Table of Contents
The Anna Kournikovaworm
The Melissa computer virus was released in 1999.
The Storm Worm is a malicious computer virus that has been known to spread through email messages.
A ransomware virus that locks files until a ransom is paid.
The Anna Kournikovaworm
Anna Kournikova (named “Vbs. OnTheFly created by OnTheFly was a computer trojan written by Jan de Wit (20 years old) who claimed to be ‘OnTheFly.’ It was released on February 11, 2001. It was designed for email users to open a mail message pretending to contain a picture claiming it contained a malicious software. The worm arrives in an email with the subject line “Here you have, ;0)” and an attached file called AnnaKournikova.jpg.vbs. This file is not displayed under Microsoft Windows. It launches a virus Visual Basic Script, which forwards itself automatically to everyone in the victim’s Microsoft Outlook address list.
ILOVEYOU, sometimes referred to as Love Bug or Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after 5 May 2000 local time in the Philippines when it started spreading as an email message with the subject line “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.txt.vbs”. The file extension “vbs”, a type de interpreted file, was often hidden by default Windows computers. Because it is an extensions of a file that Windows recognizes, it led unwitting users believing it was normal text. Visual Basic was activated when the attachment was opened. The worm caused widespread damage to the local computer, including overwriting various types of files (including Office file files; however, the virus would hide MP3 files after overwriting them). It also sent a copy of its self to all addresses listed in Microsoft’s Windows Address Book.
David L. Smith, Aberdeen Township, New Jersey, introduced the Melissa virus to the wild on March 26, 1999.  Kwyjibo credited the virus. Kwyjibo proved to be macro-virus writers VicodinES & ALT-F11 when he compared MS Word documents with the identical globally unique identifier. This also helped Smith trace the virus to Smith. Smith pleaded guilty on December 10, 1999 to the release of the virus. He was sentenced to 10 year imprisonment and 20 months probation. He was also given a US $5,000 fine. The FBI, Monmouth Internet Security, Monmouth State Police, Monmouth Internet as well as a Swedish computer scientist were part of the collaborative effort that led to Smith’s arrest. David L. Smith, who was accused of causing $80,000,000 in damages by interfering with personal computers and the networks of government and businesses computer systems, was arrested.
Netsky, a computer worm that targets Microsoft Windows operating platforms, is a very prolific family. On Monday, February 16, 2004, the first variant was discovered. The first variant of the family, “B”, was released into mass distribution. It first appeared Wednesday, February 18, 2004. Sven Jaschan, an 18-year old German, admitted to writing these worms and others, including Sasser. Even though individual functions can vary greatly from virus-to-virus, the Netsky clan is best known for the comments in the code of its variants. These comments insult the authors of Mydoom and Bagle worm families, and sometimes routines that remove these viruses. Variant viruses were produced in these families in steady rises due to the so-called “war” in media.
Bagle had around 28, Netsky was 29 and MyDoom was 10. Netsky symptoms included the ability to make beeping noises on certain dates, often in the early morning hours. The worm arrived in an e mail and encouraged recipients to open an attached file. Once the attachment was opened, it would scan your computer for e mail addresses and send e-mail to any addresses found. The P variant of the virus was the most common virus sent via e-mail worldwide, even though it was more than two and a quarter years old. In November 2006, a Stration variant of the virus overtook it.
The Storm Worm is a malicious computer virus that spreads through email attachments and links. It has the ability to take control of computers, steal data, and spread itself to other devices.
F-Secure has given Storm Worm its name. It is a backdoor Trojan Horse that attacks Microsoft-operating systems. It was found on January 17, 2007. Storm Worm began attacking thousands (mostly private) computers across Europe and the United States Friday, January 19, 2007 by sending an e mail message with the subject “230 dead in storm batters Europe”. Six more waves of attacks occurred over the weekend. According to PCWorld, the Storm Worm was responsible in 8% of all malware-related infections worldwide as of January 22, 2007. According to PCWorld the Storm Worm could have originated in Russia and was possibly linked to the Russian Business Network Worm.
