A Deep Dive into Computer Malwares

It’s plain ol’ 1999, and you’re checking your email after a long day. An innocent-looking message from a colleague lands in your inbox, promising “important documents.” You click, and chaos unfolds. Your computer slows to a crawl, emails flood your contacts, and you’re caught in the grip of a digital predator. This was the reality for millions ensnared by the Melissa virus, one of history’s most notorious cyber threats.

Fast-forward through decades of innovation and destruction, and we’ve seen viruses evolve from prankish scripts to global ransomware empires. In this deep dive, inspired by SciShow’s gripping video, we’ll unravel the stories of Melissa, ILOVEYOU, Mydoom, Sobig, and WannaCry—five malwares that didn’t just infect machines but shook the world. Feel the dread, the ingenuity, and the human toll as we explore their code, chaos, and lasting scars.

A Quick Overview of Malwares

Computer Malwares are instructions that are put into a computer program in order to stop it from working properly and destroy information. They can be very small and easy to write, for example - you can write a self replicating virus in a few couple lines.

These can be of various types, some just written for fun and testing like the EICAR test file which is a 68 Bytes harmless test file that all antiviruses are supposed to detect, while others exist, written with very malicious intents. Some damage files, some damage systems and network and other just replicate and spread all over the internet.

The major malwares that spread hard and fast are worms, viruses, trojan horses or ransomwares.

Worms - Self replicating and independently capable of spreading across networks

Viruses - Require host files and programs and cause damage on runtime.

Trojan horses - Seems to be some legitimate software, but turns out, it’s not.

Ransomwares - Encrypts files or system and demands ransom money for the key.

1. Melissa : The Email That Started It All

The Dawn of Chaos (1999)

March 26, 1999. David L. Smith, a programmer with a twisted sense of humor, uploads a file to the “alt.sex” newsgroup from a stolen AOL account. Named after a Florida stripper, the Melissa virus was born—a macro virus hiding in a Word document called “list.doc.” For victims, it was a gut-punch of betrayal, arriving via emails from trusted contacts.

How It Spread

Melissa exploited Microsoft Word and Outlook, using Visual Basic for Applications (VBA) macros. Opening the infected document triggered a script that emailed itself to the first 50 contacts in your Outlook address book, with subjects like “Important Message from [Your Name].” The exponential spread clogged corporate mail servers, forcing giants like Microsoft to shut down email systems.

Technical Breakdown

• Type: Macro virus

• Platform: Windows 95, 98, Me, NT, 2000, XP

• Payload: Sent mass emails; inserted a Simpsons quote into Word documents when the minute matched the day (e.g., 3:03 on March 3): “Twenty-two points, plus triple-word-score, plus fifty points for using all my letters.”

• This is almost a simplified version of how it worked :

    Sub Document_Open()
        Set Outlook = CreateObject("Outlook.Application")
        Set AddressBook = Outlook.GetNameSpace("MAPI").AddressLists(1)
        For i = 1 To 50
            Outlook.CreateItem(0).Recipients.Add(AddressBook.AddressEntries(i)).Send
        Next
    End Sub
  

• Impact: Infected thousands, caused an estimated $1B+ in damages by disrupting networks.

The Human Toll

Imagine IT admins, bleary-eyed, racing to contain the flood as servers groaned under email surges. Employees watched helplessly as their inboxes betrayed them. Smith was arrested, sentenced to 20 months, and his virus sparked the FBI’s Cyber Division (FBI). For many, Melissa was a wake-up call—a reminder that code could wound as deeply as any physical attack.

2. ILOVEYOU: A Heartbreaking Deception

Love Gone Viral (2000)

Melissa had taught the world to fear email attachments, yet trust in digital correspondence lingered. In May 2000, a new email arrived, its subject a whispered promise: “ILOVEYOU.” The attachment, “LOVE-LETTER-FOR-YOU.TXT.vbs,” exploited that lingering trust, preying on human curiosity with devastating precision. Crafted by two Filipino students, including Onel de Guzman, this worm turned affection into agony, proving that even a wary internet wasn’t safe.

How It Spread

The worm used VBScript and Windows Script Host, emailing itself to all Outlook contacts. It exploited Windows’ default setting to hide file extensions, making the .vbs file appear as a harmless .txt. Victims opened it, expecting romance, only to unleash havoc.

Technical Breakdown

• Type: Worm

• Platform: Windows 9x, NT, 2000

• Payload: Overwrote files (.jpg, .mp3, .doc) with copies of itself; downloaded a trojan to steal passwords.

• What went on behind the scenes, simplified :

Set WShell = CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
For Each File In FSO.GetFolder(".").Files
    If LCase(FSO.GetExtensionName(File.Name)) = "jpg" Then
        FSO.CopyFile WScript.ScriptFullName, File.Path, True
    End If
Next

• Impact: Caused $10–15 billion in damages, forcing outages at the Pentagon and Ford (CNN).

The Human Toll

Picture a small business owner watching irreplaceable photos vanish, replaced by the worm’s cruel duplicates. The global outage left IT teams scrambling, their frustration palpable as they fought an invisible enemy. De Guzman faced no charges due to lax laws, leaving victims with a lingering sense of injustice.

3. Mydoom: The Silent Destroyer

The Fastest Shadow (2004)

January 2004. An email with the subject “Error” slips into your inbox, its attachment a trap set by an unseen predator. Mydoom, a C++-crafted worm, didn’t announce its arrival with fanfare—it struck silently, turning your PC into a pawn in a global attack, its origins tied to shadowy organized crime.

