Pages

Friday, January 9, 2009

Top 10 Notorious Viruses


When the internet and other services are becoming more and more sophisticated, some people misuse their knowledge for the creation of evil things like viruses. Some of them created viruses for their fame. Here are a list of 10 viruses that causes destruction world wide.






  1. Melissa
Melissa was one of the first computer viruses to get the public's attention. It was invented in 1999 by David L. Smith. He named the virus 'Melissa' named after an exotic dancer from Florida. Melissa was a macro viruses which spread through e-mails. the Melissa computer virus tempts recipients into opening






David L. Smith who is the creator of the virus Melissa





A Sreen Shot of Melissa


According to FBI, Melissa awoke interest in the part of government. Since the traffic of e-mail increased and due to the spreading of this virus, some companies have stopped their e-mail programs till the virus was brought to control. The Smith was sentenced with 20 month jail and he was fined with $5,000. He was also forbidden from using the computer networks without the proper authorization. Later Melissa virus was brought to control.


2. ILOVEYOU

One year after the invention of Melissa a new virus originated in Philippines. It is the ILOVEYOU virus. It is a worm that infected several computers. The worms are capable of infecting several computers independent of the operating system in the computer. They have the capability of self replication. Like Melissa virus this worm also spread through e-mail. The message of the email is that it was a love letter from a admirer. The attachment of the e-mail is the virus file with the name LOVE-LETTER-FOR-YOU.TXT.vbs. The .vbs in name stands for the language used by hacker to create the virus (Visual Basic Scripting).




Screen shot of the ILOVEYOU virus


ILOVEYOU virus had a wide range of attacks: It replicates several times and hide the copies in several folders in the victims computer. It added new values to the victim's computers registry keys. It placed several files with its copy in the victim's computer. It send its copy to several other computers through chats and e-mails. It downloaded a file called WIN-BUGSFIX.EXE from the Internet and executed it. This program was a password-stealing application that e-mailed secret information to the hacker's e-mail address. Some think it was Onel de Guzman of the Philippines created the ILOVEYOU virus. Filipino authorities investigated de Guzman on charges of theft -- at the time the Philippines had no computer espionage or sabotage laws. Citing a lack of evidence, the Filipino authorities dropped the charges against de Guzman, who would neither confirm nor deny his responsibility for the virus. According to some estimates, the ILOVEYOU virus caused $10 billion in damage.

3.The Klez Virus

The Klez virus was discovered in the 2001. The variations of this virus plagued the Internet for several months. The basic Klez worm infected a victim's computer through an e-mail message, replicated itself and then sent itself to people in the victim's address book. Some variations of the Klez virus carried other harmful applications that could render a victim's computer inoperable. Depending on the version, the Klez virus could act like a normal computer virus, a worm or a Trojan horse. It could even disable virus-scanning software and pose as a virus-removal tool. Fortunately for consumers, there's no shortage of antivirus software suites on the market.



Scree shot of Klez Virus


Shortly after it appeared on the Internet, hackers modified this Klez virus in a way that made it far more effective. Like other viruses, it could peep into a victim's address book and send itself to contacts. But it could also take another name from the contact list and place that address in the "From" field in the e-mail client. It's called spoofing -- the e-mail appears to come from one source when it's really coming from somewhere else.

Spoofing an e-mail address accomplishes a couple of goals. For one thing, it doesn't do the recipient of the e-mail any good to block the person in the "From" field, since the e-mails are really coming from someone else. A Klez worm programmed to spam people with multiple e-mails could clog an inbox in short order, because the recipients can't judge what is the real source of the problem. Also, the e-mail's recipient might recognize the name in the "From" field and therefore be more chance for the recipient to open it.


4. Code Red and Code Red II

The Code Red and Code Red II worms popped up in 2001. Both worms exploited an operating system's vulnerability that was found in machines running Windows 2000 and Windows NT. The vulnerability was a buffer overflow problem, which means when a machine running on these operating systems receives more information than its buffers can handle, it starts to overwrite adjacent memory.

The original Code Red worm initiated a distributed denial of service (DDoS) attack on the White House. That means all the computers infected with Code Red tried to contact the Web servers at the White House at the same time causing the overloading of the machines.

