Thursday, January 6, 2011

Dangerous virus in the history

Jerusalem - 1987


This is one of the first MS-DOS viruses in history that caused enormous destructions, affecting many countries, universities and company worldwide. On Friday 13, 1988 the computer virus managed to infect a number of institutions in Europe, America and the Middle East. The name was given to the virus after one of the first places that got "acquainted" with it - the Jerusalem University.

Along with a number of other computer viruses, including "Cascade", "Stoned", "Vienna" the Jerusalem virus managed to infect thousands of computers while still remaining unnoticed. Back then the anti-virus programs were not as advanced as they are today and a lot of users had little belief of the existence of computer viruses.




Morris (a.k.a. Internet Worm) - November 1988


This computer virus infected over 6,000 computer systems in the United States, including the famous NASA research Institute, which for some time remained completely paralyzed. Due to erratic code, the worm managed to send millions of copies of itself to different network computers, being able to entirely paralyze all network resources. The damages caused by the Morris computer virus were estimated at $96 millions.

To be able to spread the computer virus used errors in such operating systems as Unix for VAX and Sun Microsystems. There were a number of other interesting ideas used by the virus - for example it could pick user passwords. 




Solar Sunrise - 1998




CIH (1998)


Estimated Damages: 20 to 80 million dollars worldwide, a great number of of PC data destroyed

Unleashed from Taiwan in June of 1998, CIH is recognized as one of the most dangerous and destructive viruses ever. The virus infected Windows 95, 98, and ME executable files and was able to stay resident inside a PC’s memory, where it continued to infect other executables.

What made CIH so dangerous is the fact that, shortly after activated, it could overwrite data on the host PC’s hard drive, making it inoperable. It was also capable of overwriting the BIOS of the host, preventing boot-up. Because it infected executable files, CIH wound up being distributed by numerous software distributors, including a demo version of the Activision game named Sin.

CIH is also called the Chernobyl virus because the trigger date of certain strains of the virus coincides with the date of the Chernobyl nuclear reactor accident. The virus isn’t a critical threat today, as a result of increased awareness and the widespread migration to Windows 2000, XP, and NT, none of which are at risk of CIH.





Melissa (1999)





Estimated Damage: 300 to 600 million dollars

On Friday, March 26, 1999, W97M/Melissa became front-page news around the world. Estimates have indicated that this script infected 15 to 20% of all business PCs. The virus spread so rapidly that Intel, Microsoft, and a number of other companies that used Outlook were forced to de-activate their entire e-mail systems in order to contain damages.

The virus used Microsoft Outlook to e-mail itself to 50 names on a user’s contact list. The e-mail message contained the sentence, “Here is that document you asked for don’t show anyone else.” with an attached Word document. Clicking open the .DOC file and thousands of unsuspecting users did so which allowed the virus to infect the host and repeat the replication. Adding insult to injury, when activated, this virus modified users’ Word documents with quotes from the animated TV show “The Simpsons.”




ILOVEYOU (2000)

Estimated Damage: 10 to 15 billion dollars

Also called Loveletter and The Love Bug, this was a Visual Basic script with an ingenious and irresistible hook: the promise of love. On May 3, 2000, the ILOVEYOU worm was first detected in Hong Kong. The bug was transmitted via e-mail with the subject line “ILOVEYOU” and an attachment, Love-Letter-For-You.TXT.vbs. Just like Melissa, the virus mailed itself to all Microsoft Outlook contacts.

The virus also took the liberty of overwriting music files, image files, and others with a copy of itself. More disturbingly, it searched out user IDs and passwords on infected machines and e-mailed them to its author.




Code Red (2001)



Estimated Damage: 2.6 billion dollars

Code Red was a computer worm which was unleashed on network servers on July 13, 2001. It was a particularly virulent bug due to its target: computers running Microsoft’s Internet Information Server (IIS) Web server. The worm was able to exploit a specific vulnerability in the IIS operating system. Ironically, Microsoft had released a patch addressing this hole in mid-June.

