Computers are incredible. By combining a few different parts, they can use electrical signals to store information, perform billions of calculations per second, and connect you with the rest of the world. But all those different components and connections are also vulnerable.

If a malicious piece of code, a computer virus, gets in, it can take over your computer and make it totally useless, or even turn it into a weapon.

A virus is any type of code that's designed to spread to lots of different computers whether you like it or not. And once your computer is infected, the virus usually does something bad.

We've talked about some of the most damaging computer viruses before. But there are lots of different kinds of viruses and malware, short for "malicious software", all of which can ruin your day in different ways. Some are programmed to hold your files ransom for money, some are designed to bring down the internet servers at the White House, and some are meant to physically destroy uranium enrichment centrifuges.

The first virus on our list is the first virus that actually had the power to damage your computer's hardware, to fix it you had to physically replace electronics. It appeared in 1998, and became known as the Chernobyl virus.

It did more than just render your computer unusable: it turned it into a useless chunk of plastic until you went out and replaced your computer's BIOS chip.

BIOS stands for basic input/output system, and as the name suggests, one of its jobs is to handle all of your computer's input/ output devices. Like your keyboard and mouse, like your monitor, and your hard drive. It's what your microprocessor uses to talk to all the different parts of your computer that you actually interact with.

So if anything happens to your BIOS chip, there's no way to fix it. You can't tell it how to fix itself without some kind of input/output device.

The Chernobyl virus would infect any files and programs you tried to use. It's what's known as a space filler virus. It hides in the unused space inside of other files. If those files were shared, or an infected program was redistributed, the virus travels with them to a new machine, to infect even more stuff.

Then, the next April 26, which happens to be the anniversary of the Chernobyl nuclear disaster, the Chernobyl virus would activate. It would wipe out all the data on an infected computer, and overwrite the BIOS chip. The virus did hundreds of millions of dollars worth of damage, and it’s still not been completely quarantined. Luckily, only machines running the Windows 95 and 98 operating systems are vulnerable, so unless you’re one of the people still using Windows 98, you probably don’t need to worry about it.

The virus’s author was Taiwanese computer programmer Chen Ing Hau, who actually signed the code with his own initials. And, incredible as it sounds, he never did time. At the time, what he did wasn’t illegal under Taiwanese cyber crime laws.
 

About 80% of the destructive malware on the internet are what’s known as worms. Worms are standalone pieces of code that can infect your computer directly. They don’t need to infect any specific program to work. Some worms infected target computers via e-mail attachments. You got an e-mail from someone in your address book, clicked on the attachment, and just like that, you’d downloaded the worm.

The Code Red worm took a stealthier approach. There was no e-mail attachment. It attacked its victims’ computers through their connection to the internet. To get infected, all you had to do was be online when the worm randomly tried to access your IP address, your computer’s internet ID. You also though had to be running a server that used Microsoft’s Internet Information Services, which had a vulnerability the worm could exploit.

Code Red would send a long string of meaningless characters — the letter N, like, fifty times — which would be more data than the computer was expecting. That would give the worm access to parts of the computer’s memory where it wasn’t supposed to be. Once it wrote itself onto your machine, it would start looking for more random IP addresses to infect. That would slow your internet down to a crawl.

The name Code Red, might sound kind of cool, until you find out that it was named after the flavor of soft drink the guy who discovered it was drinking at the time. We at SciShow have begun to suspect that this was just some kind of massive Mountain Dew brand deal. It was first spotted on July 13th, 2001. Code Red infected 360,000 computers in under 14 hours. That’s one of the fastest outbreaks of all time.

The plan was to overwhelm the White House's servers by having every machine infected with Code Red send junk data to the IP address used by the White House. But it didn't work. Software security experts discovered the worm, and just changed the White House’s IP address before the attack was launched.

The security flaw in Microsoft’s IIS was also fixed. But between the loss of productivity experienced by the infected machines, and the cost of cleaning everything up afterwards, Code Red did about 2.7 billion dollars in damage. Whoever wrote it was never caught. 

Another kind of malware is ransomware, which holds your data for ransom. Syndicates who use ransomware can easily make millions of dollars per year from people and businesses desperate to get their data back.

One of the most damaging ransomware programs is Cryptolocker, which hit its peak in 2013. It mainly distributed itself via a botnet, a group of computers that had already been infected with another virus. You could also get it by opening the wrong kind of email attachment. Honestly, it’s starting to seem like you should never open anything that you are emailed, ever.

The idea behind Cryptolocker was simple. It would infect your computer, encrypt all your files, and then give you three days to pay three hundred dollars in an untraceable currency like Bitcoin. If you paid, they sent you the key to decrypt your files. If you didn’t, Cryptolocker would delete itself, leaving all of your files encrypted with no way of ever getting them back. Ever.