The CERT Coordination Center at Carnegie-Mellon university published an advisory alerting the public to the dangers of the Code Red virus.


A Windows 2000 machine infected by the Code Red II worm no longer obeys the owner. That's because the worm creates a backdoor into the computer's operating system, allowing a remote user to access and control the machine. In computing terms, this is a system-level compromise, and it's bad news for the computer's owner. The person behind the virus can access information from the victim's computer or even use the infected computer to commit crimes. That means the victim not only has to deal with an infected computer, but also may fall under suspicion for crimes he or she didn't commit.

While Windows NT machines were more vulnerable to the Code Red worms, the viruses' effect on these machines wasn't as extreme. Web servers running Windows NT might crash more often than normal, but that was about as bad as it got. Compared to the woes experienced by Windows 2000 users, that's not so bad.

Microsoft released software patches that addressed the security vulnerability in Windows 2000 and Windows NT. Once patched, the original worms could no longer infect a Windows 2000 machine; however, the patch didn't remove viruses from infected computers -- victims had to do that themselves.



5. Nimda

Another virus to hit the Internet in 2001 was the Nimda (which is admin spelled backwards) worm. Nimda spread through the Internet rapidly, becoming the fastest propagating computer virus at that time. In fact, according to TruSecure CTO Peter Tippett, it only took 22 minutes from the moment Nimda hit the Internet to reach the top of the list of reported attacks.

The Nimda worm's primary targets were Internet servers. While it could infect a home PC, its real purpose was to bring Internet traffic to a crawl. It could travel through the Internet using multiple methods, including e-mail. This helped spread the virus across multiple servers in record time.


Removal of Nimda Virus


The Nimda worm created a backdoor into the victim's operating system. It allowed the person behind the attack to access the same level of functions as whatever account was logged into the machine currently. In other words, if a user with limited privileges activated the worm on a computer, the attacker would also have limited access to the computer's functions. On the other hand, if the victim was the administrator for the machine, the attacker would have full control.

The spread of the Nimda virus caused some network systems to crash as more of the system's resources became fodder for the worm. In effect, the Nimda worm became a distributed denial of service (DDoS) attack.

6. SQL Slammer/Sapphire


The Slammer virus hit South Korea hard, cutting it off from the Internet and leaving Internet cafes like this one relatively empty.

­In late January 2003, a new Web server virus spread across the Internet. Many computer networks were unprepared for the attack, and as a result the virus brought down several important systems. The Bank of America's ATM service crashed, the city of Seattle suffered outages in 911 service and Continental Airlines had to cancel several flights due to electronic ticketing and check-in errors.

The culprit was the SQL Slammer virus, also known as Sapphire. By some estimates, the virus caused more than $1 billion in damages before patches and antivirus software caught up to the problem. The progress of Slammer's attack is well documented. Only a few minutes after infecting its first Internet server, the Slammer virus was doubling its number of victims every few seconds. Fifteen minutes after its first attack, the Slammer virus infected nearly half of the servers that act as the pillars of the Internet .


7. MyDoom

The MyDoom virus inspired politicians like U.S. Senator Chuck Schumer to propose a National Virus Response Center.

The MyDoom (or Novarg) virus is another worm that can create a backdoor in the victim computer's operating system. The original MyDoom virus have several variants had two triggers. One trigger caused the virus to begin a denial of service (DoS) attack starting Feb. 1, 2004. The second trigger commanded the virus to stop distributing itself on Feb. 12, 2004. Even after the virus stopped spreading, the backdoors created during the initial infections remained active.

Later that year, a second outbreak of the MyDoom virus gave several search engine companies grief. Like other viruses, MyDoom searched victim computers for e-mail addresses as part of its replication process. But it would also send a search request to a search engine and use e-mail addresses found in the search results. Eventually, search engines like Google began to receive millions of search requests from corrupted computers. These attacks slowed down search engine services and even caused some to crash.

MyDoom spread through e-mail and peer-to-peer (P-P) networks. According to the security firm MessageLabs, one in every 12 e-mail messages carried the virus at one time. MyDoom could spoof e-mails so that it became very difficult to track the source of the infection.