Also known as Bady, Code Red was created for maximum damage. Upon infection, the Web site controlled by the affected server would display the message, “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!” Then this virus would actively seek other vulnerable servers and infect them. This would continue for approximately 20 days, after which it could launch denial of service attacks on certain IP addresses, including the White House Web server. In less than a week, this virus infected almost 400,000 servers, and it’s that one million total computers were infected .Estimated Damage: Because SQL Slammer erupted on a Saturday, the damage was low in dollars and cents. However, it hit 500,000 servers worldwide, and actually down South Korea’s online capacity for 12 hours.




SQL Slammer

Estimated costver $ 1billion

Often called Sapphire, was launched on January 25, 2003. It was a doozy of a worm which had a noticeable negative impact upon global Internet traffic. Interestingly enough, it didn’t seek out end users’ PCs. Instead, the target was servers. The virus was a single-packet, 376-byte worm that generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft’s SQL Server Desktop Engine, that computer would immediately begin firing the virus off to random IP addresses as well.

With this remarkably efficient way of spreading, Slammer infected 75,000 computers in 10 minutes. The outrageously high amounts of traffic overloaded routers across the globe, which created higher demands on other routers and so on.



Blaster (2003)

Estimated Damage: 2 to 10 billion dollars,hundreds of thousands of infected PCs

The summer of 2003 was a rough time for businesses running PCs. In rapid succession, IT professionals witnessed the unleashing of both the Blaster and Sobig worms. Blaster, also known as Lovsan or MSBlast, was the first to hit. The virus was detected on August 11 and spread rapidly, peaking in just two days. Sent via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent.

Hidden inside the code of MSBLAST.EXE — the virus’ executable ” were these messages: “I just want to say LOVE YOU SAN!!” and “billy gates why do you make this possible? Stop making money and fix your software!!

Bagle (2004)

Estimated Damage: Tens of millions of dollars…and counting

Bagle, a classic but sophisticated worm, made its debut on January 18, 2004. The malicious code infected users’ systems via the standard mechanism — an e-mail attachment — and then scoured Windows files for e-mail addresses it could use to replicate itself.

The actual danger of Bagle (a.k.a. Beagle) and it is 60 to 100 variants is that, when the worm infects a PC, it opens a back door to a TCP port that can be used by remote users and applications gain access to data — financial, personal, anything — within the infected system. According to an April 2005 TechWeb story, the worm is “usually credited with starting the malware-for-profit movement among hackers, who prior to the ground-breaking worm, typically were motivated by notoriety.”

The Bagle.B variant was designed to stop spreading after January 28, 2004, but numerous other variants of the virus continue to plague users to this day.

Sobig.F (2003)

Estimated Damage: 5 to 10 billion dollars, over 1 million PCs infected

The Sobig worm hit right on the heels of Blaster, making August 2003 a miserable month for corporate and home PC users. Probably the most destructive variant was Sobig.F, which spread so rapidly on August 19 that it set a record (which would later be broken by MyDoom), generating over 1 million copies of itself in its first 24 hours.

The virus infected host computers via innocuously named e-mail attachments such as application.pif and thank_you.pif. When activated, this worm transmitted itself to e-mail addresses discovered on a host of local file types. The result was massive amounts of Internet traffic.

On September 10, 2003, the virus deactivated itself and is no longer a threat. Microsoft has announced a $250,000 bounty for anyone who identifies Sobig.F’s author, but to date, the perpetrator has not been caught.

MyDoom (2004)

Estimated Damage: At its peak, slowed global Internet performance by 10 percent and Web load times by up to 50 percent

For a period of a few hours on January 26, 2004, the MyDoom shockwave could be felt around the world as this worm spread at an unprecedented rate over the Internet via e-mail. The worm, also called Norvarg, spread itself inside a particularly devious manner: It transmitted itself as an attachment in what seemed to be an e-mail error message containing the text “Mail Transaction Failed.” Clicking on the attachment spammed the worm to e-mail addresses found in address books. MyDoom also attempted to spread via the shared folders of users’ Kazaa peer-to-peer networking accounts.

The replication was so successful that computer security experts have speculated that one in every 10 e-mail messages sent during the first hours of infection contained the virus. MyDoom was programmed to stop spreading after February 12, 2004.

Sasser (2004)

Estimated Damage: Tens of millions of dollars

Sasser began spreading on April 30, 2004, and was destructive enough to de-activate the satellite communications for a few French news agencies. It also resulted in the cancellation of several Delta airline flights and turn off of numerous companies’ systems worldwide.

