client's network saved to a cloud service. Even so, recovery was expensive, tedious and time-consuming. He had to reformat the hard drive manually, rebuild the server from scratch and reinstall every single network device. The process took about a week and a half and cost $15,000. "The client was just incredibly grateful that all their data was intact," Macias said.

Although pleased the client's data loss was negligible, Macias wanted to find a more efficient, less painful disaster recovery strategy . Shortly after the second ransomware incident, he learned about a company called NeuShield that promised one-click backup restoration. He bought the technology for his own network and also sold it to the client that had been attacked. According to NeuShield, its Data Sentinel technology works by showing an attacker a mirror image of a computer's data, thus protecting the original files and maintaining access to them, even if encryption takes place.

Ransomware case study: Attack #3

The printing services company experienced another ransomware incident a couple of years later, when its owner was working from home and using a remote desktop without a VPN . A malicious hacker gained entry through TCP port 3389 and deployed ransomware, encrypting critical data.

In this instance, however, Macias said NeuShield enabled him to restore the system with a simple click and reboot. "When they got hit the first time, it took forever to restore. The second time, they were back up and running in a manner of minutes," he said.

While he praised NeuShield's technology, Macias noted it doesn't negate the need for antivirus protection to guard against common malware threats or for cloud backup in case of fires, earthquakes or other disasters. "Unfortunately, there's no one-stop solution," he said. "I wish there was one product that included everything, but there isn't."

Macias said he knows from personal experience, however, that investing upfront can prevent massive losses down the road. "I've had clients tell me, 'I'll worry about it when it happens.' But that's like driving without insurance. Once you get into an accident, it's too late."

How to create a ransomware incident response plan

Best practices for reporting ransomware attack

How to remove ransomware, step by step

17 ransomware removal tools to protect enterprise networks

4 tips to find cyber insurance coverage in 2023

Related Resources

Create Secure Digital Experiences Across Hybrid Environments –Ironside Group
Towards an Autonomous Vehicle Enabled Society: Cyber Attacks and Countermeasures –TechTarget ComputerWeekly.com
Demystifying the myths of public cloud computing –TechTarget ComputerWeekly.com
Simplify Threat Detection And Response With IBM Security ReaQta And Logicalis –Logicalis

Dig Deeper on Threats and vulnerabilities

Ransomware, storage and backup: Impacts, limits and capabilities

How to prepare for ransomware

How to stop ransomware: 4 steps to ransomware containment

Future of tape backup built on consistent advancements

This introduction explores eight network devices that are commonly used within enterprise network infrastructures, including ...

Organizations should create comprehensive work-from-home reimbursement plans that drive better network and internet connectivity ...

Experts at the Cisco Live 2024 conference discussed the future of AI in networks and how its use can help simplify network and ...

Multiple stakeholders raised issues with the American Privacy Rights Act, including removal of protections against algorithmic ...

Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...

Businesses of the future will rely on workers with IT skills even more than they do today. Find out which jobs might be most in ...

A custom ISO for Windows 10 can make desktop deployment and installation much simpler. IT allows admins to including applications...

As Microsoft prods its customers toward Windows 11, organizations should be asking what their approach to the new OS will be and ...

These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right ...

CIOs are taking a hard look at the VMware portfolio as the number of alternatives rises in the hybrid cloud infrastructure market.

Building AI apps in the cloud requires you to pay more attention to your cloud workload management because of how AI impacts ...

While cloud-first gained popularity for its scalability and cost efficiency, the hybrid-first approach acknowledges that not all ...

Computer Weekly has announced the 14th annual UKtech50 – our definitive list of the movers and shakers in the UK tech sector

UKtech50 winner Alan Bates talks to Computer Weekly about why the Post Office needs to be modernised, how to deploy an IT system ...

More than 180 public service sites, from local GP practices to schools, community centres and the authority’s own IT estate, are ...

