Famous malware attacks - Revision history

Rabagh: /* Petya */

2022-05-02T16:18:04Z

Petya

← Older revision		Revision as of 19:18, 2 May 2022
Line 13:		Line 13:
	<ref> Available at https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html</ref>		<ref> Available at https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html</ref>

	[[File:~~Petya 2~~.PNG]]		[[File:Petya2.PNG]]

	One of the email domains associated with the perpetrators of the attack was revoked in the process, thus giving a victim's computer a specific code to help retrieve the matching decoder data recovery has become impossible.<ref> Available at https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how </ref> It has been effective in countries such as Russia, England, France, Denmark, Iran, Brazil, and Mexico, especially in Ukraine. Spain, Netherlands, and India also confirmed the attack. Ukraine has suffered the most from the attack. Petya malware also envelops various public institutions of the country; In addition, it affected a wide area such as Kyiv Airport, metro systems, power plants, and nuclear power plants, bringing the systems to a standstill and causing many disruptions. <ref> Available at https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/petya-ransomware-wiper </ref> MeDoc, a Ukrainian software company, was held responsible for the attack that brought life to a standstill in Ukraine. Although MeDoc denies these allegations, many cybersecurity experts have claimed to have evidence that the firm was the first source. 55 Public authorities stated that the affected institutions had difficulties in carrying out customer service and banking transactions, it was observed that most of the ATMs were out of service or Petya's ransomware message was displayed on their screens. <ref> Available at http://services.nwu.ac.za/it-news/latest-cyber-attack-petya-ransomware </ref>		One of the email domains associated with the perpetrators of the attack was revoked in the process, thus giving a victim's computer a specific code to help retrieve the matching decoder data recovery has become impossible.<ref> Available at https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how </ref> It has been effective in countries such as Russia, England, France, Denmark, Iran, Brazil, and Mexico, especially in Ukraine. Spain, Netherlands, and India also confirmed the attack. Ukraine has suffered the most from the attack. Petya malware also envelops various public institutions of the country; In addition, it affected a wide area such as Kyiv Airport, metro systems, power plants, and nuclear power plants, bringing the systems to a standstill and causing many disruptions. <ref> Available at https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/petya-ransomware-wiper </ref> MeDoc, a Ukrainian software company, was held responsible for the attack that brought life to a standstill in Ukraine. Although MeDoc denies these allegations, many cybersecurity experts have claimed to have evidence that the firm was the first source. 55 Public authorities stated that the affected institutions had difficulties in carrying out customer service and banking transactions, it was observed that most of the ATMs were out of service or Petya's ransomware message was displayed on their screens. <ref> Available at http://services.nwu.ac.za/it-news/latest-cyber-attack-petya-ransomware </ref>

Rabagh: /* Petya */

2022-05-02T16:17:50Z

Petya

← Older revision		Revision as of 19:17, 2 May 2022
Line 8:		Line 8:


	[[~~petya_1~~.~~png~~]]		[[File:Petya 1.PNG]]

	Although this screen may seem like a system error at first glance, users In fact, Petya software silently performed file encryption in the background of the system. If the user tries to reboot the system or the file encryption operation is performed, a flashing red skeleton appears on the screen, and “Press any key” appears. After pressing the key, a new window is opened with the ransom note		Although this screen may seem like a system error at first glance, users In fact, Petya software silently performed file encryption in the background of the system. If the user tries to reboot the system or the file encryption operation is performed, a flashing red skeleton appears on the screen, and “Press any key” appears. After pressing the key, a new window is opened with the ransom note
	<ref> Available at https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html</ref>		<ref> Available at https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html</ref>

	[[~~petya2~~.~~png~~]]		[[File:Petya 2.PNG]]

	One of the email domains associated with the perpetrators of the attack was revoked in the process, thus giving a victim's computer a specific code to help retrieve the matching decoder data recovery has become impossible.<ref> Available at https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how </ref> It has been effective in countries such as Russia, England, France, Denmark, Iran, Brazil, and Mexico, especially in Ukraine. Spain, Netherlands, and India also confirmed the attack. Ukraine has suffered the most from the attack. Petya malware also envelops various public institutions of the country; In addition, it affected a wide area such as Kyiv Airport, metro systems, power plants, and nuclear power plants, bringing the systems to a standstill and causing many disruptions. <ref> Available at https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/petya-ransomware-wiper </ref> MeDoc, a Ukrainian software company, was held responsible for the attack that brought life to a standstill in Ukraine. Although MeDoc denies these allegations, many cybersecurity experts have claimed to have evidence that the firm was the first source. 55 Public authorities stated that the affected institutions had difficulties in carrying out customer service and banking transactions, it was observed that most of the ATMs were out of service or Petya's ransomware message was displayed on their screens. <ref> Available at http://services.nwu.ac.za/it-news/latest-cyber-attack-petya-ransomware </ref>		One of the email domains associated with the perpetrators of the attack was revoked in the process, thus giving a victim's computer a specific code to help retrieve the matching decoder data recovery has become impossible.<ref> Available at https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how </ref> It has been effective in countries such as Russia, England, France, Denmark, Iran, Brazil, and Mexico, especially in Ukraine. Spain, Netherlands, and India also confirmed the attack. Ukraine has suffered the most from the attack. Petya malware also envelops various public institutions of the country; In addition, it affected a wide area such as Kyiv Airport, metro systems, power plants, and nuclear power plants, bringing the systems to a standstill and causing many disruptions. <ref> Available at https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/petya-ransomware-wiper </ref> MeDoc, a Ukrainian software company, was held responsible for the attack that brought life to a standstill in Ukraine. Although MeDoc denies these allegations, many cybersecurity experts have claimed to have evidence that the firm was the first source. 55 Public authorities stated that the affected institutions had difficulties in carrying out customer service and banking transactions, it was observed that most of the ATMs were out of service or Petya's ransomware message was displayed on their screens. <ref> Available at http://services.nwu.ac.za/it-news/latest-cyber-attack-petya-ransomware </ref>

Rabagh: /* Petya */

2022-05-02T16:16:50Z

Petya

← Older revision		Revision as of 19:16, 2 May 2022
Line 8:		Line 8:


	[[~~File:~~petya_1.png]]		[[petya_1.png]]

	Although this screen may seem like a system error at first glance, users In fact, Petya software silently performed file encryption in the background of the system. If the user tries to reboot the system or the file encryption operation is performed, a flashing red skeleton appears on the screen, and “Press any key” appears. After pressing the key, a new window is opened with the ransom note		Although this screen may seem like a system error at first glance, users In fact, Petya software silently performed file encryption in the background of the system. If the user tries to reboot the system or the file encryption operation is performed, a flashing red skeleton appears on the screen, and “Press any key” appears. After pressing the key, a new window is opened with the ransom note
	<ref> Available at https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html</ref>		<ref> Available at https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html</ref>

