Return-Path: <sentto-279987-5256-1030422175-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 26 Aug 2002 21:24:20 -0700 (PDT) Received: (qmail 3950 invoked by uid 510); 27 Aug 2002 04:21:08 -0000 Received: from n7.grp.scd.yahoo.com (66.218.66.91) by all.net with SMTP; 27 Aug 2002 04:21:08 -0000 X-eGroups-Return: sentto-279987-5256-1030422175-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.193] by n7.grp.scd.yahoo.com with NNFMP; 27 Aug 2002 04:22:55 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_1_0_1); 27 Aug 2002 04:22:55 -0000 Received: (qmail 77449 invoked from network); 27 Aug 2002 04:22:55 -0000 Received: from unknown (66.218.66.218) by m11.grp.scd.yahoo.com with QMQP; 27 Aug 2002 04:22:55 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 27 Aug 2002 04:22:52 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7R4NLl15333 for iwar@onelist.com; Mon, 26 Aug 2002 21:23:21 -0700 Message-Id: <200208270423.g7R4NLl15333@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 26 Aug 2002 21:23:21 -0700 (PDT) Subject: [iwar] [fc:The.World's.Worst.Viruses] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: The World's Worst Viruses Date: Monday, 26 August 2002 Source: PC World Communications <a href="http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8824">http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8824> Story: Check out our list of nasty computer viruses--and find out how to save your PC from infection. Earthworms are a boon to the backyard gardener and healers still use leeches to thin a sick patient's blood, but no good has ever come from a computer worm or virus. Computer viruses have become increasingly dangerous and quick-spreading in the last couple of years, wildly proliferating through cyberspace and causing billions of dollars in damage. Some of the distinctions between different types of malicious code are now blurred, but the classic computer virus is a piece of sneaky code that tells your PC to do something that you usually wouldn't want it to do. Without your knowledge, a virus could wipe out the programs and data on your hard drive or even let someone take over your machine remotely. A virus replicates by embedding itself into programs or system files. Worms are another type of devious program that, today, typically spread via e-mail or Internet chat programs. With the help of unprotected users' address books, worms such as Klez spread explosively--disrupting networks and businesses. The oldest worms didn't change system files or obliterate data. But as worms got more sophisticated, the newer ones started to behave more like viruses, doing considerable damage. For example, Klez can delete files and create the mechanism to run itself on system startup. A third general classification of malevolent code is the Trojan horse. This destructive program poses as an innocent application or file, such as a screen saver or photo. Unlike worms and viruses, Trojan horses don't replicate. Some viruses and worms won't destroy your data, while others do tremendous damage. For example, the LoveLetter virus overwrote files and inserted viral code on hard drives around the globe two years ago. "As far as what [virus writers] can do, the sky is the limit," says April Goostree, virus manager for McAfee.com. "In the antivirus industry, we never say 'never' anymore. Because as soon as you do, you are going to be proven wrong. It's anybody's guess about what the next virus will do." Here's a look at ten of the most malignant viruses and worms of all time. 10. Surreptitious Sircam Sircam appeared in July 2001 on PCs running Windows 95, 98, and Me. The worm appeared in e-mail in-boxes with an attachment; the body of the message was in Spanish or English. Typical greetings included "Hi! How are you?" and "Hola como estas?" If you launched the attachment, Sircam installed itself on the infected computer, then grabbed random documents and sent them out to e-mail addresses it captured from your address book. It also occasionally deleted files and filled the infected computer's hard drive with gibberish. Visit Symantec's Security Response for instructions on how to remove Sircam. 9. Red Raider Code Red burned brightly in the summer of 2001, infecting hundreds of thousands of computers--mainly on corporate networks. Code Red slithered through a hole in Internet Information Server (IIS) software, which is widely used to power Internet servers, then scanned the Internet for vulnerable systems to infect and continue the process. The worm used contaminated PCs as weapons in denial of service attacks--flooding a Web site with a barrage of information requests. The original target was the official White House Web site, but government officials changed the site's IP address to thwart the attack. The worm exploited a weakness in the IIS software (which has since been fixed with a patch from Microsoft) that allowed an intruder to run arbitrary code on a victimized computer. Multiple variants of this worm now exist. Visit Symantec's Security Response for instructions on how to protect your system from Code Red. 8. Bad Benjamin Benjamin--a new breed of worm--was let loose in May 2002, and it affected users of the popular file-sharing program Kazaa. The crafty worm posed as popular music and movie files. Kazaa users thought they were downloading a media file to their machines, but they got the imposter instead. It then set up a Kazaa share folder and stuffed it with copies of itself posing as popular music and movie files, which other Kazaa users would download. It congested the system's network connection and would ultimately fill up a hard drive. Visit Symantec's Security Response for instructions on how to remove Benjamin. 