MyAccount sign in: manage your personal or Teams subscription >
Cloud Console sign in: manage your cloud business products >
Partner Portal sign in: management for Resellers and MSPs >

FEATURED CASE STUDY Featured

Customer Case Study Video

“Among the solutions put in competition, Walden chose ThreatDown for a few reasons. First of all, the solution convinced us from a technical point of view. The implementation went very well as the solution integrated fully and easily with existing security tools. We were also very impressed with the number of attacks stopped, the reduction in false positives, and the responsiveness of the technical team.” – Harold Potier, Chief Information Security Officer (CISO)

Network Computer Systems

“We often tell potential clients, ‘We’ve successfully transitioned numerous customers to this product with remarkable benefits’… That’s our pitch. With Malwarebytes, we can assure customers they won’t become the next headline about systems hijacked or businesses paralyzed by ransomware.” — Brad Harley, CEO of Network Computer Systems

All Industries

Triotech Amusement

“With ThreatDown, powered by Malwabytes, we don’t just get a full-featured EDR product with great price value, we’re getting the whole experience that comes with it — a strong vendor relationship and expert security support.” — Francois Riopel, IT Manager, Triotech Amusement

“Cyber threats are 24/7, and my team needs to sleep. The MDR team watching our network around-the-clock gives us a chance to sleep without worry. With ThreatDown MDR backing us up, I also finally got to step away and take a two-week vacation. I’m just glad to know that we have a security team watching over our shoulder and making sure it’s all clear.” — Dennis Davis, IT Systems Manager, Drummond

Protecting Sunnyside SD Student and Staff Mac Machines, Wherever They Go

Sunnyside school district.

“Anything our IT team can do remotely makes us more efficient. With Malwarebytes’ cloud console, we can remotely manage endpoint protection and see the state of all the machines in a single view, whether the user’s machine is on or off campus.” — David Peterson, IT Coordinator, Sunnyside School District

Hooton Tech

“I’ve long led my MSP business from the approach that I only sell technology that I believe in and use myself. For endpoint protection, that’s Malwarebytes. Malwarebytes leads the market with its lightweight footprint, ease of use, and steadfast reliability in stopping threats.” — Shane Hooton, Owner, Hooton Tech

Select your language

Articles on computer virus

Displaying all articles.

Cybersecurity: high costs for companies

Hervé Debar , Télécom SudParis – Institut Mines-Télécom

DNA has gone digital – what could possibly go wrong?

Jenna E. Gallegos , Colorado State University and Jean Peccoud , Colorado State University

An ethical hacker can help you beat a malicious one

Georg Thomas , Charles Sturt University

Explained: why a reboot is the go-to computer fix

Rob Miles , University of Hull

Computer viruses deserve a museum: they’re an art form of their own

Jussi Parikka , University of Southampton

Hack attack on a hospital IT system highlights the risk of still running Windows XP

Robert Merkel , Monash University

Seven easy steps to keep viruses from your devices

Mary Adedayo , University of Pretoria

Human and technical ingenuity will be required to defeat shape-shifting malware

John Walker , Nottingham Trent University

Would you compromise your computer for one cent an hour? This study says you might

Andrew Smith , The Open University

Media shock stories about GameOver Zeus are not helpful

Bill Buchanan , Edinburgh Napier University

Top contributors

Senior Lecturer in Networking, The Open University

Lecturer in Software Engineering, Monash University

Head, The Cyber Academy, Edinburgh Napier University

Associate professor, Charles Sturt University

Lecturer in Computer Science, University of Hull

Professor in Technological Culture & Aesthetics, University of Southampton

Visiting Professor, Nottingham Trent University

Lecturer, Department of Computer Science, University of Pretoria

Adjunct Lecturer, Charles Sturt University

Directeur de la Recherche et des Formations Doctorales, Directeur adjoint, Télécom SudParis – Institut Mines-Télécom

Professor, Abell Chair in Synthetic Biology, Colorado State University

Postdoctoral Researcher in Chemical and Biological Engineering, Colorado State University

X (Twitter)
Unfollow topic Follow topic

Why the Pandemic Probably Started in a Lab, in 5 Key Points

By Alina Chan

Dr. Chan is a molecular biologist at the Broad Institute of M.I.T. and Harvard, and a co-author of “Viral: The Search for the Origin of Covid-19.”

This article has been updated to reflect news developments.