	[[~~File:~~petya2.png]]		[[petya2.png]]

	One of the email domains associated with the perpetrators of the attack was revoked in the process, thus giving a victim's computer a specific code to help retrieve the matching decoder data recovery has become impossible.<ref> Available at https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how </ref> It has been effective in countries such as Russia, England, France, Denmark, Iran, Brazil, and Mexico, especially in Ukraine. Spain, Netherlands, and India also confirmed the attack. Ukraine has suffered the most from the attack. Petya malware also envelops various public institutions of the country; In addition, it affected a wide area such as Kyiv Airport, metro systems, power plants, and nuclear power plants, bringing the systems to a standstill and causing many disruptions. <ref> Available at https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/petya-ransomware-wiper </ref> MeDoc, a Ukrainian software company, was held responsible for the attack that brought life to a standstill in Ukraine. Although MeDoc denies these allegations, many cybersecurity experts have claimed to have evidence that the firm was the first source. 55 Public authorities stated that the affected institutions had difficulties in carrying out customer service and banking transactions, it was observed that most of the ATMs were out of service or Petya's ransomware message was displayed on their screens. <ref> Available at http://services.nwu.ac.za/it-news/latest-cyber-attack-petya-ransomware </ref>		One of the email domains associated with the perpetrators of the attack was revoked in the process, thus giving a victim's computer a specific code to help retrieve the matching decoder data recovery has become impossible.<ref> Available at https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how </ref> It has been effective in countries such as Russia, England, France, Denmark, Iran, Brazil, and Mexico, especially in Ukraine. Spain, Netherlands, and India also confirmed the attack. Ukraine has suffered the most from the attack. Petya malware also envelops various public institutions of the country; In addition, it affected a wide area such as Kyiv Airport, metro systems, power plants, and nuclear power plants, bringing the systems to a standstill and causing many disruptions. <ref> Available at https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/petya-ransomware-wiper </ref> MeDoc, a Ukrainian software company, was held responsible for the attack that brought life to a standstill in Ukraine. Although MeDoc denies these allegations, many cybersecurity experts have claimed to have evidence that the firm was the first source. 55 Public authorities stated that the affected institutions had difficulties in carrying out customer service and banking transactions, it was observed that most of the ATMs were out of service or Petya's ransomware message was displayed on their screens. <ref> Available at http://services.nwu.ac.za/it-news/latest-cyber-attack-petya-ransomware </ref>

Rabagh: /* Petya */

2022-05-02T16:16:22Z

Petya

← Older revision		Revision as of 19:16, 2 May 2022
Line 7:		Line 7:
	Petya is a file-encrypting Trojan that was first discovered in 2016, according to information on 2SpyWare, which was launched as a project to help people learn more about cybersecurity issues and malware. <ref>Available at https://www.bbc.com/news/technology-40497026 </ref>It has continued to appear in various variants with several different updates until today. Among its derivatives are PetrWrap, GoldenEye, Mamba virus, Mischa, Diskcoder.D, and Bad Rabbit. Petya has been one of the classic ransomware attacks in which the files on victims' computers are encrypted to make them inaccessible and then demand a ransom to give the encryption key. Ransoms are also typically demanded in bitcoin or other cryptocurrencies.<ref>Available at https://fortune.com/2017/06/27/petya-ransomware-ukraine-medoc/ </ref> Its beginnings were similar to WannaCry; The epidemic was not noticed from anywhere and spread rapidly. However, unlike WannaCry, this malware spread via spam e-mails, immediately after restarting the computer, it displayed the following message on the screen.<ref>Available at https://www.proofpoint.com/us/threat-reference/petya </ref>		Petya is a file-encrypting Trojan that was first discovered in 2016, according to information on 2SpyWare, which was launched as a project to help people learn more about cybersecurity issues and malware. <ref>Available at https://www.bbc.com/news/technology-40497026 </ref>It has continued to appear in various variants with several different updates until today. Among its derivatives are PetrWrap, GoldenEye, Mamba virus, Mischa, Diskcoder.D, and Bad Rabbit. Petya has been one of the classic ransomware attacks in which the files on victims' computers are encrypted to make them inaccessible and then demand a ransom to give the encryption key. Ransoms are also typically demanded in bitcoin or other cryptocurrencies.<ref>Available at https://fortune.com/2017/06/27/petya-ransomware-ukraine-medoc/ </ref> Its beginnings were similar to WannaCry; The epidemic was not noticed from anywhere and spread rapidly. However, unlike WannaCry, this malware spread via spam e-mails, immediately after restarting the computer, it displayed the following message on the screen.<ref>Available at https://www.proofpoint.com/us/threat-reference/petya </ref>

	~~PHOTO WILL BE UPLOADED~~
			[[File:petya_1.png]]

	Although this screen may seem like a system error at first glance, users In fact, Petya software silently performed file encryption in the background of the system. If the user tries to reboot the system or the file encryption operation is performed, a flashing red skeleton appears on the screen, and “Press any key” appears. After pressing the key, a new window is opened with the ransom note		Although this screen may seem like a system error at first glance, users In fact, Petya software silently performed file encryption in the background of the system. If the user tries to reboot the system or the file encryption operation is performed, a flashing red skeleton appears on the screen, and “Press any key” appears. After pressing the key, a new window is opened with the ransom note
	<ref> Available at https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html</ref>		<ref> Available at https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html</ref>

	~~PHOTO WILL BE UPLOADED~~		[[File:petya2.png]]

