English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)
In 1986 Brain is the first PC virus that has the characteristic of replicating itself to circulate widely. Brain virus is being distributed via the now obsolete 5.25 inches floppy diskettes and spreads upon reboot. It is also the first stealth virus since the infected floppy disk appears to be not infected by the virus.
CIH –Discovered June of 1998. The damage incurred was almost roughly around $80 million worldwide, destroying huge amounts of PC data. It infected Windows Operating system (95, 98 and Me) executable files and a memory resident viruses. It has the ability to overwrite data on infected PCs on a short period of time. Other known capability is preventing the BIOS of the host, preventing boot-up after reboot. CIH is also called the Chernobyl virus since the trigger date of some of the strains coincides with the anniversary of the nuclear reactor accident.
MELISSA – Unleashed 1999. It was the front page news worldwide. The word macro script infected around 20% of all PCs, causing $300 million to $600 million damage. It spread exponential that Microsoft and Intel and other company that uses outlook had to shut down their email system to contain the virus. Melisa used the loophole in outlook to e-mail itself to 50 names in the outlook contact list. The famous line inside the email is “Here is that document you’ve ask for…… don’t show anyone else” and had the word attached in which the macro code mellissa hides. Upon opening the doc files let Melissa infect the host and replicate itself futher.
ILOVEYOU – It is also known as love bug virus. The author of the virus came from the Philippines. It was believe that love bug was a thesis that has been rejected since it contains malicious codes. However, it still managed to go out wild. Love bug was first detected in Hongkong on May 3, 2000. Transmission of the virus is thru email with subject Love-letter-for-you TXT.vbs a visual basic script file. Once opened, the virus will mail itself to all outlook contacts. It also has the ability to overwrite music, image, and other files. It also search for user ID and password and send them to the author. The estimate damage is roughly $15 billion. Interestingly, during that time Philippines had no laws against virus writing and the author was not charge of any crime.
CODE RED is also known as buddy. It is a virus that spreads over the network server or the Internet. It was released on networks servers on July 13, 2001. It targeted computer running Microsoft Internet Information Server (IIS) exploiting a vulnerability in which ironically Microsoft issued a patch in middle of June. It was designed for maximum damage and believed to damage an estimate of $3 billion and infected million of computer worldwide including 300,00 servers and the computers at the white house. Code red has the ability to lunch denial of services.
SQL SLAMMER – Launched on January 25, 2003 also known as sapphire it was a single packet 376 byte worm that specifically targeted Servers. It generates random IP addresses and sends itself to the generated IPs. If the computer is running a not patched Microsoft SQL server Desktop Engine, the computer would the begin firing off slammer to random IP addresses as well – seeing an exponential growth. Outrageous high amount of traffic overload routers across the globe. It hits 75,000 pc in 10 minutes doubling every 10 seconds. It carries no payloads but overloading the servers would also mean slowing the internet. Fortunately it erupted on Saturday thus dollar damage is a little bit small.
BLASTER WORM – It hits the net on August and spread rapidly peaking in just two days. Transmitted via network and Internet traffic, it exploited vulnerability in Win 2000 and XP and when activated it will inform the user with a dialog box indicating that shutdown is very eminent. Lovsan or MSBlast has the ability to launch distributed denial of service attack on windows update. It infected hundreds and thousands of PC and the estimated damage is roughly $10 billion.
SOBIG.F Sobigs worm most destructive variant was SOBIG.F which spread so rapidly on August 19 that set a record generating more than a million copies in its first 24 hours. It infected host computers via innocuously named e-mail attachments and transmitted itself to e-mail addresses discovered on the local file types, generating massive amounts of Internet traffic. On September 10, 2003, after doing $10 billion in damage and infecting more than a millions PC worldwide Sobig deactivated itself. Microsoft has put a $250,000 bounty for the identity of the Sobig.Fs author but to date the perpetrator.
BAGLE – a classic but sophisticated worm, made its debut on January 18, 2004. It infected PCs via an email attachment, then scoured windows files for e-mail address it could use to replicate itself.
The real danger of Bagle aka beagle and its 100 variants is that, when they infect a PC, they open a back door to a TCP port that can be used by remote users and application to access data on the infected system. The worm credited with starting the malware-for-profit movement among hackers, who before the groundbreaking worm, typically were motivated by notoriety. The beagle B variant was designed to stop the spreading after January 28, 2004 but numerous other variants continue to plague users to this day. In all, it has racked up tens of millions of dollars damages.
MYDOOM – For a few hours on January 26, 2004 the mydoom shock wave could be felt as this worm spread at an unprecedented rate across the internet via e-mail. The worm is also known as Norvarg, spread in a particularly devious manner as attachment in what appeared to be an e-mail error message containing the text “Mail Transaction Failed”. Clicking on the attachment spam the worm to e-mail address found in the address books. My-Doom also attempted to spread via the shared folders of users Kazaa peer-to-peer networking accounts. At its peak, MyDoom slowed global internet performance by nearly 10% and web load times by as much as 50%. Experts speculated that one of 10 messages sent during the first hours of infection contained the worm. MyDoom was programmed to stop spreading after February 12, 2004.
SASSER – Sasser began spreading on April 10, 2004 and was destructive enough to shut down satellite communications for some French news agencies and force the cancellation of several Delta airlines flights and the shutdown of some business systems. The worm exploited a security flaw in a no updated Windows 2000 and XP systems and would actively scan for other unprotected systems and transmit itself to them. The infected system experienced repeated crashes and instability, leading to tens of millions of dollars in damage. Sasser was written by a 17 year old German high school student who released it on his 18th birthday. Because he wrote the code when he was still a minor, he was found guilty of computer sabotage but given a suspended sentence.
CONFICKER- Conficker is one of the most advance worm ever written. It its the most infectious malware ever written. It infected millions of computer worldwide. According to F-Secure the estimate number of infected computers are roughly around 10 million. It attacked vulnerability in Microsoft Service Service. The infected would be under the control of the attacker via remote control software. It has the ability to steal passwords too via brute force attack methods. Its spreads via thumb drives and shared network folders. Microsoft applied a patch to dodge the worm. Administrators are also given some guidance on how to stop the worm from spreading.
No comments:
Post a Comment