home

Project Description
Wiki provides a tool/platform where everyone can contributes to a specific topic. The most famous wiki is [|wikipedia]at [|www.wikipedia.org]. In this project, you're required to contribute to a group wiki, topic is "Computer Viruses", so you need to browse through the web, learn one virus and write something about it and post your understanding of the virus inside this wiki.
 * You must select a virus that has not been previously posted to your wiki group, so read the wiki before posting. Please always insert your post at the end of this wiki page, please do NOT insert it in front of an existing wiki post.
 * For your contribution, write a paragraph (6-8 sentences) about the virus you found. Include at least one link to the source of your information, and a link to a "fix" for the virus.
 * Please be EXTRA careful as NOT to delete other people's posts while editing yours. When you try to save your post, if you see a warning message telling you that you're going to override other people's post, do not save your post first, wait for a few minutes, then save it, basically wikispaces.com does not support concurrent saving!
 * All the changes you make to your group Wiki are visible through the history of the wiki. If you overwrite other students posts, you will be penalized with 20% deduction on your grade.
 * Feel free to add any type of widgets (tables, videos, etc) inside your post.
 * **Important:** Once you finish the posting, double check the wiki page to make sure that your post can be seen, also keep a soft copy of your work for future reference.
 * **Be careful, do NOT** add your post under "Discussion" by clicking on "Add Discussion", since you will not be able to delete it once added!
 * **For grading purpose, write your name after your post so that we know whose post it belongs to and insert a horizontal line at the end of your post to separate yours from others.**

- **by Kazuaki Kashihara**

MyDoom Virus (Sample only - Do not modify/delete it)
One of the most costly viruses to date is known as the “MyDoom” virus. The virus was released in 2004 from Russia. The spread of the virus was so chaotic that “Within 24 hours of the release of the virus, it had infected one out of every 12 emails world wide” [|(The Telegraph Report)]. The damaging cost of the virus was “$38.5 billion USD in economic damages” [|[1 ]]], the most expensive to date. The virus is spread through e-mails similarly to the “Iloveyou” virus. MyDoom attempts to spread via email by copying itself to any available shared directories, messages, and other file formats. It is able to disguise itself resulting in many computer users overlooking the virus, and making it very difficult to find [|[2 ]]]. Solution to clean up this virus can be found from [|Computer World]

- **Posted by Kazuaki Kashihara as a demontration**

==

**PoisonIvy Virus**
In 2005, a Trojan horse computer virus called "PoisonIvy" enabled remote access control of computers. According to an article on [|Smithsonian.com] PoisonIvy is one of the the "top ten most destructive computer viruses." Using PoisonIvy, perpetrators could gain access to computers through a backdoor allowing them to take over a computer's controls making it possible to record the computer's content and even make audio and video recordings through microphones and webcams. This effectively turned infected computers into surveillance tools for spying. The PoisonIvy virus was used for both amateur and sophisticated purposes, targets included large companies associated with defense and chemical industries with the attacks tracing back to China.[|(1)] In the event that anyone would need to remove the PoisonIvy virus, [|Solvusoft.com] recommends the anti-malware program for the job and provides step by step instructions for how to download and use the anti-malware.


 * - Posted by Jenae Esquibel**


 * WannaCry**

In May of 2017, a virus called “WannaCry,” affected over 99 countries. According to CNN Tech via [|www.money.cnn.com], “ hospitals, major companies and government offices have been hit by a massive wave of cyberattacks across the globe that seize control of computers until the victims pay a ransom.” Cybersecurity firm Avast called this one of the most damaging cyberattacks in history. Although he United States was not a part of this attack, global firms like FedEx who operate in he United States was affected. The way “WannaCry” works is it locks down all files on infected computer and demands ransom to release them. Microsoft did release a security patch for all computers running older systems including Windows XP, Windows 8, and Windows Server 2003. A lot of people did pay the ransom in the first few hours. The NSA encouraged everyone to update their operating system and offered technical support if needed. There is no exact fix for “WannaCry” but you can find ways to protect yourself against it at: []