	One of the email domains associated with the perpetrators of the attack was revoked in the process, thus giving a victim's computer a specific code to help retrieve the matching decoder data recovery has become impossible.<ref> Available at https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how </ref> It has been effective in countries such as Russia, England, France, Denmark, Iran, Brazil, and Mexico, especially in Ukraine. Spain, Netherlands, and India also confirmed the attack. Ukraine has suffered the most from the attack. Petya malware also envelops various public institutions of the country; In addition, it affected a wide area such as Kyiv Airport, metro systems, power plants, and nuclear power plants, bringing the systems to a standstill and causing many disruptions. <ref> Available at https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/petya-ransomware-wiper </ref> MeDoc, a Ukrainian software company, was held responsible for the attack that brought life to a standstill in Ukraine. Although MeDoc denies these allegations, many cybersecurity experts have claimed to have evidence that the firm was the first source. 55 Public authorities stated that the affected institutions had difficulties in carrying out customer service and banking transactions, it was observed that most of the ATMs were out of service or Petya's ransomware message was displayed on their screens. <ref> Available at http://services.nwu.ac.za/it-news/latest-cyber-attack-petya-ransomware </ref>		One of the email domains associated with the perpetrators of the attack was revoked in the process, thus giving a victim's computer a specific code to help retrieve the matching decoder data recovery has become impossible.<ref> Available at https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how </ref> It has been effective in countries such as Russia, England, France, Denmark, Iran, Brazil, and Mexico, especially in Ukraine. Spain, Netherlands, and India also confirmed the attack. Ukraine has suffered the most from the attack. Petya malware also envelops various public institutions of the country; In addition, it affected a wide area such as Kyiv Airport, metro systems, power plants, and nuclear power plants, bringing the systems to a standstill and causing many disruptions. <ref> Available at https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/petya-ransomware-wiper </ref> MeDoc, a Ukrainian software company, was held responsible for the attack that brought life to a standstill in Ukraine. Although MeDoc denies these allegations, many cybersecurity experts have claimed to have evidence that the firm was the first source. 55 Public authorities stated that the affected institutions had difficulties in carrying out customer service and banking transactions, it was observed that most of the ATMs were out of service or Petya's ransomware message was displayed on their screens. <ref> Available at http://services.nwu.ac.za/it-news/latest-cyber-attack-petya-ransomware </ref>

	Considering that it is also exposed to similar attacks, it is understood that it is a political attack aimed at creating confusion in the country rather than for a financial purpose.<ref> Available at https://www.inverse.com/article/33469-petya-ransomware-attack-united-states </ref> It has been understood that many systems do not have enough defense against ransomware. The extent of such attacks has also revealed the widespread inadequacy of awareness of cyber security, vulnerability scanning, testing, use of correct cyber security applications, and taking backups. It can also be said that Petya, which aims to render the system unusable rather than encrypting the files, aims to have a devastating effect rather than money. <ref> Available at https://thehackernews.com/2017/06/petya-ransomware-decryption-key.html </ref>		Considering that it is also exposed to similar attacks, it is understood that it is a political attack aimed at creating confusion in the country rather than for a financial purpose.<ref> Available at https://www.inverse.com/article/33469-petya-ransomware-attack-united-states </ref> It has been understood that many systems do not have enough defense against ransomware. The extent of such attacks has also revealed the widespread inadequacy of awareness of cyber security, vulnerability scanning, testing, use of correct cyber security applications, and taking backups. It can also be said that Petya, which aims to render the system unusable rather than encrypting the files, aims to have a devastating effect rather than money. <ref> Available at https://thehackernews.com/2017/06/petya-ransomware-decryption-key.html </ref>


	== SamSam ==		== SamSam ==

Orhasa: /* Melissa */

2022-05-02T08:26:27Z

Melissa

← Older revision		Revision as of 11:26, 2 May 2022
Line 95:		Line 95:
	== Melissa ==		== Melissa ==

	Back in the day, not much information was known to an average computer user about computer viruses and their methods of spreading. However, in March 1999 <ref> Available at https://en.wikipedia.org/wiki/Portal:Current_events/March_1999 </ref>, that would be changed forever. A programmer named David Lee Smith <ref> Available at https://en-academic.com/dic.nsf/enwiki/732114 </ref> hacked into an America Online (AOL) <ref> Available at https://www.aol.com/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEqgHrJ4kQ8wKq0IQkqZlaGRluN3Lm_hIyBY_2QCZT9cZQCtb2P0IlngfiR4QtSx3jEM3QhUkBDsFtj-04EKUviBY2qVuM_5HP7AFxB8F5YzBYidTYosRJ7xlQcZJoWwl0NMdSjNaVmdlzqPvLAiirBg3A0ukMHaARtVHZu9oFdM </ref> account and used it to post a file on a newsgroup page, named “alt.sex”, which promised a list of many passwords for otherwise fee-based websites with adult content. This was one of the first massive-scale phishing attacks that are known to us today. When a user		Back in the day, not much information was known to an average computer user about computer viruses and their methods of spreading. However, in March 1999 <ref> Available at https://en.wikipedia.org/wiki/Portal:Current_events/March_1999 </ref>, that would be changed forever. A programmer named David Lee Smith <ref> Available at https://en-academic.com/dic.nsf/enwiki/732114 </ref> hacked into an America Online (AOL) <ref> Available at https://www.aol.com/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEqgHrJ4kQ8wKq0IQkqZlaGRluN3Lm_hIyBY_2QCZT9cZQCtb2P0IlngfiR4QtSx3jEM3QhUkBDsFtj-04EKUviBY2qVuM_5HP7AFxB8F5YzBYidTYosRJ7xlQcZJoWwl0NMdSjNaVmdlzqPvLAiirBg3A0ukMHaARtVHZu9oFdM </ref> account and used it to post a file on a newsgroup page, named “alt.sex”, which promised a list of many passwords for otherwise fee-based websites with adult content. This was one of the first massive-scale phishing <ref> https://csrc.nist.gov/glossary/term/phishing </ref> attacks that are known to us today. When a user

	took the bait by downloading the attached file, it unleashed a virus into their computers. The Melissa virus, reportedly named by Smith after the name of a stripper he met in Florida, begun by taking over victims’ Microsoft Word program. It at that point utilized a macro Microsoft Outlook mail framework and sent messages to the first 50 addresses in their mailing records. Those messages, in turn, tempted receivers to open an attachment with a virus. The message of the e-mail read “Here is the document you requested ... don’t show anyone else ;-):” people trusted the sender and thus were willing to download the attachment, but the senders had no idea that their mail contacts had received the message. The virus was not aiming to steal money or data, but it damaged systems, nonetheless. E-mail servers at more than 300 organizations and government agencies around the world got to be overloaded, and a few had to be closed down totally, including Microsoft. Within a few days, cybersecurity specialists had for the most part contained the spread of the virus and reestablished the functionality of their networks, in spite of the fact that it took some time to remove the contaminations totally. Still, the collective damage was colossal: an evaluated $80 million for the cleanup and repair of affected computer frameworks.		took the bait by downloading the attached file, it unleashed a virus into their computers. The Melissa virus, reportedly named by Smith after the name of a stripper he met in Florida, begun by taking over victims’ Microsoft Word program. It at that point utilized a macro Microsoft Outlook mail framework and sent messages to the first 50 addresses in their mailing records. Those messages, in turn, tempted receivers to open an attachment with a virus. The message of the e-mail read “Here is the document you requested ... don’t show anyone else ;-):” people trusted the sender and thus were willing to download the attachment, but the senders had no idea that their mail contacts had received the message. The virus was not aiming to steal money or data, but it damaged systems, nonetheless. E-mail servers at more than 300 organizations and government agencies around the world got to be overloaded, and a few had to be closed down totally, including Microsoft. Within a few days, cybersecurity specialists had for the most part contained the spread of the virus and reestablished the functionality of their networks, in spite of the fact that it took some time to remove the contaminations totally. Still, the collective damage was colossal: an evaluated $80 million for the cleanup and repair of affected computer frameworks.