ChernobylCIH is also known as Space filler or Chernobyl. It is a Microsoft Windows 9x computer infection that first appeared in 1998. Its malicious payload is very destructive to vulnerable computers, overwriting vital information on infected systems drives and sometimes destroying the BIOS. Chen Inghau, pinyin Chen Yinghao), a Taiwanese student, was the one who created the virus. 8tory’s founder and chief executive officer is he now. Worldwide, 60 million computers were thought to have been infected with the virus. The virus caused $1 billion in economic damages. Chen claimed that he created the virus in an attempt to counter bold claims made by antivirus program developers about their antiviral efficiency. Chen stated that he had written the virus after it was spread to Tatung University via his classmates. A public version of the antivirus program was made available by Weng Shu-hao, who is a Tamkang University undergraduate. Chen was not brought to trial by Taiwaneseprosecutors because there were no victims.
These events lead to Taiwan having new legislation on computer crimes. The term “Chernobyl Virus” is a name that was used to describe the complete coincidence of two dates: the virus’ payload trigger date (actually 1998, when the virus was created) and the Chernobyl accident, which occurred in 1986 in the Soviet Union. Space filler was named because viruses usually write their code at the end of infected files. However, CIH scans for gaps in existing code and then creates its own code. This does NOT increase file size and aids the virus in avoiding detection.
ZeusZeus, a Trojan horse designed to infect Windows computers and perform criminal tasks, is called ZeusZeus. These tasks include form grabbing and man-in-the browser keylogging. Most computers were infected by drive-by downloadings or phishing scams. The botnet was first detected in 2009, and it compromised thousands of FTP account and computers of multinational banks like Amazon, Oracle, Bank of America and Cisco. Zeus botnet administrators used it for stealing login credentials to social network, banking and email accounts.
There were 25% of infected computers in the US. The whole operation was complex and involved money mules from all over the world who smuggled cash to Eastern Europe’s ringleaders. The ring contained approximately $70million in stolen funds. The operation saw 100 arrests. Many experts believe that the retirement announcement by Zeus’ creator in 2010 was false.
Mydoom Surfacing became a worm to Windows in 2004. This worm was one of the most widely spread email worms since ILOVEYOU. It is believed that the creator is anonymous and that he was paid for creating it. The text message contains the words “Andy,” which is McAfee employee Craig Schmugar. He was also the one who discovered it. Mydom was a text line in the program’s software (my domain). I sensed that this would make it big so I added doom’.
It spreads itself through email transmission errors and includes an attachment. Once it is executed, it sends itself to all email addresses in the user’s address list and copies itself into any P2P folder to spread itself throughout that network. It opens a backdoor that allows remote access, and then it launches a denial-of-service attack against the controversial SCO Group. The worm was thought to have been created in conflict over the ownership of a Linux code. It caused damages of approximately $38.5 million and is still active in one form or another.
Code RedCode Red appeared for the first time in 2001. Two eEye Digital Security employees discovered it. The worm was named Code Red as the two code-red Mountain Dew drinkers at the time it was discovered. The worm was able to exploit a buffer overflow issue in Microsoft IIS web servers. It can run entirely on memory and leaves little behind. The file is only 3,569 bytes in size. It can make up to 100 copies of its self once infected. But, because of a bug in the software, it can duplicate even more, consuming lots of system resources.
It will launch a denial-of-service attack against several IP addresses, most notably the White House website.
It also grants remote access via backdoor to the server. It leaves behind the message “Hacked By Chinese!” on affected pages. This has become a popular meme. The patch was released later and was estimated to have caused lost productivity of $2 billion. It was estimated that 1-2 million servers were affected. This is incredible considering there were 6,000,000 IIS servers then.
Crypto Locker is a malicious software that encrypts files on a computer, making them inaccessible until a ransom is paid.
Crypto Locker malware is Trojan horse ransomware and it targets Windows-based computers. It can spread itself using email. Once it is installed on a computer, Crypto Locker will encrypt files on that hard drive as well any mounted storage. The malware can be removed easily, but files will not be unencrypted. Only a ransom can unlock the files. The ransom will rise significantly if the deadline is missed. The ransom is usually $400 in bitcoin or prepaid cash.
The ransom operation ended when security agencies and law enforcement agencies were able to seize control of some of the botnets operating crypto Locker or Zeus. Evgeniy Bogdanov, the ringleader, was arrested and the encryption keys were given to the computers affected. Based on data collected during the raid, it was estimated that there were 500,000 infected computers. Additionally, 1.3% of ransom-paying criminals had been identified. This amounts to $3,000,000.