Examples of Malware
There are thousands of different viruses, worms and other malware. Here we describe a few examples.
Klez: W32.klez.H@mm - worm
When executed on a computer running Microsoft Windows, Klez does these things;
- copies itself into the Windows system directory
- edits the Windows registry
- attempts to disable certain virus scanners and other worms
- searches addressbook, ICQ database, other files for email addresses, and sends itself to these. The SUBJECT, message body and attachment filenames are random. The FROM address is one of the addresses it found
- attaches itself to the email with a random filename and double extension, eg something.doc.scr
- may also attach some other file it finds, whether confidential or not
When it arrives in your inbox, Klez can pretend to look like a bounced email, an anti-virus protection, a security upgrade - all designed to trick you into opening the attachment.
If you're using some versions of Outlook Express and the email is opened or viewed in a preview pane, the attachment can be automatically executed.
Slammer: W32.SQLExp.Worm - worm
Slammer targets computers running Microsoft SQL Server 2000. It began on 1 Feb 2003, and reached over 90% of vulnerable computers worldwide within 10 minutes. It doubled about every 8.5 seconds and reached its full scanning rate (55 million scans per second) after about 3 minutes. It had a major debilitating effect on the whole internet simply through the volume of bandwidth it occupied.
Slammer exploited a vulnerability that was reported in July 2002 and a security update (patch) has been available for some months. This worm only infected computers that were not patched, which included some of Microsoft's own servers.
Bugbear: W32.Bugbear@mm - worm
When activated, Bugbear does these things;
- copies itself to the Windows system directory and to the startup menu
- runs a key capture programme to record keystrokes
- attempts to stop certain anti-virus programmes
- searches addressbook for email addresses, and sends emails using one of the addresses it found for the FROM: address
- the sent emails use a subject found in the inbox, or one of bugbear's own such as "Free Gift", "Scam Alert", "Click on this"
- attaches itself to the emails, with a filename made up from words found on the infected computer
- makes a backdoor and listens on port 36794 for commands from a cracker
- searches for passwords stored on the infected computer
Jdbgmgr.exe: a hoax
This arrives as an email, typically from some well-meaning person who was tricked by the hoax. The email has no attachments and says something along the lines that there is a virus out that is not detected by anti-virus programmes, but you can check for it by seeing if there is a file named jdbgmgr.exe on your computer. If there is, the hoax says to delete it. The hoax also says you should pass this warning on to everyone you know.
That file is not a virus, but is a proper part of Windows. There is a similar hoax telling you to delete sulfnbk.exe. Such hoaxes are easily checked out with a google search.
Backdoor.Optix - Backdoor.Optix.04d - trojan
When run, Optix looks for and deletes many types of anti-virus programmes (such as Norton, McAfee, Zonealarm, etc). It copies itself into the Windows directory and edits the Windows Registry, and it opens a port to allow someone to access your PC whenever it is connected to the internet. This means they can read, copy of change any file on your computer, or can use it to attack other computers.
To get the trojan installed, the cracker might gain entry using the Windows File and Printer Sharing, or by tricking you into opening an email attachment. For example, the email might say it is an interesting picture or great joke you must see.