Orhasa: /* Melissa */

2022-05-02T08:24:22Z

Melissa

← Older revision		Revision as of 11:24, 2 May 2022
Line 95:		Line 95:
	== Melissa ==		== Melissa ==

	Back in the day, not much information was known to an average computer user about computer viruses and their methods of spreading. However, in March 1999 <ref> Available at https://en.wikipedia.org/wiki/Portal:Current_events/March_1999 </ref>, that would be changed forever. A programmer named David Lee Smith <ref> Available at https://en-academic.com/dic.nsf/enwiki/732114 </ref> hacked into an America Online (AOL) <ref> Available at https://www.aol.com/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEqgHrJ4kQ8wKq0IQkqZlaGRluN3Lm_hIyBY_2QCZT9cZQCtb2P0IlngfiR4QtSx3jEM3QhUkBDsFtj-04EKUviBY2qVuM_5HP7AFxB8F5YzBYidTYosRJ7xlQcZJoWwl0NMdSjNaVmdlzqPvLAiirBg3A0ukMHaARtVHZu9oFdM </ref> account and used it to post a file on a newsgroup page, named “alt.sex”, which promised a list of many passwords for otherwise fee-based websites with adult content. This was one of the first massive scale phishing ~~<ref> Available at https://en.wikipedia.org/wiki/Phishing </ref> attack~~ that are known to us today. When a user		Back in the day, not much information was known to an average computer user about computer viruses and their methods of spreading. However, in March 1999 <ref> Available at https://en.wikipedia.org/wiki/Portal:Current_events/March_1999 </ref>, that would be changed forever. A programmer named David Lee Smith <ref> Available at https://en-academic.com/dic.nsf/enwiki/732114 </ref> hacked into an America Online (AOL) <ref> Available at https://www.aol.com/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEqgHrJ4kQ8wKq0IQkqZlaGRluN3Lm_hIyBY_2QCZT9cZQCtb2P0IlngfiR4QtSx3jEM3QhUkBDsFtj-04EKUviBY2qVuM_5HP7AFxB8F5YzBYidTYosRJ7xlQcZJoWwl0NMdSjNaVmdlzqPvLAiirBg3A0ukMHaARtVHZu9oFdM </ref> account and used it to post a file on a newsgroup page, named “alt.sex”, which promised a list of many passwords for otherwise fee-based websites with adult content. This was one of the first massive-scale phishing attacks that are known to us today. When a user

	took the bait by downloading the attached file, it unleashed a virus into their computers. The Melissa virus, reportedly named by Smith after the name of a stripper he met in Florida, begun by taking over victims’ Microsoft Word program. It at that point utilized a macro Microsoft Outlook mail framework and sent messages to the first 50 addresses in their mailing records. Those messages, in turn, tempted receivers to open an attachment with a virus. The message of the e-mail read “Here is the document you requested ... don’t show anyone else ;-):” people trusted the sender and thus were willing to download the attachment, but the senders had no idea that their mail contacts had received the message. The virus was not aiming to steal money or data, but it damaged systems, nonetheless. E-mail servers at more than 300 organizations and government agencies around the world got to be overloaded, and a few had to be closed down totally, including Microsoft. Within a few days, cybersecurity specialists had for the most part contained the spread of the virus and reestablished the functionality of their networks, in spite of the fact that it took some time to remove the contaminations totally. Still, the collective damage was colossal: an evaluated $80 million for the cleanup and repair of affected computer frameworks.		took the bait by downloading the attached file, it unleashed a virus into their computers. The Melissa virus, reportedly named by Smith after the name of a stripper he met in Florida, begun by taking over victims’ Microsoft Word program. It at that point utilized a macro Microsoft Outlook mail framework and sent messages to the first 50 addresses in their mailing records. Those messages, in turn, tempted receivers to open an attachment with a virus. The message of the e-mail read “Here is the document you requested ... don’t show anyone else ;-):” people trusted the sender and thus were willing to download the attachment, but the senders had no idea that their mail contacts had received the message. The virus was not aiming to steal money or data, but it damaged systems, nonetheless. E-mail servers at more than 300 organizations and government agencies around the world got to be overloaded, and a few had to be closed down totally, including Microsoft. Within a few days, cybersecurity specialists had for the most part contained the spread of the virus and reestablished the functionality of their networks, in spite of the fact that it took some time to remove the contaminations totally. Still, the collective damage was colossal: an evaluated $80 million for the cleanup and repair of affected computer frameworks.

Orhasa: /* WannaCry */

2022-05-02T08:19:01Z

WannaCry

← Older revision		Revision as of 11:19, 2 May 2022
Line 148:		Line 148:
	On May 12, 2017, the WannaCry ransomware (also known as Wana Decrypt0r, WCry, WannaCry, WannaCrypt, and WanaCrypt0r) was discovered during a large-scale assault affecting numerous nations. WannaCry is a crypto worm cyber-attack that was targeted to computer, laptops, and devices running the Microsoft Windows operating system.		On May 12, 2017, the WannaCry ransomware (also known as Wana Decrypt0r, WCry, WannaCry, WannaCrypt, and WanaCrypt0r) was discovered during a large-scale assault affecting numerous nations. WannaCry is a crypto worm cyber-attack that was targeted to computer, laptops, and devices running the Microsoft Windows operating system.

	On 13 May, 2017 hackers started to spread a ransomware to computers around the globe. According to Europol, more than 300,000 computers in 150 countries have been victims of the cyberattack, which involved the request of a 300$ ransom in order to return control of the encrypted files. The WannaCry ransomware took advantage of an inherent vulnerability.		On 13 May, 2017 hackers started to spread a ransomware to computers around the globe. According to Europol, more than 300,000 computers in 150 countries have been victims of the cyberattack, which involved the request of a 300$ ransom in order to return control of the encrypted files. The WannaCry ransomware took advantage of an inherent vulnerability. <ref> Available at https://ieeexplore.ieee.org/document/8260673 </ref>

	====How does it considered as a crypto–worm?====		====How does it considered as a crypto–worm?====

	It is considered as a worm because it included a transport mechanism to automatically spread itself. Wannacry malware could spread from computer to computer and from network to network. That’s how it was spread over the world.		It is considered as a worm because it included a transport mechanism to automatically spread itself. Wannacry malware could spread from computer to computer and from network to network. That’s how it was spread over the world. <ref> Available at https://asia.nikkei.com/Politics-Economy/International-Relations/North-Korea-capable-of-hacking-with-WannaCry-ransomware </ref>

	====How does transport mechanism worked?====		====How does transport mechanism worked?====
Line 162:		Line 162:
	EternalBlue is a Windows exploit created by the US National Security Agency. The main function of EternalBlue was to exploit a vulnerabilities in the Microsoft implementation of the Server Message Block (SMB) Protocol. The SMB protocol is a standard, generally secure system that creates a connection between servers and end users by sending responses and requests.		EternalBlue is a Windows exploit created by the US National Security Agency. The main function of EternalBlue was to exploit a vulnerabilities in the Microsoft implementation of the Server Message Block (SMB) Protocol. The SMB protocol is a standard, generally secure system that creates a connection between servers and end users by sending responses and requests.

	Doublestar is a backdoor tool. IT runs in kernel mode, which grants cybercriminals a high level of control over the computer system. Once it is installed, it uses three commands: ping – which sends a request to a server and checks it’s response, kill and exec, the latter of which can be used to load malware onto the server.		Doublestar is a backdoor tool. IT runs in kernel mode, which grants cybercriminals a high level of control over the computer system. Once it is installed, it uses three commands: ping – which sends a request to a server and checks it’s response, kill and exec, the latter of which can be used to load malware onto the server. <ref> Available at https://www.sciencedirect.com/science/article/pii/S0045790618323164 </ref>

	===WannaCry Static Analysis:===		===WannaCry Static Analysis:===
Line 196:		Line 196:
	''M sW inZonesC acheCounterM utexA''		''M sW inZonesC acheCounterM utexA''

	If the mutex is present on the system, the encryption component will freeze working and will not take any further actions. The encryption procedure will begin if this is not the case. The CryptGenRandom method is used to produce a unique 16-byte symmetric AES key for each file. Then, starting with the "WANACRY!" text value, each produced AES key is encrypted using the public RSA key (which is part of the encryption component) and saved within the file header. Encrypted files are renamed and given the extension .WNCRY. A password-protected ZIP archive is included in the encryption component. By dissecting the encrypter using the IDA Pro program, we were able to retrieve the password, ''"WNcry@2ol7."'' '''(Fig.4)'''		If the mutex is present on the system, the encryption component will freeze working and will not take any further actions. The encryption procedure will begin if this is not the case. The CryptGenRandom method is used to produce a unique 16-byte symmetric AES key for each file. Then, starting with the "WANACRY!" text value, each produced AES key is encrypted using the public RSA key (which is part of the encryption component) and saved within the file header. Encrypted files are renamed and given the extension .WNCRY. A password-protected ZIP archive is included in the encryption component. By dissecting the encrypter using the IDA Pro program, we were able to retrieve the password, <ref> Available at https://www.researchgate.net/publication/332144343_Static_and_Dynamic_Analysis_of_WannaCry_Ransomware </ref> ''"WNcry@2ol7."'' '''(Fig.4)'''

	[[File:Fig 2.PNG]]		[[File:Fig 2.PNG]]
	[[File:Fig 3.PNG]]		[[File:Fig 3.PNG]]
	[[File:Fig 4.PNG]]		[[File:Fig 4.PNG]]


	== References ==		== References ==
	{{Reflist}}		{{Reflist}}

Orhasa: /* Zeus Trojan */

2022-05-02T08:08:53Z

Zeus Trojan

Orhasa: /* Melissahttps://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519 */

2022-05-02T07:50:05Z

Melissahttps://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519

← Older revision		Revision as of 10:50, 2 May 2022
Line 93:		Line 93:
	“Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon”, written by Kim Zetter, explains the events regarding Stuxnet in further detail.		“Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon”, written by Kim Zetter, explains the events regarding Stuxnet in further detail.

	== Melissa~~[[https://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519]]~~ ==		== Melissa ==

	Back in the day, not much information was known to an average computer user about computer viruses and their methods of spreading. However, in March 1999[[https://en.wikipedia.org/wiki/Portal:Current_events/March_1999]], that would be changed forever. A programmer named David Lee Smith[[https://en-academic.com/dic.nsf/enwiki/732114]] hacked into an America Online (AOL)[[https://www.aol.com/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEqgHrJ4kQ8wKq0IQkqZlaGRluN3Lm_hIyBY_2QCZT9cZQCtb2P0IlngfiR4QtSx3jEM3QhUkBDsFtj-04EKUviBY2qVuM_5HP7AFxB8F5YzBYidTYosRJ7xlQcZJoWwl0NMdSjNaVmdlzqPvLAiirBg3A0ukMHaARtVHZu9oFdM]] account and used it to post a file on a newsgroup page, named “alt.sex”, which promised a list of many passwords for otherwise fee-based websites with adult content. This was one of the first massive scale phishing[[https://en.wikipedia.org/wiki/Phishing]] attack that are known to us today. When a user		Back in the day, not much information was known to an average computer user about computer viruses and their methods of spreading. However, in March 1999 <ref> Available at https://en.wikipedia.org/wiki/Portal:Current_events/March_1999 </ref>, that would be changed forever. A programmer named David Lee Smith <ref> Available at https://en-academic.com/dic.nsf/enwiki/732114 </ref> hacked into an America Online (AOL) <ref> Available at https://www.aol.com/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEqgHrJ4kQ8wKq0IQkqZlaGRluN3Lm_hIyBY_2QCZT9cZQCtb2P0IlngfiR4QtSx3jEM3QhUkBDsFtj-04EKUviBY2qVuM_5HP7AFxB8F5YzBYidTYosRJ7xlQcZJoWwl0NMdSjNaVmdlzqPvLAiirBg3A0ukMHaARtVHZu9oFdM </ref> account and used it to post a file on a newsgroup page, named “alt.sex”, which promised a list of many passwords for otherwise fee-based websites with adult content. This was one of the first massive scale phishing <ref> Available at https://en.wikipedia.org/wiki/Phishing </ref> attack that are known to us today. When a user