On Monday, Dr. Anthony Fauci returned to the halls of Congress and testified before the House subcommittee investigating the Covid-19 pandemic. He was questioned about several topics related to the government’s handling of Covid-19, including how the National Institute of Allergy and Infectious Diseases, which he directed until retiring in 2022, supported risky virus work at a Chinese institute whose research may have caused the pandemic.

For more than four years, reflexive partisan politics have derailed the search for the truth about a catastrophe that has touched us all. It has been estimated that at least 25 million people around the world have died because of Covid-19, with over a million of those deaths in the United States.

Although how the pandemic started has been hotly debated, a growing volume of evidence — gleaned from public records released under the Freedom of Information Act, digital sleuthing through online databases, scientific papers analyzing the virus and its spread, and leaks from within the U.S. government — suggests that the pandemic most likely occurred because a virus escaped from a research lab in Wuhan, China. If so, it would be the most costly accident in the history of science.

Here’s what we now know:

1 The SARS-like virus that caused the pandemic emerged in Wuhan, the city where the world’s foremost research lab for SARS-like viruses is located.

At the Wuhan Institute of Virology, a team of scientists had been hunting for SARS-like viruses for over a decade, led by Shi Zhengli.
Their research showed that the viruses most similar to SARS‑CoV‑2, the virus that caused the pandemic, circulate in bats that live r oughly 1,000 miles away from Wuhan. Scientists from Dr. Shi’s team traveled repeatedly to Yunnan province to collect these viruses and had expanded their search to Southeast Asia. Bats in other parts of China have not been found to carry viruses that are as closely related to SARS-CoV-2.

The closest known relatives to SARS-CoV-2 were found in southwestern China and in Laos.

Large cities

Mine in Yunnan province

Cave in Laos

South China Sea

The closest known relatives to SARS-CoV-2

were found in southwestern China and in Laos.

philippines

The closest known relatives to SARS-CoV-2 were found

in southwestern China and Laos.

Sources: Sarah Temmam et al., Nature; SimpleMaps

Note: Cities shown have a population of at least 200,000.

There are hundreds of large cities in China and Southeast Asia.

There are hundreds of large cities in China

and Southeast Asia.

The pandemic started roughly 1,000 miles away, in Wuhan, home to the world’s foremost SARS-like virus research lab.

The pandemic started roughly 1,000 miles away,

in Wuhan, home to the world’s foremost SARS-like virus research lab.

The pandemic started roughly 1,000 miles away, in Wuhan,

home to the world’s foremost SARS-like virus research lab.

Even at hot spots where these viruses exist naturally near the cave bats of southwestern China and Southeast Asia, the scientists argued, as recently as 2019 , that bat coronavirus spillover into humans is rare .
When the Covid-19 outbreak was detected, Dr. Shi initially wondered if the novel coronavirus had come from her laboratory , saying she had never expected such an outbreak to occur in Wuhan.
The SARS‑CoV‑2 virus is exceptionally contagious and can jump from species to species like wildfire . Yet it left no known trace of infection at its source or anywhere along what would have been a thousand-mile journey before emerging in Wuhan.

2 The year before the outbreak, the Wuhan institute, working with U.S. partners, had proposed creating viruses with SARS‑CoV‑2’s defining feature.