 * -Lakisha Allen(lkallen5) **

___


 * Leap-A/Oompa-A**

The Leap-A/Oompa virus first debuted in 2006. There is so much attention given to PC and their vulnerability to viruses, while Mac runs without fear of being infected. The creator of the Leap-A virus set out to show that although it isn't seen often, MacOS is still susceptible to being attacked by a virus. This virus used the iChat feature to go from computer to computer, infecting and moving on. It did not cause much damage. It's main goal was to show that the MacOS is susceptible to being infected. https://computer.howstuffworks.com/worst-computer-viruses9.htm

The fix to leap-A and Oompa is installing a clean copy of any infected software, including the OS if needed. https://www.macworld.com/article/1049459/leapafaq.html

-Kaleb Elledge

ZEUS
In July of 2007 a new Trojan Horse malware hit the United States Department of Transportation ([|Reuters]). Within 2 years it was estimated that this virus had infected over 3.6 million computers ([|Bloomberg]) and had hit FTP accounts at such large companies as Bank of America, NASA, Monster.com, ABC, Cisco and Amazon. ([|The tech Herald]) This virus now named Zeus, after the Greek god, is extremely hard to detect and targets your personal and banking information. It uses man-in-browser and keystroke logging to get your information and can even be used to install Cryptolocker ransomware. A 2012 Smithsonian article ranked Zeus as #4 in the "Top Ten Most Destructive Computer Viruses". ([|Smithsonian]) The Zeus malware infects your computer via phishing or drive-by-downloads, which are downloads done by other viruses without the users knowledge or hidden as or among an authorized download for example as an executable program or Java applet.

Malware tips offers a 5 step solution to removing a Zeus Trojan or Zbot Trojan here: ([|Malware Tips]).

-Steven Friedman

ILOVEYOU
The ILOVEYOU virus began affecting PC users on May 4, 2000. The virus came in the form of an email from a familiar contact that included a "I LOVE YOU" as the subject and a "love letter" in the form of a link in the body of the email. Upon clicking the link, the same email was automatically sent to the victims email contact list and files such as JPEG., MP3, and various other files were destroyed. On the very first day the virus affected close to 45 million people including large corporations. Due to the fact that the email automatically went out to ALL contacts, it was quite easy to infect all parties in a corporation. Once companies began blocking emails containing the subject "I Love You", copycat emails were created with the same virus but using the subject "JOKE" or "Mother's Day!".

ILOVEYOU Virus http://searchsecurity.techtarget.com/definition/ILOVEYOU-virus

Steps to Remove ILOVEYOU Virus http://techsalsa.com/steps-to-remove-i-love-you-virus/

- Alanna Daniels _

**Anna Kournikova**
The Anna Kournikova virus, named for the famous Russian tennis player, was created in February of 2001. According to [|ComputerWorld], the worm was created by Jan de Wit, a Dutch student who used the alias 'OnTheFly'. OnTheFly was able to create the virus in under a day, after downloading a worm creating toolkit from an online source. After its release, the virus spread by tricking users who received an email titled "//Here you have, ;0)//" ,which included an attachment called "//AnnaKournikova.jpg.vbs",// into opening what was actually a malicious program in disguise. Once the attachment had been downloaded in a Microsoft Windows environment, it would utilize a Visual Basic script and forward itself to everyone in that user's address book.

The FBI stated that the Kournikova virus caused a total of $166,000 in damage. It's author turned himself into Dutch authorities and received a punishment of 150 hours after community service, and was also offered a job by the mayor of his town. OnTheFly posted a confession letter in which he claimed that he was testing the claim that the IT community had learned nothing from previous email worms. In that same letter he attributed the rapid spread of the virus to the beauty of the Russian tennis star.

You can find instructions on how to remove the Anna Kournikkova virus here: [|Removing the Anna Virus]

-Beau Fortier


 * Conficker **

Conficker, which goes by several other names (Downup and Kido), is a worm that targets Windows operating systems. Conflicker has been reported in over 190 countries and has infected millions of computers. The worm works by cracking your system admin password and then putting your computer into a botnet. The botnet installs the normal scareware and sends spam to your computer and computer contacts. The DHS has created The Conflicker Working Group to help monitor the long-term effects of this worm (Joffe, R. 2017). Several things are required on the infected client computer in order to remove the worm. Here is the Sophos walkthrough guide for removal [].

Joffe, R. (2017). The Conficker Working Group Lessons Learned Document. Retrieved 11/25/17 from []
 * References**

Rouse, M (2017). Botnet Definition. Retrieved 11/25/17 from []

-Andrew Deighan-

=**Storm Worm**=

In mid-January of 2007, a computer virus known as the Storm Worm began affecting computers worldwide. Hundreds of thousands of people received malicious emails with intriguing headlines. According to [|CNET] the Trojan horse carries an executable file as an attachment. Once opened, the file creates a back-door entryway into a computer that can be exploited at a later time to steal data or post spam. It was notoriously difficult to detect because it deleted the source program once it was successfully executed. Although this virus was widespread, many cyber security companies quickly added it to their blocking list, saving many people from the negative implications this virus could have once downloaded. While anti-malware programs have successfully removed this virus from most computers, those without such programs may need to clean their windows registry or use a program like [|ClamWin] to remove the virus.

- Scout Dimick

_

**Nimda Virus**
Hello All,

When I was in Highschool viruses or as my teacher called us “Ninny Pirates”, were funny. Today this is a common phenomenon because money is the root of evil in most cases, and if you can’t have it then why not cause someone else to lose money right? The “Nimda” virus stems back from the World Trade Center era. To be exact the virus popped it’s head up on September 18th just a week after the 911 tragedy. While of course, the liberal media did try to blame the murderers of Al Qaeda, this just did not pan out and prove to be so. The virus did have roots traced back to China or even Korea, and was written in a C++ language on a Microsoft Windows platform. According to what could be found about the virus had infected clients (Workstations) that were running various versions of Windows such as 95, 98, 2000, NT, and XP. The virus also infected servers running NT and Windows 2000. Viruses today can cost billions of dollars’ worth of damage to today’s high-end computing systems. As a multi-vector worm, it was capable of running itself even if a user did not open the email. The worm would modify the sites and create copies of itself that could be downloaded. Executable files could also be virally infected causes a lot of havoc. The name comes from the word admin spelled backward. The worm would create an account with administrator privileges, then it placed a file named "Admin" on the computers it infects, antivirus researchers turned Admin backward and named it "Nimda". One of the most destructive worms ever discovered, which caused 2.6 Billion dollars in damage.

Blessings- Michael

FIX link: https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-122-mainline/4615-nimda.html

References: Mackie, Andrew (2001), Attack Registry & Intelligence Service, Retrieved 11/25/17 from http://malware.wikia.com/wiki/Nimda Kaspersky.com (2001). Retrieved 11/25/17 from https://en.wikipedia.org/wiki/Nimda

**Jerusalem Virus**
Hi Y'all,

In the late 80's and early 90's there was a virus dubbed "Jerusalem" after having been discovered there. From my understanding, the virus was very common and came from infected executable files. The virus was made for the DOS operating system. The virus and its variants would increase the size of executable and command files by a certain size every time they were run; making a list and archive of which files had been used. The endgame of the virus was to delete all the contents of the disk which had been increased in size on the nearest approaching Friday the 13th. The virus was made into many different variants, all which increased file sizes by a certain amount to target them on the approaching Friday the 13th. The virus would not show any major hints to its presence, aside from the gradual rise in file sizes. When Friday the 13th came around, a small Black Box would appear on the screen as the virus began deleting the files it had latched onto. The virus kept emerging all across the world at different times. From what I understand the only way to truly remove the virus was to reset the entire computer as it would spread from file to file making it very difficult to contain. The final death blow to the virus came when the DOS operating system became obsolete and Windows became the leading global standard.

I found it was a cool read, I hope you did as well! -Tevhid Nazmi Basturk

Sources: http://support.novell.com/techcenter/articles/ana19920301.html https://web.archive.org/web/20010211122852/http://www.research.ibm.com/antivirus/SciPapers/White/VB95/vb95.distrib-node10.html _


 * Code Red Virus**

The Code Red virus is a worm that surfaced and caused an estimated 2.75 billion dollars in damage back in July of 2001. It targeted computers with Microsoft IIS web server installed. After infecting a computer, it would continue to make hundreds of copies of itself. It proceeds to duplicate and destroys a lot of the systems resources. It then goes on to launch a denial of service attack on several IP addresses. It also causes backdoor access to the computer, allowing the hacker to have remote access to the machine. Code Red is one of the few worms to run entirely on memory, virtually leaving no files or trace on a hard drive. After infecting your computer, it would leave behind the message, “Hacked by the Chinese!” The virus was discovered by two digital security employees that happened to be drinking Code Red Mountain Dew, hence the name.