	took the bait by downloading the attached file, it unleashed a virus into their computers. The Melissa virus, reportedly named by Smith after the name of a stripper he met in Florida, begun by taking over victims’ Microsoft Word program. It at that point utilized a macro Microsoft Outlook mail framework and sent messages to the first 50 addresses in their mailing records. Those messages, in turn, tempted receivers to open an attachment with a virus. The message of the e-mail read “Here is the document you requested ... don’t show anyone else ;-):” people trusted the sender and thus were willing to download the attachment, but the senders had no idea that their mail contacts had received the message. The virus was not aiming to steal money or data, but it damaged systems, nonetheless. E-mail servers at more than 300 organizations and government agencies around the world got to be overloaded, and a few had to be closed down totally, including Microsoft. Within a few days, cybersecurity specialists had for the most part contained the spread of the virus and reestablished the functionality of their networks, in spite of the fact that it took some time to remove the contaminations totally. Still, the collective damage was colossal: an evaluated $80 million for the cleanup and repair of affected computer frameworks.		took the bait by downloading the attached file, it unleashed a virus into their computers. The Melissa virus, reportedly named by Smith after the name of a stripper he met in Florida, begun by taking over victims’ Microsoft Word program. It at that point utilized a macro Microsoft Outlook mail framework and sent messages to the first 50 addresses in their mailing records. Those messages, in turn, tempted receivers to open an attachment with a virus. The message of the e-mail read “Here is the document you requested ... don’t show anyone else ;-):” people trusted the sender and thus were willing to download the attachment, but the senders had no idea that their mail contacts had received the message. The virus was not aiming to steal money or data, but it damaged systems, nonetheless. E-mail servers at more than 300 organizations and government agencies around the world got to be overloaded, and a few had to be closed down totally, including Microsoft. Within a few days, cybersecurity specialists had for the most part contained the spread of the virus and reestablished the functionality of their networks, in spite of the fact that it took some time to remove the contaminations totally. Still, the collective damage was colossal: an evaluated $80 million for the cleanup and repair of affected computer frameworks.
Line 101:		Line 101:
	==== The Legacy Of Melissa Worm====		==== The Legacy Of Melissa Worm====

	* Love Bug (2000)[[https://www.wired.com/story/the-20-year-hunt-for-the-man-behind-the-love-bug-virus/]] - The Love Bug, also known as ILOVEYOU, LoveLetter or VBS/LoveLet, spread itself via email using the subject line “ILOVEYOU” and the message body “Kindly check the attached LOVELETTER coming from me”. It overwrote files and hid some Mp3 files as well.		* Love Bug (2000) <ref> Available at https://www.wired.com/story/the-20-year-hunt-for-the-man-behind-the-love-bug-virus/ </ref> - The Love Bug, also known as ILOVEYOU, LoveLetter or VBS/LoveLet, spread itself via email using the subject line “ILOVEYOU” and the message body “Kindly check the attached LOVELETTER coming from me”. It overwrote files and hid some Mp3 files as well.

	* Anna Kournikova (2001)[[https://nakedsecurity.sophos.com/2011/02/11/memories-anna-kournikova-worm/]] - The Anna Kournikova worm wasn’t especially sophisticated in design. It was a standard e-mail worm composed in Visual Basic Script (VBS), which sent itself through emails utilizing details it collected from your Microsoft Outlook address book.		* Anna Kournikova (2001) <ref> Available at https://nakedsecurity.sophos.com/2011/02/11/memories-anna-kournikova-worm/ </ref> - The Anna Kournikova worm wasn’t especially sophisticated in design. It was a standard e-mail worm composed in Visual Basic Script (VBS), which sent itself through emails utilizing details it collected from your Microsoft Outlook address book.

	* Netsky (2004)[[https://malwiki.org/index.php?title=Netsky]] - The worm was sent out as an e-mail, enticing recipients to open an attachment. Once opened, the attached program would scan the computer for e-mail addresses and e-mail itself to all addresses found. It contained a 22,016 byte file attachment and was reportedly causing Denial of Service (DoS) attacks because networks got clogged and couldn’t handle the traffic		* Netsky (2004) <ref> Available at https://malwiki.org/index.php?title=Netsky </ref> - The worm was sent out as an e-mail, enticing recipients to open an attachment. Once opened, the attached program would scan the computer for e-mail addresses and e-mail itself to all addresses found. It contained a 22,016 byte file attachment and was reportedly causing Denial of Service (DoS) attacks because networks got clogged and couldn’t handle the traffic

	== Zeus Trojan ==		== Zeus Trojan ==

Ragoza: /* Melissahttps://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519 */

2022-05-02T06:27:20Z

Melissahttps://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519

← Older revision		Revision as of 09:27, 2 May 2022
Line 95:		Line 95:
	== Melissa[[https://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519]] ==		== Melissa[[https://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519]] ==

	Back in the day, not much information was known to an average computer user about computer viruses and their methods of spreading. However, in March 1999, that would be changed forever. A programmer named David Lee Smith hacked into an America Online (AOL) account and used it to post a file on a newsgroup page, named “alt.sex”, which promised a list of many passwords for otherwise fee-based websites with adult content. This was one of the first massive scale phishing attack that are known to us today. When a user		Back in the day, not much information was known to an average computer user about computer viruses and their methods of spreading. However, in March 1999[[https://en.wikipedia.org/wiki/Portal:Current_events/March_1999]], that would be changed forever. A programmer named David Lee Smith[[https://en-academic.com/dic.nsf/enwiki/732114]] hacked into an America Online (AOL)[[https://www.aol.com/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEqgHrJ4kQ8wKq0IQkqZlaGRluN3Lm_hIyBY_2QCZT9cZQCtb2P0IlngfiR4QtSx3jEM3QhUkBDsFtj-04EKUviBY2qVuM_5HP7AFxB8F5YzBYidTYosRJ7xlQcZJoWwl0NMdSjNaVmdlzqPvLAiirBg3A0ukMHaARtVHZu9oFdM]] account and used it to post a file on a newsgroup page, named “alt.sex”, which promised a list of many passwords for otherwise fee-based websites with adult content. This was one of the first massive scale phishing[[https://en.wikipedia.org/wiki/Phishing]] attack that are known to us today. When a user

	took the bait by downloading the attached file, it unleashed a virus into their computers. The Melissa virus, reportedly named by Smith after the name of a stripper he met in Florida, begun by taking over victims’ Microsoft Word program. It at that point utilized a macro Microsoft Outlook mail framework and sent messages to the first 50 addresses in their mailing records. Those messages, in turn, tempted receivers to open an attachment with a virus. The message of the e-mail read “Here is the document you requested ... don’t show anyone else ;-):” people trusted the sender and thus were willing to download the attachment, but the senders had no idea that their mail contacts had received the message. The virus was not aiming to steal money or data, but it damaged systems, nonetheless. E-mail servers at more than 300 organizations and government agencies around the world got to be overloaded, and a few had to be closed down totally, including Microsoft. Within a few days, cybersecurity specialists had for the most part contained the spread of the virus and reestablished the functionality of their networks, in spite of the fact that it took some time to remove the contaminations totally. Still, the collective damage was colossal: an evaluated $80 million for the cleanup and repair of affected computer frameworks.		took the bait by downloading the attached file, it unleashed a virus into their computers. The Melissa virus, reportedly named by Smith after the name of a stripper he met in Florida, begun by taking over victims’ Microsoft Word program. It at that point utilized a macro Microsoft Outlook mail framework and sent messages to the first 50 addresses in their mailing records. Those messages, in turn, tempted receivers to open an attachment with a virus. The message of the e-mail read “Here is the document you requested ... don’t show anyone else ;-):” people trusted the sender and thus were willing to download the attachment, but the senders had no idea that their mail contacts had received the message. The virus was not aiming to steal money or data, but it damaged systems, nonetheless. E-mail servers at more than 300 organizations and government agencies around the world got to be overloaded, and a few had to be closed down totally, including Microsoft. Within a few days, cybersecurity specialists had for the most part contained the spread of the virus and reestablished the functionality of their networks, in spite of the fact that it took some time to remove the contaminations totally. Still, the collective damage was colossal: an evaluated $80 million for the cleanup and repair of affected computer frameworks.