Dr. Shi’s group was fascinated by how coronaviruses jump from species to species. To find viruses, they took samples from bats and other animals , as well as from sick people living near animals carrying these viruses or associated with the wildlife trade. Much of this work was conducted in partnership with the EcoHealth Alliance, a U.S.-based scientific organization that, since 2002, has been awarded over $80 million in federal funding to research the risks of emerging infectious diseases.
The laboratory pursued risky research that resulted in viruses becoming more infectious : Coronaviruses were grown from samples from infected animals and genetically reconstructed and recombined to create new viruses unknown in nature. These new viruses were passed through cells from bats, pigs, primates and humans and were used to infect civets and humanized mice (mice modified with human genes). In essence, this process forced these viruses to adapt to new host species, and the viruses with mutations that allowed them to thrive emerged as victors.
By 2019, Dr. Shi’s group had published a database describing more than 22,000 collected wildlife samples. But external access was shut off in the fall of 2019, and the database was not shared with American collaborators even after the pandemic started , when such a rich virus collection would have been most useful in tracking the origin of SARS‑CoV‑2. It remains unclear whether the Wuhan institute possessed a precursor of the pandemic virus.
In 2021, The Intercept published a leaked 2018 grant proposal for a research project named Defuse , which had been written as a collaboration between EcoHealth, the Wuhan institute and Ralph Baric at the University of North Carolina, who had been on the cutting edge of coronavirus research for years. The proposal described plans to create viruses strikingly similar to SARS‑CoV‑2.
Coronaviruses bear their name because their surface is studded with protein spikes, like a spiky crown, which they use to enter animal cells. T he Defuse project proposed to search for and create SARS-like viruses carrying spikes with a unique feature: a furin cleavage site — the same feature that enhances SARS‑CoV‑2’s infectiousness in humans, making it capable of causing a pandemic. Defuse was never funded by the United States . However, in his testimony on Monday, Dr. Fauci explained that the Wuhan institute would not need to rely on U.S. funding to pursue research independently.

The Wuhan lab ran risky experiments to learn about how SARS-like viruses might infect humans.

1. Collect SARS-like viruses from bats and other wild animals, as well as from people exposed to them.

2. Identify high-risk viruses by screening for spike proteins that facilitate infection of human cells.

2. Identify high-risk viruses by screening for spike proteins that facilitate infection of

human cells.

In Defuse, the scientists proposed to add a furin cleavage site to the spike protein.

3. Create new coronaviruses by inserting spike proteins or other features that could make the viruses more infectious in humans.

4. Infect human cells, civets and humanized mice with the new coronaviruses, to determine how dangerous they might be.

While it’s possible that the furin cleavage site could have evolved naturally (as seen in some distantly related coronaviruses), out of the hundreds of SARS-like viruses cataloged by scientists, SARS‑CoV‑2 is the only one known to possess a furin cleavage site in its spike. And the genetic data suggest that the virus had only recently gained the furin cleavage site before it started the pandemic.
Ultimately, a never-before-seen SARS-like virus with a newly introduced furin cleavage site, matching the description in the Wuhan institute’s Defuse proposal, caused an outbreak in Wuhan less than two years after the proposal was drafted.
When the Wuhan scientists published their seminal paper about Covid-19 as the pandemic roared to life in 2020, they did not mention the virus’s furin cleavage site — a feature they should have been on the lookout for, according to their own grant proposal, and a feature quickly recognized by other scientists.
Worse still, as the pandemic raged, their American collaborators failed to publicly reveal the existence of the Defuse proposal. The president of EcoHealth, Peter Daszak, recently admitted to Congress that he doesn’t know about virus samples collected by the Wuhan institute after 2015 and never asked the lab’s scientists if they had started the work described in Defuse. In May, citing failures in EcoHealth’s monitoring of risky experiments conducted at the Wuhan lab, the Biden administration suspended all federal funding for the organization and Dr. Daszak, and initiated proceedings to bar them from receiving future grants. In his testimony on Monday, Dr. Fauci said that he supported the decision to suspend and bar EcoHealth.
Separately, Dr. Baric described the competitive dynamic between his research group and the institute when he told Congress that the Wuhan scientists would probably not have shared their most interesting newly discovered viruses with him . Documents and email correspondence between the institute and Dr. Baric are still being withheld from the public while their release is fiercely contested in litigation.
In the end, American partners very likely knew of only a fraction of the research done in Wuhan. According to U.S. intelligence sources, some of the institute’s virus research was classified or conducted with or on behalf of the Chinese military . In the congressional hearing on Monday, Dr. Fauci repeatedly acknowledged the lack of visibility into experiments conducted at the Wuhan institute, saying, “None of us can know everything that’s going on in China, or in Wuhan, or what have you. And that’s the reason why — I say today, and I’ve said at the T.I.,” referring to his transcribed interview with the subcommittee, “I keep an open mind as to what the origin is.”

3 The Wuhan lab pursued this type of work under low biosafety conditions that could not have contained an airborne virus as infectious as SARS‑CoV‑2.