7. Numbing Nimda Nimda (also known as the Concept Virus) appeared in September 2001, attacking tens of thousands of servers and hundreds of thousands of PCs. The worm modified Web documents and executable files, then created numerous copies of itself. The worm spread as an embedded attachment in an HTML e-mail message that would execute as soon as the recipient opened the message (unlike the typical attached virus that requires manual launching of the attachment). It also moved via server-to-server Web traffic, infected shared hard drives on networks, and downloaded itself to users browsing Web pages hosted on infected servers. Nimda soon inspired a crowd of imitators that followed the same pattern. Visit Symantec's Security Response for the Nimda removal tool. 6. Tennis Anyone? The Anna Kournikova (or VBS.SST@mm) worm, appearing in February 2001, didn't cause data loss, although in the process of boosting the profile of its namesake, the Russian tennis player, it did cause embarrassment and disruption for many personal and business users. The worm showed up in Microsoft Outlook users' e-mail in-boxes with an attachment (supposedly a picture of Kournikova). The attachment proved hard to resist. The result? Clicking the bogus attachment sent copies of the worm via e-mail to all addresses found in the victim's Outlook address book. Kournikova also brought about a number of copycat variants. Visit Symantec's Security Response for instructions on how to remove Kournikova. Most worm creators have never been identified, but a 21-year-old Dutchman, Jan de Wit, admitted to unleashing this worm. The admitted virus writer is appealing a 150-hour community service sentence handed down in September 2001 by a judge in the Netherlands. 5. (Expletive Deleted) Explorer The Explorer.zip worm appeared in the summer of 1999, following in the footsteps of Melissa. The worm deleted Word, Excel, and PowerPoint files and randomly altered other types of files. Like Melissa (see below), Explorer traveled via e-mails that appeared to be from someone the recipient knew. The message included a file that, if activated, showed a fake error message to the user. Unlike Melissa, this virus did not use Outlook to gather e-mail addresses. Instead, it watched the in-box of the infected computer and then sent automatic replies to senders, using the same e-mail subject as the original message. 4. Maniacal Magistr Magistr is one of the most complex viruses to hit the Internet. Its victims, users of Outlook Express, were hooked by an infected e-mail attachment. The virus, discovered in mid-March 2001, sent garbled messages to everyone in the infected user's e-mail address book. Attached were files pulled at random from the infected PC's hard drive plus an executable file with the Magistr code. This virus was not as widespread as many others, but it was very destructive. Magistr overwrites hard drives and erases CMOS and the flashable BIOS, preventing systems from booting. It also contained antidebugging features, making it hard to detect and destroy. Visit Symantec's Security Response for instructions on how to remove Magistr. 3. Malevolent Melissa The Melissa virus swamped corporate networks with a tidal wave of e-mail messages in March 1999. Through Microsoft Outlook, when a user opened an e-mail message containing an infected Word attachment, the virus was sent to the first 50 names in the user's address book. The e-mail fooled many recipients because it bore the name of someone the recipient knew and referred to a document they had allegedly requested. So much e-mail traffic was generated so quickly that companies like Intel and Microsoft had to turn off their e-mail servers. The Melissa virus was the first virus capable of hopping from one machine to another on its own. And it's another good example of a virus with multiple variants. Visit Symantec's Security Response for instructions on how to remove Melissa. 2. Klez the Conquerer The Klez worm, which blends different virus traits, was first detected in October 2001. Klez distributes itself like a virus, but sometimes acts like a worm, other times like a Trojan horse. Klez isn't as destructive as other worms, but it is widespread, hard to exterminate--and still active. In fact, so far, no other virus has stayed in circulation quite like Klez. It spreads via open networks and e-mail--regardless of the e-mail program you use. Klez sometimes masquerades as a worm-removal tool. It may corrupt files and disable antivirus products. It pilfers data from a victim's e-mail address book, mixing and matching new senders and recipients for a new round of infection. Visit Symantec's Security Response for instructions on how to remove Klez. 1. Love Hurts LoveLetter is the worm everyone learned to hate in spring 2000. The infection affected millions of computers and caused more damage than any other computer virus to date. Users were infected via e-mail, through Internet chat systems, and through other shared file systems. The worm sent copies of itself via Microsoft Outlook's address book entries. The mail included an executable file attachment with the e-mail subject line, "ILOVEYOU." The worm had the ability to overwrite several types of files, including .gif and .jpg files. It modified the Internet Explorer start page and changed Registry keys. It also moved other files and hid MP3 files on affected systems. Visit Symantec's Security Response for instructions on how to remove LoveLetter. Your Best Defense The best defense against virus attacks is a good offense. Without proper protection, computer worms can spread like wildfire. From minor annoyances to major epidemics meant to cripple giant Web sites, these tenacious trespassers cost us billions of dollars. Here are several tips to help you keep these troublemakers at bay. 1. Don't open any e-mail attachments that look suspicious or come from unknown senders. Be on the lookout for e-mails from people you know, but with language or style they wouldn't normally use--this should raise a red flag. 2. Install an antivirus program such as Symantec's Norton AntiVirus or McAfee's VirusScan. Take the time to install your vendor's updates on your PC. 3. Go to Symantec Security Response and McAfee.com Virus Information for the companies' latest security alerts, disinfecting instructions, and archives. 4. Stay on top of patches created by other software vendors to thwart new threats and programming vulnerabilities. By registering your software after purchase, you'll be notified by the maker when updates are available. Make sure you review and install the necessary critical updates and fixes available through Windows Update. 5. Visit other expert sites to keep up to date on virus news. Carnegie Mellon University's CERT Coordination Center is a great place to find out about the latest virus alerts and vulnerabilities. The organization publishes many statistics and offers security advice for Web site operators. 6. For detailed advice on how to deal effectively with viruses and select the best antivirus software, check out "Protect Your PC." ------------------------ Yahoo! Groups Sponsor ---------------------~--> 4 DVDs Free +s&p Join Now http://us.click.yahoo.com/pt6YBB/NXiEAA/mG3HAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT