11 Viruses that You Should Watch out For
The term virus is used to refer to malicious software that is able to auto run and replicate. On the other hand we have the worms, many fall into the category of viruses, which differ from those that do not require the user to spread them but uses media such as P2P, instant messaging or e-mail
Worms and Viruses Come in a variety of 'species'
1. 'I LOVE YOU "
What would you do if you received an email from an acquaintance with a title as flashy as "I love you"? You probably would lack time to open. Took advantage of this knowledge in their day ILOVEYOU, a simple worm written in VBScript that wreaked havoc in May 2000.
The way of functioning of this worm was fairly simple and unsophisticated, although it was very clever use of social engineering. The user received an email that seemed to come from an acquaintance and was titled ILOVEYOU (I love), along with an attachment as a vbs script (LOVE-LETTER-FOR-YOU.TXT.vbs) and an announcement was the user to read your love letter attached. When you run the script, the worm spreads by sending to all contacts of the user's address book, masquerading as this.
Furthermore, the worm installs a Trojan and destroyed all the files doc extension, vbs, vbe, js, jse, css, wsh, sct, hta, jpg and jpeg on infected computers, replaced by a copy of the script. Also concealed mp3 and mp2 files (which considered not delete the music ...)
In just over a week this worm, which came to affect the Pentagon, the CIA and the British parliament, won 50 million machines infected, causing losses estimated at 5,500 million dollars.
The author, a filipino nick "spyder" went unpunished, the Philippines have not legislate laws that computer crime at the time.
2. MELISSA "" I'm Changing. "
In 1999, Mazon "Melissa" virus was able to set a new record infecting more than 100,000 machines in just 3 days, and causing an unimaginable amount of network traffic as it spread.
Melissa was a macro-type virus, ie, a virus whose source code is in the macro in a document, such as the doc for Microsoft Word or Microsoft Excel xls. Specifically, in the case of Melissa, the macro was within a Word document that promised to contain passwords for dozens of sites erotic payment document which began shipping through alt.sex newsgroup and that spreads by sending to the 50 first contacts of the infected address book. In addition, infected the default document template for Word, Normal.dot, so that any file created using this template also contained the macro virus code.
3. BLASTER-"your computer is delicious"
The Blaster worm, also known as Lovsan, delighted the computer technical services in 2003, when hundreds of thousands of people found that their PC is turned off only a few seconds of starting.
Blaster took advantage of a vulnerability in the RPC DCOM service of Windows, and was intended to launch a DDoS attack against the Windows Update website on a particular date, but did not achieve the expected effects due to programming errors.
Days after the release of Blaster, another worm was detected, named Welchia, with seemingly benevolent intentions, and he used the same vulnerability to spread, remove Blaster, and install updates to prevent re-infection.
4. SASSER, "altering the human time"
Sasser (2004), such as Blaster, took advantage of a vulnerability in Windows to spread, particularly in the LSASS (Subsystem Local Security Authority), which takes its name. Also as Blaster, and because the worm caused a buffer overflow in the LSASS executable, the system was turned off shortly after the start time.
Sasser infected systems, hospitals, universities, banks, airlines, news agencies ... which led to canceled flights, closed businesses for days, and had to move patients from one hospital to another.
5. CORE WAR-"Let's play a game?"
It was in 1959 when engineers at AT & T Bell H. Mellory Douglas, Robert Morris, Victor Vysottsky and Ken Thompson, created a game something strange called "core wars".
Everyone would say, mmm ... just a game. Why, it is very dangerous, because the truth chequen was playing the game and take the memory of the opponent (in those days did not arrive or the megabyte). The first to do it, won the game, while the other, lost his memory ram.
6. Conficker-"no updates, no restorations, no downloads"
Conficker, first detected just two years ago (November 2008), whose latest variants are still among us, is the last major malware that users had to endure. As Nimda, also picked up a huge network of bots through different means of propagation used: it exploits a buffer overflow vulnerability in Windows Server service, infected removable devices such as pen drives, and infected computers unprotected shares, or weak passwords.
Furthermore, this worm was particularly difficult to eradicate, and that disabled Windows automatic updates and antivirus updates installed, blocking access to the website of antivirus manufacturers and eliminated the system restore points.
7. SOBER-"to a more effective attack, disarm your enemy"
A couple of months after it appeared the network Blaster faced with a threat far more dangerous and disturbing: the Sober worm and its dozens of variants, some of which reached 2005. The worst variants of this worm was designed to disable firewall and antivirus user, collect email addresses to send spam, and use the infected machines into botnets.
8. "CREEPER" - "I'ma creeper ... catch me if you can! "
Creeper (vine) is the name given to the first virus known to have been written in 1971 by Bob Thomas, long before Fred Cohen coined the term for this type of program in 1983.
Written for the Tenex operating system, Creeper is propagated through the nodes of the ARPANET displaying the message "I'm the creeper, catch me if you can!" On infected machines .
Soon after, some good Samaritan anonymous created by Reaper (mower), another virus that spread through the network by eliminating Creeper from infected machines. Reaper can consider, therefore, as the first "virus" of history.
9. BRAIN "has not yet been infected."
With MS-DOS virus "Brain", 1986, the virus became more sophisticated.This virus, which is considered as the first IBM PC compatible virus in history, and it infected the boot sector of the disks, trying to hide their presence by intercepting all system calls that were used to detect the virus, causing them to return values suggesting that the system had not been infected.
10. NIMDA-"I come from behind"
In September 2001 the worm "Nimda" (admin read backwards) led the public to levels of paranoia never previously achieved by a computer virus. This contributed to part of his character especially virulent, the absurd rumor that could be an attack by Al Qaeda.
Nimda worm managed to become the most widespread network in minutes, and nearly half a million infected machines only during the first 12 hours.This was due to the 5 methods of infection used:
Readme.exe file sent emails to the user's address book, and all email addresses found in the browser cache.
Using a buffer overflow vulnerability, infected web servers using Microsoft IIS
Shares used the network in which the infected machine is found
Also took advantage of backdoors created by infection of the worms Code Red II and Sadmind.
11. MORRIS-"I follow the footsteps of my father"
a small worm that stole usurped or RAM memory, slowly leaving the machine, and within hours, he reached the corner of NASA. Here its creator Robert Morris Jr. was the son of one of the creators of Core Wars.
He was sentenced to 3 years probation, paid a fine of 10,000 dollars and gave social service and 400 hours.