And I mean, no way of getting them back. In our cryptography episode, we talked about how much easier it is to encrypt something than it is to decrypt it. Without the decryption key, your files are gone. On the... I guess you could call it the “upside,” users who paid the ransom did actually get their files back. At least until other hackers started attacking the servers where Cryptolocker stored its decryption keys. After that... ehhh, you are lucky if you got your key.

Cryptolocker was eventually neutralized by taking down the botnet it used to distribute itself. But not before its creators made an estimated three million dollars in bitcoins from their victims. Whoever they were, they were never found.

At this point, you might be thinking, “well, It’s a good thing I use an antivirus program.” Yeah... about that. Our next piece of malware is Bakasoftware. Although you might know it better as Antivirus XP 2008. Or Spyware Protect 2009. Or any of its many other names, all of which are meant to trick you into thinking it’s a legitimate antivirus program.

Bakasoftware is what’s known as a Trojan Horse, a program that gets onto your computer by making you believe it’s something harmless. Or even something that’s supposed to protect you from viruses. When you download Bakasoftware... or whatever it’s calling itself these days... it runs a fake scan of your computer, which detects fake viruses. Bakasoftware then tells you that in order to remove those viruses, you need to upgrade to the full version of the program, for some reasonable-sounding figure like $39.95.

And it’ll keep popping up to tell you to upgrade every time you try to open a file, open a program, open a folder, or switch between windows. It can make your computer practically unusable. And you cannot just uninstall it. Bakasoftware spreads itself across potentially dozens of different places on your hard drive. If you get infected by any of the heads of the Bakasoftware hydra, there are tools to remove it, but it is a huge nightmare, and it doesn’t always work.

Bakasoftware is still operating today, and infecting thousands of new computers every month. It seems like it shouldn’t be that hard to find out who’s running it. I mean, you can pay them with your credit card, you don’t need bitcoins. And we do pretty much know who’s running it. The problem is that they’re in Russia... and Bakasoftware doesn’t attack Russian users. Russian cybercrime laws don’t apply unless a Russian citizen is affected.

The good news is that if your operating system is set to default to Russian language settings, and if you’re using a Cyrillic keyboard, Bakasoftware should leave you alone, as well!

The last virus on our list, you will not get from e-mail attachments, you can’t get it from a botnet, in fact, unless you’re an Iranian nuclear scientist, you’ve got nothing to worry about. I’m talking about Stuxnet: the first known digital weapon deployed by a nation for strategic purposes. That nation... was the United States, along with allies in Israel.

Developed under the code name Olympic Games, Stuxnet was greenlit in 2006, under the Bush administration, to slow Iranian nuclear development. The goal was to develop a virus that could take out the centrifuges powering uranium enrichment in the Natanz enrichment plant in Iran. That virus was Stuxnet, which was deployed in 2009.

Stuxnet had to be carried into Natanz on thumb drives, either by double agents or unknowing accomplices. Once the thumb drive was plugged in, Stuxnet would deposit itself on the target computer. To avoid detection, it came with security certifications stolen from legitimate companies like RealTek and JMicronTechnology, both based in Taiwan.

Once inside Natanz, Stuxnet infiltrated the computers used to calibrate the system that controlled Stuxnet's five thousand centrifuges. Then it would do two things. Stuxnet would order the rotors that drove the centrifuges to suddenly either speed up or slow down. The rotors would crack, and the centrifuges would break. At the same time, Stuxnet would intercept the information that this was happening before it reached the control centers where in Natanz’s nuclear technicians were watching.

Instead, Stuxnet sent them data that said that everything was fine. So the Iranian scientists knew that centrifuges were failing all the time... but they did not know why. With the kind of equipment used at Natanz, you’d expect them to need to replace around 800 centrifuges a year. Instead, they were replacing up to two thousand centrifuges every couple of months.

In 2010, Stuxnet escaped Natanz on an Iranian engineer’s laptop, and started replicating itself all over the internet. So, suddenly, everyone knew about it, and wanted to figure out what it was. A global investigation followed, as security specialists around the world did everything they could to figure out how Stuxnet worked and who was behind it. It took almost a year. Stuxnet was, at the time, by far the most sophisticated piece of malware ever created.

So there are lots of different kinds of viruses, and lots of different ways they can do damage. But you can avoid most of them, as long as you don’t open sketchy emails, download weird files, or try to create a nuclear enrichment program... Don’t do that. Yes, also you might want to use an antivirus program. Just make sure it’s not actually a virus in disguise.

Thanks for watching this episode of SciShow, which was brought to you by our patrons on Patreon, who makes SciShow and SciShow Space possible and now are deciding what channel we should start next: SciShow Health, SciShow Life, or SciShow Psych. If you want to support content like this, and help us choose our new channel, go to Patreon.com/SciShow where we’re putting all of the money until the end of the year toward this new project, and if you just want to keep getting smarter with us, you can of course go to YouTube.com/SciShow and subscribe!