10 Security Threats That Came And Went

All Things Come To An End

Amid a seemingly interminable reign of terror imposed by hacking groups LulzSec and Anonymous, it might seem that law abiding users will forever be forced to deal with an endless string of cyber hacks on targets that have included Sony, the CIA and Rupert Murdoch’s News Corp. empire.

With this in mind, we’re offering a bit of perspective. As the Internet has evolved and flourished, so too have a myriad of cyber threats. Some threats survived years and infected millions. Others emerged for only a few weeks but left a path of destruction in their wake. And like the fall of the Roman Empire, they eventually were taken down or fizzled out -- only to be replaced by something more insidious.

Here a few of the most formidable security threats that have come and gone. Which begs the question -- what will come next?

The "I Love You" Virus

The words ’I love you’ never instilled so much fear in people’s hearts (well, almost). The virus, also known as ’Love Letter,’ swept through tens of millions of inboxes in 2000, wreaking havoc on users’ computers. One of the first attacks to employ social engineering techniques, the prolific virus enticed users with the subject line ’I Love You’ coupled with an attachment, ’Love Letter For You.’

Upon opening the attachment, users were treated to a very unexpected surprise when the worm sent a copy of itself to all of their contacts in messages appearing to arrive from the victim, while making a slew of malicious changes to the victim’s system with a password-stealing Trojan designed to harvest ISP usernames and passwords.

After multiple waves of attacks, the "I Love You" virus eventually fizzled out. But not before leaving behind a path of destruction in its wake estimated to have cost companies between $5 to $10 billion for the cleanup of infected machines.

Melissa Virus

Named for a lap dancer in Florida, Melissa chartered new territory as one of the first and most effective mass mailer viruses, setting a new precedent for e-mail as a mainstream attack vector.

And as one of the most prolific mass mailer viruses, Melissa propagated via Microsoft Word documents in 1999 and mailed itself to the Outlook contacts of the compromised users, effectively shutting down numerous Internet mail systems. While not originally designed with malicious intent, the virus caused problems by overloaded servers, forcing them to choke.

Melissa’s successful rampage also paved the way for scads of copycats using e-mail to distribute everything from scams to malicious code.


The problem took root when experts began to think long and hard about digital and non-digital systems that were coded to abbreviate four-digit years with only two digits.

What happens when it's time to roll over the two digits from x99 to x00? No one knew, and wild speculation ensued. Without corrective action, it was suggested that systems would break down when the ascending numbering system suddenly became invalid.

Subsequently, computer systems would fail, digitized critical infrastructure would come to a halt, planes would crash, bank accounts would be wiped out and the whole world would go dark.

But, needless to say, the New Year's countdown clock progressed evenly from 11:59 p.m. to 12:00 a.m. The lights stayed on. The planes remained in the air. There were no runs on the banks. And the world continued to party like it was 1999.

Storm Worm

The Storm Worm first took the world by, well, storm, with a backdoor Trojan horse that circulated via an e-mail message with a subject line that read "230 dead as storm batters Europe".

Computers in its wake were automatically merged into global mega-botnet -- the first with a decentralized command--making it almost impossible for security folks to contain and control its spread. By September 2007, estimates of computers infected by the Storm botnet ranged from 1 to 10 million, powering around 20 percent of the world’s spam and 8 percent of global malware at its peak. PCs infected with the Storm worm were used to blast out millions of spam e-mails advertising Web links which would propagate when users clicked on them. Once infected, victims were treated to everything from Viagra and pharmaceutical ads to offers for penny stock "pump-and-dump" investment scams. Then as quickly as Storm rolled in, the clouds parted, and the deluge faded into oblivion.

The Russian Business Network

Basically known as the IT department of cyber crime, the Russian Business Network grew to dominate the cyber underworld in 2007 and 2008. Like many good crime families, the St. Petersburg-based RBN made its name from sales -- in particular Web site hosting to people engaged in criminal activity. And during RBN’s heyday, it was difficult to find an attack, botnet or spam campaign not somehow linked to it. The Washington Post reported that every major advancement in computer viruses or worms in 2005 and 2006 emanated from or sent stolen consumer data back to servers at RBN, including such infamous botnets such as Gozi, Grab, Haxdoor, Metaphisher, Mpack, Ordergun, Pinch, Rustock, Snatch, Torpig, and URsnif. Groups operating through the company's computers are thought to be responsible for about half of all phishing attacks in 2006. So what happened to this seemingly indefatigable network? Well, who knows? Some experts speculate the group became too visible a target to law enforcement officials and shifted their practice to China and Taiwan.