Unlike most previous worms, Sasser was not transmitted via e-mail and required no user interaction to spread. Instead the worm exploited a security flaw in non-updated Windows 2000 and Windows XP systems. When successfully replicated, the worm would actively scan for other unprotected systems and transmit itself to them. Infected systems experienced repeated crashes and instability.

Sasser was written by a 17-year-old German high school student, who released the virus on his 18th birthday. Because he wrote the code when he was a minor, a German court found him guilty of computer sabotage but gave him a suspended sentence.

Downadup – 2009

The latest and most dangerous virus is the “downadup” worm, which was also known as “Conficker”. This computer virus has infected 3.5 million computers worldwide and was able to spread using a patched Windows flaw. Downadup was successful in spreading across the Web in order to distantly compromise computers that ran unpatched versions of Microsoft’s operating system. But the greatest power of the worm is believed to be the ability of computers, infected with the worm, to download destructive code from a random drop point.



2010
DDOS



DoS (Denial of Service) – the sense of an attack is in the incapacitation of the victim’s computer. The principle of operation is in “throwing” the victim by unnecessary information. At sufficiently high intensity it can be derived targeted computer from the network. It is also possible combined method for sending a flow of information with malicious code on a vulnerable application.

DoS attack is often not effective enough and has sense only when the transmission speed of the cracker exceeds the possibility of receiving casualties at times. DDoS attack – is a type of DoS – attack. DDoS attack is different only that it uses not one computer hacker, but much more. It is often used specific viruses which are waiting for orders to attack after infection.

~ 2000 computers can damage the small Internet server.

To protect from DDoS attack is almost impossible.

Trojan.

Trojan in some extent is a type of network attack too. You are made run it on your computer system in any way make you and then get access to the remote system.

Sometimes after a successful hack of the system hackers leave Trojan, in case if they need to regain access to this system.

Joke programs undertaken by a virus (trojan).

1. Self-nominated CD-ROM – the host of Trojan manages putting forward (Reason: Trojan “Death Lamer and other types).

2. Suddenly, the screen display the picture “fist”, while you’re at a time write another poem … (Trojan – Death Lamer and other types).

3. Suddenly there is the sound of roaring cow in the columns (Association of hackers USA, in other words, the Trojans Bekorifes – Cult of the Dead Cow).

4. You cannot start something from taskbar and in general it stopped to be available – the Trojans.

5. The disappearance from taskbar (gray bars at the bottom of the screen – the task bar) the icons of protection (reason: you delete the program, in particular Antivirus, which you have not updated).

6. When testing a computer for viruses, your antivirus give an error (plate) with a message that you have some sort of a mistake, but in the end says that everything is ok (the reason: You cut out the library on the Trojans in the antivirus, the result – antivirus is running, but it does not see the Trojans at all).

7. You receive by mail that you write in solitude (ways are different), the most sophisticated – they have stolen your screen (screenshot) and seen what you have written and whom, and in general how your desktop looks like…

And the last – never trust the icons of the downloaded program. If downloaded program with the white icon – it is the first sign that it is «left.” Also do not trust the icons of your existing programs. There are programs, for example, Michelangelo, which allow you to assign any program (Trojan Horses in particular) any icon. And especially look at an extension after the name and what they are facing, because the point that you see may be the usual comma, it means that the file name is the continuation and expansion of its real far behind.

If you need to get a nice remove spyware program or any helpful information about the topic of spyware removers, please visit the hyperlinked web site.

And it is very important that you follow some general tips – today the web technologies give you a truly unique chance to choose what you want for the best price on the market. Funny, but most of the people don’t use this opportunity. In real life it means that you must use all the tools of today to get any info that you need.

Search Google and other search engines. Visit social networks and check the accounts that are relevant to your topic. Go to the niche forums and participate in the online discussion. All this will help you to create a true vision of this market. Thus, giving you a real opportunity to make a wise and nicely balanced decision.

P.S. And also sign up to the RSS feed on this blog, because we will do the best to keep this blog tuned up to the day with new publications about the market of spyware removers and any changes on it.

Tags: adware, remove spyware, spyware, spyware blockers, spyware removers




SQL injection

QL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.[1]

No comments:

Post a Comment