Weekly Task I: Hackers & Viruses

Viruse Case [Hacked By Chinese!]

Virus Infections on computers in the EU

 

Famous All Over The World Viruses

1. ILOVEYOU - (2000) One of the most widespread and rapidly spreading viruses ever, the ILOVEYOU virus spread via e-mail, posing as an executable attachment sent by a friend from the target's contact list. 

Attacked tens of millions of Windows personal computers and stated spreading on 5 May 2000 local time in the Philippines. Already ten days later 50 million infections had been reported.

How It Worked

The ILOVEYOU script was written in Microsoft Visual Basic Scripting (VBS) which ran in Microsoft Outlook and was enabled by default. 

The script added Windows Registry data for automatic startup on system boot.

The worm then searched connected drives and replaced files with extensions (JPG, JPEG, VBS, VBE, JS, JSE, CSS, WSH, SCT, DOC, HTA, MP2, MP3) with copies of itself, whilst appending the additional file extension VBS.

Interesting fact

It took advantage of a Microsoft algorithm for hiding file extensions. Windows had begun hiding extensions by default; the algorithm parsed file names from right to left, stopping at the first 'period' ('dot'). The attachment (which had two file extensions) could thus display the inner file extension 'TXT' as the real extension; text files are considered to be innocuous as they are normally incapable of running executable code.

2. Code Red - (2001) IIS on Windows servers were the target of this virus. It also launched denial of service (DoS) attacks. When a server was infected, it automatically redirected clients to the http://www.worm.com.

Chronology

Days 1-19: Trying to spread itself by looking for more IIS servers on the Internet.

Days 20–27: Launch denial of service attacks on several fixed IP addresses. 

Days 28-end of month: Sleeps, no active attacks.

3. Nimda - (2001) Nimda used seemingly every possible method to spread, and was very effective at doing so. Nimda is notable for being one of the fastest spreading and most widespread viruses ever. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes. Nimda affected Windows operating systems of both generations.

Five different infection vectors:

1. via email;
2. via open network shares;
3. via browsing of compromised web sites;
4. exploitation of various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities;
5. via back doors left behind by the "Code Red II" and "sadmind/IIS" worms.

Interesting fact

The worm's name origin comes from the reversed spelling of it, which is "admin".

Most Interesting Viruses

The creature (green one), called "Creeper", in the famous game Minecraft (2011). 

Creeper - (1971) possibly the first computer virus ever. It infected computers on ARPANET. 
Mostly harmless, the concept of Creeper has infected the minds of rogue programmers through today.Ssssss!

References:                                                                                                                                                                                     
The Top Ten Famous Computer Viruses
Wikipedia: ILOVEYOU
Wikipedia: Code Red
Wikipedia: Nimda

Famous Hackers: Vladimir Leonidovich Levin

Vladimir Leonidovich Levin was born on March 11, 1971. He was a mathematician and had a degree in biochemistry from Saint Petersburg State Institute of Technology. Computers were for him as hobby, and had never got special education for mastering the computer .This mathematician led a Russian hacker group in the first international bank robbery over a network.
Vladimir worked in the software company “Saturn” in St. Petersburg. He had a friend, who was a former St.Petersburg’s bus driver, turned entrepreneur in San Francisco. One day, Levin told his friend he had found out how to transfer money from Citibank's computer system. He had already twice transferred funds into his own account in Finland. After it Levin's colleague became a partner in what will be later named as a multinational hacker ring.
A few weeks later, transfers were made to BankAmerica accounts held by the companies "Primorye" or "Shoreland" in English and “Shore”, owned by Levin's friend Jevgenij Korolkov, both in San Francisco. By this time, Citicorp officials had already begun to suspect foul play and started questioning Korolkov. Korolkov left the country but apparently was not deterred. Instead, the two pressed on and recruited new partners around the globe, authorities say. By October 1994, he broke into Citibank's computerized cash management system and attempted forty illegal transactions to California, Israel, Finland, Germany, Holland, and Switzerland.
Vladimir was using his office computer at AO Saturn, a computer firm in St. Petersburg,Russia, to break into Citibank computers and then obtained a list of customer codes and passwords. One day in New York's Electronic Money-transfer Center of Citibank paid attention to the movement of large sums of money on electronic networks from the accounts of subsidiaries of the bank - to bank account dummy persons related to it in Israel, Finland, Russia and other countries. According to federal prosecutors in Manhattan, altogether were transferred about $ 10 million. Since this hack, Citibank began using the Dynamic Encryption Card.
Until all accounts have been frozen, criminals were able to cash out only 400 thousand dollars. One of Levin's accomplices was arrested in San Francisco while trying to remove a large amount of fake bank accounts. When the bank reacted to the complaints of customers whose money have disappeared, the FBI joined in the cause. Part of the money transferred was obtained in the different countries in cash, and their subsequent fate is still unknown, but most of the couriers were arrested in different countries in their efforts to obtain money on their hands. With the assistance of the Russian Interior Ministry by the operational methods was established his identity. However, Levin's arrest in Russia was impossible because in the RF Criminal Code at that time was no articles about computer crime, and in terms of legislation he was completely innocent. As a result of subtle psychological game, conducted by the detectives of two countries (including telephone calls of the arrested accomplices, who had the threat of attitude, etc.), managed to achieve what Levin had panicked and went to the UK, presumably - to a childhood friend of his mother, Leonid Gluzman.

He was arrested, once he stepped onto the British soil, at the airport "Stansted" March 3, 1995. Later, when Levin was extradited to the U.S. in 1997, he was described in the newspapers as the mastermind behind the Internet's first-ever bank raid. Some security experts dispute that claim, however. Levin, they say, used telecommunications systems, not the Internet, to break into Citibank. He was able to intercept Citibank customers' phone calls and, as the customers authenticated their accounts by punching in their account numbers and PINs, obtain the information he needed to commit the fraudulent transactions.

References:                                                                                                                                                                                    
http://www.experiencefestival.com/a/Vladimir_Levin/id/1976247
http://www.cab.org.in/Lists/Knowledge%20Bank/Attachments/64/InternetFraud-VL.pdf