CodeRed - (July 13, 2001) This virus exploited a buffer overflow in Microsoft Internet Information Server. You didn't have to double click a .EXE for it to run. All you had to do is have the unpatched version of MSIIS and a Internet Connection to be infected. CodeRed wasn't even a EXE, all of it was ran it memory, so if you went to Windows Task Manager, you would not see the worm. If a infected PC was hosting a site(website.com) on their server, CodeRed would replace it with "Welcome to worm.com! Hacked by Chinese!", As seen in this photo:
LoveLetter\ILOVEYOU - (May 4-5, 2000). This worm spread though E-Mail. When a user was infected with this virus, the virus would send a email that would have itself attached to everyone it the Windows Address Book(where Outlook users stored email addresses). Everyone in the WAB(Windows Address Book) would get a email that asked them to open the file(the virus) because it was a loveletter for them. They would open it, the virus would send copies of itself to their WAB's, and infected more and more people. The virus also overwrites files with itself(like JPG, MP3, JS, JSE, WSH). Since the virus was written in Visual Basic Script, it's source code could be opened and modded, so the virus could overwrite .EXE, .COM, .DLL, and .SYS, destroying the OS.
(A look at the worm's code, this part of the worm is where it copies itself to the Windows and System folders, and some comments at the top)
Klez (2001) This virus spread in the same way as LoveLetter: it sent copies of itself to people in the WAB. Klez was worse then LoveLetter because on some days(June or July 6th), the virus corrupted all of the users files, destroying the OS and their documents. Even worse, the virus could send documents and files from the user's PC to people in the WAB, leaking personal info.
Opaserv - (2002) Opaserv spread over Networks/LANs. Have a password on your PC so a virus can't access your PC on a network? No problem. The virus exploited a flaw in the password system. Lets say your password is "mypassword123". The virus would suggest the first byte of the password(the first letter is the first byte). It would suggest a. Invalid password? It would suggest b. It would keep doing this untill: M? Permission granted! The worm would then infect your PC. The exploit allowed it to infect PC's quickly. If you tried to remove it(like removing it's Run keys in the Registry) or it was December, the worm would activate it's payload: It shutdown the computer, when the computer was turned back on, a message appeared saying the user had a illegal copy of Windows. While it said this fake message, the worm formated the drive and overwrite everything, destroying the partitions and data on the drive
CIH (1998) This virus infected files on the user's PC and on April 26, did the most worst thing ever: It destroyed the partition table.It overwrote the BIOS(Basic Input Output System) with junk data. The BIOS contained very important data and how to boot the PC, and without it, the PC was bricked. So CIH broke hardware. Since CIH infected files, many software manufacturers were infected and their software was infected, so when a user installed the software, they were infected.
(a program that fixed CIH's partition payload(NOT THE BIOS))
LoveLetter\ILOVEYOU - (May 4-5, 2000). This worm spread though E-Mail. When a user was infected with this virus, the virus would send a email that would have itself attached to everyone it the Windows Address Book(where Outlook users stored email addresses). Everyone in the WAB(Windows Address Book) would get a email that asked them to open the file(the virus) because it was a loveletter for them. They would open it, the virus would send copies of itself to their WAB's, and infected more and more people. The virus also overwrites files with itself(like JPG, MP3, JS, JSE, WSH). Since the virus was written in Visual Basic Script, it's source code could be opened and modded, so the virus could overwrite .EXE, .COM, .DLL, and .SYS, destroying the OS.
(A look at the worm's code, this part of the worm is where it copies itself to the Windows and System folders, and some comments at the top)
Klez (2001) This virus spread in the same way as LoveLetter: it sent copies of itself to people in the WAB. Klez was worse then LoveLetter because on some days(June or July 6th), the virus corrupted all of the users files, destroying the OS and their documents. Even worse, the virus could send documents and files from the user's PC to people in the WAB, leaking personal info.
Opaserv - (2002) Opaserv spread over Networks/LANs. Have a password on your PC so a virus can't access your PC on a network? No problem. The virus exploited a flaw in the password system. Lets say your password is "mypassword123". The virus would suggest the first byte of the password(the first letter is the first byte). It would suggest a. Invalid password? It would suggest b. It would keep doing this untill: M? Permission granted! The worm would then infect your PC. The exploit allowed it to infect PC's quickly. If you tried to remove it(like removing it's Run keys in the Registry) or it was December, the worm would activate it's payload: It shutdown the computer, when the computer was turned back on, a message appeared saying the user had a illegal copy of Windows. While it said this fake message, the worm formated the drive and overwrite everything, destroying the partitions and data on the drive
CIH (1998) This virus infected files on the user's PC and on April 26, did the most worst thing ever: It destroyed the partition table.It overwrote the BIOS(Basic Input Output System) with junk data. The BIOS contained very important data and how to boot the PC, and without it, the PC was bricked. So CIH broke hardware. Since CIH infected files, many software manufacturers were infected and their software was infected, so when a user installed the software, they were infected.
(a program that fixed CIH's partition payload(NOT THE BIOS))
Attachments
Last edited:
