David Papp Blog

8 Viruses Caused By Human Error

Ever since the creation of computers and the Internet, we’ve been faced with various viruses that infect our computers. Viruses are ultimately the reason why we have cybersecurity and software to combat against these various viruses.

That being said, there have been various viruses over the span of the decades that weren’t intentional. This comes at a time where most cyber attacks today are pre-meditated and are formed specifically by hackers to attack companies.

These particular viruses were made with good intentions only to fail or to rapidly grow out of hand due to human error.

The Morris Worm

For those who know their viruses, this is the virus that more or less started it all. There were a few other viruses before this one, but this was the one that took over computers in a larger scale.

Also known as the Internet worm of November 2, 1988, this worm was launched on the 2nd of November 1988 by a student studying at MIT. The release of this worm also resulted in the first ever felony conviction under the 1986 Computer Fraud and Abuse Act the US established.

And it was all one big mistake.

According to the creator, Robert Tappan Morris, the worm wasn’t meant to cause any damage at all. Instead it was meant to highlight security flaws. When Morris released the worm in MIT computers, his hopes were to have the worm suggest the Morris actually work at the MIT. At the time he didn’t though he is currently a tenured professor there at the time of this being published.

The only problem with this was a mistake in the code caused it to infect computers multiple times, causing the machine to slow down to the point that you couldn’t even use it.

The Brain Virus

For those really curious about the virus that started it all, let me tell you about the brain virus. This was the virus that indeed started it all and as you can guess already mistakes were made with this one. The intentions were much different than what the creator intended.

Comparing this virus to the Morris worm, you’ll find a few similarities. Particularly in the fact that this virus slowed down the loading time of floppy disks that were infected with this virus. Over time you wouldn’t be able to use the floppy disk due to the floppy disk merely loading a particular message:

  • Welcome to the Dungeon (c) 1986 Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today – Thanks GOODNESS!!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages….$#@%$@!!

As mentioned before, the virus wasn’t intended to be a virus but rather a means of protecting medical software for privacy purposes. The creator, Amjad Faroog Alvi was the creator and wanted to keep his medical software protected and so he created this program. However during the process it turned into a virus that infected the whole of the computer rather than put a stop to copyright infringement.

Instead of that, we got a virus that slowly took over a computer. Fortunately this was a smaller scenario as the Brain virus didn’t have the ability to hop between computers like the Morris worm.

CIH Virus

Moving to the CIH virus, this is an example of not the creator making mistakes, but rather companies. Emerging in 1998, this virus was created by Chen Ing-Hau after antivirus software companies boasted how efficient their programs were in taking down viruses. Unlike the other viruses to this point, Chen did release a program to help fight the virus after a few days.

How the virus worked at the time was by filling in the space between code with the virus. This is why CIH is also referred to as Spacefiller. Because it fills space.

As a result of this behaviour, Chen proved a point that antivirus software couldn’t properly eliminate the virus quickly like they said it could. In fact, due to it hiding – and not increase file sizes as a result – antivirus software took a while to detect it and deal with it.

There was also the problem in that the CIH virus only activated during specific days. Specifically, this virus only activated on April 26th of each year. So people who had the virus wouldn’t know they had it until that date.

Even though this problem was fixed quickly, there is still some human error involved. The companies specifically. This is likely the first instance to remind companies that hackers and virus makers are one step ahead of antivirus software. To not recognize that as companies did back then is a terrible mistake.

Anna Kournikova

Stemming from another foundational virus called ILOVEYOU, this virus was inspired from that virus and spread like wildfire due to human error from the people. The original creator, Jan De Wit, was a huge fan of the famous tennis player Anna Kournikova, and wanted to share his admiration through this virus.

For Jan, this was wholly intentional, releasing the virus February 11th 2001. Though he did show remorse by turning himself a few days later, it was slightly undercut by his intentions.

First was the fact that people clearly didn’t learn their lesson from the ILOVEYOU virus. On top of that he blamed people for being entranced by the beautiful Anna Kournikova.