One of the most highly publicized and prolific botnets in history came in like a lion and fizzled out like a defective sparkler on the Fourth of July. The Conficker worm first surfaced in October 2008 after its authors exploited a critical Microsoft vulnerability in the way the Server Service handles Remote Procedure Call (RPC) requests. Microsoft issued an emergency out-of-band patch repairing the vulnerability, but it appeared that not enough users diligently applied the patch before attack code was let loose in the wild. Conficker made headlines during the first half of 2009 by infecting millions of PCs in a global botnet via USB sticks and peer-to-peer networks. Alarm about Conficker escalated in the weeks preceding an April 1 deadline, in which the worm was set to receive a new update mechanism that would allow it to communicate on its own with command and control centers, ostensibly enabling it to easily upload marching orders from its controllers to the botnet army and launch attacks at will. However, Conficker’s April 1 update deadline came and went without a hitch, perhaps due to the extensive scrutiny generated from its high-profile media status.

Spam Kings

A myriad of spam kings have reigned over the cyber space, only to be shamefully dethroned down the road. One such ruler, Alan Ralsky, was brought up on charges related to running an illegal international spamming operation that sold phony "pump and dump" stocks that netted him an estimated $3 million between January 2004 and September 2005. The spam king Alan Ralsky abdicated his throne by pleading guilty to e-mail fraud that violated the CAN SPAM Act, as well as numerous counts of computer fraud, mail fraud, wire fraud and other money laundering charges. Following in the Ralsky’s footsteps, Robert Soloway also held the title of Spam King. Soloway used networks of proxy computers, including botnets, to send more than 90 million spam messages in three months. His illegal spam messages advertised "broadcast e-mail" services and products for his Seattle-based business, the Newport Internet Marketing Corp., and contained false and forged headers, which directly violated the 2003 CAN SPAM Act. Soloway was sentenced to almost four years in prison after pleading guilty to charges of mail fraud, e-mail fraud and tax evasion.

Rustock Botnet

Rustock gained its notoriety by pummeling users with spam -- about 39 percent of global spam according to Symantec reports. Rustock is famous for its spam campaigns soliciting cheap and bogus medications through the Canadian Pharmacy, an Internet spam site soliciting Viagra, Cialis, Lipitor and other commonly prescribed medications. In its heyday, it sent an average of 192 spam messages per compromised machine per minute, comprising an estimated 150,000 to 2,400,000 computers worldwide. And unlike its counterparts, this botnet has a secret survival mechanism -- Rustock encrypted up to 77 percent of its spam with the Transport Layer Security, a successor of the Secure Socket Layer, usually reserved for e-mails. However, the giant spam botnet took a hit when it was knocked offline following McColo’s shut down in 2008. The botnet eventually returned, albeit weakened, and at a great price to bot herders. The Rustock botnet was finally decapitated in a co-ordinated take-down called Operation b107, a collaborative effort between Microsoft, law enforcement agents, FireEye, and the University of Washington.


It might be rare, but sometimes justice wins out. Before its takedown, Waledac had ensnared almost 1 million zombie computers in its global botnet.

The botnet made a name for itself in 1999 by sending spam -- about 1.5 billion spam messages a day -- comprising about 1percent of the total global spam volume, and annoying computer users around the globe. Apparently, it wasn’t an effective survival strategy. In February of last year Microsoft won a court order which allowed them to take over -- and ultimately disconnect -- 277 Waledac domain names which were being used as command and control servers for the botnet, crippling the malware. The botnet was later forced to come to a grinding halt in September of that year, when Microsoft was granted ownership of the Waledac 276 domains used to broadcast spam e-mail.

An ongoing investigation, known as 'Operation b49', detected more than a million 'zombie' computers under the bots control, rendering the botnet defunct.


The Koobface worm that made its name in 2008 plaguing social networking sites has become more of an introvert these days. While it graced just about every social networking site with its presence, Koobface, an anagram for Facebook, experienced unprecedented notoriety on its two favorites: Facebook and Twitter -- as it infected millions of unsuspecting users via malicious links and video codecs. The Koobface malware typically spread on Facebook using shortened URLs that would direct users to fake YouTube videos that asked them to install a malicious codec. Meanwhile, one of its most effective tricks was redirecting users to fake login pages by employing a range of social engineering techniques. The malware would then nab their usernames and passwords to their accounts, which were used in phishing attacks and the propagation of malware and spam. Recently, however, researchers reported that. Koobface had essentially lost interest in spreading on Facebook despite-or perhaps because of -- its explosive global popularity which likely led to increased scrutiny and security controls. Time will tell if it’s holding out for Google+.