Top 10 Viruses that are really brutal Author: Sri Nikhil Reddy
the top 10 virus that are really brutal
I'm here to introduce the top 10 weird and brutal viruses hope that will not attack to our pc (personal computer).
Here we go.,
I'm here to introduce the top 10 weird and brutal viruses hope that will not attack to our pc (personal computer).
Here we go.,
1. MY DOOM :
Mydoom, also known as W32.MyDoom@mm, Novarg, Mimail.R and "'Shimgapi'", is a computer worm affecting Microsoft windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever (as of January 2004), exceeding previous records set by the SObig worm and ILOVEYOU, a record which as of 2017 has yet to be surpassed.
Mydoom appears to have been commissioned by e-mail spammers so as to send junk e-mail through infected computers. The worm contains the text message "andy; I'm just doing my job, nothing personal, sorry," leading many to believe that the worm's creator was paid. Early on, several security firms expressed their belief that the worm originated from a programmer in Russia.The actual author of the worm is unknown.
Speculative early coverage held that the sole purpose of the worm was to perpetrate a distributed denial service attack against SCO group. 25 percent of Mydoom .A-infected hosts targeted www.sco.com with a flood of traffic. Trade press conjecture, spurred on by SCO Group's own claims, held that this meant the worm was created by a Linux or open source supporter in retaliation for SCO Group's controversial legal actions and public statements against Linux. This theory was rejected immediately by security researchers. Since then, it has been likewise rejected by law enforcement agents investigating the virus, who attribute it to organized online crime gangs.
Initial analysis of Mydoom suggested that it was a variant of the MImail worm—hence the alternate name Mimail.R—prompting speculation that the same people were responsible for both worms. Later analyses were less conclusive as to the link between the two worms.
Mydoom was named by Craig Schmugar, an employee of computer security firm McAfee and one of the earliest discoverers of the worm. Schmugar chose the name after noticing the text "mydom" within a line of the program's code. He noted: "It was evident early on that this would be very big. I thought having 'doom' in the name would be appropriate."
Creator : UNKNOWN
Country : Russia (in records, originally unknown)
Spread on : 26th jan, 2004
Display on screen : "Andy, I'm just doing my job, nothing personal, sorry"
Entered through : E-mails
Reward offered to catch suspect : $ 250,000 by Microsoft
Damage : $ 38 billion
2. ILOVEYOU :
ILOVEYOU, sometimes referred to as Love Bug or Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after 5 May 2000 local time in the Philippines when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The latter file extension ('vbs', a type of interepted file) was most often hidden by default on Windows computers of the time (as it is an extensions for a file type that is known by Windows), leading unwitting users to think it was a normal text file. Opening the attachment activated the Visual basic script. The worm did damage on the local machine, overwriting random types of files (including Office files, image files, and audio files; however after overwriting MP3 files the virus would hide the file), and sent a copy of itself to all addresses in the Windows address book used by Microsoft Outlook. In contrast, the Melissa Virus only sent copies to the first 500 contacts. This made it spread much faster than any other previous email worm.
Creator : "Reonel Ramones" and "Onel de Guzman".
Country : Philippines
Spread on : 4th may , 2000
Display on screen : ILOVEYOU
Entered through : E-mail Attachment file
Reward offered to catch suspect : N/A
Damage : $ 15 billion
3. Code Red :
Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft IIS Web servers.
The Code Red worm was first discovered and researched by eEye Digital Security employees Marc maiffret and Ryan Permeh, the Code Red worm exploited a vulnerability discovered by Riley Hassell. They named it "Code Red" because Code red mountain Dewwas what they were drinking at the time.
Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000.
The worm showed a vulnerability in the growing software distributed with IIS, described in Microsoft Security Bulletin MS01-033, for which a patch had been available a month earlier.
The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated letter 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine with the worm. Kenneth D. Eichman was the first to discover how to block it, and was invited to the White House for his discovery.
The payload of the worm included:
- defacing the affected web site to display:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!
- Other activities based on day of the month:
- Days 1-19: Trying to spread itself by looking for more IIS servers on the Internet.
- Days 20–27: Launch denial of service attacks on several fixed IP addresses. The IP address of the White house web server was among those.
- Days 28-end of month: Sleeps, no active attacks.
When scanning for vulnerable machines, the worm did not test to see if the server running on a remote machine was running a vulnerable version of IIS, or even to see if it was running IIS at all. Apache access logs from this time frequently had entries such as these:
GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNN
%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801
%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3
%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
The worm's payload is the string following the last 'N'. Due to a buffer overflow, a vulnerable host interprets this string as computer instructions, propagating the worm.
Creator :
Country : Makati City , Philippines
Spread on : No information but noticed on 13th july 2001
Display on Screen : Welcome to https://www.worm.com !
Hacked by chinese
Entered through : No records
Reward offered to catch suspect : N/A
Damage : $ 2.6 billion
4. slammer worm or SQL worm :
SQL Slammer is a 2003 computer worm that caused a Denial of service on some Internet hosts and dramatically slowed down general Internet traffic. It spread rapidly, infecting most of its 75,000 victims within ten minutes.
The program exploited a buffer overflow bug in Microsoft's SQL server and Desktop engine database products. Although the MS02-039 patch had been released six months earlier, many organizations had not yet applied it.
