Work in pairs. Student a read the information about the Nimda worm. Student b read the information about the iloveyou Worm. Ask each other the questions and complete the chart given below the text.
Nimda Worm
The Nimda Worm was released on 18 September 2001 and it rapidly spread on the Internet. The name of the Nimda worm is reversal of the word admin (administrator), because by exploiting a defect in Windows, the Nimda worm was able to act as an administrator, who designates a user with the privilege of modifying system files. Unlike the other existing worms Nimda had two novel features: 1) Nimda could infect a computer when the user read or previewed an e-mail that contained a copy of Nimda. With all previous viruses or worms transmitted by e-mail, the user would need to click on an attachment to infect the computer. 2) Nimda could modify webpages on a webserver, so that accessing those webpages could download a copy of Nimda to the browser’s computer. These two new features represented a significant “advance” in ability to harm victims. The Nimda worm can propagate in several different ways. Every copy of Nimda generates many random IP addresses to target http get requests, i.e. a request to get a webpage from a server and infects that server. Nimda also creates a copy of itself in a file, readme.eml, on an infected browser. The user’s web browser might automatically download readme.eml and execute the Nimda worm, thus infecting the user’s computer. Once every ten days, Nimda searches the hard drive of an infected computer to harvest e-mail addresses. After harvesting e-mail addresses Nimda selects one of the addresses as the From: address and the remainder as To: addresses and sends copies of Nimda in an apparently blank e-mail. Nimda adds a copy of itself to the beginning of *EXE files. Such executable files are sometimes transferred to other computers, which will spread the Nimda infection. The Nimda worm has a length of 57344 bytes, which makes it a relatively large file compared to many webpages and e-mail messages. This large size helps Nimda clog the Internet. The anti-virus softvendor Trend Micro reported on 14 May 2002 that a total of 1.2x106 computers worldwide had been infected with Nimda. The author of the Nimda worm was never identified. The code for the Nimda contained a copyright notice stating that it originated in communist China, but nobody can confirm that this statement is correct. |
ILOVEYOU Worm
The ILOVEYOU incident was commonly reported as a virus in the news media, but it was actually a worm, because this malicious program didn’t infect other programs. The ILOVEYOU worm was first reported in Hong Kong on 4 May 2000 and spread westward on that day. The ILOVEYOU worm arrived at the victim’s computer in the form of e-mail with the ILOVEYOU subject line and an attachment. The e-mail itself was innocuous, but when a user clicked on the attachment (LOVE-LETTER-FOR-YOU.TXT.VBS) to read the alleged love letter a horrible sequence of bad things occurred. The worm overwrote and then deleted files from the victim’s hard disk drive, specially targeting files with extensions: *.JPG, *GIF, *.WAV, *COM, and *EXE. The worm made it much more difficult (if not impossible) to recover the original files on the victim’s hard drive. In addition, the worm marked files of type *.MP3 as hidden, so they would no longer appear in directory listings, then copied the worm to new files *.MP3.VBS. The attachment LOVE-LETTER-FOR-YOU.TXT.VBS automatically set the Microsoft Internet Explorer start page to a URL at a web server in the Philippines, which would download to the victim’s machine WIIN-BUGSFIX.EXE, which was a Trojan Horse, that collected user names and passwords and e-mailed them to an address in the Philippines. The worm transmitted itself scanning the address book in Microsoft Outlook and sending ILOVEYOU e-mail to all those e-mail addresses. The ILOVEYOU worm affected computers at more than half of the companies in the USA and more than 105 mail servers in Europe. The ILOVEYOU worm did more damage than any other malicious program in the history of computing: approximately US$ 9x109. Police in the Philippines knew the name and location of the suspect within 12 hours after the initial release of the worm. A weak after the release of the worm the author’s attorney said that the worm had been released “accidentally” and his client didn’t realize how rapidly the worm would propagate. The investigation was closed because the creation and release of the worm was not a crime in Philippines.
|
1. Where and when the worm, you have just read about, was released?
2. What did the name of the worm originate from?
3. How did the worm propagate?
4. How did it infect the victim machine?
5. What files were vulnerable to the worm’s infection?
6. Did the worm have any specific features unlike the other worms?
7. What damage did the worm cause?
8. How many computers were infected?
9. Was the author of the worm identified?
10. Was the worm perpetrator prosecuted for computer crime?
|
The date of release |
Country |
Perpetrator |
Files infected |
Damage |
Nimda |
|
|
|
|
|
ILOVEYOU |
|
|
|
|
|
In the news…
Here are three articles about novel malware. Look at the following newspaper headlines:
1) Which headline seems interesting to you? Choose one headline only.
2) Look at the following list of word combinations. They all come from the articles to go with the headlines. Which word combinations do you think go with which headline? Why?
smart phone signatures of known viruses
to fox security firms new era of computer worms
to freeze victims’ browsers to install unauthorized software
to block the worm to catch viruses
malicious software to drain the battery of the phone
to scan e-mail attachments to exploit an unpatched vulnerability
3) What interesting information do you expect to find in the article? Write two questions:
Examples
Are anti-virus companies able to protect home users?
Can mobile worms propagate via SMS?
What problems will new versions of malware cause to Internet users?
4) Now read the article for the headline you choose.
Comprehension check:
1. Which word combinations from exercise 2 did you find in your article?
2. Did you find the answers to your questions?
3. Find people who read different stories from you. Tell them about what you read.