home

Project Description
Wiki provides a tool/platform where everyone can contributes to a specific topic. The most famous wiki is [|wikipedia]at [|www.wikipedia.org]. In this project, you're required to contribute to a group wiki, topic is "Computer Viruses", so you need to browse through the web, learn one virus and write something about it and post your understanding of the virus inside this wiki.
 * You must select a virus that has not been previously posted to your wiki group, so read the wiki before posting. Please always insert your post at the end of this wiki page, please do NOT insert it in front of an existing wiki post.
 * For your contribution, write a paragraph (6-8 sentences) about the virus you found. Include at least one link to the source of your information, and a link to a "fix" for the virus.
 * Please be EXTRA careful as NOT to delete other people's posts while editing yours. When you try to save your post, if you see a warning message telling you that you're going to override other people's post, do not save your post first, wait for a few minutes, then save it, basically wikispaces.com does not support concurrent saving!
 * All the changes you make to your group Wiki are visible through the history of the wiki. If you overwrite other students posts, you will be penalized with 20% deduction on your grade.
 * Feel free to add any type of widgets (tables, videos, etc) inside your post.
 * **Important:** Once you finish the posting, double check the wiki page to make sure that your post can be seen, also keep a soft copy of your work for future reference.
 * **Be careful, do NOT** add your post under "Discussion" by clicking on "Add Discussion", since you will not be able to delete it once added!
 * **For grading purpose, write your name after your post so that we know whose post it belongs to and insert a horizontal line at the end of your post to separate yours from others.**

- **by Kazuaki Kashihara**

MyDoom Virus (Sample only - Do not modify/delete it)
One of the most costly viruses to date is known as the “MyDoom” virus. The virus was released in 2004 from Russia. The spread of the virus was so chaotic that “Within 24 hours of the release of the virus, it had infected one out of every 12 emails world wide” [|(The Telegraph Report)]. The damaging cost of the virus was “$38.5 billion USD in economic damages” [|[1 ]]], the most expensive to date. The virus is spread through e-mails similarly to the “Iloveyou” virus. MyDoom attempts to spread via email by copying itself to any available shared directories, messages, and other file formats. It is able to disguise itself resulting in many computer users overlooking the virus, and making it very difficult to find [|[2 ]]]. Solution to clean up this virus can be found from [|Computer World]

- **Posted by Kazuaki Kashihara as a demontration**

**There's a STORM WORM out there and I didn't even know it.**
STORM WORM – Whether you’ve heard of it as Peacomm or Nuwar it is still a Trojan horse that can turn any computer into a zombie. In simple terms the worm creates a vulnerability in the receivers’ computer that allows remote access. The sender can then create a botnet to push spam across the internet. There are several different variations but they all basically do the same thing and can contribute to literally millions of spam emails. The good thing is that it is not difficult to detect and if you keep your antivirus up to date you will be protected. There were several interesting viruses shared in this article and all of them had unique challenges to mitigate. I think it’s important to be as protected as possible when utilizing the internet. So, ensure that your virus protection is always up to date and that your firewalls are always turned on. To view “10 Worst Computer Viruses of All Time”, please go to https://computer.howstuffworks.com/worst-computer-viruses10.htm.

- Posted by Jerry N Tarvin
=__**Crypto Locker**__=

A newcomer to the virus arena, this is a form of ransom ware using data encryption; essentially taking over your files and locking them. The only way to retrieve data is by paying the hackers to send a decryption key, using Bit Coin. Working in the healthcare industry Cyber Security (while important) is normally lower on the list vs. HIPPA guidelines; the focus is protecting patient information. HIPPA violations are costly, i.e. a former director of mine having her unsecured laptop stolen. The fine was $750,000 to the company. Originally released in 2013 Crypto Locker had 500,000 victims and made $30 million in several weeks. More recent variations included Locky in late 2016 targeting a California hospital, which is now showing up in modified versions. Additionally, these are the most recent patches for Crypto Locker/Crypto Wall (variant)/Locky; see links below.

[]

[]

[]

[]

- **Posted by Geoff San Miguel**

=__**PoisonIvy**__= PoisonIvy is a virus that allows the attacker to control ones computer without the knowledge of the user. PoisonIvy can be infected into a users computer by infected email attachments, downloads from websites, programs from fake virus removing programs, etc. This gives them access to not only any of the files and information on the computer but can also give them access to the users speaker and webcam. This gives the hacker access to record video and audio without the knowledge of the user. It can also download and run files on multiple different websites onto the users computer. PoisonIvy also has the ability to retain certain information that is entered or saved by the user. This includes keystrokes, giving the hacker the ability to retain banking information, passwords, and other confidential information. It can take screenshots of what the user is accessing and also reduces the security level on the computer. Listed is a link with steps on how to remove the PoisonIvy virus [].

