Cybertelecom :: Worms, Viruses, Attacks, Hacks

Cybertelecom
Federal Internet Law & Policy
An Educational Project

Worms, Viruses, & Bots (oh my!)

Derived From: Viruses and other Infections, Dept of Energy

"A virus is a small, self-contained piece of computer code hidden within another computer program. Like a real virus, it can reproduce, infect other computers, and then lie dormant for months or years before it strikes. A virus is only one of several types of "malicious logic" that can harm your computer or your entire network.

"Worms, logic bombs, and Trojan Horses are similar "infections" commonly grouped with computer viruses. A computer worm spreads like a virus but is an independent program rather than hidden inside another program. A logic bomb is a program normally hidden deep in the main computer and set to activate at some point in the future, destroying data. A Trojan Horse masquerades as a legitimate software program. It waits until triggered by some pre-set event or date and then delivers a payload that may include destroying files or disks.

"Some viruses are high-tech pranks not intended to cause damage. For example, a virus may be designed to conceal itself until a predetermined date, then flash a message on all network computers. Even pranks, however, are not benign. They steal computer memory, storage, and processing time.

"Of greatest concern, of course, are viruses and other devices that are deliberately malicious. They are intended to cause serious damage such as deleting files, provide access for an outsider to copy your files, or disrupting the operation of an entire computer network or organization.

"From an information security point of view, one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote user to access and control your computer without your knowledge whenever you are on the Internet. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be snuck onto someone's computer by burying it in a game program or other executable script sent by e-mail. Happily, known versions of the program will be caught by a good virus checker.

"The virus threat is increasing for several reasons:

Creation of viruses is getting easier. The same technology that makes it easier to create legitimate software is also making it easier to create viruses, and virus construction kits are now available on the Internet. About 200 to 300 new viruses are being created each month, while the old ones continue to spread.

The increased use of portable computers, e-mail, remote link-ups to servers, and growing links within networks and between networks mean that any computer that has a virus is increasingly likely to communicate with -- and infect -- other computers and servers than would have been true a few years ago.

As organizations increasingly use computers for critical functions, the costs of virus-induced downtime are increasing."

Federal Activity

How to Avoid and Respond to Ransomware Attacks FTC Nov. 10, 2016

ITU to hold Network Security Workshops, ITU 5/3/02

CERT/CC Statistics 1988 - 2001, cert 1/11/02

Presidential Memo: Action by Federal Agencies to Safeguard Against Internet Attacks (March 3, 2000)

Hearings

May 22 Senate Judiciary Committee Technology Sub "Challenges in Cybercrime: The National Infrastructure Protection Center." 10:00 a.m. in DSOB 226

Attorney General Ashcroft's Remarks before the First Annual Computer Privacy, Policy & Security Insititute (May 22, 2001), DOJ 5/25/01

Thursday, May 24, 2001 House Judiciary Comm Oversight Hearing on "Fighting Cyber Crime: Efforts by State and Local Officials. 10:30 am 2237 RHOB, Cong 5/23/01

Jun. 27, 2000 Senate Judiciary Committee S.2448, to enhance the protections of the Internet and the critical infrastructure of the United States

Jun 8 Senate Judiciary Committee Business meeting to consider S.2448, to enhance the protections of the Internet and the critical infrastructure of the United States; S.353. SD-226 10 a.m.

Mar 28 Senate Judiciary Technology, Terrorism, and Government Information Subcommittee hearings to examine cyber attacks, focusing on removing roadblocks to investigation and information sharing. 10 a.m SD-226

Mar 9 Senate Small Business Committee CyberCrime: Can a Small Business Protect Itself? 9:30 a.m. 428A Senate Russell Office Building.

Mar. 3. House Commerce Committee Subcommittee on Oversight and Investigations hearing on "Cyber Insecurity at EPA: GAO Reports Agency Systems Vulnerable to Attack." 10:00 am in 2322 Rayburn House Office Building. Postpone

Links

Papers

USG

Recovering from Viruses, Worms, and Trojan Horses US CERT

Douglas Barnes, Deworming the Internet, SSRN 12/7/2004

Webcast: How to Kill Worms and Viruses with Policy Pontifications, NANOG 3/26/2004

Webcast: Airborne Contagion: Effects of a Worm on Wireless Networking, NANOG 3/26/2004

Webcast: Life on a University Network: An Architecture for Automatically Detecting, Isolating, and Cleaning Infected Hosts, NANOG 3/26/2004

Nanog, Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out? Barry Raveendran Greene, Cisco, moderator David Moore, CAIDA Fall 2001

W. Reid Wittliff, Computer Hacking and Liability Issues: When Does Liability Attach

Michael Lee et al., Electronic Commerce, Hackers, and the Search for Legitimacy: A Regulatory Proposal, 14 BERKELEY TECH. L.J. 839 (1999)

