Top Destructive Cyber Viruses and How to Avoid Them.
CryptoLocker Ransomware was released in September 2013 and it spread through email attachments and encrypted the user’s files so that they couldn’t access them. The virus is a dangerous form of ransomware that encrypts files on the computer. A Victim has to pay a certain amount through bitcoin in exchange for being able to access the file or documents. To decrypt the file, a person/victim should have a private key to decrypt the file. Once the
files are infected, the files are effectively lost forever.
In June 2014, Operation Tovar took down Evgeniy Bogachev, the leader of the gang of hackers behind CryptoLocker. In February, the FBI offered a cool $3 million reward for Bogachev.
There are many ways to avoid the CryptoLocker virus such as by updating antivirus software and malware protection, ignoring suspicious attachments or files, and by not clicking on random or unrecognized links. Also, it is always a great idea to always back your files up.
LIFARS proactive cyber services such as comprehensive gap assessment, red-teaming, penetration testing, remote threat hunting and vulnerability assessment reveal a company’s vulnerabilities.
Plug X malware is a Remote Access Trojan (RAT) which is also known as “Korplug” and it was first discovered in 2012. It primarily targets government entities, targets specific businesses and organizations and it spreads via phishing emails, spam campaigns, and spear-phishing campaigns.
The attack starts with a phishing email containing a malicious attachment, usually, a specially crafted malicious document and exploits a vulnerability in either Adobe Acrobat Reader or Microsoft word.
PlugX contains backdoor modules to perform the following tasks:
XPlugDisk – used to copy, move, rename, execute and delete files.
XPlugKeyLogger – used to log keystrokes.
XPlugRegedit – used to enumerate, create, delete, and modify registry entries and values.
XPlugProcess – used to enumerate processes, get process information, and terminate processes.
XPlugNethood – used to enumerate network resources and set TCP connections.
XPlugService – used to delete, enumerate, modify, and start services.
XPlugShell – used to perform remote shell on the affected system.
In July 2016, a Japanese travel agency, JTB Corp, suffered a data breach compromising almost 7.93 million user records. The data breach was a result of an employee opening a malicious document which he received via a phishing email. The malicious document included the PlugX RAT, which installed the Elirks backdoor trojan, that is designed to steal user information. Furthermore, it was reported that 7.93 million user records from Japanese Travel Agency were compromised.
Watch How RYUK Ransomware Takes Control Over Computer Files in a Matter of Seconds:
3. Zeus Gameover
Zeus virus is part of the “Zeus” family of malware and viruses and it was first discovered in 2011. The virus is a form of malicious software that targets Microsoft Windows. Spam messages and drive-by downloads are two main methods of infection.
The main purpose of the Zeus virus is to access the victim’s sensitive bank account details and steal all of the victim’s funds. The virus can bypass centralized servers and create independent servers to send sensitive information and a victim cannot even trace his/her stolen data. Also in some cases, Zeus can download ransomware that encrypts your files and demand money in exchange for unlocking them.
The simplest way to get rid of the Zeus virus is to use antivirus software as well as a malware removal tool.
Stuxnet worm was thought to have been developing since 2005 and it was first uncovered in 2010. It was originally aimed at Iran’s nuclear facilities. The worm destroyed numerous centrifuges in Iran’s Natanz uranium enrichment facility by causing them to burn themselves out. Based on the log files of Stuxnet, a company called Foolad Technic was the first victim.
Stuxnet spread via USB sticks and Microsoft Windows computers. The real target of the Stuxnet virus is to look for a particular model of Programmable Logic Controller (PLC) which is made by Siemens. These are small industrial control systems running all sorts of automated processes such as in chemical plants, on factory floors, oil refineries and in
nuclear power plants. These PLCs are controlled by computers and it is the main target of the Stuxnet worm. It was reported that the worm already infected more than 50,000 Window computers and Siemens has reported 14 infected control systems which were mainly in Germany.
MyDoom, the first version of the worm, appeared on January 26, 2004. It spread via email and through a peer-to-peer network. This virus originated from Russia and is written in C++ programming language. The virus creates a backdoor in the victim’s computer’s operating system. On Feb 1, 2004, it caused the virus to begin a denial of service (DoS) attack and on Feb 12, it stopped distributing itself. Even after the virus spread, the backdoors created during the initial infections remained active. MyDoom, like ILOVEYOU, is a record-holder and was the fastest-spreading email-based worm ever.
MyDoom was an odd one, as it hit tech companies like SCO, Microsoft, and Google with a Distributed Denial of Service attack. In 2004, roughly somewhere between 16-25% of all emails had been infected by MyDoom.