Creator : UNKNOWN
Country : No records
Spread on : 25th January 2003
Display on Screen : N/A
Entered through : Web Server
Reward offered to catch suspect : N/A
Damage : $ One billion
5. Conficker :
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windowds Operating Systems that was first detected in November 2008. It uses flaws in Windows OS software and Dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 Welchia.
Creator : Unknown
Country : Unknown
Spread on : November 2008
Display on Screen : N/A
Entered Through : Web Servers
Reward offered to catch suspect : $ 250,000 by Microsoft
Damage : $ 9.1 billion
6. Storm worm (Nuwar) :
The Storm Worm (dubbed so by the Finnish company F-secure) is a backdoor trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007.The worm is also known as:
- Small.dam or Trojan-Downloader.Win32.Small.dam (F-Secure)
- CME-711 (MITRE)
- W32/Nuwar@MM and Downloader-BAI (specific variant) (McAfee)
- Troj/Dorf and Mal/Dorf (sophos)
- Trojan.DL.Tibs.Gen!Pac13
- Trojan.Downloader-647
- Trojan.Peacomm (Symantec)
- TROJ_SMALL.EDW (Trend micro)
- Win32/Nuwar (ESET)
- Win32/Nuwar.N@MM!CME-711 (Windows live one-care)
- W32/Zhelatin (F-secure and kaspersky)
- Trojan.Peed, Trojan.Tibs (Bitdefender)
The Storm Worm began attacking thousands of (mostly private) computers in Europe and the United states on Friday, January 19, 2007, using an e-mail message with a subject line about a recent weather disaster, "230 dead as storm batters Europe". During the weekend there were six subsequent waves of the attack. As of January 22, 2007, the Storm Worm accounted for 8% of all malware infections globally.
There is evidence, according to PCworld, that the Storm Worm was of Russian origin, possibly traceable to the Russian Business Network.
Creator : Unknown
Country : Russia
Spread on : 19th jan, 2007
Display on screen : "230 dead as storm batters Europe" and "Saddam Hussein Alive"
Entered Through : E-mail Spammed Messages
Reward offered to catch suspect : N/A
Damage : No Records
7. Nimda :
Nimda is a malicious file infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red.
The first released advisory about this thread (worm) was released on September 18, 2001.Due to the release date, exactly one week after the attacks on the world trade center and Pentagon, some media quickly began speculating a link between the virus and AL Qaeda, though this theory ended up proving unfounded.
Nimda affected both user workstations (clients) running Windows 95, 98,NT, 2000 or XP and servers running Windows NT and 2000.
The worm's name origin comes from the reversed spelling of "admin".
F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin.
Creator : Unknown
Country : No Records
Spread on : 18th sep , 2001
Display on screen : N/A
Entered through : E-mails, Web servers, Code Red-II , Network shares, IIS.
Reward offered to catch suspect : N/A
Damage : N/A
8. Zeus :
Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows. While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the browser keystroke logging and form grabbing. It is also used to install the crypto-locker Ransomware. Zeus is spread mainly through drive-by-downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United states Department of Transportation it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank Of America, NASA, Moster.com, ABC, Oracle, Play.com, Cisco, Amazon, and Business Week Similarly to Koobface, Zeus has also been used to trick victims of Tech supportr scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.
Creator : No Records
Country : Eastern Europe
Spread on : March 2009
Display on screen : N/A
Entered through : E-mails
Reward offered to catch the suspect : N/A
Damage : No Records
9. Sasser :
Sasser is a computer worm that affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000. Sasser spreads by exploiting the system through a vulnerable port. Thus it is particularly virulent in that it can spread without user intervention, but it is also easily stopped by a properly configured firewall or by downloading system updates from Windows update. The specific hole Sasser exploits is documented by Microsoft in its MS04-011 bulletin, for which a patch had been released seventeen days earlier.
Creator : Svan Jaschan (an 18-year old German computer science student)
Country : Germany
Spread on : No records but noticed on 12th April 2004
Display on screen : N/A
Entered through : Ports
Reward offered to catch suspect : $ 250,000 by Microsoft
Damage : Some billion dollars including the closing of 130 software companies due to loss.
10. Melissa :
The Melissa virus was a mass-mailing macro virus. As it was not a standalone program, it is not a worm.
Around March 26, 1999 Melissa was put in the wild by David L. Smith of Aberdeen Township, New jersy. (The virus itself was credited to Kwyjibo, who was shown to be macrovirus writers VicodinES and ALT-F11 by comparing MS Word documents with the same globally unique identifier—this method was also used to trace the virus back to Smith.) On December 10, 1999, Smith pleaded guilty to releasing the virus and was sentenced to 10 years in prison, serving 20 months. He was also fined US $5,000. The arrest was the result of a collaborative effort involving (amongst others) the FBI, the New Jersy state police, Monmouth Internet and a Swedish computer scientist. David L. Smith was accused of causing $80 million worth of damages by disrupting personal computers and computer networks in business and government.
Creator : David L. Smith
Country : New jersy
Spread on : March 1999
Display on screen : N/A
Entered Through : E-mail as "An important message from ...................... "
Reward offered to catch suspect : N/A
Damage : Some Million of dollars.
Comments
Post a Comment