Bots

See SPAM :: IoT DDOS

"Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks" US CERT

Government Activity

US CERT Understanding Hidden Threats: Rootkits and Botnets

FCC CSRIC: WG7 - U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) (pdf)

Links

Imperva Incapsula, Bot Traffic Report (2015)

News

Are Botnets Run by Spy Agencies?, CircleID 5/13/2008

Botnet vs. Botnet: Can A Good Botnet Block A Bad One?, Techdirt 4/24/2008

FBI Announces Results of Operation Bot Roast II, US Cert 12/4/2007

Where the botnets are, CNET 12/4/2007

Dancing Skeletons are Latest Storm Botnet Trick, eweek 11/1/2007

How Big is the Storm Botnet?, CircleID 10/26/2007

Storm Worm Botnet Lobotomizing Anti-Virus Programs, eWeek 10/26/2007

Storm Botnet storms the Net - Institute for Ethics and Emerging Technologies, IEET 9/25/2007

Report: Zombie Threat Grows, VoIP Vulnerable - Botnet menace outpacing capacity investment..., DSLreports 9/18/2007

FBI warns of growing botnet threat, Globe and Mail 6/15/2007

Operation Bot Roast, Ic3 6/15/2007

Botnet Briefing, Freedom to Tinker 4/27/2007

Dutch botnet hackers sentenced to time served, CNET 2/1/2007

Botworms exploit Windows DNS bug, CW 4/18/2007

Why So Little Attention to Botnets?, Freedom to Tinker 10/26/2006

"Botmaster" gets nearly five years in prison, Reuters 5/9/2006

Internet security experts bracing for new wave of criminal 'bot, Calgary Sun 3/7/2006

Los Angeles division of FBI makes botnet-related arrest, Network World 11/4/2005

Botnet Detection and Response: The Network is the Infection, ITU 11/4/2005

Advisory body calls for more secure Internet banking, CW 10/18/2005

Massive Botnet Disrupted by Police, ECT 10/11/2005

Internet security experts bracing for new wave of criminal 'bot, Calgary Sun 3/7/2006

Los Angeles division of FBI makes botnet-related arrest, Network World 11/4/2005

Botnet Detection and Response: The Network is the Infection, ITU 11/4/2005

Advisory body calls for more secure Internet banking, CW 10/18/2005

Massive Botnet Disrupted by Police, ECT 10/11/2005

Bot Battle Brewing, Internet Week 8/19/2005

Malware

OECD: "What is malware? Malware is a general term for a piece of software inserted into an information system to cause harm to that system or other systems, or to subvert them for use other than that intended by their owners. Malware can gain remote access to an information system, record and send data from that system to a third party without the user's permission or knowledge, conceal that the information system has been compromised, disable security measures, damage the information system, or otherwise affect the data and system integrity. Different types of malware are commonly described as viruses, worms, trojan horses, backdoors, keystroke loggers, rootkits or spyware. These terms correspond to the functionality and behavior of the malware (e.g. a virus is self propagating, a worm is self replicating).7 Experts usually group malware into two categories: family and variant. "Family" refers to the distinct or original piece of malware; "variant" refers to a different version of the original malicious code, or family, with minor changes." - OECD Malicious Software (MALWARE): A Security Threat to the Internet Economy, Ministerial Background Report Final, p. 10 (June 17-18 2008)

Timeline

2004: MyDoom , Sasser,

2003: SoBig, Slammer,

2001: Anna Kournikova, NIMDA,

2000: "I Love You" Virus , Code Red,

1999: Melissa Worm

1988: Morris Worm

1986: Brain PC Virus

1983: Movie Wargames

News

Hackers exploit chink in Web's armor, CNET 3/25/2011

Military Threatens To Court Martial Anyone Using USB Drives Or Other Removable Media, Techdirt 12/10/2010

FBI vs. Coreflood Botnet: Round 1 Goes to the Feds, Wired 4/28/2011

Rustock Botnet Beaten Down by Microsoft, Internet News 3/21/2011

50 ISPs Harbor Half Of All Infected Machines - OECD Issues Study On Botnets And ISP reactions, dslreports 11/19/2010

Two million US PCs hijacked, BBC 10/12/2010

Comcast takes free anti-botnet service nationwide, CNET 10/4/2010

FBI Busts International Cybercrime Syndicate, Internet News 10/4/2010

FBI investigating 'Here you have' worm, CW 9/24/2010

Password Stealing Worm Catches NASA Napping, Internet News 8/29/2008

Be safer than NASA: Disable autorun, CNET 8/29/2008

Malware: A Security Threat to the Internet Economy, OECD 6/3/2008

Economics of malware: Security decisions, incentives and externalities, OECD 5/30/2008

