Worms, Viruses, & Bots (oh my!)
| Navigation Links:
:: Home :: Feedback ::
:: Disclaimer :: Sitemap ::
- - White House
- - DHS
- - NIST
- - NTIA
- - FCC
Crimes Against Network
- Worms, Viruses, Attacks
- Wireless Malware
- Network Reliability
- Infrastructure Protection
- - Kill Switch
Crimes Over Network
- - Auctions
- - Phishing
- ID Theft
- Offensive Words
- Patriot Act
- Data Retention
- Safe Web Act
"A virus is a small, self-contained piece of computer code hidden within another computer program. Like a real virus, it can reproduce, infect other computers, and then lie dormant for months or years before it strikes. A virus is only one of several types of "malicious logic" that can harm your computer or your entire network.
"Worms, logic bombs, and Trojan Horses are similar "infections" commonly grouped with computer viruses. A computer worm spreads like a virus but is an independent program rather than hidden inside another program. A logic bomb is a program normally hidden deep in the main computer and set to activate at some point in the future, destroying data. A Trojan Horse masquerades as a legitimate software program. It waits until triggered by some pre-set event or date and then delivers a payload that may include destroying files or disks.
"Some viruses are high-tech pranks not intended to cause damage. For example, a virus may be designed to conceal itself until a predetermined date, then flash a message on all network computers. Even pranks, however, are not benign. They steal computer memory, storage, and processing time.
"Of greatest concern, of course, are viruses and other devices that are deliberately malicious. They are intended to cause serious damage such as deleting files, provide access for an outsider to copy your files, or disrupting the operation of an entire computer network or organization.
"From an information security point of view, one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote user to access and control your computer without your knowledge whenever you are on the Internet. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be snuck onto someone's computer by burying it in a game program or other executable script sent by e-mail. Happily, known versions of the program will be caught by a good virus checker.
"The virus threat is increasing for several reasons:
- Creation of viruses is getting easier. The same technology that makes it easier to create legitimate software is also making it easier to create viruses, and virus construction kits are now available on the Internet. About 200 to 300 new viruses are being created each month, while the old ones continue to spread.
- The increased use of portable computers, e-mail, remote link-ups to servers, and growing links within networks and between networks mean that any computer that has a virus is increasingly likely to communicate with -- and infect -- other computers and servers than would have been true a few years ago.
- As organizations increasingly use computers for critical functions, the costs of virus-induced downtime are increasing."
OECD: "What is malware? Malware is a general term for a piece of software inserted into an information system to cause harm to that system or other systems, or to subvert them for use other than that intended by their owners. Malware can gain remote access to an information system, record and send data from that system to a third party without the user's permission or knowledge, conceal that the information system has been compromised, disable security measures, damage the information system, or otherwise affect the data and system integrity. Different types of malware are commonly described as viruses, worms, trojan horses, backdoors, keystroke loggers, rootkits or spyware. These terms correspond to the functionality and behaviour of the malware (e.g. a virus is self propagating, a worm is self replicating).7 Experts usually group malware into two categories: family and variant. "Family" refers to the distinct or original piece of malware; "variant" refers to a different version of the original malicious code, or family, with minor changes." - OECD Malicious Software (MALWARE): A Security Threat to the Internet Economy, Ministerial Background Report Final, p. 10 (June 17-18 2008)
Worm speaks to Windows users, CNET 9/14/2004 Teen charged over Sasser virus, BBC 9/10/2004 Blaster suspect pleads guilty to spreading worm, NW Fusion 8/12/2004 Worm eyes up credit card details, BBC 6/4/2004 Harry Potter and the worm of doom, CNET 6/4/2004 Devils hit cyber church, CNN 5/20/2004 MSBlast not to blame for blackout, report says, CNET 4/6/2004 Online virus war is slowing down, BBC 3/26/2004 Witty' Worm Wallops Thousands of Computers, Wash Post 3/23/2004 Malicious computer worm detected, CNET 3/18/2004 Worm disguises self as Microsoft patch, CNET 3/8/2004 Worms nibble away at ISP profits, CNET 3/8/2004 E-mail users caught in virus feud, BBC 3/4/2004 War of the worms erupts on Internet, say experts, Hindustan Times 3/4/2004 New worm spreading through e-mail, CNN 3/1/2004 More virus misery for mail users, BBC 2/26/2004
On Saturday, January 25, 2003, the Slammer worm infected more than 90 percent of vulnerable computers worldwide within 10 minutes of its release on the Internet by exploiting a known vulnerability for which a patch had been available since July 2002. Slammer caused network outages, canceled airline flights, and automated teller machine failures. In addition, the Nuclear Regulatory Commission confirmed that the Slammer worm had infected a private computer network at a nuclear power plant, disabling a safety monitoring system for nearly 5 hours and causing the plant’s process computer to fail. The worm reportedly also affected communications on the control networks of at least five utilities by propagating so quickly that control system traffic was blocked. In addition, on Monday, January 27, the worm infected more networks when U.S. and European business hours started. Cost estimates on the impact of the worm range from $1.05 billion to $1.25 billion.
