CNET también está disponible en español.

Ir a español

Don't show this again


Viruses with trigger dates

Viruses written to act on a specific date or time can can spread panic, but few, so far, have lived up to expectations.

Conficker, which was set to activate on April 1 but failed to cause any problems, isn't the first virus to be programmed to take action on a certain date or time. Experts believe that worms with a trigger date can lead to panic and hype. Here are some others:

One of the first known viruses, dubbed Jerusalem, was first detected in the Israeli city in October 1987 and targeted at DOS systems. It was programmed to delete programs on Friday 13th, except in the year 1987.

The Michelangelo virus, first discovered in 1991, was triggered to launch its payload (rendering disk unusable) on computers running MS-DOS every March 6, but by 1997 it appeared to have petered out.

The CIH, or Chernobyl, virus targeted Windows and was discovered in 1998. The original variant was set to destroy data on April 26, the birthday of the virus writer, which coincidentally happened to be the anniversary of Chernobyl disaster. Subsequent variants have different trigger dates for their payloads, including one that was set to activate on the 26th of every month but which was not widespread.

Code Red
The Code Red worm, discovered in July 2001, exploited a flaw in Microsoft IIS software and directed infected Web servers to launch attacks on other computers within a certain period of time. One of the sites was that of the White House, but the administration was able to successfully fend off the attack after moving the site from the targeted IP address.

Klez.e first spread via e-mail messages in February 2002 and exploited a hole in Outlook. It was set to activate on the sixth day of odd-numbered months and destroy files on infected Windows computers. However, it caused little or no damage because in the month between when it surfaced and when it was first due to activate on March 6, 2002, PC users were able to update their antivirus software.

Blaster, or MSBlast, began spreading August 11, 2003, about three weeks after Microsoft announced a serious hole in Windows. The worm exploited the hole and was programmed to launch a denial of service attack on a Microsoft update Web site on August 15, 2003, but the company killed the Internet address to thwart it. In the code, the worm writer exhorted Bill Gates to "stop making money and fix your software!!"

Discovered in January 2004, the MyDoom virus targeted Windows PCs and was originally triggered to launch a denial of service attack against the Web site of the SCO Group between February 1 and February 12, 2004. The attack crippled SCO Group's site, forcing the company to move to an alternate site. A second variant launched a DDOS attack on Microsoft's site, but that had little impact. SCO Group and Microsoft both offered $250,000 rewards for information leading to the arrest of the creators of the variant targeting their site. (Microsoft is also offering a $250,000 reward in the Conficker case.)

Kama Sutra
The Kama Sutra worm, also called Nyxem, spread via e-mail and infected Windows PCs when the e-mail, typically sexually suggestive, was opened. It was programmed to delete files on infected machines on February 3, 2006, but failed to do much damage.

A variant of the Sober Windows worm that began circulating in November 2005 was set to activate on January 5 or 6, 2006, possibly dated to coincide with the 87th anniversary of the founding of the Nazi party. It had the potential to download malicious code onto infected computers and launch a new wave of viruses, but was unsuccessful.

Updated at 10:55 a.m. PDT on April 3 to include the Jerusalem virus.