Sources: [] []


 * -Posted by Raquel Vasquez**

=__**ILOVEYOU**__= The ILOVEYOU worm, more commonly known as "The Love Bug" or "Love Letter" in the news headlines of 2000, was a computer virus that is spread through email. Opening the attachment of a Love Bug email activated a virtual basic script, infecting the machine on which it was opened. The dangers of this worm were two-fold. First, it did extensive damage to the afflicted computer, overwriting files on the user's hard drive. Secondly, it accessed the address book of the infected machine, sending itself it to all known contacts of the user. Due to this abuse of recipients' trust, and the general public ignorance of computer viruses at the time, the Love Bug's spread was rampant and devastating. This one computer worm is estimated to have caused $5.5-8.7 billion in damages worldwide.

To see a video of this virus in action, click this [|youtube] link. To remove the ILOVEYOU virus from your machine, follow the steps on [] Source: []

- Posted by Doug Schmierer = = =The Sapphire Worm/Slammer Worm=

The fastest computer worm in history was the Sapphire Worm, also known as the Slammer Worm. Within ten minutes of its outbreak, it had infected at least 90% of vulnerable hosts, or at least 75,000. The effects were as drastic as cancelled flights and ATM failures. The bulk of the harm was done by just overloading networks and disrupting database servers. The strategy used by this virus was based on scanning random IP addresses to infect until it spread to all the unprotected. Sapphire was bandwidth limited, meaning it could scan as fast and as many computers at the rate the packets could be delivered. It was estimated that it caused nearly $1 billion in damages before antivirus measures caught up to it. FIx: https://www.symantec.com/security_response/writeup.jsp?docid=2003-012502-3306-99 Sources: []

[]

-Posted by Laurel Sullivan

Zeus Virus [|jadecis] less than a minute ago This Trojan virus was exposed in 2007 and became a huge problem in 2009. It is reported to be the go-to for hackers even today. It works by compromising your computer to steal all your information, not just passwords, credit card numbers, and social security numbers. It effectively steals birthdays, maiden names, and security questions. Zeus is spread through spam, "drive-by downloads", and has been used in tech-support scams. Because of this, just because your computer says you have the Zeus virus doesn't mean you do, it could be a scam. It is recommended to use up to date, legitimate software like; Reimage, Plumbytes Anti-Malware or Malwarebytes Anti Malware, or remove the virus. These will also remove the virus warning pop up.

[] []

Posted by Malisa Wruble

=**STUXNET**=

The Stuxnet Worm is quite unique as it was designed for rather specific purposes, and most people won't have to worry about it bothering them. It was designed to attack industrial control systems (ICS), or computer networks that help support a country's or city's infrastructure. Since it attacks only a specific type of computer, it can lie dormant and transfer from computer to computer until it finds its target. Originally designed to be transferred via USB, it can infiltrate any network, even it there is not an external internet link. Nobody really knows where this worm came from, its actual intended targets, and it decides on its own what damage it will do when it finds the right type of computer. There is a lot of speculation behind this worm as it was possible created by a government specifically to sabotage an enemy nation. I personally think its kinda cool, and its almost like a small sentient species moving around the world that decides what it whats to do and where it wants to go. Though quite woeful for many government facilities, the average computer user shouldn't get too many issues with this worm as it is detected by most virus scan programs as it has been around since 2009. Its purpose still remains a mystery however.

Info: https://www.lifewire.com/stuxnet-worm-computer-virus-153570 https://www.forbes.com/2010/10/06/iran-nuclear-computer-technology-security-stuxnet-worm.html#50dc67b851e8

Fix: https://www.solvusoft.com/en/malware/worms/stuxnet/

-Posted by Bradley Sorenson

=CODE RED= ====The Code Red virus is a type server jamming computer worm. It infected computers mainly in mid July during the year of 2001 running with Microsoft. The virus is believed to have originated in the Philippines. The worm would deface affected websited by displaying the text, "Hello! Welcome to http://www.worm.com Hacked by Chinese!" A few days later, the virus would launch posts denying the attacks, one of which included The White House. All of the infected computers tried to contact The White House at the same time, which caused an overload for the government systems. The name of the virus comes from those who discovered it were drinking Code Red Mountain Dew at the time.====

Info: https://computer.howstuffworks.com/worst-computer-viruses4.htm Fix: https://www.symantec.com/security_response/writeup.jsp?docid=2001-080908-4231-99

