What is a Computer Virus?
A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious intent and prey on online users by tricking them.
One of the ideal methods by which viruses spread is through emails – opening the attachment in the email, visiting an infected website, clicking on an executable file, or viewing an infected advertisement can cause the virus to spread to your system. Besides that, infections also spread while connecting with already infected removable storage devices, such as USB drives.
It is quite easy and simple for the viruses to sneak into a computer by dodging the defense systems. A successful breach can cause serious issues for the user such as infecting other resources or system software, modifying or deleting key functions or applications and copy/delete or encrypt data.
There are two types of ways in viruses operate, as soon as they land on a new device they begin replicating, while the second type plays dead until a particular trigger makes the malicious code to be executed. Thereby, it is highly important to stay protected by installing a antivirus program.
Robert Thomas, an engineer at BBN Technologies developed the first known computer virus in the year 1971. The first virus was christened as the “Creeper” virus, and the experimental program carried out by Thomas infected mainframes on ARPANET. The teletype message displayed on the screens read, “I’m the creeper: Catch me if you can.”
But the original wild computer virus, probably the first one to be tracked down in the history of computer viruses was “Elk Cloner.” The Elk Cloner infected Apple II operating systems through floppy disks. The message displayed on infected Apple Computers was a humorous one. The virus was developed by Richard Skrenta, a teenager in the year 1982. Even though the computer viruses were designed as a prank, it also enlightened how a malicious program could be installed in a computer’s memory and stop users from removing the program.
It was Fred Cohen, who coined the term “computer virus” and it was after a year in 1983. The term came into being when he attempted to write an academic paper titled “Computer Viruses – Theory and Experiments” detailing about the malicious programs in his work.
1. Use a professional, email service such as Runbox. Subscription services provide higher levels of security and support.
2. Make sure that your Runbox virus filter is activated.
3. Use the Webmail interface at www.runbox.com to read your email, or don’t download all your email to an email client unseen. Screen your email first, and delete suspicious-looking and unwanted messages before downloading the legitimate email to your local email client.
4. Make sure your computer has updated anti-virus software running locally. Automatic updates are essential for effective virus protection. Combined with server-side scanning, you now have two layers of security.
5. Disable message preview in your email client, especially on Windows platforms. Otherwise, malicious programs attached to incoming messages may execute automatically and infect your computer.
6. Ignore or delete messages with attachments appearing to be sent from official Runbox email addresses. Runbox rarely sends email to our users, aside from replies to inquiries and payment reminders. We practically never send an email with attachments to users.
7. Take caution when opening graphics and media attachments, as viruses can be disguised as such files.
8. Maintain several independent email accounts. If a virus infects your only business email address, you’ll be in trouble. Also, keep backups of your most important email and files separately.
9. If any valid message headers of a virus-email indicate what server the message was sent from, contactthe service in question and file a formal complaint.
------------------------------------------------------------------------------------------------------------
#################################################################
-------------------------------------------------------------------------------------------------------------
It will then launch a denial of service attack on several IP address, famous among them the website of the White House. It also allows backdoor access to the server, allowing for remote access to the machine. The most memorable symptom is the message it leaves behind on affected web pages, "Hacked By Chinese!", which has become a meme itself. A patch was later released and it was estimate that it caused $2 billion in lost productivity. A total of 1-2 million servers were affected, which is amazing when you consider there were 6 million IIS servers at the time.
The History of Computer Virus:>
Robert Thomas, an engineer at BBN Technologies developed the first known computer virus in the year 1971. The first virus was christened as the “Creeper” virus, and the experimental program carried out by Thomas infected mainframes on ARPANET. The teletype message displayed on the screens read, “I’m the creeper: Catch me if you can.”
But the original wild computer virus, probably the first one to be tracked down in the history of computer viruses was “Elk Cloner.” The Elk Cloner infected Apple II operating systems through floppy disks. The message displayed on infected Apple Computers was a humorous one. The virus was developed by Richard Skrenta, a teenager in the year 1982. Even though the computer viruses were designed as a prank, it also enlightened how a malicious program could be installed in a computer’s memory and stop users from removing the program.
It was Fred Cohen, who coined the term “computer virus” and it was after a year in 1983. The term came into being when he attempted to write an academic paper titled “Computer Viruses – Theory and Experiments” detailing about the malicious programs in his work.
