1. Storm Worm
The most recent virus in our list is the worst Storm Worm. The worm was first identified by computer security experts in late 2006.
The public began to call the Storm Worm virus because one of the e-mail messages that contained the virus was “230 dead as Storm Batters Europe.” Symantec calls it Peacomm, for instance, while McAfee calls it Nuwar.
This may sound complicated, but the W32.Storm Worm is already a 2001 virus. The 2001 virus and the 2006 worm are entirely different.
The Storm Worm is a system of Trojan horses. The payload is another, but not always the same, programme. Some Storm Worm models transform computers into zombies or bots. If machines are hacked, the person behind the attack is vulnerable to remote control.
Several hackers use the Storm Worm to build a botnet and send spam on the Internet.
Most Storm Worm versions trick the victim into downloading the application through fake links to news or videos.
The people responsible for the attacks frequently change the topic of the e-mail to reflect current events. For example, just before the 2008 Beijing Olympics, a new version of the Worm was released in e-mails with topics such as the Chinese new deadly disaster or the China most deadly earthquake. Video stories were linked and news stories related to the topic were requested by the e-mail.
Several news agencies and blogs have described Storm Worm as one of the biggest attacks of viruses in years.
By July 2007, a security official at Postini claimed that, during an attack which lasted several days, the company had detected more than 200 million e-mails containing links to Storm Worm. Fortunately, not every email has led somebody to install the worm.
While the Storm Worm is common, detecting or eliminating the virus from a computer system is not the most complicated one.
You can save yourself a lot of headaches if you keep your antivirus software up to date and remember to take caution when receiving emails from unfamiliar people or see strange links.
Maybe you saw the commercial in the technology marketing campaign of Apple, where justin “I am a Mac” John “I’m a PC” Hodgman Long consoles. Hodgman has a virus and points out that over 100,000 viruses will reach a computer. Long claims these viruses are targeting PCs rather than Mac computers.
That’s true for the most part. Mac computers are partly shielded from virus attacks because of a concept known as darkness protection. Apple has a reputation for keeping the OS and devices locked — the hardware and software are made by Apple.
That keeps the OS dim. Macs were traditionally a distant second to PCs on the home computer market. A hacker who creates a Mac virus won’t hit as many victims with a PC virus as he or she would.
But at least one Mac hacker hasn’t prevented this. The Leap-A virus, also called Oompa-A, first appeared in 2006. This uses the IChat program to spread over insecure Mac computers.
After the virus infects a Mac, it scans through iChat contacts and sends every person in the list a message. The message contains a corrupt file which seems an innocent JPEG image.
The Leap-A virus does not affect computers very much, but it shows that even a Mac computer can become a victim to malware.
When Mac computers become popular, more hackers will probably create custom viruses that can damage computer files or snarl traffic network. The character of Hodgman may still have his vengeance.
3. Sasser and Netsky
Computer virus programmers often escape detection. Yet authorities often find a way to trace a virus back to its source. This was the case with the viruses Sasser and Netsky.
The two programs were created by a 17-year-old German named Sven Jaschan who unlocked them on the Internet. While the two worms were behaving differently, similarities in the software led security experts to conclude that the two were the same person’s job.
The Sasser worm targeted computers with a vulnerability of Microsoft Windows. Unlike other parasites, e-mail did not spread. Alternatively, it looked for other compromised structures once the virus infected a computer. They approached them and told them to install the virus.
The virus will search for potential victims random IP addresses. The virus also modified the operating system of the user, making it difficult to shut down the computer without power cutting off.
The virus of Netsky moves via e-mails and Windows networks. It spoils email addresses and spreads them through an attachment to a 22,016 byte file. As it spreads, a denial of service (DoS) attack can lead to a system collapse, while attempting to manage all internet traffic.
Security experts at Sophos estimated that 25 percent of all computer viruses on the internet accounted for Netsky and its variants.
Sven Jashan did not spend time in prison; he obtained a prison sentence of one year and nine months. Because at the time of his arrest he was under 18, he was spared being tried at German courts as an adult.
