The Most Popular Viruses Of All Times

Learn All About The Most Popular Viruses of All Time

The Coding Eagle

The Most Popular Viruses Of All TimesLearn All About The Most Popular Viruses of All Time

The Coding EagleThis book is for sale at http://leanpub.com/mostpopularviruses

This version was published on 2015-03-21

This is a Leanpub book. Leanpub empowers authors and publishers with the Lean Publishingprocess. Lean Publishing is the act of publishing an in-progress ebook using lightweight tools andmany iterations to get reader feedback, pivot until you have the right book and build traction onceyou do.

2015 The Coding Eagle

Tweet This Book!Please help The Coding Eagle by spreading the word about this book on Twitter!The suggested hashtag for this book is #Viruses.Find out what other people are saying about the book by clicking on this link to search for thishashtag on Twitter:https://twitter.com/search?q=#Viruses

Contents

Chapter One . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Viruses Covered in This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 2: Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Denial of Service Attack (DDoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Popular Windows Security Holes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 3: MyDoom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4How it Worked . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Once infected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Damages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5The End . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Chapter 4: Sobig.F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7How it Worked . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Once Infected.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Damages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9The End . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 5: ILOVEYOU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10How it Worked . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Once Infected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Damages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11The End . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter OneIntroductionThis is my first book at Leanpub, and I wanted to make it free so that I can see how many peoplewould download it. Please also tell me how much you would have paid for this book (though youdont have to!) Email any questions or comments to me at nathan.r.wang@gmail.com.Anyway, this book will be about computer viruses, because I just love it when one completelydestroys my computer :-). Computer viruses may seem boring and useless, but its not. Its actuallyreally interesting, and I wanted to show you what they are and how they work in the most efficientmanner possible.

Viruses Covered in This BookCurrently, the viruses covered in this book are:

MyDoom

This list is not complete. I will be adding more and more viruses to this book as I find them.To fully understand this book, its best if you first get familiar with virus concepts. If you alreadyknow about worms, trojans, and how viruses work, you can skip ahead and start reading.

mailto:nathan.r.wang@gmail.com

Chapter 2: TermsWormsWorms are earthly creatures that crawl under the ground and are not dangerous yeah yeah. Whenyoure talking about viruses, worms are actually quite dangerous.Worms are viruses that replicateitself many times to spread to other computers.While worms itself doesnt do any damage, it cancarry malicious code that does. Worms typically spread via email attachments, so step one to notgetting infected is dont open up email attachments.

TrojansHistory lesson! OK. Take it back. I hate history lessons. Basically, as in every war, one side tries tokill another. However, one of the sides is extremely smart. It fakes a surrender, and sends a giantwooden horse, called a trojan, into the enemy territory as a gift. As you know, there are warriorshidden inside the horse and they come out and conquer the enemy. Hooray! Wait. What does thishave to do with viruses?Well, a Trojan is simply a fancy name for a program that pretends to be something else. Letssay I created a virus. I want to hide it. So I name it windowsantivirus.exe. The user sees this, butthinks, Yay! Windows gave me a free antivirus! And the user doesnt delete it. Well, thats a trojan.

Denial of Service Attack (DDoS)This is quick: A denial of service means an attack that is meant to stop a service, like a emailclient or server. If I had five thousand computers located around the globe, what if I suddenly alldirected them to Google? OK, bad example. Say I had one million computers. Suddenly, I commandall of them to open up a web browser, and open one tab every second that points to a small website,like leanpub. Because leanpub cannot filter out every single computer as a spamming computer, itsserver crashes. Now nobody can access it.

BotnetsIn DDoS, I mentioned that I was able to command one million computers around the globe thatwerent mine. This is called a botnet. A botnet consists of many computers that the hacker hasaccess to, called bots.

http://leanpub.com

Chapter 2: Terms 3

Popular Windows Security HolesAlthough this isnt a term, I just wanted to mention it because its so hilarious.

Outlooks contact book is frequently used to spread email viruses. Every time Windows boots up, it executes every single file in a specific folder, and inadministrator level, which basically lets the virus do whatever it wants to your computer.And you know what? Its super easy to put your own malicious file inside the folder.

Windows hides file extensions, letting the virus hide its .exe or .pif or whatever, basicallyconcealing its virus properties.

Windows registry is basically a jackpot of commands that Windows will run. You canspecify to run this command whenever the user does this, like run destroy_this_computer.exewhenever the user presses space. And Windows even gave an easy way to do this. In fact,this was supposed to be a feature that Windows applications could use, meaning that virusescould use this feature to destroy the computer.

These terms are not complete, so dont think you are a virus expert yet. However, its a start.