Types of Computer Viruses
A computer virus is one type of malware that inserts its virus code to multiply itself by altering the programs and applications. The computer gets infected through the replication of malicious code.
Computer viruses come in different forms to infect the system in different ways. Some of the most common viruses are
Boot Sector Virus – This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often requires the system to be formatted. Mostly it spreads through removable media.
Direct Action Virus – This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance.
Resident Virus – Unlike direct action viruses, resident viruses get installed on the computer. It is difficult to identify the virus and it is even difficult to remove a resident virus.
Multipartite Virus – This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.
Polymorphic Virus – These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses alters its signature pattern whenever it replicates.
Overwrite Virus – This type of virus deletes all the files that it infects. The only possible mechanism to remove is to delete the infected files and the end-user has to lose all the contents in it. Identifying the overwrite virus is difficult as it spreads through emails.
Spacefiller Virus – This is also called “Cavity Viruses”. This is called so as they fill up the empty spaces between the code and hence does not cause any damage to the file.
#File infectors:
Few file infector viruses come attached with program files, such as .com or .exe files. Some file infector viruses infect any program for which execution is requested, including .sys, .ovl, .prg, and .mnu files. Consequently, when the particular program is loaded, the virus is also loaded.
Few file infector viruses come attached with program files, such as .com or .exe files. Some file infector viruses infect any program for which execution is requested, including .sys, .ovl, .prg, and .mnu files. Consequently, when the particular program is loaded, the virus is also loaded.
Besides these, the other file infector viruses come as a completely included program or script sent in email attachments.
#Macro viruses:
As the name suggests, the macro viruses particularly target macro language commands in applications like Microsoft Word. The same is implied on other programs too.
As the name suggests, the macro viruses particularly target macro language commands in applications like Microsoft Word. The same is implied on other programs too.
In MS Word, the macros are keystrokes that are embedded in the documents or saved sequences for commands. The macro viruses are designed to add their malicious code to the genuine macro sequences in a Word file. However, as the years went by, Microsoft Word witnessed disabling of macros by default in more recent versions. Thus, the cybercriminals started to use social engineering schemes to target users. In the process, they trick the user and enable macros to launch the virus.
Since macro viruses are making a come back in the recent years, Microsoft quickly retaliated by adding a new feature in Office 2016. The feature enables security managers to selectively enable macro use. As a matter of fact, it can be enabled for trusted workflows and blocked if required across the organization.
#Overwrite Viruses:
Do’s#Overwrite Viruses:
The virus design purpose tends to vary and Overwrite Viruses are predominantly designed to destroy a file or application’s data. As the name says it all, the virus after attacking the computer starts overwriting files with its own code. Not to be taken lightly, these viruses are more capable of targeting specific files or applications or systematically overwrite all files on an infected device.
On the flipside, the overwrite virus is capable of installing a new code in the files or applications which programs them to spread the virus to additional files, applications, and systems.
#Polymorphic Viruses:
More and more cybercriminals are depending on the polymorphic virus. It is a malware type which has the ability to change or mutate its underlying code without changing its basic functions or features. This helps the virus on a computer or network to evade detection from many antimalware and threat detection products.
More and more cybercriminals are depending on the polymorphic virus. It is a malware type which has the ability to change or mutate its underlying code without changing its basic functions or features. This helps the virus on a computer or network to evade detection from many antimalware and threat detection products.
Since virus removal programs depend on identifying signatures of malware, these viruses are carefully designed to escape detection and identification. When a security software detects a polymorphic virus, the virus modifies itself thereby, it is no longer detectable using the previous signature.
#Resident Viruses:
The Resident virus implants itself in the memory of a computer. Basically, the original virus program is not required to infect new files or applications. Even when the original virus is deleted, the version stored in memory can be activated. This happens when the computer OS loads certain applications or functions. The resident viruses are troublesome due to the reason they can run unnoticed by antivirus and antimalware software by hiding in the system’s RAM.
The Resident virus implants itself in the memory of a computer. Basically, the original virus program is not required to infect new files or applications. Even when the original virus is deleted, the version stored in memory can be activated. This happens when the computer OS loads certain applications or functions. The resident viruses are troublesome due to the reason they can run unnoticed by antivirus and antimalware software by hiding in the system’s RAM.
