Famous Malware: Part four of the Hacker Series

Dear readers for part four of our hacker series will talk about some of world’s most famous malware. The tools are used by APTs to attack their victim and cause major damage



Emotet 2018

Our first famous malware is Emotet, and it is the Trojan malware that was first identified in 2014 as the primary targeting banking and health institutions. It peaked in 2018 after infecting Forstenfeldbrook Hospital in Germany, which forced 450 computers to shut down. That same year, the US department of homeland and security announced that it was among the most malicious malware they had seen. It spread through Outlook harvesting emails from the victim’s computer and sending phishing emails containing the word document to contact the victim and make it appear as if the content is from a trusted source. Two significant malware attacks are Allentown a city in America witch caused $1 million in damages and Chilean bank Consorcio with losses worth $2 million


Mydoom 2004

The worst computer virus outbreak in history, Mydoom caused estimated $38 billion damage in 2004 but adjust for inflation cost is actually $52.2 billion. Also known as Novarg this malware is technically worm spread by mass emailing. At one point Mydoom was responsible for 25% of all emails sent

The malware scrapped addresses from infected machines then sent copies of itself to those address, it also built botnet with infected machines and performed distributed denial of service attack (DD0S) on victim servers. Still active today Mydoom generates 1% of all phishing email sending 1.2 billion copies of their own per year. a $250,000 reward was offered for the developer Mydoom but they have not been caught



Famous Malware MyDoom


EternalBlue 2017

Created by the NSA this exploit became public in April 2017 when a group of mysterious hackers known as the shadow brokers published the code online. After its release it was first used in cryptocurrency mining campaigns but it became well known when it was used as part of three ransomware attacks in 2017 known as WannaCry NetPetya and Bad Rabbit.

EternalBlue is still used by cyber criminal and APTs as a mechanism for spreading to other systems inside compromised networks by exploiting wrongly configured SMBv1 clients on Windows computers


WannaCry 2017

WannaCry was developed in 2017 by North Korean state hacker in order to infect victim system and collect ransom for the Pyongyang regime which is under heavy economic sanctions. The malware infected an estimated 3 million computers and was particular controversial for its propagation. Once infected WannaCry encrypts files on the computer hard drive, denying access to any data on the system. In return, the victim is forced to pay a ransom via bitcoin to decrypt their data. In a major attack a new variant forced TAiwan Semicondutor MAnufacturing Company (TSMC) to temporarily shut down its manufacturing facilitates to control the spread in 2018



NotPetya 2016

Soon after WannaCry attack a second ransomware outbreak hit the world. Although first discovered in 2016 this malware called NotPetya made by Russian APT Fancy Bear was  initially used  to attack Ukraine in 2017.  Due to shared networks and enterprise VPN’s the ransomware spread globally causing billions in damage. Just like WannaCry it used EternalBlue as its worm component allowing it to infect large numbers of system


Famouse Malware NotPetya

Stuxnet 2010

Stuxnet was a sophisticated malware attack against Iran’s Natanz nuclear power facilities. The worm was reported as being developed by Israeli and US intelligence agencies although no one has openly taken responsibility

Stuxnet was originally designed to target programmable logic controllers used to automate the elector mechanic and machine process within the facilities centrifuges.  It was also one of the first known cases of a computer program capable of breaking hardware.

Although the malware was designed to expire in June 2021 since then other malware based on its code and characteristics has continued to wreak havoc on industries around the world


Storm Worm 2007

During large storms in Europe thousands of  users received malicious email disguised as weather information. The email had attachment that when opened infected victims with a Trojan horse malware. The malware spread to 1 million computers in Europe and America

The malware had the characteristics of a Trojan horse and a worm combining multiple layers of attacks, once infected, it would download a package of executable files on the affected systems. These files were used to carry out various functions including stealing sensitive user information, delivering spam emails to spread more malware and launching Distributed-Denali-of-Service (DDoS) attacks.


Famous Malware Stormworm


Uroburos 2008

Our final famous malware Uroburos was the rootkit developed by the infamous Turla group, one of the worlds most advanced nation-state hacker groups, linked to the Russian government. According to a report  from Germany cyber experts G DATA the rootkit was able to take control of infected machine execute arbitrary commands and hide system activities. Uroburos also referred to as the Turla or Snake rootkit was widely deployed and was very efficient for the limited purpose it was being used for – to gain boot persistence and download other malware

It was the central piece of Turla APT attacks and had been seen on infected computers in the Middle East, Europe and the US as early as 2008. Targets usually included government entities, it was seen in 45 countries and a further Linux variant was discovered in 2014



My friends there are many famous malware since first Creeper virus infected machines in 1971 . Computer virus cost $55 billion each year to repair. the biggest computer virus ever is the Mydoom virus which cost $38 billion in damage. Other notable attack are Sobig worm which cost $30 billion and Klev worm that did $19.8 billion in damage.   Every day hackers design new ways to infect victim machines but thankfully today secure PC and operating system make it very hard for virus and worm to get into our system

The best way to beat the hackers is to insure your systems have up to date antivirus and people are aware of the risks when they are online


To see earlier article on our Hacker Series click below

Advanced Persistent Threats: Part one of ICNAs Hacker Series

Charming Kitten; Part two of The Hacking Series

Fancy Bear; Part three of The Hacking Series





Leave a Reply

Your email address will not be published. Required fields are marked *