All Kinds of Computer Viruses/Worm & Their Effects

All Kinds of Computer Viruses/Worm & Their Effects

Nimda
is a computer worm, and is also a file infector. It quickly spread, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes.
The worm was released on September 18, 2001[1]. Due to the release date, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.
Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, 2000 or XP and servers running Windows NT and 2000.
The worm's name spelled backwards is "admin".

I love you
This worm began in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States),[1] causing about $5.5 billion in damage.[2] By 13 May 2000, 50 million infections had been reported.[3] Most of the "damage" was the labor of getting rid of the worm. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations.[4]
This particular malware caused widespread outrage. The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a user's contact list. Because it was written in Visual Basic Script, this particular worm only affected computers running the Microsoft Windows operating system. While any other computer accessing e-mail could receive an "ILOVEYOU" e-mail, only Microsoft Windows systems would be infected.

Melissa worm
also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", is a mass-mailing macro virus. As it is not a standalone program, it is not in fact a worm.

Melissa can spread on word processors Microsoft Word 97 and Word 2000 and also Microsoft Excel 97, 2000 and 2003. It can mass-mail itself from e-mail client Microsoft Outlook 97 or Outlook 98.
If a Word document containing the virus, either LIST.DOC or another infected file, is downloaded and opened, then the macro in the document runs and attempts to mass mail itself.
When the macro mass-mails, it collects the first 50 entries from the alias list or address book and sends itself to the e-mail addresses in those entries.

Code Red worm
was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server. The CodeRed worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh. They named the worm CodeRed because they were drinking Pepsi's Mountain Dew CodeRed over the weekend they analyzed it and because of the worms references to China. Specifically the worm code contained the phrase "Hacked By Chinese!" with which the worm defaced websites. Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000.
The worm exploited a vulnerability in the indexing software distributed with IIS, described in MS01-033, for which a patch had been available a month earlier.
The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated character 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine.

Conficker

also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows software to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. Conficker has more than five million computers now under its control — government, business and home computers in more than 200 countries, according to the New York Times. The worm uses a combination of advanced malware techniques which has made it difficult to counter, and has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer.

Boot's viruses

Computers' operating systems are composed of programs usually disk resident. Whenever you turn on your computer, it searches for a specific disk area which contains some vital information about the disk itself (MBR Master Boot Record). After reading this area, your computer is able to recognize some disk's features, such as sectors number. Then, it has to read the boot record, an area containing all statements to load the operating system. Operating systems can be loaded either from hard disks or floppy disks. Anyway, your computer read always the first sector of disk, that, in case of hard disk contains the MBR, and, in case of floppy contains the boot record.
The virus acts by moving the blocks of statements needed to start the operating system (boot record) to a different zone of disk. Then it copy itself where there was the original block. The last virus' statement is that will let the real boot record available for system's starting. So, the virus (remember, it's just a program) is launched whenever you start your computer. If you leave a floppy disk inside your turned off PC, when you will turn on it, the machine will detect its presence, and it will attempt to load the operating system from the floppy disk. It will read the first disk sector which, as we know by now, contains the virus.

Companion viruses

On MsDos systems, when two files with the same name are located in the same directory, one with '.com' extension and the other with '.exe' extension, the Dos always will launch '.com' files before than '.exe' files. Companion viruses copy themselves with the same name of infected '.exe' files. But with '.com' extension! So, if you launch 'your-file' executable file (your-file.exe), the Dos will use your-file.com file (a copy of virus).
This kind of viruses are not active on Windows 95 environment, but if you launch it inside of a Dos window, it's really dangerous again!.
File system's viruses
This kind of virus changes the system's FAT (File Allocation Table). Inside the FAT there is an index of names and addresses of files. File system's viruses change it to make the system launch the virus before than the original program.

Macro viruses

This is the last virus generation. They use certain programs (such as Word or Excel) features. This programs use a specific language to let users build macros. A macro is just a set of operations (as opening documents or saving them). It's possible to build 'models', that will be associated with documents, in order to let the program (a word processor like Word, for example) execute them on opening of such documents. So, in this case, the virus is just a macro: but containing harmful operations for your system!

Time viruses

I'm talking about these viruses which 'sleep' for a while, inside of infected files, and which wake up whenever special conditions occur, such as special dates (on the first of April, for example) or after a certain number of starting of your system, or simply, after a while.
ANSI viruses
On MsDos systems, you can associate commands with any key of keyboard. Well, there are a few of viruses which use this option. they can associate the 'format c:' command with the 'v' key, or 'del *.exe' command with enter key! These associations are written inside of the config.sys file.

Trojan horses

They aren't really viruses, because they can't produce a copy of themselves, but they are really dangerous. You can't identify them, because they are hidden inside of normal programs. They don't produce effects for a while, and you think that your system is clean. But they come out in an unforeseeable way. Very famous is the 'PKZIP300.EXE' trojan horse, which isn't the new version of PKZIP program (its last release never reached 3.0!). Antiviruses can nothing in these cases. However it isn't so easy to meet a trojan horse. Usually they are so famous that it's pretty difficult to load them inside computers.