#Rootkit Viruses:
The rootkit virus is a malware type which secretly installs an illegal rootkit on an infected system. This opens the door for attackers and gives them full control of the system. The attacker will be able to fundamentally modify or disable functions and programs. Like other sophisticated viruses, the rootkit virus is also created to bypass antivirus software. The latest versions of major antivirus and antimalware programs include rootkit scanning.
The rootkit virus is a malware type which secretly installs an illegal rootkit on an infected system. This opens the door for attackers and gives them full control of the system. The attacker will be able to fundamentally modify or disable functions and programs. Like other sophisticated viruses, the rootkit virus is also created to bypass antivirus software. The latest versions of major antivirus and antimalware programs include rootkit scanning.
#System or Boot-record Infectors:
The Boot-record Infectors infect executable code found in specific system areas on a disk. As the name implies, they attach to the USB thumb drives and DOS boot sector on diskettes or the Master Boot Record on hard disks. Boot viruses are no more common these days as the latest devices rely less on physical storage media.
How To Avoid Email Viruses And Worms
Here are some simple rules you can follow to avoid being infected by viruses through email.
Here are some simple rules you can follow to avoid being infected by viruses through email.
How To Be Safe From Email Viruses And Worms
Here are some simple rules you can follow to avoid being infected by viruses through email.
Here are some simple rules you can follow to avoid being infected by viruses through email.
1. Use a professional, email service such as Runbox. Subscription services provide higher levels of security and support.
2. Make sure that your Runbox virus filter is activated.
3. Use the Webmail interface at www.runbox.com to read your email, or don’t download all your email to an email client unseen. Screen your email first, and delete suspicious-looking and unwanted messages before downloading the legitimate email to your local email client.
4. Make sure your computer has updated anti-virus software running locally. Automatic updates are essential for effective virus protection. Combined with server-side scanning, you now have two layers of security.
5. Disable message preview in your email client, especially on Windows platforms. Otherwise, malicious programs attached to incoming messages may execute automatically and infect your computer.
6. Ignore or delete messages with attachments appearing to be sent from official Runbox email addresses. Runbox rarely sends email to our users, aside from replies to inquiries and payment reminders. We practically never send an email with attachments to users.
7. Take caution when opening graphics and media attachments, as viruses can be disguised as such files.
8. Maintain several independent email accounts. If a virus infects your only business email address, you’ll be in trouble. Also, keep backups of your most important email and files separately.
9. If any valid message headers of a virus-email indicate what server the message was sent from, contactthe service in question and file a formal complaint.
Don’ts
1. Do not open an email attachment unless you were expecting it and know whom it’s from.
2. Do not open any unsolicited executable files, documents, spreadsheets, etc.
3. Avoid downloading executable or documents from the internet, as these are often used to spread viruses.
4. Never open files with a double file extension, e.g. filename.txt.vbs. This is a typical sign of a virus program.
5. Do not send or forward any files that you haven’t virus-checked first.
6. Viruses and spam
7. Virus-makers and spammers often cooperate in devious schemes to send as much spam as possible as efficiently as possible. They create viruses that infect vulnerable computers around the world and turn them into spam-generating “robots”. The infected computers then send massive amounts of spam, unbeknownst to the computer owner.
1. Do not open an email attachment unless you were expecting it and know whom it’s from.
2. Do not open any unsolicited executable files, documents, spreadsheets, etc.
3. Avoid downloading executable or documents from the internet, as these are often used to spread viruses.
4. Never open files with a double file extension, e.g. filename.txt.vbs. This is a typical sign of a virus program.
5. Do not send or forward any files that you haven’t virus-checked first.
6. Viruses and spam
7. Virus-makers and spammers often cooperate in devious schemes to send as much spam as possible as efficiently as possible. They create viruses that infect vulnerable computers around the world and turn them into spam-generating “robots”. The infected computers then send massive amounts of spam, unbeknownst to the computer owner.
Such virus-generated email is often forged to appear to be sent from legitimate addresses collected from address books on infected computers. The viruses also use such data, combined with lists of common (user) names, to send spam to huge numbers of recipients. Many of those messages will be returned as undeliverable, and arrive in innocent and unknowing email users’ Inboxes. If this happens to you, use the trainable spam filter to catch those messages.