← Older revision		Revision as of 11:08, 2 May 2022
Line 109:		Line 109:
	== Zeus Trojan ==		== Zeus Trojan ==

	While talking about the top malware attacks in history, the Zeus Malware is one of those which cannot be omitted. The Zeus Trojan is a malicious software aiming to harm the gadgets having the operating system Microsoft Windows by stealing financial data. Its first detection dates back to 2007. This virus is also known for its other name, Zbot. The Zeus Trojan has obtained great success in terms of thieving information. According to the researches, millions of systems have been damaged by this Trojan, and billions of dollars were stolen. After providing this primary information about the above-mentioned malware, it’s time to dive deeper and learn much more.		While talking about the top malware attacks in history, the Zeus Malware is one of those which cannot be omitted. The Zeus Trojan is a malicious software aiming to harm the gadgets having the operating system Microsoft Windows by stealing financial data. Its first detection dates back to 2007. This virus is also known for its other name, Zbot. <ref> Available at https://www.digitaldefense.com/blog/zeus-trojan-what-it-is-how-to-prevent-it-digital-defense/ </ref> The Zeus Trojan has obtained great success in terms of thieving information. According to the researches, millions of systems have been damaged by this Trojan, and billions of dollars were stolen. <ref> Available at https://blog.malwarebytes.com/101/2021/07/the-life-and-death-of-the-zeus-trojan/ </ref> After providing this primary information about the above-mentioned malware, it’s time to dive deeper and learn much more.

	Initially, let’s take a look at what it executes on the gadgets. The 2 main features of the Zeus Trojan are always underlined; the creation of Botnets and thieving financial data. To begin with, The Zbot establishes botnets. The Botnet is considered the network of the infected nodes. By setting up such botnets, the Zbot owner obtains control over all those nodes. More precisely, with the help of Botnets, their owner becomes capable of collecting data and operating attacks. Secondly, the Zbot is counted as also a Trojan being able to steal the banking credentials. Keylogging and Monitoring are the methods it uses to reach to having stolen the banking data. Acting as a financial Trojan makes Zbot a Crimeware.		Initially, let’s take a look at what it executes on the gadgets. The 2 main features of the Zeus Trojan are always underlined; the creation of Botnets and thieving financial data. To begin with, The Zbot establishes botnets. The Botnet is considered the network of the infected nodes. By setting up such botnets, the Zbot owner obtains control over all those nodes. More precisely, with the help of Botnets, their owner becomes capable of collecting data and operating attacks. Secondly, the Zbot is counted as also a Trojan being able to steal the banking credentials. Keylogging and Monitoring are the methods it uses to reach to having stolen the banking data. Acting as a financial Trojan makes Zbot a Crimeware. <ref> Available at https://usa.kaspersky.com/resource-center/threats/zeus-virus </ref>

	==== ZBOT Spreading Methods ====		==== ZBOT Spreading Methods ====

	Time to explore how Zbot works. There are 2 main ways that the Zbot uses for spreading; spam messages, and drive-by downloads. Likewise the other malware forms, spam messages are preferred also by the Zbot. The hackers send thousands of spam e-mails or compose social media campaigns that redirect the users to websites in which the Trojan is automatically installed on the user’s computer. Despite the fact that the Zbot had mainly been used for obtaining banking credentials, its ability to steal can also be used to hijack other users’ social media accounts and e-mails. As mentioned above, there is another method called “Drive-by downloads” that the Zbot uses to spread. The hackers can infect some legitimate and quite reliable websites by inserting the Trojan into them. In case of visiting or downloading a file from such websites, the malware would be installed on the user gadget.		Time to explore how Zbot works. There are 2 main ways that the Zbot uses for spreading; spam messages, and drive-by downloads. Likewise the other malware forms, spam messages are preferred also by the Zbot. The hackers send thousands of spam e-mails or compose social media campaigns that redirect the users to websites in which the Trojan is automatically installed on the user’s computer. Despite the fact that the Zbot had mainly been used for obtaining banking credentials, its ability to steal can also be used to hijack other users’ social media accounts and e-mails. As mentioned above, there is another method called “Drive-by downloads” that the Zbot uses to spread. The hackers can infect some legitimate and quite reliable websites by inserting the Trojan into them. In case of visiting or downloading a file from such websites, the malware would be installed on the user gadget. <ref> Available at https://usa.kaspersky.com/resource-center/threats/zeus-virus </ref>

	==== Famous Zeus Variants ====		==== Famous Zeus Variants ====
Line 121:		Line 121:
	Although there are thousands of Zeus Trojan variants, some of them are more popular due to their characteristics and the damage they caused. Floki Bot, Gameover Zeus, and Zeus Atmos are some of those noteworthy variations.		Although there are thousands of Zeus Trojan variants, some of them are more popular due to their characteristics and the damage they caused. Floki Bot, Gameover Zeus, and Zeus Atmos are some of those noteworthy variations.

