Main Page

Included page "clone:virus" does not exist (create it now)

Welcome to the Virus Encyclopedia
The Wikidot wiki that anyone can edit
Currently editing 444 entries and counting

Featured Entry

Nuncapr.gif

Navidad is a mass-mailer worm that displays messages in Spanish. The worm is capable of making the computer unusable and whether or not this is intentional is uncertain, as the code has numerous bugs. "Navidad" means "Christmas" in Spanish. It ended up causing very little actual damage as it alerted users of its presence from the time it infected the system and only became destructive if it was not removed quickly.

Visually, the worm puts on a bit of a show, first loading an error message, then placing an icon in the system tray informing the user "we are watching". It then presents a button it orders the user to never press. If the user does, the worm informs the user that they have just destroyed their computer.

Recent Additions

  • Colette, a VBS trojan that breaks Windows files
  • Rozak, a dangerous overwriting virus.
  • Ussrhymn, a virus that plays the national anthem of the Soviet Union.
  • RHINCE, a polymorphic engine by Rhincewind, used by Qark for his Goodtimes virus.
  • Casino, a potentially dangerous DOS virus that requires the user to play a game to save their file allocation table.
  • Satyr, a Linux virus.
  • Immortal Riot. a prolific virus group based in Sweden that produced the Insane Reality zine in the 1990s.
  • Tinit, a windows virus that can infect over network shares.
  • Yarner, a worm that disguises itself as an antivirus product.
  • Z0mbie, coder of many innovative viruses, including Zperm, and Zmist, along with some fascinating polymorphic and metamorphic engines.
  • Kaiowas, aka Kagob, a Linux virus.
  • Sachiel. a worm that spreads through floppy drives.
  • Postcard, a polymorphic VBS worm by Lord Yup.

Announcements

You must have a Wikidot login starting from now to edit pages. This is for two reasons. One obviously is the issue of spam and vandalism. This is a near constant low-level annoyance that sucks a little bit of the joy out of maintaining this wiki. It's a nice thought that anyone should be able to contribute, but maybe they shouldn't. Which brings us to the other reason. This wiki covers a very specialized and complex technical subject, which can lead to a lot of embarrassing, if well-meaning mistakes if done by the wrong hands.

Reports of our death have been greatly exaggerated. True, it has been a very long time since we last produced an entry for the wiki. Our professional and personal lives over the past few months have made it extremely difficult to devote to this labor of love, but most of us are still very much on it. New entries will continue to be few and far between for the foreseeable future. However, we will still be very much here, unless Wikidot folds and pulls the plug on the server, which is pretty unlikely to happen.

News

  • The NSA may have had a hand in the Stuxnet worm, according to recently leaked documents. Long thought to be the work of the CIA and Israeli Mossad, a recent leak by the "Shadow Brokers" hacking organization included a tool by the NSA that was nearly identical to one used in Stuxnet. It was last compiled on 2010.09.09, a few months after the discovery of Stuxnet. Researcher Liam O'Murchu says there is definitelty a strong connection but no proof that the tool confirms a link to Stuxnet and the CIA. A python script contained in the leak displays an ASCII medal with the text “Won the gold medal!!!” above it, a possible reference to the "Olympic Games" codename of the project creating Stuxnet.
  • After 14 years of inactivity, the Slammer worm has made a mysterious comeback. The worm made brief spikes in late November and early December of the last year. The attacks primarily came from China, Vietnam, Mexico and Ukraine, though the US, Russia, Thailand, Venezuela and Argentina. No one seems to know how or why the 14-year old worm that is very specific to a vulnerability that should be patched and a port that should be closed was able to make a comeback, but there is a lot of room for speculation.

Featured Image

Monopoly is a Visual Basic worm coded by Zulu, creator of Bubbleboy and Stages. Its most prominent feature is the image of a Monopoly-style board with the face of Bill Gates placed over that of the Monopoly man. No reported incidents of the worm in the wild seem to exist and the worm was not malicious, so it likely never did any damage.

When opened, the worm first displays a message saying "Bill Gates is guilty of monopoly. Here is the proof.". When the user clicks on "OK", the worm then displays a window showing the image of about half of a modified Monopoly board, with Bill Gates popping out of the second "O".

MONOPOLY.JPG

Featured Video

Opaserv is a network worm with many different variants. One thing common to all Opaserv variants is that they carry a trojan that either updates the worm by downloading a new copy from a particular site, or it destroys the operating system. It caused a major worldwide epidemic in the fall of 2002, sometimes beating out other prominent worms of the time including Klez and Tanatos.

Some of its variants had a particularly interesting payload intended to scare or confuse the user. One variant, before destroying the system, displays a message at boot up tricking the user into thinking their copy of Windows is illegal and they are in violation of the DMCA (Digital Millenium Copyright Act). Someone thought it would be a good idea to use this as their desktop wallpaper.

If you are a new Wikidot user, you might find the wiki syntax quick reference page useful!

And as usual, if you need help with anything, ask the Wikidot community!
https://tab.gladly.io/?u=virushunter

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License