How To Get Rid Of Computer Virus
Never the neglect to take action on a computer virus residing in your system. There are chances that you might end up losing important files, programs, and folders. In some cases, the virus damages the system hardware too. Thereby, it becomes mandatory to have an effective anti-virus software installed on your computer to steer clear of all such threats.
Signs of Virus Infection
It is vital for any computer user to be aware of these warning signs –
• Slower system performance
• Pop-ups bombarding the screen
• Programs running on their own
• Files multiplying/duplicating on their own
• New files or programs in the computer
• Files, folders or programs getting deleted or corrupted
• The sound of a hard drive
• Pop-ups bombarding the screen
• Programs running on their own
• Files multiplying/duplicating on their own
• New files or programs in the computer
• Files, folders or programs getting deleted or corrupted
• The sound of a hard drive
If you come across any of these above-mentioned signs then there are chances that your computer is infected by a virus or malware. Not to delay, immediately stop all the commands and download an antivirus software. If you are unsure what to do, get the assistance of an authorized computer personnel. If you are confident enough, start investigating on your own by following the below mentioned step-by-step procedures.
#Safe Mode
Boot the system and press F8 for Advanced Boot Options menu. Select Safe Mode with Networking and press Enter. You might need to keep repeatedly pressing to get on to the screen.
Boot the system and press F8 for Advanced Boot Options menu. Select Safe Mode with Networking and press Enter. You might need to keep repeatedly pressing to get on to the screen.
Working on the Safe Mode helps handle nefarious files as they’re not actually running or active. Last but not the least the internet spreads the infection, so remove the connection.
#Delete Temporary Files
In order to free the disk space, delete temporary files before starting to run the virus scan. This approach helps speed up the virus scanning process. The Disk Cleanup tool helps in deleting your temporary files on the computer.
In order to free the disk space, delete temporary files before starting to run the virus scan. This approach helps speed up the virus scanning process. The Disk Cleanup tool helps in deleting your temporary files on the computer.
Here is how you got to go about accomplishing it – Start menu then select All Programs, now you click on Accessories, System Tools, and then click Disk Cleanup.
#Download Virus/Malware Scanner
If you are under the impression that a virus scanner cleanups the bad stuff from your computer then sadly, that’s not true! It helps in eliminating standard infections and not sufficient to remove the latest harmful infections. The virus/malware scanner helps to narrow down on the issue, so, download it now. In order to better protect go for a real-time anti-virus program, since it automatically keeps checking in the background for viruses.
If you are under the impression that a virus scanner cleanups the bad stuff from your computer then sadly, that’s not true! It helps in eliminating standard infections and not sufficient to remove the latest harmful infections. The virus/malware scanner helps to narrow down on the issue, so, download it now. In order to better protect go for a real-time anti-virus program, since it automatically keeps checking in the background for viruses.
P.S: Don’t install more than one real-time anti-virus program. If you do so, your system will start to behave weirdly.
#Run a Virus/Malware Scan
Download the virus/malware scanner using the internet. Once you have finished downloading the virus scanner, disconnect it for security and safety reasons. After successful download complete the installation procedures of the Virus/Malware scanner, then start running your on-demand scanner first and thereafter run your real-time scanner.
Download the virus/malware scanner using the internet. Once you have finished downloading the virus scanner, disconnect it for security and safety reasons. After successful download complete the installation procedures of the Virus/Malware scanner, then start running your on-demand scanner first and thereafter run your real-time scanner.
The reason for running both is that one of them will effectively eliminate your computer virus or malware.
#Reinstall the Software or Damaged Files
Once the virus removal from your computer is complete, go ahead and reinstall the files and programs that were damaged by the virus or malware. Make use of the backups for re-installation.
Once the virus removal from your computer is complete, go ahead and reinstall the files and programs that were damaged by the virus or malware. Make use of the backups for re-installation.
In simple, do the backups regularly and stay protected.
------------------------------------------------------------------------------------------------------------
#################################################################
-------------------------------------------------------------------------------------------------------------
top 10 worst computer viruses in history
1> I LOVE YOU
The ILOVEYOU virus is considered one of the most virulent computer virus ever created and it’s not hard to see why. The virus managed to wreck havoc on computer systems all over the world, causing damages totaling in at an estimateof $10 billion. 10% of the world’s Internet-connected computers were believed to have been infected. It was so bad that governments and large corporations took their mailing system offline to prevent infection.