Labs working with live viruses generally operate at one of four biosafety levels (known in ascending order of stringency as BSL-1, 2, 3 and 4) that describe the work practices that are considered sufficiently safe depending on the characteristics of each pathogen. The Wuhan institute’s scientists worked with SARS-like viruses under inappropriately low biosafety conditions .

In the United States, virologists generally use stricter Biosafety Level 3 protocols when working with SARS-like viruses.

Biosafety cabinets prevent

viral particles from escaping.

Viral particles

Personal respirators provide

a second layer of defense against breathing in the virus.

DIRECT CONTACT

Gloves prevent skin contact.

Disposable wraparound

gowns cover much of the rest of the body.

Personal respirators provide a second layer of defense against breathing in the virus.

Disposable wraparound gowns

cover much of the rest of the body.

Note: Biosafety levels are not internationally standardized, and some countries use more permissive protocols than others.

The Wuhan lab had been regularly working with SARS-like viruses under Biosafety Level 2 conditions, which could not prevent a highly infectious virus like SARS-CoV-2 from escaping.

Some work is done in the open air, and masks are not required.

Less protective equipment provides more opportunities

for contamination.

Some work is done in the open air,

and masks are not required.

Less protective equipment provides more opportunities for contamination.

In one experiment, Dr. Shi’s group genetically engineered an unexpectedly deadly SARS-like virus (not closely related to SARS‑CoV‑2) that exhibited a 10,000-fold increase in the quantity of virus in the lungs and brains of humanized mice . Wuhan institute scientists handled these live viruses at low biosafet y levels , including BSL-2.
Even the much more stringent containment at BSL-3 cannot fully prevent SARS‑CoV‑2 from escaping . Two years into the pandemic, the virus infected a scientist in a BSL-3 laboratory in Taiwan, which was, at the time, a zero-Covid country. The scientist had been vaccinated and was tested only after losing the sense of smell. By then, more than 100 close contacts had been exposed. Human error is a source of exposure even at the highest biosafety levels , and the risks are much greater for scientists working with infectious pathogens at low biosafety.
An early draft of the Defuse proposal stated that the Wuhan lab would do their virus work at BSL-2 to make it “highly cost-effective.” Dr. Baric added a note to the draft highlighting the importance of using BSL-3 to contain SARS-like viruses that could infect human cells, writing that “U.S. researchers will likely freak out.” Years later, after SARS‑CoV‑2 had killed millions, Dr. Baric wrote to Dr. Daszak : “I have no doubt that they followed state determined rules and did the work under BSL-2. Yes China has the right to set their own policy. You believe this was appropriate containment if you want but don’t expect me to believe it. Moreover, don’t insult my intelligence by trying to feed me this load of BS.”
SARS‑CoV‑2 is a stealthy virus that transmits effectively through the air, causes a range of symptoms similar to those of other common respiratory diseases and can be spread by infected people before symptoms even appear. If the virus had escaped from a BSL-2 laboratory in 2019, the leak most likely would have gone undetected until too late.
One alarming detail — leaked to The Wall Street Journal and confirmed by current and former U.S. government officials — is that scientists on Dr. Shi’s team fell ill with Covid-like symptoms in the fall of 2019 . One of the scientists had been named in the Defuse proposal as the person in charge of virus discovery work. The scientists denied having been sick .

4 The hypothesis that Covid-19 came from an animal at the Huanan Seafood Market in Wuhan is not supported by strong evidence.

In December 2019, Chinese investigators assumed the outbreak had started at a centrally located market frequented by thousands of visitors daily. This bias in their search for early cases meant that cases unlinked to or located far away from the market would very likely have been missed. To make things worse, the Chinese authorities blocked the reporting of early cases not linked to the market and, claiming biosafety precautions, ordered the destruction of patient samples on January 3, 2020, making it nearly impossible to see the complete picture of the earliest Covid-19 cases. Information about dozens of early cases from November and December 2019 remains inaccessible.
A pair of papers published in Science in 2022 made the best case for SARS‑CoV‑2 having emerged naturally from human-animal contact at the Wuhan market by focusing on a map of the early cases and asserting that the virus had jumped from animals into humans twice at the market in 2019. More recently, the two papers have been countered by other virologists and scientists who convincingly demonstrate that the available market evidence does not distinguish between a human superspreader event and a natural spillover at the market.
Furthermore, the existing genetic and early case data show that all known Covid-19 cases probably stem from a single introduction of SARS‑CoV‑2 into people, and the outbreak at the Wuhan market probably happened after the virus had already been circulating in humans.