Chapter 3: MyDoomIntroductionFinally! We get to start talking about viruses! Anyway, here are some stats, just to let you know:

Infected Computers: 2 Million Damages: Over $38 Billion Type: Worm + DDoS How it Spread: Email Date: January 26, 2004 Creator: In Hiding Origin: Russia Language: C++ Platform(s): MS Windows File Type(s): cmd, exe, pif, scr, zip End Date: Feb 12, 2004 (MyDoom.A) and March 1, 2004 (MyDoom.B)

Yeah. Pretty bad. But not that bad, considering were talking about computer viruses.

How it WorkedThis virus would go to the victims inbox as a email, with these subject lines:

test hi hello Mail Delivery System Mail Transaction Failed Server Report Status Error

And just like any other virus, its stupid. Anybody would be smart enough to know not to open aemail titled hi. And they would definitely not open up the attachment. Well, they did, anyway.Some of the message bodies included:

Chapter 3: MyDoom 5

Mail transaction failed. Partial message is available. The message contains Unicode characters and has been sent as a binary attachment. The message cannot be represented in 7-bit ASCII encoding and has been sent as a binaryattachment.

Again, this virus can be easily avoided if people would use their common sense. But they didnt. Andthat wasnt their fault; This virus only targeted Windows, and everybody knows why: Windows isjust too insecure. It hid the file extension.If I create a file named homework.txt, it would show up on my computer as homework. So, what ifI created a file called virus.txt.exe? It would appear as a harmless virus.txt file.This is how viruses work. Unknowing victims only see the harmless txt file extension, and they openthe file. Once opened, Windows actually executes the file, and boom! Your computer is infected.

Once infectedOnce your computer is infected, the virus did a number of things, but first it sent itself to everybodyon your contact book. It would quickly scan through all your contacts, and send a replica of itself toone of your contacts. It is capable of sending 100 emails in 30 seconds. Its very smart; it is designedso that it doesnt send itself to Google or any other system that can detect it as a virus. It also fakesthe sender so that it seems that somebody else is sending the virus. Some people also claim that itdrops an infected file onto your computer to steal all your passwords.Finally, as if it hadnt done enough harm, it opened up all the ports on your computer, or allowedthe hacker full control over your computer.

DamagesMyDoom used its large botnet to attack SCO and Microsoft. Both SCO and Microsoft both promisedto give large sums of money to anybody who revealed the creator of the virus.MyDoom was also held responsible for one out of every 41 emails sent. At one point, it wasresponsible one in every twelve emails, breaking Sobigs record of one in every 21. More on Sobiglater.This caused giant internet traffic jams, and whole websites were forced to move in order to not beattacked. Email servers were also down for quite some time.Not just that, but once a variant of MyDoom actually dared to attack Google, AltaVista and Lycos,and you know what? It succeeded! Google was brought down for the majority of the day, andAltaVista and Lycos were noticeably slower than usual.

Chapter 3: MyDoom 6

The EndWell, all this fun had to end someday. In the twelfth of Feburary, 2004, MyDoom.A was programmedto shutdown, though it left the backdoor it created open. On the first of March, MyDoom.B wasshutdown, but as with MyDoom.A it decided to leave the backdoor open.I did say that there would be more on Sobig later, right? Well, later is now! Sobig time!

Chapter 4: Sobig.FIntroductionSobig.F is actually part of the Sobig virus category. Six Sobig viruses were created, but Sobig.F wasthe worst and therefore most popular than them all.Stats:

Infected Computers: 2 Million Damages: Over $37 Billion Type: Worm + Trojan How it Spread: Email Date: August 19, 2003 Creator: In Hiding Language: C++ Platform(s): Windows File Type(s): .exe, .pif End Date: September 10, 2003

Not as good as MyDoom, but still pretty serious.

How it WorkedAs usual, an email (more like a thousand emails) would be sent to the victims inbox. The subjectlines could be:

Re: Approved Re: Details Re: Re: My details Re: Thank you! Re: That movie Re: Wicked screensaver Re: Your application Thank you! Your details

Chapter 4: Sobig.F 8

Possible body messages included:

See the attached file for details Please see the attached file for details

And the attached file names:

application.pif details.pif document_9446.pif document_all.pif movie0045.pif thank_you.pif your_details.pif your_document.pif wicked_scr.scr

Again, Windows would hide the file extension. What I dont get is why the victim wouldnt noticethat something was wrong when a hundred emails with the same subject line appears in his inbox.But human psychology is not covered in this book, so lets just assume the victim went mental anddecided to open up the attachment. Side effect? Nothing, except for the fact that your computer isnow infected with an extremely dangerous virus. No worry, right?