The virus was created by two Filipino programers, Reonel Ramones and Onel de Guzman. What it did was use social engineering to get people to click on the attachment; in this case, a love confession. The attachment was actually a script that poses as a TXT file, due to Windows at the time hiding the actual extension of the file. Once clicked, it will send itself to everyone in the user’s mailing list and proceed to overwrite files with itself, making the computer unbootable. The two were never charged, as there were no laws about malware. This led to the enactment of the E-Commerce Law to address the problem.
2>CODE RED
Code Red first surfaced on 2001 and was discovered by two eEye Digital Security employees. It was named Code Red because the the pair were drinking Code Red Mountain Dew at the time of discovery. The worm targeted computers with Microsoft IIS web server installed, exploiting a buffer overflow problem in the system. It leaves very little trace on the hard disk as it is able to run entirely on memory, with a size of 3,569 bytes. Once infected, it will proceed to make a hundred copies of itself but due to a bug in the programming, it will duplicate even more and ends up eating a lot of the systems resources.
It will then launch a denial of service attack on several IP address, famous among them the website of the White House. It also allows backdoor access to the server, allowing for remote access to the machine. The most memorable symptom is the message it leaves behind on affected web pages, "Hacked By Chinese!", which has become a meme itself. A patch was later released and it was estimate that it caused $2 billion in lost productivity. A total of 1-2 million servers were affected, which is amazing when you consider there were 6 million IIS servers at the time.
3>MELISSA
Named after an exotic dancer from Florida, it was created by David L. Smith in 1999. It started as an infected Word document that was posted up on the alt.sex usenet group, claiming to be a list of passwords for pornographic sites. This got people curious and when it was downloaded and opened, it would trigger the macro inside and unleash its payload. The virus will mail itself to the top 50 people in the user’s email address book and this caused an increase of email traffic, disrupting the email services of governments and corporations. It also sometimes corrupted documents by inserting a Simpsons reference into them.
Smith was eventually caught when they traced the Word document to him. The file was uploaded using a stolen AOL account and with their help, law enforcement was able to arrest him less than a week since the outbreak began.He cooperated with the FBI in capturing other virus creators, famous among them the creator of the Anna Kournikova virus. For his cooperation, he served only 20 months and paid a fine of $5000 of his 10 year sentence. The virus reportedly caused $80 million in damages.
4>SASSER
A Windows worm first discovered in 2004, it was created by computer science student Sven Jaschan, who also created the Netsky worm. While the payload itself may be seen as simply annoying (it slows down and crashes the computer, while making it hard to reset without cutting the power), the effects were incredibly disruptive, with millions of computers being infected, and important, critical infrastructure affected. The worm took advantage of a buffer overflow vulnerability in Local Security Authority Subsystem Service (LSASS), which controls the security policy of local accounts causing crashes to the computer. It will also use the system resources to propagate itself to other machines through the Internet and infect others automatically.
The effects of the virus were widespread as while the exploit was already patched, many computers haven’t updated. This led to more than a million infections, taking out critical infrastructures, such as airlines, news agencies, public transportation, hospitals, public transport, etc. Overall, the damage was estimated to have cost $18 billion. Jaschen was tried as a minor and received a 21 month suspended sentence.
5>ZEUS
Zeus is a Trojan horse made to infect Windows computers so that it will perform various criminal tasks. The most common of these tasks are usually man-in-the-browser keylogging and form grabbing. The majority of computers were infected either through drive-by downloads or phishing scams. First identified in 2009, it managed to compromise thousands of FTP accounts and computers from large multinational corporations and banks such as Amazon, Oracle, Bank of America, Cisco, etc. Controllers of the Zeus botnet used it to steal the login credentials of social network, email and banking accounts.
In the US alone, it was estimated that more than 1 million computers were infected, with 25% in the US. The entire operation was sophisticated, involving people from around the world to act as money mules to smuggle and transfer cash to the ringleaders in Eastern Europe. About $70 million were stolen and in possession of the ring. 100 people were arrested in connection of the operation. In late 2010, the creator of Zeus announced his retirement but many experts believe this to be false.