An analysis of SARS-CoV-2’s evolutionary tree shows how the virus evolved as it started to spread through humans.

SARS-COV-2 Viruses closest

to bat coronaviruses

more mutations

Source: Lv et al., Virus Evolution (2024) , as reproduced by Jesse Bloom

The viruses that infected people linked to the market were most likely not the earliest form of the virus that started the pandemic.

Not a single infected animal has ever been confirmed at the market or in its supply chain. Without good evidence that the pandemic started at the Huanan Seafood Market, the fact that the virus emerged in Wuhan points squarely at its unique SARS-like virus laboratory.

5 Key evidence that would be expected if the virus had emerged from the wildlife trade is still missing.

In previous outbreaks of coronaviruses, scientists were able to demonstrate natural origin by collecting multiple pieces of evidence linking infected humans to infected animals.

Infected animals

Earliest known

cases exposed to

live animals

Antibody evidence

of animals and

animal traders having

been infected

Ancestral variants

of the virus found in

Documented trade

of host animals

between the area

where bats carry

closely related viruses

and the outbreak site

Infected animals found

Earliest known cases exposed to live animals

Antibody evidence of animals and animal

traders having been infected

Ancestral variants of the virus found in animals

Documented trade of host animals

between the area where bats carry closely

related viruses and the outbreak site

For SARS-CoV-2, these same key pieces of evidence are still missing , more than four years after the virus emerged.

For SARS-CoV-2, these same key pieces of evidence are still missing ,

more than four years after the virus emerged.

Despite the intense search trained on the animal trade and people linked to the market, investigators have not reported finding any animals infected with SARS‑CoV‑2 that had not been infected by humans. Yet, infected animal sources and other connective pieces of evidence were found for the earlier SARS and MERS outbreaks as quickly as within a few days, despite the less advanced viral forensic technologies of two decades ago.
Even though Wuhan is the home base of virus hunters with world-leading expertise in tracking novel SARS-like viruses, investigators have either failed to collect or report key evidence that would be expected if Covid-19 emerged from the wildlife trade . For example, investigators have not determined that the earliest known cases had exposure to intermediate host animals before falling ill. No antibody evidence shows that animal traders in Wuhan are regularly exposed to SARS-like viruses, as would be expected in such situations.
With today’s technology, scientists can detect how respiratory viruses — including SARS, MERS and the flu — circulate in animals while making repeated attempts to jump across species . Thankfully, these variants usually fail to transmit well after crossing over to a new species and tend to die off after a small number of infections. In contrast, virologists and other scientists agree that SARS‑CoV‑2 required little to no adaptation to spread rapidly in humans and other animals . The virus appears to have succeeded in causing a pandemic upon its only detected jump into humans.

The pandemic could have been caused by any of hundreds of virus species, at any of tens of thousands of wildlife markets, in any of thousands of cities, and in any year. But it was a SARS-like coronavirus with a unique furin cleavage site that emerged in Wuhan, less than two years after scientists, sometimes working under inadequate biosafety conditions, proposed collecting and creating viruses of that same design.

While several natural spillover scenarios remain plausible, and we still don’t know enough about the full extent of virus research conducted at the Wuhan institute by Dr. Shi’s team and other researchers, a laboratory accident is the most parsimonious explanation of how the pandemic began.

Given what we now know, investigators should follow their strongest leads and subpoena all exchanges between the Wuhan scientists and their international partners, including unpublished research proposals, manuscripts, data and commercial orders. In particular, exchanges from 2018 and 2019 — the critical two years before the emergence of Covid-19 — are very likely to be illuminating (and require no cooperation from the Chinese government to acquire), yet they remain beyond the public’s view more than four years after the pandemic began.

