Nyxem (2006)
ALIAS: Mywife, Hunchi, I-Worm.Nyxem, Blackmal, Blueworm, Blackworm
Nyxem worm was first found on March, 2006. The worm spreads in e-mails using an external SMTP engine. It sends itself with different subjects, body text and attachment names. The worm also copies itself multiple times to an infected hard drive. Blackworm is designed to corrupt data on infected computers on February 3, 2006, in respect to The Day the Music Died.
The most scary thing in this worm is, It can deletes your antivirus programs, if they are installed in the same directories as the ones specified in the worm's code. It can also delete the entries in the Windows Registry belonging to these antivirus programs, so these applications will not be run automatically the next time Windows is started.
The worm also contains one GIF file which is used to make a recipient of infected e-mails think that the message was scanned by Norton Anti-Virus and no infection was found.
But its havoc ended soon and it gone off the records after October 26.
storm Worm (2007)
ALIAS: Small.dam, Trojan.Peacomm, Trojan.Peed, Trojan.Tibs, W32/ZhelatinBut soon after the Nyxem ended, a new virus has been discovered on January 17, 2007 named Storm Worm having the same functionality as Nyxem, It hides himself in a email attachments that had the following title line: "230 dead as storm batters Europe." Users that opened the attachment let the virus come in their machines. This virus infected around 10 million computers worldwide and after the computer is infected it could be used to launch millions of spam emails that would advertise Web links.
But it has also got some new features of stealing identity and according to the United States Federal Bureau of Investigation the Storm highly helped hackers in bank fraud, identity theft, and a number of other cybercrimes.
Conficker (2008)
ALIAS: Downup, Downadup, Kido
Conficker is a computer worm targeting the Microsoft Windows operating system that was first detected 20th November 2008 affected more than seven million government, business and home computers in over 200 countries.
The worm attacks the Microsoft vulnerability MS08-067 in Server Service which allows remote code execution. This vulnerability allows a remote attacker to run arbitrary code on the machine without authentication and take full control of the computer. Second, Conficker Worm uses the infected machine computing power to execute password brute force attacks to crack administrator passwords in the local network. This will allow the worm to spread through network shares as well.
The worm is said to have caused 9.1 billion in damage, mostly in Asia, South America and Europe.
New versions of Conficker came with the power to
-Blocks DNS lookups.
-Disables AutoUpdate.
-Kills anti-malware.
-Scans for and terminates processes with names of anti-malware, patch or diagnostic utilities at one-second intervals.
Microsoft sets a bounty of $250,000 USD for information leading to the capture of the worm's author.
Daprosy Worm (2009)
Daprosy was first observed in early May 2009 and first announced to public as Daprosy trojan worm by Symantec on July 2009 . This worm is a malicious computer program that spreads via LAN connections, spammed e-mails and USB mass storage devices. Infection comes from a single read1st.exe filewhere several dozens of clones are created at once bearing the names of compromised folders. The most obvious symptom of Daprosy infection is the presence of Classified.exe or Do not open - secrets!.exe files from infected folders.
The worm is known to destabilize, corrupt and even stall the operating system due to programming bugs. It appears that it is incomplete and was probably created by students or amateur Visual Basic programmers. As of October 2009 special scripts are available to remove it from infected computers but till then many Windows system were stalled.
Alureon (2010)
Alureon is a trojan and rootkit which is designed to steal data by intercepting a system's network traffic and searching it for usernames, passwords and credit card data. Microsoft has confirmed that Alureon is the cause of a series of BSoD problems on Windows systems which were triggered by Patch Tuesday update MS10-015. Microsoft will not install the patch on these systems. The Alureon rootkit was first seen in 2006 and now started affecting computers.
PCs become infected by downloading software also particularly off torrent sites and visiting certain posting sites.
No comments:
Post a Comment