So far, most of the viruses we looked at Windows-based target PCs. But Macintosh computers are not resistant to virus attacks from computers. In the next page, we will look at the first Mac attack virus.
The worm that can build a loophole in the victim’s operating system is the MyDoom (or Novarg) virus. There were several variants of the original MyDoom virus, which had two triggers. One trigger caused the virus to launch a service denial (DoS) attack from the first day of February 2004.
The second cause demanded that the virus stop spreading on 12 February 2004. The backdoors created during initial infections remained active even after the virus stopped spreading.
Earlier that year, several search engine firms warned about a second outbreak of the MyDoom virus. Like other viruses, MyDoom has been looking for e-mail addresses on victim computers in its replication process.
Nevertheless, a search request is also sent to a search engine and e-mail addresses contained in the search results are used. Search engines such as Google eventually started to receive millions of search requests from hacked computers. Such attacks weakened search engine functionality and even caused MyDoom to crash through e-mail and peer-to-peer networks. The security company MessageLabs reports that one in every 12 e-mails contained the virus at a time. Like the Klez virus, MyDoom was able to mimic emails so that tracking the source of infection was very difficult.
A new Web server virus spread over the Internet at the end of January 2003. Most computer networks have not been equipped for the attack and the virus has caused many critical systems to fail.
The Bank of America’s ATM systems collapsed, the City of Seattle failed in 911 service, and due to digital tickets and check-in failures the Continental Airlines had to cancel some flights.
The responsible person was the SQL Slammer virus, also known as Sapphire. Several reports found that the virus caused damages of over $1 billion before patches and antivirus software captured the epidemic.
The success of the assault by Slammer is well known. Just a few minutes after its first Internet server was infected, the Slammer virus doubled every second its number of victims. Fifteen minutes after its first attack, nearly half of the Internet pillars were infected by the Slammer virus.
The Nimda (administrative spelled back) was another virus that hit the Internet in 2001. Nimda spread rapidly through the Internet, and then became the most rapidly spreading computer virus.
Yes, according to Peter Tippett, CTO of TruSecure, it took Nimda just 22 minutes to reach the top of the list of attacks recorded.
The primary targets of Nimda Worm are Web servers. While a home PC could be compromised, it was intended to make Internet traffic crawl. It could travel via the Internet with several methods, including e-mail. It led to the virus spread over several servers in record time.
The Nimda worm built a rear door into the operating system of the victim. This allowed the attacker to access the same level of functionality as any user currently logged into the system.
In other words, if a user has the worm enabled on a computer with limited privileges, the attacker also has limited access to the computer’s functions. If the target was the system operator, the intruder would have complete control.
The spread of the Nimda virus caused a crash in some network systems as more of the assets in the process were fed to the worm. The Nimda worm has potentially become a distributed Denial of Service attack (DDoS).
7.Code Red and Code Red II
In the summer of 2001, the Red Code and Red II worms emerged. All worms abused an operating system vulnerability found on Windows 2000 and Windows NT computers.
The weakness is a buffer overflow problem, so if a computer operating on such systems gets more data than its buffers can accommodate, it starts overflowing adjacent memory.
The original Red Worm Code conducted a denial of service (DDoS) attack on the White House. It means that all computers infected with Code Red attempted to contact the White House web servers simultaneously by overloading the machines.
An user no longer obeys a Windows 2000 computer infected with a Code Red II worm. The worm creates a loophole in the operating system of the device, allowing a remote user to access and manipulate the machine. In terms of programming, this is a compromise at system level, and for the owner of the machine, it is bad news.
The person behind the virus can access the information from the victim’s computer or even commit crimes by using the infected computer. It ensures that the victim may not only have to deal with an infected computer but may also be suspected of having committed crimes.
Windows NT computers are vulnerable to Code Red worms, but the effects of viruses on such machines were not so severe. Windows NT web servers could crash more often than usual, but it was just as bad as it was. This is not so bad compared to the problems faced by Windows 2000 users.
