Main Page

Included page "clone:virus" does not exist (create it now)

Welcome to the Virus Encyclopedia
The Wikidot wiki that anyone can edit
Currently editing 358 entries and counting

Featured Entry

Nuncapr.gif

Navidad is a mass-mailer worm that displays messages in Spanish. The worm is capable of making the computer unusable and whether or not this is intentional is uncertain, as the code has numerous bugs. "Navidad" means "Christmas" in Spanish. It ended up causing very little actual damage as it alerted users of its presence from the time it infected the system and only became destructive if it was not removed quickly.

Visually, the worm puts on a bit of a show, first loading an error message, then placing an icon in the system tray informing the user "we are watching". It then presents a button it orders the user to never press. If the user does, the worm informs the user that they have just destroyed their computer.

Recent Additions

  • Mbdf, a MacOS virus from 1992 from Cornell.
  • Opaserv, a trojan-dropping network worm that caused a major outbreak in 2002.
  • VLAD, a group that in its short time produced some very innovative viruses.
  • Kamikaze, a virus that maliciously overwrites .exe files on certain dates, with some variants doing it on the anniversary of Pearl Harbor.
  • Luna, a polymorphic Windows 9x virus by Bumblebee of 29A.
  • Vecna, a prolific coder of innovative viruses and member of the 29A and Stealth Group World Wide groups.
  • Nygus, a memory resident file infector that appeared in Poland in 1992.
  • Ct, an AtariST virus that made an appearance in the "Computer & Technik" magazine (and was possibly written by one of their writers).
  • Energy, a Windows 32-bit worm that infects outgoing RAR email attachments coded by Benny of 29A.

Announcements

Reports of our death have been greatly exaggerated. True, it has been a very long time since we last produced an entry for the wiki. Our professional and personal lives over the past few months have made it extremely difficult to devote to this labor of love, but most of us are still very much on it. New entries will continue to be few and far between for the foreseeable future. However, we will still be very much here, unless Wikidot folds and pulls the plug on the server, which is pretty unlikely to happen.

The Virus Encyclopedia will begin hosting some files on our own designated media page. We have hard drives, optical media and even floppy diskettes we have collected over the years filled with information that does not seem to be available anywhere else and occasionally we find something useful for one of our entries. The media is so far pretty disorganized, though we will be making an effort to put it all in one place and freely share it (where copyrights are not an issue) with everyone interested. In the meantime, when we find something from these files that is relevant to more than one page, we will upload it as an attachment to the Media page (there are only 2 entries as of this writing) and create a link to it.

News

  • The NSA may have had a hand in the Stuxnet worm, according to recently leaked documents. Long thought to be the work of the CIA and Israeli Mossad, a recent leak by the "Shadow Brokers" hacking organization included a tool by the NSA that was nearly identical to one used in Stuxnet. It was last compiled on 2010.09.09, a few months after the discovery of Stuxnet. Researcher Liam O'Murchu says there is definitelty a strong connection but no proof that the tool confirms a link to Stuxnet and the CIA. A python script contained in the leak displays an ASCII medal with the text “Won the gold medal!!!” above it, a possible reference to the "Olympic Games" codename of the project creating Stuxnet.
  • After 14 years of inactivity, the Slammer worm has made a mysterious comeback. The worm made brief spikes in late November and early December of the last year. The attacks primarily came from China, Vietnam, Mexico and Ukraine, though the US, Russia, Thailand, Venezuela and Argentina. No one seems to know how or why the 14-year old worm that is very specific to a vulnerability that should be patched and a port that should be closed was able to make a comeback, but there is a lot of room for speculation.

Featured Image

Monopoly is a Visual Basic worm coded by Zulu, creator of Bubbleboy and Stages. Its most prominent feature is the image of a Monopoly-style board with the face of Bill Gates placed over that of the Monopoly man. No reported incidents of the worm in the wild seem to exist and the worm was not malicious, so it likely never did any damage.

When opened, the worm first displays a message saying "Bill Gates is guilty of monopoly. Here is the proof.". When the user clicks on "OK", the worm then displays a window showing the image of about half of a modified Monopoly board, with Bill Gates popping out of the second "O".

MONOPOLY.JPG

Featured Video

Opaserv is a network worm with many different variants. One thing common to all Opaserv variants is that they carry a trojan that either updates the worm by downloading a new copy from a particular site, or it destroys the operating system. It caused a major worldwide epidemic in the fall of 2002, sometimes beating out other prominent worms of the time including Klez and Tanatos.

Some of its variants had a particularly interesting payload intended to scare or confuse the user. One variant, before destroying the system, displays a message at boot up tricking the user into thinking their copy of Windows is illegal and they are in violation of the DMCA (Digital Millenium Copyright Act). Someone thought it would be a good idea to use this as their desktop wallpaper.

If you are a new Wikidot user, you might find the wiki syntax quick reference page useful!

And as usual, if you need help with anything, ask the Wikidot community!

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License