Question

Write in details about the names of five different cyber viruses.which can be find by using search engine ?

Should be written in own words

Answer 1

1) CONFICKER : Launched in 2008. Took advantage of an exploit in Windows 2000, XP, 2003 servers that could cause them to install an unauthenticated file. It could even affect servers with firewalls, as long as they had print and file sharing enabled. Infected millions of computers. Spread by infected USB drives and over networks.

Later variants were capable of: Disabling anti-malware programs, Creating backdoors in firewalls, Communicating with other infected machines via peer-to-peer networks. Conficker was supposed to do something on April 1, 2009, but nothing happened. Experts were worried computers infected with Conficker would possibly: Become a botnet, Create a criminal version of a search engine, copying private information from infected systems and then selling that information, Launch massive DDoS attacks.

Caused $9.1 billion in damages. French fighter planes were grounded when they couldn’t download their flight plans. In England, military systems were infected, including:More than two dozen British Royal Air Force bases, 75% of the Royal Navy fleet. The Manchester City Council IT system went down, rendering the city unable to process fines. Computers and medical devices at hospitals in the US and the UK were infected

2) CODE RED : Code Red launched in July 2001. A second version of the virus, Code Red II, acted similarly and was launched later in the year. It infected Windows NT and 2000 machines by exploiting a buffer overload vulnerability. Works by sending the computer instructions after a long string of nonsense. Once the buffer has been filled with the nonsense information, the computer begins overwriting memory. The memory is overwritten with the instructions for the virus. This meant that the user only had to be connected to the Internet to be infected. Infected Windows NT machines would crash more often than normal. Infected Windows 2000 machines would suffer a system-level compromise. This means that the computer could be entirely controlled by the hacker. The virus would behave differently depending on a few factors.

The date: 1st-19th: Target random IP addresses and spread the virus, 20th-28th: Launch a DDoS (distributed denial-of-service) attack on the White House’s IP address, 29th and after: Go into “sleep” mode. Page language: English-language web pages would be defaced with the words “Hacked by Chinese!”. Microsoft released a patch to fix the vulnerability exploited by the virus several months before the attack.

In less than a day, the virus infected more than 359,000 computer systems. Caused over $2 billion in losses. Between 1 and 2 million computers were infected overall. CAIDA (the Center for Applied Internet Data Analysis) found that of those hosts infected by Code Red: 91% were from the US and 57% were from Korea.

3) SQL Slammer/Sapphire : Launched in 2003. Spread through a buffer overflow vulnerability in Microsoft’s SQL Server database management service. Randomly selected IP addresses to infect. Servers infected with SQL Slammer would spawn millions of copies to infect other servers. Within 3 minutes of attacking its first victim, the number of servers infected by Slammer doubled every 8.5 seconds.

Caused $750 million in damages. Crashed Bank of America’ ATM service. A number of other banks were affected by the virus. Caused outages to Seattle’s 911 service. Infected Continental Airlines online ticketing systems and electronic kiosks, rendering them inoperable.

Several newspapers had publishing problems, including:The Atlanta Journal Constitution, The Associated Press, The Philadelphia Inquirer. US Government websites affected included: Department of Agriculture, Department of Commerce, Defense Department. Alfred Huger, from Symantec Security Response, reported that SQL Slammer caused network issues over the entire Internet South Korea lost almost all Internet access 70% of homes at the time were connected to the web.

4) MORRIS WORM : The worm virus was introduced to the world in 1988. It was developed by Morris, a Cornell grad student to understand how quickly a worm could spread. The findings revealed the point that the worm spread much faster than Morris originally expected. The results showed that the worm had ended up infecting systems – say around at least 10 percent of the internet. The impact proved major damages and widespread outages. Morris worm is also recognized as the internet worm or the great worm.

Initially, Robert Tappan Morris designed the worm to gauge the size of the Internet and it wasn’t intended to cause any damage to the systems. The worm was introduced into the wild from MIT to highlight the point that its author studied there, however, Morris went onto become a tenured professor at MIT in 2006.

It was reported that around 6,000 major UNIX machines were infected by the Morris worm. Clifford Stoll, who helped fight the worm, wrote in 1989, “I surveyed the network, and found that two thousand computers were infected within fifteen hours. These machines were dead in the water—useless until disinfected. And removing the virus often took two days.” The cost of the damage was estimated at $100,000–10,000,000 by the U.S. Government Accountability Office.

5) WANNACRY : WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computers, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.

A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain's National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization that may be connected to the North Korean government.

The vulnerability WannaCry exploits lies in the Windows implementation of the Server Message Block (SMB) protocol. The SMB protocol helps various nodes on a network communicate, and Microsoft's implementation could be tricked by specially crafted packets into executing arbitrary code. Microsoft itself had discovered the vulnerability a month prior and had released a patch, but many systems remained vulnerable, and WannaCry, which used EternalBlue to infect computers, began spreading rapidly on May 12. In the wake of the outbreak, Microsoft slammed the U.S. government for not having shared its knowledge of the vulnerability sooner.