Slammer resulted in temporary loss of Internet access to some users and increased network traffic worldwide. Postincident studies noted that if the worm had been malicious or had exploited more widespread vulnerabilities, it would have caused a significant disruption to Internet traffic.
Responses to Slammer were quick. Within 1 hour, Web site operators were able to filter the worm. The disruption was partly resolved by network operators blocking the main communication channel that the worm was using, which helped control the spread of the worm. Security experts advised network operators to use firewalls to block the channel and to apply the patch before reconnecting services. In addition, private-sector network operators used the North American Network Operators Group mailing list to collaborate with each other in restoring infected networks. The federal government coordinated with security companies and Internet service providers and released an advisory recommending that federal departments and agencies patch and block access to the affected channel. However, most of these activities occurred after the worm had stopped spreading because it had propagated so quickly.
- GAO 06-672 Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO Report, p. 22 (June 2006)
Battening Down SNMP , ISP Planet 2/20/02 Patching The Net's Fatal Flaws , BWO 2/20/02 CERT Advisory on SNMP, CERT 2/13/02 Alert 02-001: "Potential for Multi-Sector Internet Outages", NIPC 2/13/02 Battening Down SNMP, ISP Planet 2/15/02 Bugs Put Net Traffic At Risk, ZDNN 2/13/02 Web threatened, group warns, CNews 2/13/02 Research group finds holes in Net security, USA Today 2/13/02
Virus makes unwelcome return, BBC 6/6/03 Bugbear Virus Bears Claws Again, Vnunet 6/6/03 Advisory 02-008: "W32.Bugbear@mm or I-Worm.Tanatos", NIPC 10/9/02 Millions of computers infected by Bugbear virus, ABC 10/3/02 New virus infects millions of computers, Hindustan 10/3/02 'Bugbear' worm continues to bite, MSNBC 10/7/02 Bugbear worm roaming world's e-mail, USA Today 10/7/02
Antivirus Firms Warn About Gokar Worm, Newsbytes 12/14/01 E-mail worm Gokar spreading, CNET 12/14/01 Gokar worm spreads by e-mail, Web, chat, NWFusion 12/14/01 Gokar worm spreads by e-mail, Web, chat, CW 12/14/01
Israeli teens charged over Goner worm, CNET 8/7/02 How Goner Suspects Were Tracked Down, Register 12/10/01 'Goner' suspects under house arrest, MSNBC 12/10/01 Israeli Teens Confess To Launching 'Goner' Worm, Newsfactor 12/10/01 Israeli police arrest 'Goner' creators, USAToday 12/10/01 Hackers take up Larry Ellison's challenge, USAToday 12/10/01 Report: Israeli youths admit to creating 'Goner' worm, NWFusion 12/10/01 "Goner" E-mail Worm A PC Killer, Inews 12/5/01 They Looked, They Clicked, a New E-Mail Virus Conquered, NYT 12/5/01 'Goner' worm wriggles into Europe, Times India 12/5/01 'Goner' Worm Takes Out Firewalls, Antivirus Protection, Newsfactor 12/5/01 White House Cybersecurity Chief Unveils Plans, Wash Tech 12/5/01 'Goner' worm wreaks havoc in UK, U.S., CNN 12/5/01 National computer-security site attacked, CNET 12/5/01 Alert 01-029: "VBS/Mass-Mailing Worm, W32/Goner.A", NIPC 12/5/01 W32/Goner Worm, CERT 12/5/01 Past lessons limit 'Goner' worm's spread, USAToday 12/7/01
Badtrans Tops List Of Virus Threats, Inews 12/28/01 W32/BadTrans Worm, CERT 11/28/01 New self-executing virus hits Net, USAToday 11/27/01 'Badtrans' Worm Continues Spread, ABC 11/30/01 BadTrans computer virus strikes, BBC 11/27/01 Anti-virus software maker warns of new worm, Nando 11/27/01 Badtrans worm leaves back doors, logs data, CW 11/27/01 New e-mail worm rears its head, CNET 11/27/01 E-mail virus hits home, CNET 11/27/01