Once Infected..Now Sobig.F starts to replicate itself. It replicates itself by searching through all the computers files,unlike many of the popular viruses which rely on Outlooks contact book. Sobig.F would target fileswith the following extensions:

.dbx .eml .hlp .htm .html .mht .wab .txt

Chapter 4: Sobig.F 9

And when it found any email addresses, it would send itself to the address. And just like MyDoom,it would fake its email address.Sobig.F also contacted 20 IP addresses to install some malicious program or update itself. Oneprogram that might be installed was the legal WinGate Proxy Server, but in a configuration thatallowed the hacker to access the computer.As of right now, you probably think that Sobig.F is only a worm. Wrong! It opens up a ton of portsthat the hacker can use to control the computer, and basically turns it into a computer zombie thatcould be used for spamming websites. How fun.

DamagesPlease correct me if Im wrong, but so far I cant seem to find any source that states that Sobig.Flaunched a Denial of Service attack on any website. However, it sent way too many emails out andhogged up the worlds bandwidth. Email servers were stopped, blah, blah, blah, and all that randomstuff. What was surprising was that despite a glitch in the program that prevented Sobig.F fromspreading too fast, it still managed to make a noticeable impact on the world. It also grounded a fewAir Canada flights. Sorry, travelers! Guess you liked Canada too much and decided to stay!

The EndUnfortunately, like all amazing viruses, Sobig.F had to come to an end. It deactivated itself onSeptember 10, 2003. In that same year, Microsoft offered a $250,000 reward for information leadingto the capture of the creator of Sobig.F. The creator somehow managed to escape and was nevercaught.Well, the end of Sobig.F means the start of a new virus, ILOVEYOU! And no, Im sorry, but I do notlove you.

Chapter 5: ILOVEYOUIntroductionThis virus was thought to be the first virus to prey on the human need for love. Indeed, thelLOVEYOU virus was an email virus that simply stated, I Love You. Unfortunately, becauseeverybody had a strong desire to be loved, they opened up the attachment, wreaking havoc onthe computer. Yeah, its an interesting virus.Stats:

Infected computers: 500 Thousand (About 10% of all computers at that time) Damages: $15 Billion Type: Worm + Media Destroyer (I just made it up) How it Spread: Email Date: May 5, 2000 Creator: Onel De Guzman (Maybe) Origin: Philippines Language: Microsoft Visual Basic Platform(s): Windows File Type(s): Visual Basic Script (.vbs)

Unfortunately, this virus did not infect too many computers, but its very interesting to see howpeople would open up email attachments simply for the sake of love. However, it was extremelydamaging once it infected your computer.Also note that this virus was released in 2000, when not too many people used computers, and therewere less computers to infect.

How it WorkedThis was an email virus, so tons of emails would be sent to somebody.

Chapter 5: ILOVEYOU 11

ILOVEYOU email

Subject line: ILOVEYOU Body: kindly check the attached LOVELETTER coming from me. Malicious attachment: LOVE-LETTER-FOR-YOU.txt.vbs

As usual, Windows would hide the .vbs extension, leaving the harmless .txt extension behind. Oncethe user opened up the file, chaos was unleashed.

Once InfectedThe ILOVEYOU virus did a number of things:

Modified Registry keys Copied itself to multiple places on the computer Replaced several different types of files with itself Destroyed all .jpg, .mp3, .mp2, and all other media type files Sent itself to every single contact in the victims contact book Downloaded a file called WIN-BUGSFIX.exe that actually stole passwords

You can see how devastating it would be. Unlike other viruses, it destroyed media files, which wasdeadly to some media companies. This helped it become more dangerous, but it also exposed thevirus faster.

DamagesThe ILOVEYOU virus wasnt used for DDoS attacks, so the only damages was the fact that it stolepasswords and destroyed media files. Which, in my opinion, is damaging enough.However, the sheer number of ILOVEYOU emails sent out forced many email servers to completelyshut down.

Chapter 5: ILOVEYOU 12

The EndSome variants are still out there, although antivirus software can easily detect and remove them.But did it really end? I suppose not. This virus was the start to creating a virus that preyed on humanemotions. Many viruses that preyed on the human desire for love and (the word that starts with s)would follow, though none would be as successful as this.

Table of ContentsChapter OneIntroductionViruses Covered in This Book

Chapter 2: TermsWormsTrojansDenial of Service Attack (DDoS)BotnetsPopular Windows Security Holes

Chapter 3: MyDoomIntroductionHow it WorkedOnce infectedDamagesThe End

Chapter 4: Sobig.FIntroductionHow it WorkedOnce Infected..DamagesThe End

Chapter 5: ILOVEYOUIntroductionHow it WorkedOnce InfectedDamagesThe End