Wednesday, May 2, 2012

What are some popular Viruses? - Random Wednesday



Hello all my dear readers! :) A splendid day it seems to be! How are you all doing? :)



Today's topic of discussion is rather a straightforward one. Viruses, we have dealt with them in some or the other walk of life. Maybe in real life those disease causing viruses, or in computer world, those data destroying ones. But what we are gonna discuss is Computer ones, not the disease ones.

Let's first do a quick overview on what viruses are, what is their nature, how they attack, et-cetera. Then we shall jump on the topic of today, the popular and deadly computer viruses. Go ahead, it's gonna be an interesting article, no doubt! Do read it! :)

What is a Computer Virus?!


A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously used, to refer to other types of malware, including but not limited to adware and spyware programs that do not have a reproductive ability. What I mean by reproductive ability is not that they gonna come out of your computers and make you pregnant with some stupid transformer sort of! LOL! :P It means they replicate themselves in the computer system, infecting other files on the disks attached permanently or temporarily. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by other computers. Perhaps the reason for the success of Total Security Suites in the market! I wonder! :|

Malware includes computer viruses, computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious or unwanted software, including true viruses - Blah! Blah! Blah! :P Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves. So what's the moral of the story?! Duh!! Viruses have the capability to reproduce! Others seem to be impotent! LOL! :P

Any virus will by definition make unauthorised changes to a computer, which is undesirable even if no damage is done or intended. Often confused with viruses, but actually different, let's discuss the Trojan Horse first:

Trojan Horse is different from a Virus!


A Trojan horse, or Trojan, is a program with a benign capability that conceals another malicious program. When the user executes a Trojan horse, the program performs the expected task, however, the program is also performing actions unknown to, and not in the best interests of the user. Mark the set of words very carefully - "not in the best interests of the user". A Trojan horse will generally not generate direct hazards to the computer except controlling the computer. The term is derived from the Trojan Horse story in Greek mythology because Trojan horses employ a form of “social engineering,” presenting themselves as harmless, useful gifts, in order to persuade victims to install them on their computers (just as the Trojans were tricked into taking the Trojan Horse inside their gates). Now don't you give me that look as if you don't know the story of the Trojan War! :P It is generally used for data theft.



Back to the Topic! :D


Anyways, enough of the introductory discussion, let's get back to our primary topic that was to discuss some popular viruses, some viruses that have rather created history!

ILOVEYOU


ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after 5 May 2000 local time in the Philippines when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.". The first file extension 'VBS' was most often hidden by default on Windows computers of the time, leading unwitting users to think it was a normal text file. Opening the attachment activated the Visual Basic script. The worm did damage on the local machine, overwriting image files, and sent a copy of itself to the first 50 addresses in the Windows Address Book used by Microsoft Outlook.

The ILOVEYOU script (the attachment) was written in Microsoft Visual Basic Scripting (VBS) which ran in Microsoft Outlook and was enabled by default. The script added Windows Registry data for automatic startup on system boot. The worm then searched connected drives and replaced files with extensions JPG, JPEG, VBS, VBE, JS, JSE, CSS, WSH, SCT, DOC, HTA, MP2, and MP3 with copies of itself, whilst appending the additional file extension VBS. The worm propagated itself by sending out copies of the payload to the first 50 entries in the Microsoft Outlook address book (Windows Address Book). It also downloaded the Barok trojan renamed for the occasion as "WIN-BUGSFIX.EXE".

Code Red


Although Code Red is actually a worm and not virus, but since most of the people consider all these malicious programs to be viruses only, let me not try to draw the line and create confusion in the minds of you all because I don't know how many of you really wish to differentiate between a virus and worm! Code Red was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server.