New Code Red variant reported, CW 3/12/03 Code Red Still Threatens Net, CNET 5/6/02 'Code Blue' Worm Strikes in China, May Migrate, Newsfactor 9/7/01 Qwest Refuses Refunds For Code Red Victims, Newsfactor 8/24/01 FBI: Early efforts nip Code Red worm, CNET 8/17/01 South Korea Says Third Version of Code Red Detected, Reuters 8/10/01 Code Red II Worms Its Way Deeper, Reuters 8/8/01 'Code Red II' spreading quickly, causing damage, USAToday 8/8/01 Officials Warn Of Internet Threat, AP 7/30/01 'Code Red' Worm May Re-Emerge on Internet Tuesday, Reuters 7/30/01 Feds, Microsoft Issue Code Red Alert, Washtech 7/30/01 Update: FBI Says Code Red Back in Action, Newsfactor 8/1/01 Code Red Worm Update (08/01/01 - 11:30) am EDT), NIPC 8/1/01 Code Red Internet Worm Disturbs Pentagon Networks, Reuters 8/1/01 'Code Red' spreads to the Pentagon, USAToday 8/1/01 'Code Red:' Worm strikes 12,000 Web servers, USAToday 7/19/01 Malicious Web Attacks May Be New IIS Worm, Newsbytes 7/17/01 White House Dodges 'Code Red' Virus, AP 7/20/01 'Code Red' worm exploits Windows NT flaw, CW 7/20/01 Close Call For White House Web Site, MSNBC 7/20/01 'Code Red' Virus Aims at White House Web Site, Reuters 7/20/01 Pentagon shuts sites to avoid 'Code Red' virus, USAToday 7/24/01
White House dodges 'Code Red' virus, USAToday 7/20/01
Information in United States of America v. David Smith -- Court document filed by the U.S. Attorney's Office in Newark, New Jersey relating to charges against the creator of the Melissa computer virus. Plea Agreement -- David Smith agreed to plead guilty to creating and disseminating the Melissa virus and causing over $80 million in damages, in violation of federal computer crime laws. Creator of 'Melissa' Computer Virus Pleads Guilty in New Jersey to State and Federal Charges (December 9, 1999)
'Melissa' Creator Gets 20 Months, Internet News 5/1/02 Virus Maker Sentenced, NYT 5/1/02
In the beginning, and by the beginning we mean 1988, was the Morris Worm. The Morris Worm was one of the momentous occasions in Internet history when the network community awoke to the reality and possibility of attacks across and against the network.
On November 2, Robert Morris unleashed a little experiment on the Internet. A graduate student at Cornell at the time, Morris was well versed in the Unix operating system and had discovered a flaw that he wished to expose. He created a self replicating, self propagating program and released it from computers at MIT. Unfortunately for Mr. Morris, he had made a programming error that resulted in the worm replicating itself far faster than intended. As the Worm rapidly ate its way through the network, bringing 10 percent of the network to a halt, young naive system operators did all the wrong things. Meanwhile, Morris scrambled to post a message to the Internet instructing operators on how to the kill the worm - of course the message itself got caught behind the havoc caused by the worm. Morris panicked. First he told a friend. Then he told his dad, Robert Morris Sr., Head of Computer Security at the National Security Administration (NSA). Robert Morris, Sr., called the FBI and suggested that they might want to talk to his son about the worm. As one DOJ official has noted, "for those of you without a history in law enforcement, that's called a clue." Robert Morris, Jr. was eventually arrested and convicted by a jury of his peers (none of which had a college education nor knew what the Internet was). For his escapade, Morris was prosecuted under the Computer Fraud and Abuse Act and sentenced to probation, a $10,050 fine, 400 hours community service , and 3100 job offers .
The Morris Worm also resulted in the creation of multiple new federal projects such as CERT with the mission of researching, thwarting, and alerting the network to new possible threats. Below is a survey of those federal efforts. These efforts can be divided into two camps: efforts developed to protect federal assets and efforts supported by the federal government to support the network at large.
See U.S. v. Morris , 928 F.2d 504 (2nd Cir. 1991). Morris was reportedly the first person prosecuted under the Computer Fraud and Abuse Act.
Hoaxbusters, Information About Hoaxes <hoaxbusters.ciac.org/HBHoaxInfo.html>.