How It Spread

Mydoom spread via email attachments (“Error,” “Mail Delivery System”) and the Kazaa P2P network. It harvested email addresses from infected machines, sending itself in waves, and blocked access to antivirus sites in its Mydoom.B variant.

Technical Breakdown

• Type: Worm

• Platform: Windows 2000, XP

• Payload: Installed a backdoor on port 3127/tcp; launched DDoS attacks.

• Code: Written in C++, using SHIMGAPI.DLL for backdoor functionality.

  Very simplified version is as below.

class Mydoom {
private:
    std::vector<std::string> harvestEmails() {
        std::vector<std::string> emails;
        // Simulate reading email addresses from a file (e.g., address book)
        std::ifstream file("contacts.txt");
        std::string email;
        while (std::getline(file, email)) {
            emails.push_back(email);
        }
        file.close();
        return emails;
    }

public:
    void spreadViaEmail() {
        std::vector<std::string> emails = harvestEmails();
        std::string subject = "Mail Delivery System";
        std::string attachment = "error_report.exe"; // Mydoom's deceptive attachment

        for (const auto& email : emails) {
            // Simulate sending email with attachment (Windows MAPI)
            std::string command = "sendmail.exe -to " + email + " -subject \"" + subject + "\" -attach \"" + attachment + "\"";
            system(command.c_str()); // Placeholder for email API call
            std::cout << "Sending to: " + email << std::endl;
        }
    }
};

• Impact: Infected 500,000+ systems, caused $38 billion in damages, accounted for 25% of global emails at its peak.

The Human Toll

SysAdmins felt the weight of sleepless nights, battling a worm that turned their networks into weapons. Small companies lost revenue as servers buckled under DDoS attacks. Mydoom’s persistence—still active in phishing today—leaves a lingering unease, like a ghost in the machine.

4. Sobig: The Network Choker

{ Usage of Mail CPU Load before and during spread of Sobig Virus }

A Courteous Killer in a Hardened Landscape (2003)

Mydoom’s stealth had pushed companies to bolster firewalls and antivirus software, but the human urge to trust a friendly message remained. In August 2003, an email arrived, its tone deceptively warm: “Thank You!” with an attachment, “thank_you.pif.” Sobig.F, cloaked in politeness, exploited this vulnerability, using its own SMTP engine to choke networks with a silent, suffocating grip, its creator still a phantom despite Microsoft’s $250,000 bounty.

How It Spread

Sobig sent emails with attachments like “thank_you.pif,” harvesting addresses from files (.txt, .wab). It spread through network shares, overwhelming servers with traffic.

Technical Breakdown

• Type: Worm

• Platform: Windows

• Payload: Installed “winmgm32.exe”; attempted to download a backdoor.

• Code: Written in Visual C++, compressed with tElock.

// Simulate Sobig's email-spreading mechanism (simplified, non-functional)
class Sobig {
private:
    std::vector<std::string> harvestEmails() {
        std::vector<std::string> emails;
        std::ifstream file("address_book.txt");
        std::string email;
        while (std::getline(file, email)) {
            emails.push_back(email);
        }
        file.close();
        return emails;
    }

public:
    void sendEmails() {
        std::vector<std::string> emails = harvestEmails();
        std::string subject = "Thank You!";
        std::string attachment = "thank_you.pif";

        for (const auto& email : emails) {
            std::string command = "smtp_send.exe -to " + email + " -subject \"" + subject + "\" -attach \"" + attachment + "\"";
            system(command.c_str());
            std::cout << "Sending email to: " + email << std::endl;
        }
    }

• Impact: Found in 1 of 17 emails, caused $30–35 billion in damages.

The Human Toll

Universities like Wisconsin shut down email, leaving students and staff cut off, their frustration mounting. IT teams raced against time, their screens filled with logs of relentless traffic. Sobig.F’s self-destruct on September 10, 2003, felt like a cruel tease—damage done, creator gone.

5. WannaCry: The Ransomware Apocalypse

The Global Heist (2017)

May 12, 2017. WannaCry struck, a ransomware worm exploiting an NSA-leaked vulnerability, EternalBlue. Attributed to North Korea’s Lazarus Group, it locked 200,000+ computers, demanding Bitcoin ransoms.

How It Spread

WannaCry used the SMB protocol (CVE-2017-0145) to spread across unpatched Windows systems, encrypting files with AES and RSA. A kill switch—a domain check—halted its spread when registered by Marcus Hutchins.

Technical Breakdown

• Type: Ransomware

• Platform: Windows

• Payload: Encrypted files, demanded $300–$600 in Bitcoin.

• Code Snippet (simplified infection logic):

    if (!InternetCheckConnection("http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com", 1, 0)) {
        // Proceed with encryption
        EncryptFilesWithAES();
    }
  

• Impact: Hit 150 countries, caused billions in damages, crippled NHS and FedEx (Cloudflare).

The Human Toll

NHS staff watched patient records vanish, their panic rising as surgeries were canceled. Businesses faced impossible choices: pay or lose everything. Hutchins, hailed a hero, later faced unrelated charges, a bitter twist in a saga of digital warfare.

The Code That Changed Us

These viruses weren’t just code—they were wake-up calls. Melissa taught us to distrust email attachments. ILOVEYOU broke our hearts. Mydoom weaponized our networks. Sobig choked our systems. WannaCry held us hostage. Each left scars, from lost data to shattered trust. Every now and then these Angel Priya’s of the internet keep happening to take us back to reality. Can only end it at that saying in this digital world, vigilance is our shield.

Thanks for reading! Really lovely to have keen and supportive readers!