Thursday, March 20, 2008

Deadliest Computer Viruses Ever Known - 1

Melissa Virus

Origin

On 26 March last year as a few half-hearted flurries of snow danced across the unlovely suburban landscape of northern New Jersey,David Smith drew the curtains of the small garden apartment he shared with two cats called Rockabilly and Eggnog. It was late on a Friday afternoon. Soon the nation's offices and factories, its government departments and much of its civil infrastructure would be closing for the weekend. The timing was critical for Smith's purposes.

At 30, single and employed on an irregular basis as a computer programmer, Smith met most definitions of a nobody. Admittedly, he dressed smartly and kept in shape, but his outward personability was more than negated by what one of his friends called 'the personality of bread mould'. His love life, as far as anyone knew had been fairly unremarkable. There was only one girl, somewhere in the past - a willowy blonde whom he seemed to have genuinely fallen for. Her name was Melissa.

Smith settled down in front of a personal computer. It was one of several that he owned. Later, when things became hot, he would have to smash it up with a garden spade, and throw the pieces into a rubbish skip. But this afternoon, as the big East Coast cities of New York, Boston and Washington began to empty, his fingers moved smoothly over the keyboard.

He entered cyber-space using a stolen access authorisation that had been issued by America Online, the giant internet provider, to a customer in Florida called Scott Steinmetz. This allowed Smith to use Steinmetz's e-mail address, slrvrocket@aol.com, which he proceeded to do, to devastating effect.

A few clicks of the mouse took Smith to an internet chatroom - an electronic forum where subscribers can exchange messages on a topic of mutual interest. The chat-room he chose was called alt.sex, one of many sites devoted to the appreciation of pornography. There, Smith posted the deadliest computer virus the world has ever known.

It couldn't have been more than a few minutes before someone, somewhere out in the vastness of the internet, visited alt.sex, saw Smith's message - which purported to contain free access codes to other internet porn sites and opened it. And with that single click, the virus was free to fulfill its purpose - to spread, multiply and contaminate.

Later, investigators would decipher its name from the computer code that Smith had written. He had called the virus Melissa.Except that the chaos that followed would far exceed Smith's wildest imaginings. Within 24 hours, the computer systems of some of the biggest corporations on earth would be paralysed; Nato and the Pentagon would move on to a heightened security alert in the belief that cyber-terrorists were launching a global attack; and millions of computer users around the world would wake up to find their machines had been 'Melissa'd'. And in the days that followed, the biggest, most desperate manhunt in the history of computer crime would lead investigators, step by step, through a strange, barely charted electronic universe to the faded grey front door of David Smith's home in New Jersey.

Early next month Smith, who admits planting the virus, will be sentenced at the New Jersey Superior Court on charges of interfering with public communications. He faces up to 45 years in jail, and could, in theory, be fined $900 million - a sum approximately twice the value of the damage he is estimated to have caused. His case has been followed obsessively by internet aficionados, and studied by almost everyone with an interest in the security of computer systems. Yet a year after Smith's assault, the big questions remain unanswered: who is he? Why did he do it? And where is Melissa?

How it works

The Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment. The transport message has most frequently been reported to contain the following Subject header
Subject: Important Message From 

Where is the full name of the user sending the message.

The body of the message is a multipart MIME message containing two sections. The first section of the message (Content-Type: text/plain) contains the following text.


Here is that document you asked for ... don't show anyone else ;-)

The next section (Content-Type: application/msword) was initially reported to be a document called "list.doc". This document contains references to pornographic web sites. As this macro virus spreads we are likely to see documents with other names. In fact, under certain conditions the virus may generate attachments with documents created by the victim.

When a user opens an infected .doc file with Microsoft Word97 or Word2000, the macro virus is immediately executed if macros are enabled.

Upon execution, the virus first lowers the macro security settings to permit all macros to run when documents are opened in the future. Therefore, the user will not be notified when the virus is executed in the future.

The macro then checks to see if the registry key


"HKEY_Current_User\Software\Microsoft\Office\Melissa?"

has a value of "... by Kwyjibo". If that registry key does not exist or does not have a value of "... by Kwyjibo", the virus proceeds to propagate itself by sending an email message in the format described above to the first 50 entries in every Microsoft Outlook MAPI address book readable by the user executing the macro. Keep in mind that if any of these email addresses are mailing lists, the message will be delivered to everyone on the mailing lists. In order to successfully propagate, the affected machine must have Microsoft Outlook installed; however, Outlook does not need to be the mailer used to read the message.

This virus can not send mail on systems running MacOS; however, the virus can be stored on MacOS.

Next, the macro virus sets the value of the registry key to "... by Kwyjibo". Setting this registry key causes the virus to only propagate once per session. If the registry key does not persist through sessions, the virus will propagate as described above once per every session when a user opens an infected document. If the registry key persists through sessions, the virus will no longer attempt to propagate even if the affected user opens an infected document.

The macro then infects the Normal.dot template file. By default, all Word documents utilize the Normal.dot template; thus, any newly created Word document will be infected. Because unpatched versions of Word97 may trust macros in templates the virus may execute without warning.

Finally, if the minute of the hour matches the day of the month at this point, the macro inserts into the current document the message "Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here."

Note that if you open an infected document with macros disabled and look at the list of macros in this document, neither Word97 nor Word2000 list the macro. The code is actually VBA (Visual Basic for Applications) code associated with the "document.open" method. You can see the code by going into the Visual Basic editor

Impact

  • Users who open an infected document in Word97 or Word2000 with macros enabled will infect the Normal.dot template causing any documents referencing this template to be infected with this macro virus. If the infected document is opened by another user, the document, including the macro virus, will propagate. Note that this could cause the user's document to be propagated instead of the original document, and thereby leak sensitive information.
  • Indirectly, this virus could cause a denial of service on mail servers. Many large sites have reported performance problems with their mail servers as a result of the propagation of this virus.

Tuesday, March 18, 2008

Removing New Folder.exe Virus

New Folder.exe Virus ,this one has affected my computer a thousand times may be and my friends too.It easily transfers from one system via the other by pen drivers usually. This virus creates a replica of a folder inside the same folder and it slows down the computer a lot.I tried to remove this virus using some of the anti virus like Avast,Mcfee,Norton but all where in vain.

Removal Tool & Anti virus

i read from one of the forums that AVG removes this virus easily,i also found a removal tool called true sword and it removes it easily and here is the link for it

Click here to download True Sword

Manual Removal Steps

If you want to remove the virus manually,follow the following steps,

This problem can be solved manually by deleting all registry keys and files connected with this software, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Iddono. To fix this threat, you should:

1. Kill the following processes and delete the appropriate files:

• libedit.dll
• newfolder.exe
• shelliddono.dll
• srv0104.ids
• srvidd20.exe

2. Delete the following malicious folders:

no information

3. Delete the following malicious registry entries and\or values:

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run for nwiz.exe
Value: @

• Key: software\microsoft\windows\currentversion\run\alchem
Value: @

• Key: software\microsoft\windows\currentversion\run\zzb
Value: @


Monday, March 17, 2008

Vidya Balan - My Darling

Salam-e -ishq and hey baby the 2 new films i saw just a week back,both where good movies and i likes salem-e -ishq more than the other one.What i liked most in those films are is the actress Vidya Balan.She is so cute and sexy man,i could not take my eyes out of here,i went in search for her wallpapers and also learned that she is a Tamil girl and a iyer man,i couldn't believe what i read.i was just thinking is there Tamil girls like her and i was sorry that i missed her :( Any way here are some pictures of her which i downloaded







Friday, March 7, 2008

All about browsers

I was reinstalling my windows today and after that i was installing my other system softwares needed.I usually have 2 or more browsers in my system and i was thinking which was the best among them.So i started surfing the net for my answer and here is it for you all to take a look and comment on my decision.