Yaha virus infection heats up, CNET 1/2/03 Yaha virus lingers into the New Year, NWFusion 1/2/03 Greeting Card Virus Licensed To Spread CNET 11/15/02 Security Firm Embarassed by 'Braid' TechTV 11/12/02 U.S. fingers hacker of military sites MSNBC 11/12/02 'Braid' Worm Mixing Things Up TechTV 11/5/02 MSN TV prank creating "emergencies", CNET 7/24/02 The Computer Virus of the Future, Newsfactor 5/6/02 Chernobyl virus rides Klez's coattails, CNET 5/6/02 Fake net looks to sting hackers, NWFusion 4/26/02 Gartner: Attacks exploit security indifference, CNN 5/3/02 New attacks to put intrusion-detection vendors to the test, NWFusion 4/15/02 Fix for Security Delays Might Be Close at Hand, LA Times 4/15/02 Tricky worm can spread via AIM, IRC, CNN 4/10/02 MyLife Virus Gets New Life in Variants, Newsfactor 4/3/02 Overview of Attack Trends, CERT 4/10/02 'Bill Clinton' Worm Gets Around - Experts, Wash Tech 3/25/02 Clinton worm eats files, CNET 3/25/02 'Social Engineering' Spreads New Plague of Web Chat Attacks, Newsfactor 3/21/02 Virus alerts lack standards, NWFusion 3/11/02 Virulent Worm Set To Return, Internet News 3/6/02 Global Internet Worm Set To Explode, Newsfactor 3/6/02 Is This A Good Time To Be A Hacker? , Newsfactor 2/20/02 Dangerous Yarner worm spells bad news , USA Today 2/20/02 Klez worm reborn as nastier version, CNET 2/11/02 MyParty worm fails to attract a crowd, CNET 1/28/02 New E-mail Worm Is No Party, Newsbytes 1/28/02 New virus poses moderate risk , USA Today 1/28/02 Computer Attacks on Companies Up Sharply, Wash Tech 1/28/02 'Gigger' worm termed low threat, MSNBC 1/14/02 Virus writers get head start on .NET, MSNBC 1/9/02 New Virus First To Infect Flash, CNET 1/9/02 CERT: # Of Viruses, Flaws Explode, Internet News 1/11/02 Virus Targets MS Web Services Software, Reuters 1/11/02 ZaCker worm attacks security software, NWFusion 1/4/02 New worms ring in the new year (Junkyard), CNET 1/4/02 Microsoft warns of holes in SQL Server, NWFusion 12/28/01 FBI agency advises turning off vulnerable XP feature, NWFusion 12/28/01 Buffer Overflow in UPnP Service on Microsoft Windows, CERT 12/28/01 Is there a worm in your e-greeting?, Times India 12/20/01 Windows XP contains serious security flaws, USAToday 12/20/01 Fix your Windows, says Microsoft, BBC 12/20/01 Windows XP vulnerable to 'serious' Attacks, CNN 12/20/01 Microsoft warns of security flaws with Windows XP, Nando 12/20/01 Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers, CERT 12/20/01 Microsoft warns of PowerPoint, Excel vulnerabilities, NWFusion 12/18/01 Architecture as Crime Control, SSRN 12/18/01 MS Warns Of Hole In Outlook Web Access, Newsfactor 12/7/01 Record-breaking year for security incidents expected, CW 11/27/01 ICANN: U.S. Official Says Govt Should Stay Out Of Internet, Wash Tech 11/15/01 Federal Computers Fail Hacker Test, LA Times 11/9/01 Cybersecurity chief warns of Net threat, USAToday 11/9/01 Security woes dog federal agencies, CNET 11/9/01 ITAA Calls for Immediate New Federal IT Security Funding, Inews 11/9/01 Microsoft slammed on PC security, USAtoday 11/7/01 Internet Attacks Seen Doubling This Year, ZDNN 10/16/01 Group Says Don't Use Microsoft IIS, 7am 9/25/01 Analyst Recommends Software Switch, AP 9/25/01 Analyst recommends switching from Microsoft's Web software to another product because of security concerns, Nando 9/25/01 MS vows Rewritten IIS, more patches, Register 9/25/01 Analyst: Scrap Microsoft server software, USAToday 9/25/01 Gartner: Drop Microsoft's IIS now, ZDNet 9/25/01 Microsoft Stands By IIS Despite Criticism, IDG 9/28/01 Internet warning system under siege (CERT), CNET 5/23/01 NIPC Gets "F" In Hack Attack Warnings, InternetNews 5/23/01 Cyber Crime Prevention Unit Probed, LATimes 5/23/01 Leadership Vacancies Slow FBI's Cybercrime Arm, Washtech 5/23/01 Pentagon Computers Hacked 215 Times in Past Year, Newsfactor 5/18/01 Worm crawls into MSN Messenger, CNET 5/1/01 Bulletin: Microsoft warns of serious Windows 2000 hole, CW 5/1/01 Attack On US State Dept. Shuts Down Internal Servers, Newsbytes 5//11/01 Bush Mulls cybersecurity, USAToday 5/11/01 White House Site Attack Clues Sought, CW 5/8/01 Senator: Aid Cyber Security By Secrecy, Reuters 5/8/01 Extent Of FBI's Web Surveillance Disclosed, AP 5/4/01 Vandals Attack Whitehouse.gov, CNET 5/4/01 Naked Wife Virus Outbreak Contained, Register 3/7/01 New computer virus called 'Naked Wife' wreaks havoc, Nando 3/7/01