- Posted by Emily Rutherford

=Shamoon=

Shamoon is a computer virus discovered in 2012. It was described by then secretary of defense Leon Panetta a cyber pearl harbor. It was the largest hack in history. The computer virus was designed to attack oil companies computer systems of Saudi Arabia and Qatar. The virus was discovered by Symantec, Kaspersky Lab, and Seculert. The virus spreads from the infected machine to other machines on the server. Once a system is infected the malware created a list of all files on the computer then sends them to the attacker before deleting the files. Lastly the virus overwrites the master boot record of the infected computer making it unusable. The attack occurred during the month of Ramadan when most of the staff where gone to produce maximum destruction. Steps to fix the shamoon virus can be found at []. Source: [] -Posted by Dane Wheeler

=The Melissa Virus=

Melissa is a virus that first started circulating in the US around March of 1999. The virus was sent to users via email with a subject line reading “Important message from (user name)”. The body of the email went on to read “Here is the document you asked me for… do not show it to anyone”. Attached to this email was an infected Microsoft Word documents. Once the recipient opened this file the computer was infected. The virus went on to send itself to the first 50 recipients in the computers address book in Outlook. This virus is significant as it was the first virus to use a word document to infect computers. It was also the first virus to use the technique in which it sent itself to the first 50 people on the users Outlook address book. The virus has caused more than 80 million dollars in damages to companies including Microsoft, Intel and Lucent technologies, among others(Pandasecurity.com). For tips on removing the virus please visit @https://kb.iu.edu/d/agzl

Source: @https://www.pandasecurity.com/mediacenter/malware/most-famous-virus-history-melissa/

-Posted by Melody Trujillo

The Skulls Trojan Horse was a virus from 2004 that effected Nokia smart phones, it included a handful of different versions ranging from A-L, each with their own unique issues. The main issue of this virus was to replace your phone screen icons with skulls and disable phone functions, essentially leaving you with just a “phone”. Version B of this virus disabled your phone, but did not display skulls, making it initially difficult to identify. Version C attempted to disable the anti-virus software on your phone, and version L was deemed the worst as it was presented as a solution or fix for the virus. This virus was spread through Bluetooth connections, which in turn used up your battery power. Unfortunately, there is still no known fix for this virus, the only solution I could find was a hard reset for your phone. As we all know, hard resets can lead to a loss of contact information, and even photos if not backed up properly.
 * __ The Skulls Trojan Horse Virus __**

Sources: [] [] Fix: []

Posted by Denielle Wilson

=**WannaCry Ransomware**=

First discovered in May 2017, WannaCry has wreaked havoc on computers and servers of end-user consumers and larger corporations worldwide. The virus can infect a machine due to it not having the most up to date security software and poor user behaviors such as downloading files from emails that were not expected. Originally, computer security experts discovered a "kill switch" for the virus which would stop the software from continuing infection and locking files up;however, hackers have since updated the virus to prevent the software from being disabled making there be no known way to stop damage once infected if the user restarts the machine to troubleshoot. Upon successful infection, files on the respective machine will became encrypted and lock up preventing the user from accessing such. The machine will display a message indicting that a "ransom fee" must be paid in order to unlock files and restore system access. The fee typically is demanded in a virtual currency such as Bitcoin to prevent tracking. If the fee of $300 is not paid promptly, the required amount could double and files could eventually be permanently destroyed. There is currently no known fix to this virus upon infection except when the machine has not been rebooted, a patch called wanakiwi can assist.

Sources: https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/ Fix: https://www.engadget.com/2017/05/19/wannacry-fix-hack-ransom-cybersecurity-researchers/

Posted by Nicholas Stark


 * __The Klez Virus__**

The Klez Virus was first discovered in 2001 and marked a new direction for viruses. The basic Klez worm infected a victim's computer through an email message, replicated itself, and then sent itself to other people in the victim's address book. Some variations of this virus carried other harmful programs that would render the victim's computer inoperable. The Klez Virus was so complicated that it could act as a normal computer virus, a worm, or a Trojan horse. It was even able to disable virus-scanning software and pose as a virus-removal tool. Not long after this virus appeared on the internet hackers found a way to make it even more effective. Similar to other viruses, the Klez virus could come through the victim's address book and send itself to other recipients but, it could also take another contacts name and add it to the "From" field in the email making it come from one of your contacts. This method is called spoofing. A Klez worm with multiple emails could clog an inbox in short order, because the recipients would be unable to tell what the real source of the virus is. To eradicate the Klez Virus the best method is to disconnect the infected device from the network, then using up-to-date antivirus software or the Symantec virus removal tool. Source: https://computer.howstuffworks.com/worst-computer-viruses3.htm http://ccm.net/contents/759-the-klez-virus