Code Red Virus Information []

Remove Code Red Virus []

__Jacob Fischer__ _

=**The Klez Virus**=

The Klez virus is a worm that debuted in late 2001. It infects a victim’s computer through email, reproduces itself, and then sends itself to the victim's address book. Some versions of the virus act like a Trojan horse, a worm or even completely disable your computer making it useless. It appears as a fake virus-removal tool that will deactivate virus-scanning software.

The Klez Virus []

To remove the Klez virus, visit https://home.mcafee.com/virusinfo/SpecialVirusRemovalTool.aspx?viruskey=klez

-Travis DiPerna

_

=Melissa Virus=

This virus brought down the Institute for Transfusion Medicine, as well as many others. It came about on March.26th, 1999. It was created by David L.Smith, and was based on Microsoft Word Macro. He named it after a dancer in Florida he had an interaction with, and it's sole purpose was to infect computers via email messages. Melissa spread so far that it affected private sector networks and government networks. It replicates once it gets into the user's address book and emails itself to 50 people in their address book, and crashes that organization's email network. I found information on how to remove it from Carnegie Mellon University, as well as "HowStuffWorks.com"- basically it is very simple- don't click on the email attachment and don't open the email as it usually comes across very suspicious " here is the document you requested...;)" and then there is an attachment

Usually this can be removed by going into the system from "system 32" accessing the C:// Drive and then removing it accordingly, or if you have Combo fix or some form of defender.Permanently delete the email and then notify your network admin, or anyone in IT authority if you are in an organization.


 * Info:**

https://computer.howstuffworks.com/worst-computer-viruses1.htm

http://www.cnn.com/TECH/computing/9903/29/melissa.02.idg/


 * Fix:**

https://www.youtube.com/watch?v=-buCaENvFOA

- Nicoletta DiBucci __

**Happy99 Worm**
The Happy99 worm first appeared in January of 1999. It would attach itself to emails and display fireworks to hide the changes being made. It would then wish you a happy New Year. The worm corrupts a Windows communication library and then attaches itself to emails the user sent. Happy99 is referred to as the first modern worm. Although the spread of the worm is incredible, it does no harm to the user’s computer because there is no destructive payload.

-Casey Bolin http://thisdayintechhistory.com/01/20/the-happy99-worm-appears/

=**The SQL slammer/sapphire Virus**= The Slammer virus first appeared in late January of 2003, which had lead to the infection of over 300,000 computers and the reported cost worth of 1.2 billion dollars. The slammer infecting computer sends a UDP datagram to port 1434 on the target. Which exploits a buffer overflow vulnerability in the SQL server monitor that overwrites the stack and executes the rest of the exploit. When in targets memory it begins to to send datagrams of its worm code to random IP addresses to infect new targets. Taking 15 minutes to spread world wide the worm is now known as one of the fastest and largest spreading virus of its time. Some of its host consisted of banks and airlines which caused delays and major set backs. Such virus lead to a learning lesson which was to always have the latest antivirus to prevent such a impact. Creator of the virus is unclear but some sources believe that Benny of virus magazine 29A is a suspect. Many programs exist to prevent and rid of the virus such as Norton Basic Antivirus.

Slammer virus source: [|http://malware.wikia.com/wiki/Slammer]

To learn more about Slammer Virus Protection or to purchase protection: [|To purchase click here] [|To prevent click here]

-Jennifer Cardona

=**OSX/OpinionSpy**=

This spyware infects a computer when the user downloads an impacted program from the internet. OpinionSpy infects Mac computers and can cause a data leak, and leave a backdoor open for later use by hackers. It will create pop-up advertisements on a computer. The more recent outbreak, in 2015, showcases a few updates. Now, when installing an application the user is asked to install a program called PremierOpinion. This is the malware does ask for the user’s consent before installing the code. If the spyware is installed on a computer the PremierOpinion icon shows up in the toolbar. To remove OpinionSpy, uninstall it from the Applications menu, remove from your web browser, then use an adware remover on the program.