6>.CONFICKER>
Also known as Downup or Downadup, Conficker is a worm of unknown authorship for Windows that made its first appearance in 2008. The name comes form the English word, configure and a German pejorative.It infects computers using flaws in the OS to create a botnet. The malware was able to infect more than 9 millions computers all around the world, affecting governments, businesses and individuals. It was one of the largest known worm infections to ever surface causing an estimate damage of $9 billion.
The worm works by exploiting a network service vulnerability that was present and unpatched in Windows. Once infected, the worm will then reset account lockout policies, block access to Windows update and antivirus sites, turn off certain services and lock out user accounts among many. Then, it proceeds to install software that will turn the computer into a botnet slaveand scareware to scam money off the user. Microsoft later provided a fix and patch with many antivirus vendors providing updates to their definitions.
7>STUXNET>
Believed to have been created by the Israeli Defence Force together with the American Government, Stuxnet is an example of a virus created for the purpose of cyberwarfare, as it was intended to disrupt the nuclear efforts of the Iranians. It was estimated that Stuxnet has managed to ruin one fifth of Iran’s nuclear centrifuges and that nearly 60% of infections were concentrated in Iran.
The computer worm was designed to attack industrial Programmable Logic Controllers (PLC), which allows for automation of processes in machinery. It specifically aimed at those created by Siemens and was spread through infected USB drives. If the infected computer didn’t contain Siemens software, it would lay dormant and infect others in a limited fashion as to not give itself away. If the software is there, it will then proceed to alter the speed of the machinery, causing it to tear apart. Siemens eventually found a way to remove the malware from their software.
8>MYDOOM>
Surfacing in 2004, Mydoom was a worm for Windows that became one of the fastest spreading email worm since ILOVEYOU. The author is unknown and it is believed that the creator was paid to create it since it contains the text message, “andy; I’m just doing my job, nothing personal, sorry,”. It was named by McAfee employee Craig Schmugar, one of the people who had originally discovered it. ‘mydom’ was a line of text in the program’s code (my domain) and sensing this was going to be big, added ‘doom’ into it.
The worm spreads itself by appearing as an email transmission error and contains an attachment of itself. Once executed, it will send itself to email addresses that are in a user’s address book and copies itself to any P2P program’s folder to propagate itself through that network. The payload itself is twofold: first it opens up a backdoor to allow remote access and second it launches a denial of service attack on the controversial SCO Group. It was believed that the worm was created to disrupt SCO due to conflict over ownership of some Linux code. It caused an estimate of $38.5 billion in damages and the worm is still active in some form today.
9>CRYPTOLOCKER>
CryptoLocker is a form of Trojan horse ransomware targeted at computers running Windows. It uses several methods to spread itself, such as email, and once a computer is infected, it will proceed to encrypt certain files on the hard drive and any mounted storage connected to it with RSA public key cryptography. While it is easy enough to remove the malware from the computer, the files will still remain encrypted. The only way to unlock the files is to pay a ransom by a deadline. If the deadline is not met, the ransom will increase significantly or the decryption keys deleted. The ransom usually amount to $400 in prepaid cash or bitcoin.
The ransom operation was eventually stopped when law enforcement agencies and security companies managed to take control part of the botnet operating CryptoLocker and Zeus. Evgeniy Bogachev, the ring leader, was charged and the encryption keys were released to the affected computers. From data collected from the raid, the number of infections is estimated to be 500,000, with the number of those who paid the ransom to be at 1.3%, amounting to $3 million.
10>FLASHBACK>
Though not as damaging as the rest of the malware on this list, this is one of the few Mac malware to have gain notoriety as it showed that Macs are not immune. The Trojan was first discovered in 2011 by antivirus company Intego as a fake Flash install. In its newer incarnation, a user simply needs to have Java enabled (which is likely the majority of us). It propagates itself by using compromised websites containing JavaScript code that will download the payload. Once installed, the Mac becomes part of a botnet of other infected Macs.
The good news is that if it is infected, it is simply localized to that specific user’s account. The bad news is that more than 600,000 Macs were infected, including 274 Macs in the Cupertino area, the headquarters of Apple. Oracle published a fix for the exploit with Apple releasing an update to remove Flashback from people’s Mac. It is still out in the wild, with an estimate of 22,000 Macs still infected as of 2014.
