Virus Archive Information Sheet

Win32.StuxNet (c.2010)

2016

Janis Lejins (B.1992),

The stuxnet worm is believed to be developed by the US Government in coalition with Israeli Government. It was used to infect SCADA Windows computers with programmable logic controllers. These are commonly used in nuclear reactors and enrichment facilities. The worm infected nuclear infastructure in Iran and caused the centrifuges to shake themselves apart.

Materials: 8GB Memory infected with Win32.StuxNet Worm, frame, archival tape, ink.

Linux.Wirenet (c.2012)

This is the linux variant of the wirenet trojan. It also comes in windows and OSX variants. This program steals passwords from browsers and takes screenshots then sends the data to the server: 212.7.208.65

Materials: 8GB Memory infected with Linux.Wirenet Worm, frame, archival tape, ink.

Win32.Cryptowall (2015-current)

Cryptowall encrypts all of the files on the host's computer and then holds them for ransom for bit coins. There is no way of getting encrypted files back, hence why a significant number of people pay up. The ransom cost increases at set intervals to encourage rapid payment.

Materials: 8GB Memory infected with Cryptowall Virus, frame, archival tape, ink.

Virus procured by Gareth Dunstone (B.1990)

Win32.CodeRed.A (2001)

This worm infected over 359,000 computers, mostly webservers. The worm was then used to launch attacks on various ip addresses, including the White House. It has caused an estimated 2.6 billion dollars worth of damage.

Materials: 8GB Memory infected with Cryptowall Virus, frame, archival tape, ink.

Win32.ILOVEYOU Love Letter Worm (2000)

Win32.ILOVEYOU successfully attacked tens of millions of windows systems. The worm then overwrote random files and emailed itself to all the addresses in the Windows Address Book. There were an estimated USD$8.7 billion worth of damages.

Materials: 8GB Memory infected with the win32.ILOVEYOU worm, frame, archival tape, ink.

Win32.Klez.A (2001)

This worm exploits Internet Explorers HTML renderer in Microsoft Outlook Express and was spread through email. It caused an estiemated USD$19.8 billion in damages

Materials: 8GB Memory infected with the Win32.Klez.A worm, frame, archival tape, ink.

Win32.MyDoom.AA (2004-2009)

MyDoom holds the record for fastest spreading computer worm. It performed a massive distributed denial of service attack on the controversial company "The SCO Group", presumably for the companies unethical software patent trolling of the open source software community. Later versions have also targeted the Microsoft website and blocked anti-malware sites. Its intended purpose is only functional in an estimated 25% of the systems it infects but has still caused an estimated $43.9 billion US in damages

Materials: 8GB Memory infected with the MyDoom worm, frame, archival tape, ink.

Win32.NetSky.B (2004)

2016

Janis Lejins (B.1992),

NetSky is another prolific computer worm like Win32.MyDoom, it was written by the same author as Win32.Sasser. This particular variant (Netsky.B) actually deleted MyDoom worms. It casued an estimated $2 billion US in damages

Materials: 8GB Memory infected with the NetSky worm, frame, archival tape, ink.

Win32.Sasser.B (2004)

2016

Janis Lejins (B.1992),

This worm spread virulently through a vulnerable port on Windows XP and Windows 2000 and some variants have been known to delete other worms. It has caused an estimated $18.1 billion US dollars worth of damages

Materials: 8GB Memory infected with the Sasser worm, frame, archival tape, ink.

Win32.Zbot Zeus/Zeus Gameover (2007, 2013)

2016

Janis Lejins (B.1992),

This virus intercepts credit card information entered into a browser and gathers extensive private information (such as Bitcoin wallets and website logins) and uses the system in order to perform clickfraud. This is one of the first instances of malware being developed exclusively for sale and is thought to originate in Russia. Packages can be bought for as little 6 Bitcoins rising up to 43 Bitcoins, and botnets created are frequently rented out on a neccesity basis.

Materials: 8GB Memory infected with the Zeus virus, frame, archival tape, ink.

Win32.Conficker.A (2008-current)

2016

Janis Lejins (B.1992),

The Conficker virus has been one of the most difficult to eradicate as the author (or authors) frequently update it so that it can evade antivirus measures. It also makes use of encryption stronger than military grade to hinder tampering and make analysis difficult. A colletion of high profile tech companies including Facebook, Microsoft, IBM, and ICANN have formed a working group to deal with the virus. The virus patches the vulnerabilities that previous variants used and listens for other infected machines on other computers and and updates them to the latest version. Only variant E (the most recent) actually uses the system to do something other than infect other computers - it sends spam emails. Variant E also deletes itself and leaves a copy of the D variant on the system. Microsoft posted a USD$250,000 bounty for information leading to the author. Thia bounty remains uncollected, the author remains unknown and known infected systems still number in the hundreds of thousands and the damges are in excess of $9.1 billion US

Materials: 8GB Memory infected with the Conficker virus, frame, archival tape, ink.

Viruses and and additional data procured by Gareth Dunstone