By: Marisa Stuart

__**Overwriting Virus**__

An overwriting virus is a program that after infection will destroy the original program code by overwriting data in the systems memory. This program is so dangerous before is will destroy elements to a user’s system. One example of a overwriting virus are TRj.reboot virus. The TRj. Reboot uses Visual Basic 5 libraries to overwrite program code that already existed. Another common overwriting virus is the Trojan Virus which can restart a computer and will target Windows NT and Windows 2000 system in the 2000’s. In order to remove the virus users will need to reinstall the systems original programs, this task can be difficult if the original programs were not backed up or if the user did not keep duplicate copies offline. []

-Caitlyn Smith

__**CIH**__ CIH also known as the Chernobyl Virus was created in June 1998 in Taipei, Taiwan. CIH stands for its creators name, Cheng Ing-Hua. The virus searches for unused space in the file and then continues to break into smaller pieces inserting code into the unused space. The virus has two payloads, that make it very effective. The first payload overwrites the hard drive with random data. It also continues using an infinite loop until the system crashes. The second payload tries to cause permanent damage to the computer. It attacks the the Flash BIOS and tries to corrupt the data stored there. This can result in a black screen when the computer starts up. The virus can only spread on windows 95, 98 and ME systems. This virus was reported all over the world causing issues from Korea to Boston. It is estimated that this virus caused over 250,000,000 dollars in damages. There is no cure for the CIH virus but thanks to updated protection and security newer software systems are immune from CIH now.

[|Top 10 Worst Viruses] [|CIH] - Gerardo Saldivar

The Kama Sutra worm, also known as Blackworm, Nyxem, and Blackmal, is a type of malware, or malicious software that infects PCs using the Windows operating system. The Kama Sutra worm was discovered on January 16, 2006. It was designed to destroy files, such as Microsoft Word, Excel, and PowerPoint documents beginning on Feb 3rd. The worm arrived via e-mail, stating it was a website for explicit photographs. However, when users clicked on the attachment, they got an infected machine instead of photographs. The number of infections worldwide has been estimated at about 300,000, with the highest numbers in Turkey and India.
 * __The Kama Sutra Worm __**

[] []

-Portia Smith

=__**The Bad Rabbit Virus**__=

In October 2017, the U.S. government issued warnings about a new ransomware virus -- dubbed "Bad Rabbit" -- spreading from Russia and Ukraine into other countries around the globe. Similar in many respects to the Petya virus, Bad Rabbit seizes a computer's files and demands their owner pay 0.5 bitcoin (approximately $285) to have them released.[1] The virus is spread via a fake Adobe Flash installer that looks genuine and dupes unsuspecting users. [2] Bad Rabbit uses DiskCryptor, an open-source full-drive encryption software, to lock down files using RSA 2048 keys. [3] Although there is currently no means of removing the virus from an infected computer, cyber-security researcher Amit Serper claims to have developed a "vaccine" to prevent Bad Rabbit from laying siege to a computer's hard drive. [4] Other experts recommend disabling a network's WMI service to prevent Bad Rabbit and other malware from spreading over the network. [5]


 * - posted by Joshua Stancil**

=__**Conficker Virus**__= __**[|Conficker]**__ This virus was first identified November 2008. It is known as a computer worm which attacked the Microsoft Windows operating system. The infection of this worm affected over a million home, business, and government computers. This virus would use the faults in Windows OS software and dictionary raids on administrator passwords which creates a botnet and has been hard to pin because of all the combined advance malware techniques. The Welchia virus in 2003 was the largest known computer worm infection until the Conficker popped up. Some of the symptoms included congestion on local area networks, user accounts locked out, and domain controllers responding slowly to client requests. The removal and detection came from Microsoft when they released the Windows Malicious Software Removal Tool. This would remove the virus and prevent it from coming back to infect computers again. [|Windows Malicious Software Removal Tool]

-Veronica Silerio

=__**The Sasser Virus**__=

__**[]**__

The Sasser Virus was found first in 2004, and affected machines running the Windows XP and Windows 2000 operating systems. The virus has since affected millions of computers, and it can be crippling. The effects can show up as just being an annoying nuisance, or could result in a catastrophic failure of the operating system. The creator of this virus is named Sven Jaschan who also was the creator of the Netsky Virus. The worm was able to access the security system of the machines through the Local Security Authority Subsystem System, or the LSASS. This virus spread so rapidly and affected so many computers, because it was able to alter the security settings on the machine, and spread to other machines without user intervention. This virus can be blocked with the use of a properly configured firewall, and Microsoft has also since released updates to the affected operating systems that can fix the issues caused by the Sasser Virus.

[| http://www.pchell.com/virus/sasser.shtml]

-**Posted by Mitch Stockton**