Whether the pandemic started on a lab bench or in a market stall, it is undeniable that U.S. federal funding helped to build an unprecedented collection of SARS-like viruses at the Wuhan institute, as well as contributing to research that enhanced them . Advocates and funders of the institute’s research, including Dr. Fauci, should cooperate with the investigation to help identify and close the loopholes that allowed such dangerous work to occur. The world must not continue to bear the intolerable risks of research with the potential to cause pandemics .

A successful investigation of the pandemic’s root cause would have the power to break a decades-long scientific impasse on pathogen research safety, determining how governments will spend billions of dollars to prevent future pandemics. A credible investigation would also deter future acts of negligence and deceit by demonstrating that it is indeed possible to be held accountable for causing a viral pandemic. Last but not least, people of all nations need to see their leaders — and especially, their scientists — heading the charge to find out what caused this world-shaking event. Restoring public trust in science and government leadership requires it.

A thorough investigation by the U.S. government could unearth more evidence while spurring whistleblowers to find their courage and seek their moment of opportunity. It would also show the world that U.S. leaders and scientists are not afraid of what the truth behind the pandemic may be.

More on how the pandemic may have started

Where Did the Coronavirus Come From? What We Already Know Is Troubling.

Even if the coronavirus did not emerge from a lab, the groundwork for a potential disaster had been laid for years, and learning its lessons is essential to preventing others.

By Zeynep Tufekci

Why Does Bad Science on Covid’s Origin Get Hyped?

If the raccoon dog was a smoking gun, it fired blanks.

By David Wallace-Wells

A Plea for Making Virus Research Safer

A way forward for lab safety.

By Jesse Bloom

The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips . And here’s our email: [email protected] .

Follow the New York Times Opinion section on Facebook , Instagram , TikTok , WhatsApp , X and Threads .

Alina Chan ( @ayjchan ) is a molecular biologist at the Broad Institute of M.I.T. and Harvard, and a co-author of “ Viral : The Search for the Origin of Covid-19.” She was a member of the Pathogens Project , which the Bulletin of the Atomic Scientists organized to generate new thinking on responsible, high-risk pathogen research.

Share full article

IMAGES

Cause and effects of computer virus
Introduction to Computer Viruses
Computer virus
What is a Computer Virus
Chapter iv computer virus
Computer Virus And Its Types

VIDEO

Acquisition Case Study: Computer Express
What is a Computer Virus?
Karlstad University
Case Study Computer Network
Computer VIRUS What is it and how does to get into your PC
VIRUS vs. COMPUTER VIRUS! 🦠