To add some context to this, the virus was an email worm that when opened, would get spread to the opener’s computer. Not only that, but the worm would send out mass emails to people that were in their address book.

Considering how quickly it spread, other people were at fault for not only realizing that the email was unusual, but also clicking on the email on instinct. Expect this to be quite the common theme for other more recent viruses as well.

Sircam

Released in the same year as the Anna Kournikova virus, this didn’t have much of a theme to it but was still deadly. To this day, Sircam is one of the top 10 outbreaks of viruses in history. Part of that spread was due to human error.

While Sircam did infect networks – which in turn allowed it to continuously send emails in an attempt to spread itself – the fact people were opening them was what spread it even further.

Looking at the virus now it would’ve been obvious, but people weren’t paying much attention to it back then. What the virus did was send an email with the line “I send you this file in order to have your advice.

There were other lines it could’ve said, but due to a fault in the virus, it favored this line heavily.

So not only is the message in the email unusual, but even the file that was sent was unusual as well. The Sircam virus once infected, would send an email to everyone in the person’s address book with that message. But the attachment it sent to spread itself was pulled at random.

In other words, this massive outbreak was due to people clicking on a random file that has nothing to do with the message. On top of that the message was riddled with grammar errors.

Elk Cloner

Before the Morris worm or any malware, we got Elk Cloner. The first virus ever to be released into the wild and inspired many for decades to create viruses. If only people knew that this was all a big accident. Well kind of.

The virus was developed by the entrepreneur Rich Skranta when he was only 15 years old. Where the human error comes in is the fact he created this more as a practical joke rather than to actually sabotage systems. In fact when it started to spread, he was surprised how effective it was.

This virus wasn’t able to get into various systems on its own. Instead it jumped between floppy disks that had to have been inserted into the computer and booted up. In other words the only way it could spread is if you loaded up the floppy disk with Elk Cloner (which was in a floppy disk for a game) and proceeded to use other floppy disks in that same computer.

You can also tell this virus was a mistake because it didn’t cause any harm compared to other virus. The only cases were when you used Apple DOS disks that lacked standard images, their reserved tracks were overwritten.

Code Red Worm

This virus wasn’t caused by consumer error, but rather a group of employees who were researching this. The irony of all this is that a security firm called eEye Digital Security was looking after this worm.

In the process of having the worm researched, the three employees discovered a vulnerability which the worm then exploited and began to spread itself. Fortunately the worm only targeted those who running Microsoft’s IIS web server.

Meaning that this only targeted people building websites.

Even though this was a smaller group it targeted, it still managed to reach 359,000 computers over the span of its outbreak.

But the kicker here is that it’s not entirely eEye’s fault for this outbreak entirely. Again the virus attacked a certain vulnerability. A vulnerability that was given a patch months before the outbreak of this worm. In other words, those that got infected were from people who didn’t bother updating the program.

Code Red 2

Another virus caused by human error was the variant of the code red worm, code red 2. This variant served more as a backdoor to many other viruses so it wasn’t particularly damaging by itself. But where the human error stemmed from was the fact there was another patch to cover the vulnerability that code red 2 exploited months before the attack.

This is where the human error came in. People failed to update their systems on the regular and overlooked the possibility that this computer could get attacked again.

Conclusion

While these viruses have been contained and will no longer infect modern computers, there are still many lessons we can learn from this. For one, a lot of these viruses were caused by some people who had good intentions. But in some other cases it was through us as consumers.

We opened emails and files without thinking. We were too prideful about our security systems thinking we were safe no matter what.

The biggest lesson about cybersecurity I can pass on is this: our own security is as solid as our own knowledge along with the tools we have AND Nothing is 100% secure!

Absolutely, get a antivirus software and backup your computer often, but have a level of knowledge and conscious about things. Be wary of unusual emails or messages where the English is unusual. Check with the original sender if you can to verify that they did send the email if you found it strange.

While there are cases where we can’t do too much against cyberattacks, there are always certain things we can do to protect ourselves. So take every precaution you can.