The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh. The worm was named the .ida "Code Red" worm because Code Red Mountain Dew was what they were drinking at the time, and because of the phrase "Hacked by Chinese!" with which the worm defaced websites. Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000. Wow! That number certainly makes it a notable one, right! :)

Creeper


Creeper was an experimental self-replicating program written by Bob at BBN in 1971. It was designed not to damage but to demonstrate a mobile application. It is generally accepted to be the first computer worm. Creeper infected DEC PDP-10 computers running the TENEX operating system. The Reaper program was a computer worm, like Creeper, but its purpose was to delete the latter.

Creeper is said to be the first ever computer virus seen in 1971!

Nimda


Nimda is a computer worm, and is also a file infector. It quickly spreads, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes.

The worm was released on September 18, 2001. Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.

Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, 2000 or XP and servers running Windows NT and 2000. The worm's name origin comes from the reversed spelling of it, which is "admin". F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code.

Melissa


The Melissa virus, also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", is a mass-mailing macro virus. As it is not a standalone program, it is not a worm. First found on March 26, 1999, Melissa shut down [Internet] E-mail systems that got clogged with infected e-mails propagating from the virus. Melissa was not originally designed for harm, but it overloaded servers and caused problems.

Melissa was first distributed in the Usenet discussion group alt.sex. The virus was inside a file called "List.DOC", which contained passwords that allowed access into 80 pornographic websites. The virus' original form was sent via e-mail to many people.

Zeus


Zeus is a Trojan horse that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek.

The various Zeus' botnets are estimated to include millions of compromised computers (around 3.6 million in the United States). As of October 28, 2009 over 1.5 million phishing messages were sent on Facebook with the purpose of spreading the Zeus' trojan. On November 3, 2009 a British couple was arrested for allegedly using Zeus to steal personal data. From November 14–15, 2009 Zeus spread via e-mails purporting to be from Verizon Wireless. A total of nine million of these phishing e-mails were sent.

In 2010 there were reports of various attacks, among which one, in July, disclosed by security firm Trusteer, indicating that the credit cards of more than 15 unnamed US banks were compromised. On October 1, 2010, FBI announced it had discovered a major international cyber crime network which had used Zeus to hack into US computers and steal around $70m. More than 90 suspected members of the ring were arrested in the US, and arrests were also made in the UK and Ukraine.

In May 2011, the then-current version of Zeus's source code was leaked and in October the abuse.ch blog reported about a new custom build of the trojan that relies on more sophisticated peer-to-peer capabilities.

Mocmex


Mocmex is a trojan, which was found in a digital photo frame in February 2008. It was the first serious computer virus on a digital photo frame. The virus was traced back to a group in China. Mocmex collects passwords for online games. The virus is able to recognize and block antivirus protection from more than a hundred security companies and the Windows built-in firewall. Mocmex downloads files from remote locations and hides randomly named files on infected computers. Therefore, the virus is difficult to remove. Furthermore, it spreads to other portable storage devices that were plugged into an infected computer. Industry experts describe the writers of the Trojan Horse as professionals and describe Mocmex as a "nuclear bomb of malware".

Here you have


Here you have, is a computer worm that successfully attacked many Windows computers in 2010 when it was sent as a link inside an email message with the text "Here you have" in the subject line. The worm arrived in email inboxes on and after September 9, 2010 with the simple subject of "Here you have". The final extension of the link was hidden by default, leading unsuspecting users to think it was a mere PDF file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book.

Brain


Brain is the industry standard name for a computer virus that was released in its first form in January 1986, and is considered to be the first computer virus for MS-DOS. It infects the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system.

Kenzero


Kenzero is a virus that is spread across Peer to Peer networks and is programmed to monitor the browsing history of victims. The Kenzero virus was first discovered on the 15th of September 2010, but researchers think it went undetected for a few months prior to the initial discovery. Kenzero attacks computers that download files through Peer-to-peer networks (P2P). Once the file is opened, the virus locates the victim's browsing history and publishes it online. People can then view the files.

No comments:

Post a Comment

Kindly keep the comments clean and make quality comments that would be worthy in making this blog better! :)