6. Sasser and Netsky
Sasser and Netsky were created by a 17 years old German named Sven Jaschan.
These two worms behave in different ways, similarities in the code led security experts to believe they both were the work from the same person. The Sasser worm is unstoppable; once the virus infected a computer, it looked for another vulnerable system. The virus scans random IP addresses to find potential victims. While the virus did no physical damage, Sasser was responsible for DDOS attacks. The virus slows down the Internet and puts some sites to a complete halt. Sasser was so effective it actually ground one third of the post offices in Taiwan to a halt, shut down 130 branches of a Finnish bank,
and forced rail and transatlantic flights to be cancelled.
On the other hand, Netsky virus spreads via e-mail and Window networks with the purpose of insulting other computer viruses such as Mydoom and Bagel. There are many forms of Netsky, each made by different people. Netsky was actually the more viral
virus, and caused a huge amount of problems in 2004.
The Code Red worm was discovered by two eEye Digital Security employees Marc Maiffret and Ryan Permeh. They named it “Code Red” because they were drinking Code Red Mountain Dew. The Code Red surfaced in 2001 and the work targeted computers with Microsoft IIS web server installed by exploiting a buffer overflow problem in the system. Once the computer is infected, it will proceed to make a hundred copies of itself but due to a bug in the programming, it will duplicate even more and ends up eating a lot of the system’s resources. It will then launch a denial of service attack on several IP addresses, famous among them was the attack on the White House website . It also allows backdoor access to the server, allowing for remote access to the machine.
On July 19, the code red worm infected more than 250,000 computer systems in just nine hours and it was estimated that it caused $2 billion in lost productivity. The Pentagon shut down their hundreds of Defense Department Web pages in order to install protection against “Code Red.”
In order to protect your computer, Microsoft has made available a “patch” that is intended to protect computers against “Code Red.”
It can be downloaded from the home page of the Microsoft Web site (www.microsoft.com ).
Nimda first appeared on September 18, 2001 and it spread through the Internet rapidly. In fact, it only took 22 minutes from the moment Nimda hit the Internet to reach the top of the list of reported attacks. The main purpose of the Nimda virus was to bring Internet traffic to a crawl. By creating a backdoor in the victim’s operating system, it gives access to the attacker to the same level of functions. Also, if the victim was the administrator for the machine, the attacker would have full control. Nimda worm became a distributed denial of service (DDOS) attack after the spread of the Nimda virus which caused come networks to crash as more of the system’s resources became fodder for the worm.
According to data from the Cooperative Association of Internet Data Analysis, the Nimda virus infected nearly 160,000 systems. The virus code includes the text: Concept Virus(CV) V.5, Copyright(C)2001 R.P.China
ILOVEYOU virus originated in the Philippines, began to infect computers on May 5, 2000. The virus spreads by email with the subject line “ILOVEYOU” and an attachment, “LOVE-LETTER-FOR-YOU.txt.vbs” If the attachment was opened, a Visual Basic script was executed, and the computer was infected. It is considered one of the most virulent computer viruses ever created. It was managed to wreak havoc on computer systems all over the world with around $10 billion worth of damages. 10% of the world’s computers were believed to have been infected. It was so bad that governments and large corporations took their mailing system offline to prevent infection.
In order to stay safe from virus attacks like ILOVEYOU, there is a dire need to install a robust virus removal program.
Ransomware and Cyber Vaccines Presentation by Ondrej Krehel, PhD, CEI, CEH, EnCe, CISSP
The Melissa virus was reportedly named by David L. Smith after an exotic dancer from Florida in 1999. It was an infected word document that when opened would be transferred to 50 top email contacts of the victim. The document would say that it consisted of the password of different port sites which would get the attention of the victim and would open it getting hacked. Some of the emails would consist of simpsons reference as that is a popular animated series and had a lot of fan following.
This virus was not created with the intention of stealing money or information of the people though but did a lot of damage nevertheless.
Over 300 corporations and government agencies were hit hard by this virus.
One of the few top companies to be affected by this virus was Microsoft, which was shut down due to the email overload.it has been amused that almost a million email had been affected by this virus causing huge internet traffic and causing the internet to run at a very slow pace. Even though the virus was contained within a few days, the damage was already done. The FBI gave information to the people about the virus and tried to warn them about not opening the virus but the temptation won on many occasions causing the email to be hacked. It is estimated that around 80 million dollars was used for the clean up and to solve the damage that was done due to this virus. The culprit behind this virus was soon arrested after the joint action run by the FBI and AOL as he used the AOL account to create the virus.