#####################################################
VIRUS COOD
Also known as Downup or Downadup, Conficker is a worm of unknown authorship for Windows that made its first appearance in 2008. The name comes form the English word, configure and a German pejorative.It infects computers using flaws in the OS to create a botnet. The malware was able to infect more than 9 millions computers all around the world, affecting governments, businesses and individuals. It was one of the largest known worm infections to ever surface causing an estimate damage of $9 billion.
The worm works by exploiting a network service vulnerability that was present and unpatched in Windows. Once infected, the worm will then reset account lockout policies, block access to Windows update and antivirus sites, turn off certain services and lock out user accounts among many. Then, it proceeds to install software that will turn the computer into a botnet slaveand scareware to scam money off the user. Microsoft later provided a fix and patch with many antivirus vendors providing updates to their definitions.
7>STUXNET>
Believed to have been created by the Israeli Defence Force together with the American Government, Stuxnet is an example of a virus created for the purpose of cyberwarfare, as it was intended to disrupt the nuclear efforts of the Iranians. It was estimated that Stuxnet has managed to ruin one fifth of Iran’s nuclear centrifuges and that nearly 60% of infections were concentrated in Iran.
The computer worm was designed to attack industrial Programmable Logic Controllers (PLC), which allows for automation of processes in machinery. It specifically aimed at those created by Siemens and was spread through infected USB drives. If the infected computer didn’t contain Siemens software, it would lay dormant and infect others in a limited fashion as to not give itself away. If the software is there, it will then proceed to alter the speed of the machinery, causing it to tear apart. Siemens eventually found a way to remove the malware from their software.
8>MYDOOM>
Surfacing in 2004, Mydoom was a worm for Windows that became one of the fastest spreading email worm since ILOVEYOU. The author is unknown and it is believed that the creator was paid to create it since it contains the text message, “andy; I’m just doing my job, nothing personal, sorry,”. It was named by McAfee employee Craig Schmugar, one of the people who had originally discovered it. ‘mydom’ was a line of text in the program’s code (my domain) and sensing this was going to be big, added ‘doom’ into it.
The worm spreads itself by appearing as an email transmission error and contains an attachment of itself. Once executed, it will send itself to email addresses that are in a user’s address book and copies itself to any P2P program’s folder to propagate itself through that network. The payload itself is twofold: first it opens up a backdoor to allow remote access and second it launches a denial of service attack on the controversial SCO Group. It was believed that the worm was created to disrupt SCO due to conflict over ownership of some Linux code. It caused an estimate of $38.5 billion in damages and the worm is still active in some form today.
9>CRYPTOLOCKER>
CryptoLocker is a form of Trojan horse ransomware targeted at computers running Windows. It uses several methods to spread itself, such as email, and once a computer is infected, it will proceed to encrypt certain files on the hard drive and any mounted storage connected to it with RSA public key cryptography. While it is easy enough to remove the malware from the computer, the files will still remain encrypted. The only way to unlock the files is to pay a ransom by a deadline. If the deadline is not met, the ransom will increase significantly or the decryption keys deleted. The ransom usually amount to $400 in prepaid cash or bitcoin.
The ransom operation was eventually stopped when law enforcement agencies and security companies managed to take control part of the botnet operating CryptoLocker and Zeus. Evgeniy Bogachev, the ring leader, was charged and the encryption keys were released to the affected computers. From data collected from the raid, the number of infections is estimated to be 500,000, with the number of those who paid the ransom to be at 1.3%, amounting to $3 million.
10>FLASHBACK>
Though not as damaging as the rest of the malware on this list, this is one of the few Mac malware to have gain notoriety as it showed that Macs are not immune. The Trojan was first discovered in 2011 by antivirus company Intego as a fake Flash install. In its newer incarnation, a user simply needs to have Java enabled (which is likely the majority of us). It propagates itself by using compromised websites containing JavaScript code that will download the payload. Once installed, the Mac becomes part of a botnet of other infected Macs.
The good news is that if it is infected, it is simply localized to that specific user’s account. The bad news is that more than 600,000 Macs were infected, including 274 Macs in the Cupertino area, the headquarters of Apple. Oracle published a fix for the exploit with Apple releasing an update to remove Flashback from people’s Mac. It is still out in the wild, with an estimate of 22,000 Macs still infected as of 2014.
#####################################################
VIRUS COOD