Internet Explorer

lets start with our most common browser ,the IE.As the IE comes as a part of the Windows its the most popular one and most used one but when it comes to performance and quality ,it goes down like a waterfall.As the IE have less security and are more prone to attacks.It is also not so fast and more featured like the tabs in the other browsers.But all this changed after the launch of the IE 7.0 with Windows Vista.Now it as the all features like the other top browsers but still it seems to be slow than Mozilla's Firefox 2.0



Mozilla Firefox

My favorite browser,Mozilla Firefox.Smart,Faster,Flexible thats what i will say when one asks me about firefox.This open source Browser got popular after its new version release at 2006.There after Firefox has not fallen short off its expectation.With its new add ons called the extensions it has incorporated lot of features.I mostly use firefox has my primary and default browser.It helps a lot in my broadband connection at home by blocking lot of the pop ups and saving my download limit too a large extent.It also prevents lot of spy wares from entering the system.

Opera

Opera is one of the best browser ,it has a lot of features but most of them is not used mostly.It is fast and has almost equivalent to Mozilla Firefox.I don't know the difference exactly but firefox seems to be light weighted than Firefox.I use it for browsing through my proxy server in hostel.It's easy to clear history and the feature i like most is that ,we can open the browser in the web pages we closed at the last time. We can also disable this option.opera was originally not a free ware but after 9.0 release its made free and its catching up with other browsers fast.



Thus all the browsers are almost of same level at this stage as never before.so whats the best browser ?????? the answer is I don't know,may be all are best.

Reinstalling Grub

Many of you have experienced the problem of reinstalling windows when we have a linux os also in our system.After reinstallation ,the grub boot loader of the linux os will be gone so we will not be able to enter linux.

I had this problem too and i tried surfing the net and asking some people how to overcome this,almost all of them told that we cannot reinstall windows without affecting the Grub and so the only way to get back the Grub is too reinstall the Grub.

I was confused whey they said to reinstall the Grub,i asked them do you mean to reinstall the linux os itself.They said no,thats what most people do but it's not needed.Reinstalling Grub is totally a easier job and will take only up to some 5 or 10 minutes.

So this is how the reinstallation process takes place,

  • First Reinstall your Windows Operating System.Now the Grub Boot loader will be gone from your system and your system boots directly to windows.

  • Now load your Linux live cd or installation cd and boot up

  • Once you have entered your terminal,type the following command to enter into grub mode
grub

then type if you know where your windows is located

root (hd0,1)

or else do this

find /boot/grub/stage1

and then the root command with the correct parameters:

setup (hd0)

to install it on hd0, that is MBR of the first HD.

Now restart the system and grub will be loaded.

Monday, March 3, 2008

Linux Problems Contd ....

Uninstalling Linux on a Dual Boot System

Most of the people don't use the Linux Operating system as a single Os for the system,mostly we use with common Windows OS.The problem arises when we try to remove the Linux from the system.First of all we cannot uninstall Linux like any softwares in windows and how ever we remove it,it affects the Master Boot Record of our hard disk,thus making the hard disk unbootable as we are removing the GRUB with has over written the Windows MBR at the time of Linux installation.

To remove linux,first you need to have your Windows Xp Installation Cd or Windows ME/98 Installation Cd.If u have any one of those cds you can proceed on uninstalling linux from your hard disk.

Removing Linux from your hard disk is not complex process as it sounds.First delete your linux partition and format with need FAT table from windows using any partition software tool like partition magic,DM etc.. or use the Disk management option available in the Computer Management option of Windows Xp/Vista.To go to Computer management ,right click the My Computer and select manage.

Now restart the computer and boot your system with one of the Windows installation Cd.if you use Windows 98/ME,in the command prompt enter this command from c:\

fdisk /mbr

if you use Windows Xp installation Cd,run the recovery console,select the windows and in the console type this command

fixmbr

and answer yes /y for the confirmation pop up dialog box Now restart your system and your MBR will be fixed and your system will boot directly to windows.
 
ss_blog_claim=53ab9bac924dea44b1dbb3f3db9fbf21