Archive for May, 2010
Where do viruses get their names?
Posted by Daniel Snyder in Malware Info on May 30, 2010
Have you ever wondered how a virus gets its name? Generally speaking the individual responsible for the discovery of the malicious program gets the honor of naming it. In theory the name is supposed to be related to the virus and what its intent is, however it is obvious by the bizarre names of many viruses out there that this theory is not always held to. Some viruses gain their names from messages within the code. Some times the namers of viruses must seek inspiration. Apparently the lunch virus was named after the analyst who discovered it had just eaten lunch.
The nimda virus is simply admin backwards. Often analysts will pull a reference from virus code in order to come up with a name. Both Yaha and SirCam were named for specific references found within the viruses code.
Some of my favorite virus names are:
Michaelangelo, which was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.
Conficker (aka: downadup), a worm that has caused one of the largest worm infections ever affecting over 7 million government, business and home computers.
Concept, the first macro virus.
Optix Pro, a trojan that allows a hacker remote access to a PC.
What virus names intrigue you?
The very first viruses: Creeper, Wabbit and Brain.
Posted by Daniel Snyder in Malware Info on May 30, 2010
Where did the first computer viruses come from? When were the first computer viruses developed?
Generally accepted as the first virus is the Creeper Worm, developed in 1971 by Bob Thomas. It was not however designed maliciously or with any intent do damage. Creeper was a self replicating program. Creeper gained access via the ARPANET and copied itself to the remote system where the message, “I’m the creeper, catch me if you can!” was displayed. The Creeper would start to print a file, but then stop, find another Tenex system, open a connection, pick itself up and transfer to the other machine (along with its external state, files, etc.), and then start running on the new machine, displaying the message. The program rarely if ever actually replicated itself, rather it jumped from one system to another, attempting to remove itself from previous systems as it propagated forward, thus Creeper didn’t install multiple instances of itself on several targets, actually it just moseyed around a network. A program called Reaper was created to delete creeper.
In 1974 the Wabbit Virus, was created (see also fork bomb), Wabbit was a self-replicating program, that made multiple copies of itself on a computer until it bogs down the system to such an extend that system performance is reduced to nil and the computer eventually crashes. This virus was named wabbit because of the speed at which it was able to replicate.
In 1986 the Brain Boot Sector Virus showed up. Brain is considered to be the FIRST IBM PC Compatible virus. It infected the boot sector of MS-DOS systems. The Brain virus is responsible for the first IBM PC virus epidemic. The Brain virus even came with contact information for the authors who created it as well as a message that notified the user that their machine was infected:
Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...
There was a legitimate reason for the message appearing as the Brain virus was originally used to track software (a heart monitoring program developed for the Apple ][e series, computer pirates were distributing copies of the disks. The tracking program was developed to stop and track illegal copies. Another programmed copied the technique for DOS and that’s how it became the Brain virus.
Nero 9 forces install of ASK toolbar
Posted by Daniel Snyder in Malware Info, Security News on May 28, 2010
I’m stunned. Recently I was seeking some new software for burning DVDs. I’ve used NERO often in the past, and was quite happy with it. I’ve not used NERO since moving from XP to Vista and now Windows7. I thought I’d check out the new Nero 9 Lite (Link included out of obligation, not because I think you should click on it). Upon installation I was shocked to discover the installation of Nero 9 forces the install of ASK toolbar. I’m a big hater of toolbars, but especially of the ASK toolbar which I consider to be spyware. Here’s what NERO has to say on their website about the ASK toolbar: The Ask Toolbar is a tremendously powerful and totally customizable toolbar that installs directly onto your Web browser. HA! Their site claims that the ASK toolbar is not required to run Nero, however their installer package makes it appear that you must install it. This speaks loudly to me about the state of NERO’s products (and business), if they have reduced themselves to bundling with spyware toolbar companies. ASK is pretty clever these days, disguising themselves well, and hiding all over the place. They’ve yet to really be held accountable to the way they install their toolbar, often hiding it in the installs of other products.
If you come across the ASK toolbar, my recommendation: stay away. If you already have it on your computer, remove it.