COMMENTS

11 real and famous cases of malware attacks
Check out 11 real cases of malware attacks. 1. CovidLock, ransomware, 2020. Fear in relation to the Coronavirus (COVID-19) has been widely exploited by cybercriminals. CovidLock ransomware is an example. This type of ransomware infects victims via malicious files promising to offer more information about the disease.
11 infamous malware attacks: The first and the worst
Brain virus (1986) Creeper was designed to leap across computer networks, but for most of the 1970s and '80s that infection vector was in limited simply because most computers operated in isolation.
Famous computer viruses: A look at cyberthreats
Jaschan's motivations behind these viruses remain unclear but may have been driven by a desire to outpace even the notorious MyDoom virus. 6. Anna Kournikova virus. The Anna Kournikova virus, named after the famous tennis player, exploited her popularity to trick unwitting users.
MyDoom: The 15-year-old malware that's still being used in ...
A decade-and-a-half from when it emerged and held the title of the most destructive computer virus of all time, MyDoom still persists. Written by Danny Palmer, Senior Writer July 26, 2019 at 6:00 ...
(PDF) Trojan Horse Malware
T rojan Horse Malware Case Study actions, accessing the applications and software they use, taking screenshots, and tracking login data of the victim are the applications of this trojan malware [1].
Computer Worm Examples (2024): The 9 Worst Attacks Ever
Computer Worm Examples. 1. Morris Worm (1988) In the late 1980s, the digital world witnessed one of its first major security crises with the emergence of the Morris Worm. This seemingly innocuous piece of code, created by a Cornell University graduate student, Robert Tappan Morris, quickly spiraled out of control.
Code-Red: a case study on the spread and victims of an ...
Download Citation | Code-Red: a case study on the spread and victims of an Internet worm | On July 19, 2001, more than 359,000 computers connected to the Internet were infected with the Code-Red ...
SE7- Case study
SE7- Case study - Internet worm. Description. The 1988 Internet Worm was the first major worldwide computer security incident where malware (software that is malicious) propagated throughout the internet. This worm infected Unix servers, taking advantage of different types of vulnerability in installed code such as Sendmail and finger.
Case Study: The Morris Worm Brings Down the Internet
The problem was that the speed of propagation was underestimated. Once released, the worm quickly reinfected computers over and over again until they were unable to function, and the internet came crashing down. The worm did more damage than Morris had expected and once he realized what he had done, he asked a colleague to anonymously apologize ...
Computer viruses: How they spread and tips to avoid them
A virus infects a file or system. Computer viruses attach themselves to a piece of software, an online program, a file, or a piece of code. They can spread through email and text message attachments, files you download online, or scam links sent on social media. 2. An unsuspecting user executes the virus's code.
Spyware Examples: 4 Real Life Examples That Shook 2021
Spyware Example 4: Ghost RAT. Ghost RAT (also written as Gh0st RAT) is a trojan horse made for spying. RAT stands for "remote administration tool.". This name is appropriate considering that Ghost RAT's operators, GhostNet System, use a C&C server to control victims' devices remotely.
25 Years of Computer Viruses : NPR
25 Years of Computer Viruses. In 1982, "Elk Cloner," the first known computer virus to spread in the "wild," made its way from one Apple II computer to another, producing annoying poetry as it ...
Malware found on laptops given out by government
"Ideally users should reboot into safe mode and run a full scan with an anti-virus product," he said. "However with this type of malware, it is advisable to seek professional assistance in order ...
Case studies
Scenario 1 - Advisory practices attacked by a Trojan virus. In this scenario, a number of advisory practices were subject to a targeted malware attack via a Trojan virus. This virus helped the cyber criminals access several advisers' PCs and obtain the login details for systems that had been used. This attempted fraud took place while the ...
Ransomware case study: Recovery can be painful
Ransomware case study: Attack #2. A few years later, another of Macias' clients -- the owner of a direct-mail printing service -- called to report he couldn't access his server. Macias logged into the network through a remote desktop and saw someone had broken through the firewall.
Computer Virus: What are Computer Viruses?
A computer virus attaches bits of its own malicious code to other files or replaces files outright with copies of itself. It's that second virus trait that tends to confuse people. Viruses can't spread without some sort of action from a user, like opening up an infected Word document. Worms, on the other hand, are able to spread across ...
Cyber Security Case Studies
Malwarebytes leads the market with its lightweight footprint, ease of use, and steadfast reliability in stopping threats.". — Shane Hooton, Owner, Hooton Tech. Cyberprotection for every one. Learn how Malwarebytes secures businesses worldwide in these cyber security case studies focusing on organizations from all industries.
computer virus News, Research and Analysis
Jenna E. Gallegos, Colorado State University and Jean Peccoud, Colorado State University. Biologists' growing reliance on computers advances the field - but comes with new risks. The first ...
Computer Virus: Their Problems & Major at-tacks in Real Life
This research paper highlights the phases of computer virus, History of computer virus, working of anti-virus software and performance of antivirus software using the number of parameters such as ...
Case Study of a Computer Virus/Worm
Case Study of a Computer Virus/Worm What is a Virus? Spreads as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". How does it work? Replaces files with extensions- JPG, JPEG, VBS, VBE, JS, JSE, CSS, WSH, SCT, DOC, HTA, MP2, and
Why the Pandemic Probably Started in a Lab, in 5 Key Points
Dr. Chan is a molecular biologist at the Broad Institute of M.I.T. and Harvard, and a co-author of "Viral: The Search for the Origin of Covid-19." This article has been updated to reflect news ...