[|More information on OSX/OpinionSpy] [|How to Remove OpinionSpy]

-Lauren Frantum

=**The Stuxnet Virus**=

This malicious malware has made a big break in mainstream media mostly due to the mystery of its creators and specific agenda. The theory goes that Stuxnet was created by a government entity and first discovered on computers in 2011 with fingers mainly pointed at the U.S. and Israeli governments. The specific target was to sabotage the Buchehr nuclear power plant in Iran by attacking programmable logic controllers, which are infected via windows computer by the use of usb sticks. This is the only way because these nuclear power plants do not have internet and physical infection is the only source. Once Stuxnet has infected a computer it controls the PLC’s through a company named Siemens and it then takes over automated software functions. It then collects information on the systems and in the case of the Iranian centrifuges caused them to malfunction, destroying the nuclear material they were enriching. The speculation of government creation is due to the fact that this was a very expensive virus to write making government funds be the only logical source of the malware. Also, the virus code references Hebrew as well as a date that a Persian Jew was executed. This shows that the Stuxnet hackers deliberately wanted people to think that Israel is to blame or that they wanted the public to think that someone else purposefully planted these clues to frame Israel. Other speculation has focused on the United States, due to the fact that it is the world’s true cyber super power and one of the few countries capable of such an attack.

Stuxnet: [|https://www.forbes.com/2010/10/06/iran-nuclear-computer-technology-security-stuxnet-worm.html - 5b4471f751e8]

How to fix the virus: []

Posted by- Myles Divina

SASSER/NETSKY

In 2004, a German by the name of Sven Jaschan created two separate viruses that worked similarly. Once into a computer system it would target vulnerable systems and instruct the to download the virus. It used IP addresses to locate it's next target. The virus also affected the shut down process of computers. Unlike the Sasser virus, the Netsky virus traveled via email and networking. As systems deal with heavy internet traffic they can often collapse due to the Netsky virus. It was also quite common as experts believed it to account for 25 percent of viruses.

Source info: https://computer.howstuffworks.com/worst-computer-viruses8.htm

For more information on how to remove the Sasser/Netsky virus: https://www.bullguard.com/bullguard-security-center/pc-security/computer-security-resources/sasser_worm_removal.aspx

-Ben Barnhart

CryptoLocker Virus
Similar to many of the viruses listed here, the CryptoLocker virus is a form of malware. Uniquely, however, it was created with the business strategy of extorting money from PC users, exclusively. This type of malware is also known as ransomware. According to https://www.pandasecurity.com/mediacenter/malware/cryptolocker/, CryptoLocker uses "social engineering techniques" like emailing a password protected zip file to the user with the password included in the body of the email to fool users into installing the malware. Once the user begins the process of download, by default Windows hides the file extension from the user, so where one might notice a malicious extension, in this case it becomes extremely difficult to spot and the Trojan gets run. The virus then works to encrypt every file stored on your device and demands a ransom for the decrypted files. According to an article posted in the Guardian at https://www.theguardian.com/technology/2014/jun/03/cryptolocker-what-you-need-to-know, experience has taught us that sometimes paying the ransom will not be effective in trying to retrieve the files. So, unless you have a back-up the files really will be entirely gone. The CryptoLocker Virus can be avoided by disabling 'hidden file extensions' on windows, backing-up regularly, and exercising caution when opening emails from unknown senders. Following the same practices will aid in avoiding other viruses like the Sasser/Netsky Virus above, and others you may find listed as well.

(Sources included in paragraph text)

-Melanie Conway

=Strange Brew=

Strange Brew was the first virus to affect tJava script and Java-based applets. Hitting the scene in 1998, the virus was able to run on any computer with Runtime, a Java-script based product. Sources (see below) indicate that this virus was created in 1998 and in Australia, by a user operating under the pseudonym, "Landing Camel". Files could have been identified then under a ".class" extension, with an infection length pegged at 3,894 bytes.

To quote Fsecure.com, the mechanism of this virus, "[did] not create .class files [but] searches for existing .class files and modifies them to include a copy of itself." When these infected files are executed, this, in turn, allowed the Strange Brew virus to gain control of the original code of the file, and therefore replicate.

At the time of this entry, websites that offer virus protection like the one above, offer services to remove this threat.

Suggested readings and sources:


 * https://www.symantec.com/security_response/writeup.jsp?docid=2000-121911-0104-99&tabid=2**


 * https://www.javaworld.com/article/2076761/core-java/developer-creates-the-first-java-virus-and-names-it--strange-brew-.html**

How to fix this virus if received:


 * https://www.f-secure.com/v-descs/sbrew.shtml**

- Al Bauman