You can come to your own conclusion on the integrity of this product when you type “ASK TOOLBAR” into google, some of the immediate suggestions that come up are: ask toolbar removal, spyware, virus, uninstall, delete.
Here’s some other interesting information on the current practices of ASK toolbars.
Malwarebytes Review. We eat malware for breakfast.
Posted by Daniel Snyder in Antivirus reviews, Product Reviews on May 28, 2010
Info Carnivore has shifted its entire focus onto malware, malware removal, computer security news, and anti-virus reviews and information. Tools, applications and instructions for dealing with malware threats are available here. You will also find links to recommended websites, blogs & forums for dealing with malware issues.
Are you dealing with a malware issue? Let us know. Submit questions or comments & join the conversation.
This blog is full of opinion (mine of course), and I clearly don’t have all the answers. It is however mant to assist individuals in securing their computers and dealing with current threats to their PCs security.
My number one recommended malware tool? Well, it does change from time to time, but for a while now I’ve been a huge advocate of malwarebytes. Malwarebytes’ Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.
Limewire loses in court: Pirates!
Posted by Daniel Snyder in Computer Security on May 28, 2010
P2P software company Limewire finally lost in court vs. major recording companies. Mark Gorton chairman of limewire has been found liable for inducing copyright infringement. But LimeWire won’t be shut down right away. First the record labels and LimeWire will meet with Judge Kimba Wood in June to determine what next steps may be taken, perhaps an award for damages?
Over 200 million copies of LimeWire’s P2P file-sharing program has been downloaded. This could suggest that LimeWire will be going the way of Napster who was essentially ‘sued out of existence’. Napster of course is now owned by Best Buy and has legit deals with all major recording companies.
Online scam targest FIFA fans
Posted by Daniel Snyder in Security News on May 28, 2010
They say FIFA 2010 could be one of the most watched sporting events in history, and it is anticipated as perhaps the biggest sporting event ever! For this reason, it comes as no surprise that it is being used by cyber criminals as a foot in the door for a new scam. Two separate spam runs promoting FIFA 2010 have been identified. The first spam sample had a .DOC file attachment that informs recipients of a supposed new contest called “Final Draw” organized in part by the FIFA Organizing Committee. It also tells the recipient of a US$550,000 prize. To claim this, however, the “winner” must immediately coordinate with the releasing agent via the contact information indicated in the email. The email also asks the recipient to give out personal information.
Another sample related to this scam is a poorly written email with an equally poorly worded letter attachment in PDF. This asks recipients to divulge specific information in relation to a fund transfer transaction amounting to a whopping US$10.5 million. Upon agreeing to the proposal, the recipient should supposedly get 30 percent of the said amount.
Note that this tactic is reminiscent of the infamous 419 or Nigerian scam, which persuaded users to send cash by promising them a large amount of money in return for their cooperation.
A typical 419 or Nigerian scam is a type of fraud wherein victims are promised a sum of money such as lottery prizes, inheritances, etc. in exchange for something minor like giving out information or a small donation via spam (see Figure 3). The letter starts off by (1) introducing the sender from a supposedly reputable organization. It then implores help from the email recipient. The FIFA-themed spam we obtained (see Figure 4) uses the same technique—(2) promising the recipient a sum of money.
Both scams do not directly ask for cash. Instead, they request for information or for the recipients to (3) coordinate with a fake contact accompanied by a (4) call to action to send in their contact details. Simply put, the cybercriminals behind these scams are malicious users that use the Internet to commit crimes such as identity theft, spamming, phishing, and other types of fraud. In fact, FIFA sternly warned fans of similar online scams such as those featured in the following blog posts:
Current threat levels
Posted by Daniel Snyder in Security News on May 28, 2010
Trend Micro supplies a widget that reports on the current global threat level of malware, malicious websites, and the percentage of world-wide IP addresses that are sending spam. Interesting information to keep you in the loop of current global threat levels is provided on Trend Micro’s TrendWatch website. You can also get TrendWatch as an app for your iphone.
-
You are currently browsing the archives for May, 2010
Welcome & About Info Carnivore
Top Commenters