Microsoft issued software patches which fixed Windows 2000 and Windows NT security vulnerabilities. When patched the initial worms were unable to exploit a Windows 2000 machine, yet the fix didn’t delete viruses from infected computers-victims themselves had to do so.
8.The Klez Virus
The Klez virus marked a new direction for computer viruses and set the bar high. This emerged in late 2001 and for several months variants of the virus have infected the Internet.
The simple Klez Worm compromised the victim’s machine by an e-mail, repeated it and then sent it to the victim’s journal.
Several versions of the Klez virus included many harmful programs which could make the machine of a victim inoperable. The Klez virus could act as a normal computer virus, a worm or a Trojan horse, depending on its version.
It can even disable virus scanning technology and serve as a method for virus removal.
Shortly after it came on the Internet, hackers changed the Klez virus to make it much more effective. It could peel through a victim’s address book like other viruses and send itself to contacts.
However, another name can also be taken from the contact list and placed in the field “From” of the email client. It’s called spoofing –the e-mail seems to come from one source when it comes from other places.
Spoofing an e-mail address achieves a few objectives. First of all, the recipient of the e-mail doesn’t do anything good to block the person in the “From” field because the e-mails really come from anyone else.
A Klez worm programmed for spammers with multiple emails could quickly block an inbox, since recipients cannot say what the real source of the problem is. In addition, the recipient of the e-mail might recognize the name in the “From” field and be more open for it.
A year after the Internet hit the Melissa virus, the Philippines posed a digital threat. In contrast to the Melissa virus, this threat was a worm –it was a standalone program that could replicate itself. It was renamed ILOVEYOU.
Initially, like the Melissa virus, the ILOVEYOU virus traveled through the internet by e-mail. The subject of the e-mail said the message was an admirer’s love letter.
The issue was triggered by an attachment in the e-mail. The original worm had the LOVE-LETTER-FOR-YOU.TXT.vbs file name. The vbs extension showed the language the hacker used to create the worm: Visual Basic Scripting The ILOVeyOU virus was attacked several times according to antivirus software producer McAfee. It copied and hidden the copies in a number of folders on the hard drive of the victim.
- It added new files to the registry keys of the victim.
- It replaced various types of files with copies of themselves.
- It sent itself to customers via Internet Relay Chat and e-mail.
- It downloaded and executed a file called WIN-BUGSFIX.EXE from the Internet.
Instead of correcting bugs, this program was a password stealing application which sent secret information to the e-mail address of your hacker.
Who developed the virus ILOVEYOU? Some think it was Philippine Onel de Guzman. The Philippine authorities investigated de Guzman for theft –there was no computer spy or sabotage legislation in the Philippines at that time. In citing a lack of evidence, the Filipino authorities dropped de Guzman’s charges, which would neither confirm nor deny his virus responsibility.
Some estimates show that the ILOVEYOU virus caused 10 billion dollars in damage.
Now that the love festival is over, let’s look at one of the most common viruses on the web.
A man named David L. Smith developed a computer virus in the spring of 1999 based on a Microsoft Word macro. He developed the virus to spread e-mail messages. Instead of sacking its money-maker, the Melissa computer virus is enticing the recipients to open a file with an e-mail message like “This is the document you have requested, don’t show it to anyone else.” When triggered, the virus will replicate itself and give itself to the top 50 people in the recipient.
When Smith unleashed it, the virus spread rapidly to the world. The United States federal government was highly interested in Smith’s research, the Melissa virus “caused havoc on the government and private sector networks,” as reported by the FBI officials in Congress. Since e-mail traffic increased, some businesses have been forced to stop e-mail services until the virus has been included.
Following a long trial, Smith lost his case and was sentenced to 20 months in prison. Smith was also fined $5,000 by the court and prohibited from accessing computer networks without court permission.
In the end, Melissa did not paralyze the internet, but it was one of the first computer viruses to get the attention of the public.