	Floki Bot takes its name from a Brazilian hacker with the username “flokibot”. This form of Zeus was detected for the first time in 2016. Evasion techniques, and using of the Tor browser are some features that Floki Bot obtained while it was gradually developing in its first months. The foremost factor making Floki Bot irregular is its ability to target the POS (Point of Sale) systems. It is reported that the malware has been targeting the Canadian, American and Brazilian banks, and insurance companies.		Floki Bot takes its name from a Brazilian hacker with the username “flokibot”. This form of Zeus was detected for the first time in 2016. Evasion techniques, and using of the Tor browser are some features that Floki Bot obtained while it was gradually developing in its first months. The foremost factor making Floki Bot irregular is its ability to target the POS (Point of Sale) systems. It is reported that the malware has been targeting the Canadian, American and Brazilian banks, and insurance companies. <ref> Available at https://www.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/floki-bot </ref>

	Gameover or Gameover P2P is another Zeus variant to study. As its name suggests, this Zeus variation is mainly famous for using P2P (peer-to-peer) connections. Once it finds out what it is looking for in the infected computers, it shares that data with the other nodes, and of course the control server too. Apart from the data transmission, Gameover is also able to install other malwares, and interrupt some operations.		Gameover or Gameover P2P is another Zeus variant to study. As its name suggests, this Zeus variation is mainly famous for using P2P (peer-to-peer) connections. Once it finds out what it is looking for in the infected computers, it shares that data with the other nodes, and of course the control server too. Apart from the data transmission, Gameover is also able to install other malwares, and interrupt some operations. <ref> Available at https://www.ryadel.com/en/zeus-malware-what-how-prevent/ </ref>

	Citadel is also quite a dangerous variation of the Zeus Trojan. It is even able to create an IoT botnet. This variant mainly targets Password managers. In most cases, Citadel is installed through drive-by-downloads. It was first detected in 2011 and has infected about 11 million systems in the next 6 years. The total damage it brought about is approximately 500 million dollars.		Citadel is also quite a dangerous variation of the Zeus Trojan. It is even able to create an IoT botnet. This variant mainly targets Password managers. In most cases, Citadel is installed through drive-by-downloads. It was first detected in 2011 and has infected about 11 million systems in the next 6 years. The total damage it brought about is approximately 500 million dollars. <ref> Available at https://www.wallarm.com/what/what-is-citadel-malware </ref>

	The recent years have witnessed a new variant of Zeus, called Atmos. This is a pretty new version of Zeus and has deployed a feature – dropping Ransomware. Just after this Zeus variant steals the data, it installs Ransomware. Like the other Zeus forms, it also majorly aimed at stealing banking credentials. Despite the fact that Atmos attacks were operated against banks, this is also expected that other industries be subjected to similar attacks in the future.		The recent years have witnessed a new variant of Zeus, called Atmos. This is a pretty new version of Zeus and has deployed a feature – dropping Ransomware. Just after this Zeus variant steals the data, it installs Ransomware. Like the other Zeus forms, it also majorly aimed at stealing banking credentials. Despite the fact that Atmos attacks were operated against banks, this is also expected that other industries be subjected to similar attacks in the future. <ref> Available at https://www.kaspersky.com/blog/atmos-yet-another-zeus-variant-is-threatening-businesses/5476/ </ref>

	==== Damage of the ZBOT ====		==== Damage of the ZBOT ====

	While analyzing the damage Zbot has caused, it’s better to study the periods in which the malware has obtained its peak performance – from its first detection (2007) to the times its source code was leaked out (2011). According to the data, approximately 44% of the malware attacks in the banking sector in 2010 were Zeus-based. The same report says a total of 960 banks were subjected to Zbot attacks. In addition, over 3.6 million computers were infected only in the USA. This is estimated that in the first 3 years of Zbot, the damage it caused was approximately 100 million US dollars. The anti-malware tools used at these times were mainly ineffective against the Zbot. So that they could block Zbot only in 23% of total cases.		While analyzing the damage Zbot has caused, it’s better to study the periods in which the malware has obtained its peak performance – from its first detection (2007) to the times its source code was leaked out (2011). According to the data, approximately 44% of the malware attacks in the banking sector in 2010 were Zeus-based. The same report says a total of 960 banks were subjected to Zbot attacks. In addition, over 3.6 million computers were infected only in the USA. This is estimated that in the first 3 years of Zbot, the damage it caused was approximately 100 million US dollars. The anti-malware tools used at these times were mainly ineffective against the Zbot. So that they could block Zbot only in 23% of total cases.<ref> Available at https://botnetlegalnotice.com/citadel/files/Guerrino_Decl_Ex1.pdf </ref>

	==== Prevention methods from the Zeus Trojan ====		==== Prevention methods from the Zeus Trojan ====
Line 139:		Line 139:
	Secondly, considering the fact that the Zeus Trojan has generally been developed for stealing banking data, this is also recommended to use 2-factor authentication for banking logins. In such cases, a confirmation code is sent to the smartphone having a pre-registered sim card. This feature is today offered by many bank websites and definitely increases security against such financial malwares.		Secondly, considering the fact that the Zeus Trojan has generally been developed for stealing banking data, this is also recommended to use 2-factor authentication for banking logins. In such cases, a confirmation code is sent to the smartphone having a pre-registered sim card. This feature is today offered by many bank websites and definitely increases security against such financial malwares.

	Next and most importantly, there have to be installed antiviruses on the computer. In case of being infected, such antimalware tools are able to contribute throughout the whole life span of malware. Initially, antiviruses do not allow the user to visit malicious websites. If the user somehow does, then the antiviruses halt the malware to be downloaded and installed, and even if it infects the gadget, then the antivirus detects and removes the malware. Hence, making use of antivirus must be a foremost option for an end-user in the terms of protecting their own gadget.		Next and most importantly, there have to be installed antiviruses on the computer. In case of being infected, such antimalware tools are able to contribute throughout the whole life span of malware. Initially, antiviruses do not allow the user to visit malicious websites. If the user somehow does, then the antiviruses halt the malware to be downloaded and installed, and even if it infects the gadget, then the antivirus detects and removes the malware. Hence, making use of antivirus must be a foremost option for an end-user in the terms of protecting their own gadget. <ref> Available at https://usa.kaspersky.com/resource-center/threats/zeus-virus </ref>

	==== Is Zeus till a threat? ====		==== Is Zeus till a threat? ====

	In fact, the developer who created Zbot is not currently making use of it. However, since its source code is on the internet, it is gradually upgraded by the other hackers and newer variations continue emerging. Hence, it can be said that the Zeus Malware is alive. Despite the fact that Ransomware has gained more popularity in recent years, Zbot and its variants are still active. Taking the threats that may potentially stem from the above-mentioned malwares into consideration, it again becomes clear why measurement actions, like safe Internet practices, and implementing Safeguards play a vital role in the prevention of such malware attacks.		In fact, the developer who created Zbot is not currently making use of it. However, since its source code is on the internet, it is gradually upgraded by the other hackers and newer variations continue emerging. Hence, it can be said that the Zeus Malware is alive. Despite the fact that Ransomware has gained more popularity in recent years, Zbot and its variants are still active. <ref> Available at https://blog.malwarebytes.com/101/2021/07/the-life-and-death-of-the-zeus-trojan/ </ref> Taking the threats that may potentially stem from the above-mentioned malwares into consideration, it again becomes clear why measurement actions, like safe Internet practices, and implementing Safeguards play a vital role in the prevention of such malware attacks.

	== WannaCry ==		== WannaCry ==