New iPhone Trojan Spreading, US Cert 1/9/2008

Malware evolving too fast for antivirus apps, CW 1/3/2008

Google Orkut Worm, US Cert 1/3/2008

Storm Worm Activity Increases During Holiday Season, US Cert 1/3/2008

Excel vulnerable to new attack, CW 2/6/2007

Storm Worm variant targets blogs, bulletin boards, CNET 3/1/2007

'Storm' Worm Continues Surge Around Globe, eweek 1/23/2007

Storm Worm Hits Computers Around the World, eweek 1/19/2007

Attack of the Zombie Computers Is Growing Threat, NYT 1/9/2007

Worm may be spreading via Skype chat, CW 12/19/2006

New Windows attack can kill firewall, NW Fusion 10/30/2006

Zombies Control Half of Windows PCs, Internet News 10/26/2006

IPods Carry Worm to Windows Computers, Wash Post 10/20/2006

Computer virus writers plan slow spread, USA Today 9/26/2006

Criminals spread Windows exploit via Web host, Network World 9/26/2006

New AIM worm may prove difficult to fight, CW 9/18/2006

Zero-Day IE Attacks Spotted in Wild, eweek 9/18/2006

This Bug Is Nasty, Brutish, And Sneaky, BWO 4/24/2006

Internet faces new attacks, IHT 3/21/2006

Experts warn of powerful new Net attacks, MSNBC 3/21/2006

Fake Google Site Fostered by Worm, Ecommerce Times 9/19/2005

Mutant Worm Attacks IM, Red Herring 9/12/2005

Captain Crunch, videoblogger, Adam Gaffin 3/7/2006

Worm affects AOL instant messages, USA Today 11/1/2005

Zero-Day Exploit of CHM Vulnerability in Internet Explorer, About 9/2/2005

Zotob worm exploits Windows 2000 Plug and Play, Network World 8/16/2005

Computer Worm Attack Hits Networks Across U.S., NPR 8/19/2005

Virus Shuts Down Customs Computer System, Wash Post 8/19/2005

FBI Reveals 16 More Suspects In Zotob Worm, Internet Week 8/30/2005

German Court Convicts Sasser Worm Creator, Wash Post 7/8/2005

Britons Warned of Large-Scale E-Mail Attack, BBC 6/15/2005

IM worm hits Reuters, Register 4/15/2005

Virus Attacks And Damage Done Way Up Last Year, Internet Week 4/11/2005

Not Yet in Business School, and Already Flunking Ethics, NYT 3/15/2005

Harvard rejects those who saw admissions site, USA Today 3/9/2005

New Trojan Exploits Windows DRM, Internet news 1/11/2005

Virus writers focus on image bug, BBC 9/24/2004

Worm speaks to Windows users, CNET 9/14/2004

Teen charged over Sasser virus, BBC 9/10/2004

Blaster suspect pleads guilty to spreading worm, NW Fusion 8/12/2004

Worm eyes up credit card details, BBC 6/4/2004

Harry Potter and the worm of doom, CNET 6/4/2004

Devils hit cyber church, CNN 5/20/2004

MSBlast not to blame for blackout, report says, CNET 4/6/2004

Online virus war is slowing down, BBC 3/26/2004

Witty' Worm Wallops Thousands of Computers, Wash Post 3/23/2004

Malicious computer worm detected, CNET 3/18/2004

Worm disguises self as Microsoft patch, CNET 3/8/2004

Worms nibble away at ISP profits, CNET 3/8/2004

E-mail users caught in virus feud, BBC 3/4/2004

War of the worms erupts on Internet, say experts, Hindustan Times 3/4/2004

New worm spreading through e-mail, CNN 3/1/2004

More virus misery for mail users, BBC 2/26/2004

Stuxnet

Senate Homeland Security Committee Hearing Securing Critical Infrastructure in the Age of StuxnetWednesday, November 17, 2010 10:00 AM Dirksen Senate Office Building, room SD-342

How Stuxnet Spreads: A Study of Infection Paths in Best Practice ... [PPT] US CERT

News

DEMO: Breaking Down the Stuxnet Worm and PDF Threats, CISCO 3/7/2011

Stuxnet researchers cautious about Iran's admission of centrifuge issues, CW 12/1/2010

Stuxnet attacks could move beyond Iranian nuclear plants, Ars Technica 11/19/2010

Clues suggest Stuxnet Virus was built for subtle nuclear sabotage, Ars Technica 11/17/2010

Conflicker Worm

Conficker Hits Utah, Internet News 4/14/2009

FAQ: Conficker clock ticks toward April 1 deadline, CW 3/31/2009

Conficker Worm Targets Microsoft Windows Systems, US CERT 3/31/2009

Don't fret about the Conficker virus, Globe and Mail 3/31/2009

Sasser

Teen 'confesses' to Sasser worm, BBC 5/11/2004

Sasser Costs Mount as Fears of New Worm Grow, CIO Today 5/7/2004

Sasser net worm affects millions, BBC 5/4/2004

Sasser Worm Informant Under Investigation, eWeek 6/17/2004

Worm feeds on Sasser-infected computers, CNET 5/14/2004

Sasser worm gets to work, CNET 5/4/2004

Microsoft, law enforcement officials pursuing Sasser author, CW 5/4/2004

Hackable bug found in net's heart, BBC 4/23/2004

Bagle

Bagle back in business, CNET 7/7/2004

Updates aim to defuse Bagle ploy, CNET 3/4/2004

Hackers hit supercomputing giants, CNN 4/16/2004

Slammer

On Saturday, January 25, 2003, the Slammer worm infected more than 90 percent of vulnerable computers worldwide within 10 minutes of its release on the Internet by exploiting a known vulnerability for which a patch had been available since July 2002. Slammer caused network outages, canceled airline flights, and automated teller machine failures. In addition, the Nuclear Regulatory Commission confirmed that the Slammer worm had infected a private computer network at a nuclear power plant, disabling a safety monitoring system for nearly 5 hours and causing the plant’s process computer to fail. The worm reportedly also affected communications on the control networks of at least five utilities by propagating so quickly that control system traffic was blocked. In addition, on Monday, January 27, the worm infected more networks when U.S. and European business hours started. Cost estimates on the impact of the worm range from $1.05 billion to $1.25 billion.

Slammer resulted in temporary loss of Internet access to some users and increased network traffic worldwide. Postincident studies noted that if the worm had been malicious or had exploited more widespread vulnerabilities, it would have caused a significant disruption to Internet traffic.

Responses to Slammer were quick. Within 1 hour, Web site operators were able to filter the worm. The disruption was partly resolved by network operators blocking the main communication channel that the worm was using, which helped control the spread of the worm. Security experts advised network operators to use firewalls to block the channel and to apply the patch before reconnecting services. In addition, private-sector network operators used the North American Network Operators Group mailing list to collaborate with each other in restoring infected networks. The federal government coordinated with security companies and Internet service providers and released an advisory recommending that federal departments and agencies patch and block access to the affected channel. However, most of these activities occurred after the worm had stopped spreading because it had propagated so quickly.

- GAO 06-672 Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO Report, p. 22 (June 2006)

John S. Quarterman, Peter H. Salus , Why Do the Graphs of the Slammer Worm Differ So Much?, TPRC 9/13/03
Sapphire/Slammer Worm Analysis, CAIDA 2/14/03
MS on Slammer
BGP updates at MIT during MS SQL worm
ArborNetworks SQL Networks
Matrix Netsystems
RIPE NCC Sapphire/Slammer Worm Impact on Internet Performance
Why do the Graphs of the "Slammer Worm" Differ So Much? John Quarterman, Matrix NetSystems, Peter Salas, Matrix NetSystems ZIP
What Symantec Knew But Didn't Say, Wired 2/14/03
'Slammer' Attacks May Become Way Of Life, CNET 2/7/03
Korean Net users blame MS for Slammer carnage, Register 2/4/03
Worms On The Loose!, EarthWeb 1/31/03
Expert weighs code release after Slammer, NWFusion 1/31/03
Internet Worm Unearths New Holes, Wash Post 1/29/03
The Case of Slammer and the Broken Patching Process, Newsfactor 1/29/03
FBI Skeptical on Internet Attack Source, AP 1/29/03
Worm exposes flaws and laziness, CNET 1/27/03
Asia fingered as Sapphire's birthplace, CNET 1/27/03
Internet Worm Hits Airline, Banks, Wash Post 1/27/03
Slammer Worm Slaps Net Down, But Not Out, PCWorld 1/27/03
Worst of computer worm appears to be over, USA Today 1/27/03
Slammer worm rocks the Net, ZDNet 1/27/03
Internet attack exposes security flaws, Mercury 1/27/03
Update: 'Slammer' worm slugs Internet, slows Web traffic, CW 1/27/03
Slammer worm slows, no new reports of problems, NWFusion 1/27/03
Internet worm slithers on, MSNBC 1/27/03

SNMP Vulnerability

Battening Down SNMP , ISP Planet 2/20/02

Patching The Net's Fatal Flaws , BWO 2/20/02

CERT Advisory on SNMP, CERT 2/13/02

Alert 02-001: "Potential for Multi-Sector Internet Outages", NIPC 2/13/02

Battening Down SNMP, ISP Planet 2/15/02

Bugs Put Net Traffic At Risk, ZDNN 2/13/02

Web threatened, group warns, CNews 2/13/02

Research group finds holes in Net security, USA Today 2/13/02

Bugbear

Virus makes unwelcome return, BBC 6/6/03

Bugbear Virus Bears Claws Again, Vnunet 6/6/03

Advisory 02-008: "W32.Bugbear@mm or I-Worm.Tanatos", NIPC 10/9/02

Millions of computers infected by Bugbear virus, ABC 10/3/02

New virus infects millions of computers, Hindustan 10/3/02

'Bugbear' worm continues to bite, MSNBC 10/7/02

Bugbear worm roaming world's e-mail, USA Today 10/7/02

Gokar

Antivirus Firms Warn About Gokar Worm, Newsbytes 12/14/01

E-mail worm Gokar spreading, CNET 12/14/01

Gokar worm spreads by e-mail, Web, chat, NWFusion 12/14/01

Gokar worm spreads by e-mail, Web, chat, CW 12/14/01

Goner

Israeli teens charged over Goner worm, CNET 8/7/02

How Goner Suspects Were Tracked Down, Register 12/10/01

'Goner' suspects under house arrest, MSNBC 12/10/01

Israeli Teens Confess To Launching 'Goner' Worm, Newsfactor 12/10/01

Israeli police arrest 'Goner' creators, USAToday 12/10/01

Hackers take up Larry Ellison's challenge, USAToday 12/10/01

Report: Israeli youths admit to creating 'Goner' worm, NWFusion 12/10/01

"Goner" E-mail Worm A PC Killer, Inews 12/5/01

They Looked, They Clicked, a New E-Mail Virus Conquered, NYT 12/5/01

'Goner' worm wriggles into Europe, Times India 12/5/01

'Goner' Worm Takes Out Firewalls, Antivirus Protection, Newsfactor 12/5/01

White House Cybersecurity Chief Unveils Plans, Wash Tech 12/5/01

'Goner' worm wreaks havoc in UK, U.S., CNN 12/5/01

National computer-security site attacked, CNET 12/5/01

Alert 01-029: "VBS/Mass-Mailing Worm, W32/Goner.A", NIPC 12/5/01

W32/Goner Worm, CERT 12/5/01

Past lessons limit 'Goner' worm's spread, USAToday 12/7/01

Badtrans

Badtrans Tops List Of Virus Threats, Inews 12/28/01

W32/BadTrans Worm, CERT 11/28/01

New self-executing virus hits Net, USAToday 11/27/01

'Badtrans' Worm Continues Spread, ABC 11/30/01

BadTrans computer virus strikes, BBC 11/27/01

Anti-virus software maker warns of new worm, Nando 11/27/01

Badtrans worm leaves back doors, logs data, CW 11/27/01

New e-mail worm rears its head, CNET 11/27/01

E-mail virus hits home, CNET 11/27/01

NIMDA Worm - Post Sept 11, 2001 Events

Attacking Nimda-infected Attackers, Register 8/9/02

New Nimda virus spreads after all, MSNBC 11/1/01

Computers Hit Around Globe by New Form of Old Virus, NYT 11/1/01

'NY Times' outage caused by Nimda virus, USAToday 11/1/01

More from Nimda, MSNBC 10/30/01

Brief: Security firm issues warning about fake Nimda fix, CW 10/1/01

Nimda Worms Its Way To The Top, Register 10/1/01

Nimda worm comeback thwarted, USAToday 10/1/01

Nimda worm ready for return, USAToday 9/28/01

Experts: Nimda Mass-Mailing To Resume Today, Washtech 9/28/01

Nimda Hits Philips, Blocks Intranet, IDG 9/25/01

'Nimba' Hits Colo. Computer Systems, AP 9/21/01

Users: Nimda a tough worm to fight, CW 9/21/01

Nimda risk high at home, CNET 9/20/01

New, complex worm slows in U.S., CNN 9/20/01

Computer security firms fashion fix for Nimda worm, Nando 9/20/01

'Triple Threat' Virus Spreading Fast, Newsfactor 9/20/01

Advisory 01-022: "Mass Mailing Worm W32.Nimda.A@mm", NIPC 9/20/01

Nimda attack seems to Slow, NWFusion 9/20/01

Computer Worm Called More Potent Than Predecessors, Washtech 9/20/01

A 'Tarpit' That Traps Worms, Wired 9/20/01

McAfee NIMDA Warning

Symantic W32.Nimda.A@mm (September 18, 2001)

Code Red-based email worm breaks out By John Leyden Posted: 18/09/2001 at 16:38 GMT The Register

Central Command What is Win32.Nimda.A@mm?

Infoworld, Major new worm poses serious threat worldwide (Septmember 18, 2001)

FBI assessing worm attack, CNET September 18, 2001

Lethal worm spells double trouble, ZDNET Sept 18, 2001

TruSecure Alert- TSA-01-024 Nimda: W32.nimda.a.mm September 18, 2001

Sophos W32/Nimda-A September 18, 2001

Sophos Nimda worm causing internet mayhem - Sophos warns against double pronged attack September 18, 2001

FBI investigating new Internet worm, thousands of computers targeted Silicon Valley.com

Microsoft patches

SirCam

CIAC "FAQ: What you need to know about SirCam"

SirCam due to Wipe Windows PCs next Tuesday, Register 10/12/01

SirCam Ready To Drop Payload, Wired 10/12/01

Dangerous 'Sircam' virus keeps spreading, USAToday 8/3/01

SirCam worm snatches FBI documents, CNET 7/25/01

Sircam Virus Steals Files, BBC 7/24/01

SirCam worm clogs e-mail accounts, CNET 7/24/01

Code Red

CodeRed Worm Infections in 24.0.0.0/8 on July 19, 2001 , CAIDA 4/3/02

David Moore, Colleen Shannon, Jeffery Brown, Code-Red: a case study on the spread and victims of an Internet worm, Proceedings of the Second the ACM Internet Measurement Workshop, 2002.

Alert 01-016: "Code Red Worm", NIPC 7/30/01

Keith A. Rhodes, Code Red, Code Red II, and SirCam Attacks Highlight Need for Proactive Measures , Testimony Before the Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations, Committee on Government Reform, House of Representatives, GAO-01-1073T (Aug. 29, 2001).

CERT® Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL

NANOG: CAIDA: Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out?

CAIDA Analysis of Code-Red

CAIDA: Code-Red: a case study on the spread and victims of an Internet worm

New Code Red variant reported, CW 3/12/03

Code Red Still Threatens Net, CNET 5/6/02

'Code Blue' Worm Strikes in China, May Migrate, Newsfactor 9/7/01

Qwest Refuses Refunds For Code Red Victims, Newsfactor 8/24/01

FBI: Early efforts nip Code Red worm, CNET 8/17/01

South Korea Says Third Version of Code Red Detected, Reuters 8/10/01

Code Red II Worms Its Way Deeper, Reuters 8/8/01

'Code Red II' spreading quickly, causing damage, USAToday 8/8/01

Officials Warn Of Internet Threat, AP 7/30/01

'Code Red' Worm May Re-Emerge on Internet Tuesday, Reuters 7/30/01

Feds, Microsoft Issue Code Red Alert, Washtech 7/30/01

Update: FBI Says Code Red Back in Action, Newsfactor 8/1/01

Code Red Worm Update (08/01/01 - 11:30) am EDT), NIPC 8/1/01

Code Red Internet Worm Disturbs Pentagon Networks, Reuters 8/1/01

'Code Red' spreads to the Pentagon, USAToday 8/1/01

'Code Red:' Worm strikes 12,000 Web servers, USAToday 7/19/01

Malicious Web Attacks May Be New IIS Worm, Newsbytes 7/17/01

White House Dodges 'Code Red' Virus, AP 7/20/01

'Code Red' worm exploits Windows NT flaw, CW 7/20/01

Close Call For White House Web Site, MSNBC 7/20/01

'Code Red' Virus Aims at White House Web Site, Reuters 7/20/01

Pentagon shuts sites to avoid 'Code Red' virus, USAToday 7/24/01

White House dodges 'Code Red' virus, USAToday 7/20/01

Melissa Virus

Information in United States of America v. David Smith -- Court document filed by the U.S. Attorney's Office in Newark, New Jersey relating to charges against the creator of the Melissa computer virus.

Plea Agreement -- David Smith agreed to plead guilty to creating and disseminating the Melissa virus and causing over $80 million in damages, in violation of federal computer crime laws.

Creator of 'Melissa' Computer Virus Pleads Guilty in New Jersey to State and Federal Charges (December 9, 1999)

'Melissa' Creator Gets 20 Months, Internet News 5/1/02

Virus Maker Sentenced, NYT 5/1/02

News

FBI nabs botnet mastermind in Slovenia, Globe and Mail 7/28/2010

Three arrested in connection with Mariposa botnet, CW 7/28/2010

Conficker slideset, CAIDA 5/17/2010

DHS studying global response to Conficker botnet, CW 4/7/2010

Authorities break up global botnet, Globe and Mail 3/2/2010

Comcast to Put Botnet Cops on the Security Beat, Gigaom 10/13/2009

Pentagon Networks Targeted by 'Hundreds of Thousands' of Probes, Wired 4/16/2010

New Sober Worm on the Loose, eweek 11/19/2004

Instant messaging worm exploits JPEG flaw, NWFusion 9/30/2004

JPEG exploit could beat antivirus software, CNET 9/30/2004

Lazarus-like virus hits computers, BBC 11/19/2004

Future Windows component could spur old-school viruses, NW Fusion 10/5/2004

'Gamer's virus' aims to hit users, BBC 2/18/2004

Blaster-like Virus Attack 'Imminent', Internet News 2/18/2004

Mmm, juicy target, USA Today 2/10/2004

No end in sight to Mydoom virus, BBC 2/2/2004

Spread of agile 'Bagle' worm subsides, CNN 1/20/2004

New Internet Virus Spreads Fast, but Experts Debate Risk, NYTimes 1/20/2004

New Worm Strikes MSN Messenger, PC World 1/5/2004

Worm hits Windows-based ATMs, CNET 12/9/2003

Latest Mimail worm has new trick, New Scientest 11/14/2003

Zombie machines fuel cybercrime wave, CNET 11/11/2003

Anti-virus fight gets cash boost, BBC 11/5/2003

MS posts $5 mill virus bounty, CNN 11/5/2003

New virus hits computers, BBC 10/31/2003

Feds admit error in hacking conviction, CNET 10/17/2003

Decades after creation, viruses defy cure, CNET 11/25/2003

Phillies fanatic faces 471 years for hacking, CNET 10/9/03

US port 'hit by UK hacker', BBC 10/6/03

Trojan Horse Bedevils Explorer Users, Newsfactor 10/3/03

Second US arrest over net virus, BBC 9/29/03

Browser holes lead to AIM, dial-up attacks, CNN 9/29/03

'Relentless' pace of hack attacks, BBC 9/24/03

New worm targets Internet Explorer, CNN 9/24/03

US immigration system hit by virus, InfoWorld 9/24/03

Windows faces fresh web worm woe, BBC 9/11/03

Worm Suspect Slapped With Charges, ABC 9/11/03

New worm on the way?, CNET 9/11/03

Virus writers mark 9/11 with new bugs, CNN 9/11/03

Computer worm targets Tony Blair, BBC 9/5/03

Experts' fear over computer virus, BBC 9/5/03

Colleges Move to Thwart Internet Viruses, ABC 9/5/03

Cops take a bite, or maybe a nibble, out of cybercrime, USA Today 9/2/03

SoBig triggers worst month on record, Newsfactor 9/2/03

New Computer Virus Clogs E-Mail Inboxes, ABC 8/20/03

World wakes up to another virus, BBC 8/20/03

'Good' worm slows Web, CNN 8/20/03

MSBlast echoes across the Net, CNET 8/14/03

FBI Looks For Source Of Internet Infection, Wash Post 8/14/03

Virus Infection Spreads in Asia, Europe, ABC 8/12/03

Worm blasts across the web, BBC 8/12/03

Internet infection that drew gov't warnings spreading rapidly, Mercury 8/12/03

The Internet Security Demon That Won't Die, Newsfactor 8/6/03

Virus poses as admin e-mail, BBC 8/4/03

Worm masquerades as note from IT staff, CNET 8/4/03

Sneaky virus spreading rapidly, BBC 5/12/03

Fizzer virus pops up on Kazaa, CNET 5/12/03

Hacker suspect nabbed at Net show, CNN 5/6/03

Suspected Web Hacker Arrested At Show, Reuters 4/30/03

Hacker causes havoc for websites, BBC 4/23/03

Be the hacker, NWFusion 4/14/03

Hacking Attacks Jump 37 Percent, Newsfactor 4/9/03

Lovgate.C Worm Spreads Across Internet, Info World 2/24/03

Worm Targets Hackers, TechTV 3/3/03

Worm on the loose, USA Today 2/14/03

FBI Seeks Hacker, USA Today 2/7/03

Avril virus makes things 'so complicated', Globe 1/10/03

Three new viruses on the loose, Vnunet 1/10/03

'Avril' virus continues to spread, MSNBC 1/10/03

Yaha Virus Lingers Into The New Year, IDG 1/3/03

Yaha virus infection heats up, CNET 1/2/03

Yaha virus lingers into the New Year, NWFusion 1/2/03

Greeting Card Virus Licensed To Spread CNET 11/15/02

Security Firm Embarassed by 'Braid' TechTV 11/12/02

U.S. fingers hacker of military sites MSNBC 11/12/02

'Braid' Worm Mixing Things Up TechTV 11/5/02

MSN TV prank creating "emergencies", CNET 7/24/02

The Computer Virus of the Future, Newsfactor 5/6/02

Chernobyl virus rides Klez's coattails, CNET 5/6/02

Fake net looks to sting hackers, NWFusion 4/26/02

Gartner: Attacks exploit security indifference, CNN 5/3/02

New attacks to put intrusion-detection vendors to the test, NWFusion 4/15/02

Fix for Security Delays Might Be Close at Hand, LA Times 4/15/02

Tricky worm can spread via AIM, IRC, CNN 4/10/02

MyLife Virus Gets New Life in Variants, Newsfactor 4/3/02

Overview of Attack Trends, CERT 4/10/02

'Bill Clinton' Worm Gets Around - Experts, Wash Tech 3/25/02

Clinton worm eats files, CNET 3/25/02

'Social Engineering' Spreads New Plague of Web Chat Attacks, Newsfactor 3/21/02

Virus alerts lack standards, NWFusion 3/11/02

Virulent Worm Set To Return, Internet News 3/6/02

Global Internet Worm Set To Explode, Newsfactor 3/6/02

Is This A Good Time To Be A Hacker? , Newsfactor 2/20/02

Dangerous Yarner worm spells bad news , USA Today 2/20/02

Klez worm reborn as nastier version, CNET 2/11/02

MyParty worm fails to attract a crowd, CNET 1/28/02

New E-mail Worm Is No Party, Newsbytes 1/28/02

New virus poses moderate risk , USA Today 1/28/02

Computer Attacks on Companies Up Sharply, Wash Tech 1/28/02

'Gigger' worm termed low threat, MSNBC 1/14/02

Virus writers get head start on .NET, MSNBC 1/9/02

New Virus First To Infect Flash, CNET 1/9/02

CERT: # Of Viruses, Flaws Explode, Internet News 1/11/02

Virus Targets MS Web Services Software, Reuters 1/11/02

ZaCker worm attacks security software, NWFusion 1/4/02

New worms ring in the new year (Junkyard), CNET 1/4/02

Microsoft warns of holes in SQL Server, NWFusion 12/28/01

FBI agency advises turning off vulnerable XP feature, NWFusion 12/28/01

Buffer Overflow in UPnP Service on Microsoft Windows, CERT 12/28/01

Is there a worm in your e-greeting?, Times India 12/20/01

Windows XP contains serious security flaws, USAToday 12/20/01

Fix your Windows, says Microsoft, BBC 12/20/01

Windows XP vulnerable to 'serious' Attacks, CNN 12/20/01

Microsoft warns of security flaws with Windows XP, Nando 12/20/01

Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers, CERT 12/20/01

Microsoft warns of PowerPoint, Excel vulnerabilities, NWFusion 12/18/01

Architecture as Crime Control, SSRN 12/18/01

MS Warns Of Hole In Outlook Web Access, Newsfactor 12/7/01

Record-breaking year for security incidents expected, CW 11/27/01

ICANN: U.S. Official Says Govt Should Stay Out Of Internet, Wash Tech 11/15/01

Federal Computers Fail Hacker Test, LA Times 11/9/01

Cybersecurity chief warns of Net threat, USAToday 11/9/01

Security woes dog federal agencies, CNET 11/9/01

ITAA Calls for Immediate New Federal IT Security Funding, Inews 11/9/01

Microsoft slammed on PC security, USAtoday 11/7/01

Internet Attacks Seen Doubling This Year, ZDNN 10/16/01

Group Says Don't Use Microsoft IIS, 7am 9/25/01

Analyst Recommends Software Switch, AP 9/25/01

Analyst recommends switching from Microsoft's Web software to another product because of security concerns, Nando 9/25/01

MS vows Rewritten IIS, more patches, Register 9/25/01

Analyst: Scrap Microsoft server software, USAToday 9/25/01

Gartner: Drop Microsoft's IIS now, ZDNet 9/25/01

Microsoft Stands By IIS Despite Criticism, IDG 9/28/01

Internet warning system under siege (CERT), CNET 5/23/01

NIPC Gets "F" In Hack Attack Warnings, InternetNews 5/23/01

Cyber Crime Prevention Unit Probed, LATimes 5/23/01

Leadership Vacancies Slow FBI's Cybercrime Arm, Washtech 5/23/01

Pentagon Computers Hacked 215 Times in Past Year, Newsfactor 5/18/01

Worm crawls into MSN Messenger, CNET 5/1/01

Bulletin: Microsoft warns of serious Windows 2000 hole, CW 5/1/01

Attack On US State Dept. Shuts Down Internal Servers, Newsbytes 5//11/01

Bush Mulls cybersecurity, USAToday 5/11/01

White House Site Attack Clues Sought, CW 5/8/01

Senator: Aid Cyber Security By Secrecy, Reuters 5/8/01

Extent Of FBI's Web Surveillance Disclosed, AP 5/4/01

Vandals Attack Whitehouse.gov, CNET 5/4/01

Naked Wife Virus Outbreak Contained, Register 3/7/01

New computer virus called 'Naked Wife' wreaks havoc, Nando 3/7/01