8. Sasser and Netsky

Sometimes computer virus programmers escape detection. But once in a while, authorities find a way to track a virus back to its origin. Such was the case with the Sasser and Netsky viruses. A 17-year-old German named Sven Jaschan created the two programs and unleashed them onto the Internet. While the two worms behaved in different ways, similarities in the code led security experts to believe they both were the work of the same person.

The Sasser worm attacked computers through a Microsoft Windows vulnerability. Unlike other worms, it didn't spread through e-mail. Instead, once the virus infected a computer, it looked for other vulnerable systems. It contacted those systems and instructed them to download the virus. The virus would scan random IP addresses to find potential victims. The virus also altered the victim's operating system in a way that made it difficult to shut down the computer without cutting off power to the system.

The Netsky virus moves through e-mails and Windows networks. It spoofs e-mail addresses and propagates through a 22,016-byte file attachment. As it spreads, it can cause a denial of service (DoS) attack as systems collapse while trying to handle all the Internet traffic. At one time, security experts at Sophos believed Netsky and its variants accounted for 25 percent of all computer viruses on the Internet.


Image of Sven Jaschan


Sven Jaschan spent no time in jail; he received a sentence of one year and nine months of probation. Because he was under 18 at the time of his arrest, he avoided being tried as an adult in German courts.



9. Leap-A/Oompa-A

This virus attacks Macs than ordinary PCs. Mac computers are partially protected from virus attacks because of a concept called security through obscurity. Apple has a reputation for keeping its operating system (OS) and hardware a closed system -- Apple produces both the hardware and the software. This keeps the OS obscure. Traditionally, Macs have been a distant second to PCs in the home computer market. A hacker who creates a virus for the Mac won't hit as many victims as he or she would with a virus for PCs.

In 2006, the Leap-A virus, also known as Oompa-A, debuted. It uses the iChat instant messaging program to propagate across vulnerable Mac computers. After the virus infects a Mac, it searches through the iChat contacts and sends a message to each person on the list. The message contains a corrupted file that appears to be an innocent JPEG image.

A Screen Shot of Leap-A virus


The Leap-A virus doesn't cause much harm to computers, but it does show that even a Mac computer can fall prey to malicious software. As Mac computers become more popular, we'll probably see more hackers create customized viruses that could damage files on the computer or snarl network traffic.

10. Storm Worm


The latest virus on our list is the dreaded Storm Worm. It was late 2006 the computer security experts first identified the worm. The public began to call the virus the Storm Worm because one of the e-mail messages carrying the virus had as its subject "230 dead as storm batters Europe." Antivirus companies call the worm other names. For example, Symantec calls it Peacomm while McAfee refers to it as Nuwar. This might sound confusing, but there's already a 2001 virus called the W32. Storm.Worm. The 2001 virus and the 2006 worm are completely different programs.



A Screen shot of Storm Worm


The Storm Worm is a Trojan horse program. Its payload is another program, though not always the same one. Some versions of the Storm Worm turn computers into zombies or bots. As computers become infected, they become vulnerable to remote control by the person behind the attack. Some hackers use the Storm Worm to create a botnet and use it to send spam mail across the Internet.

Many versions of the Storm Worm fool the victim into downloading the application through fake links to news stories or videos. The people behind the attacks will often change the subject of the e-mail to reflect current events. For example, just before the 2008 Olympics in Beijing, a new version of the worm appeared in e-mails with subjects like "a new deadly catastrophe in China" or "China's most deadly earthquake." The e-mail claimed to link to video and news stories related to the subject, but in reality clicking on the link activated a download of the worm to the victim's computer.

Several news agencies and blogs named the Storm Worm one of the worst virus attacks in years. By July 2007, an official with the security company Postini claimed that the firm detected more than 200 million e-mails carrying links to the Storm Worm during an attack that spanned several days. Fortunately, not every e-mail led to someone downloading the worm.

Although the Storm Worm is widespread, it's not the most difficult virus to detect or remove from a computer system. If you keep your antivirus software up to date and remember to use caution when you receive e-mails from unfamiliar people or see strange links, you'll save yourself some major headaches.




2 comments: