This document provides an overview of computer viruses, including their history and how they function. It defines viruses and differentiates them from other types of malware like worms and Trojan horses. It describes how viruses infect systems through executable files, boot sectors, and macros. It also outlines various infection strategies used by viruses and methods they employ to avoid detection, such as avoiding bait files, using stealth techniques, and polymorphism.
1. Virus - Worms
Virus
From Wikipedia, the free encyclopedia
Not to be confused with Malware.
A computer virus is a computer program that can copy itself[1] and infect a
computer. The term "virus" is also commonly but erroneously used to refer to
other types of malware, including but not limited to adware and spyware
programs that do not have the reproductive ability. A true virus can spread from
one computer to another (in some form of executable code) when its host is
taken to the target computer; for instance because a user sent it over a network
or the Internet, or carried it on a removable medium such as a floppy disk, CD,
DVD, or USB drive.[2]
Viruses can increase their chances of spreading to other computers by infecting
files on a network file system or a file system that is accessed by another
computer.[3][4]
As stated above, the term "computer virus" is sometimes used as a catch-all
phrase to include all types of malware, even those that do not have the
reproductive ability. Malware includes computer viruses, computer worms, Trojan
horses, most rootkits, spyware, dishonest adware and other malicious and
unwanted software, including true viruses. Viruses are sometimes confused with
worms and Trojan horses, which are technically different. A worm can exploit
security vulnerabilities to spread itself automatically to other computers through
networks, while a Trojan horse is a program that appears harmless but hides
malicious functions. Worms and Trojan horses, like viruses, may harm a
computer system's data or performance. Some viruses and other malware have
symptoms noticeable to the computer user, but many are surreptitious or simply
do nothing to call attention to themselves. Some viruses do nothing beyond
reproducing themselves.
Contents [hide]
1 History
1.1 Academic work
1.2 Science Fiction
1.3 Virus programs
2 Infection strategies
2.1 Nonresident viruses
2.2 Resident viruses
3 Vectors and hosts
4 Methods to avoid detection
2. 4.1 Avoiding bait files and other undesirable hosts
4.2 Stealth
4.2.1 Self-modification
4.2.2 Encryption with a variable key
4.2.3 Polymorphic code
4.2.4 Metamorphic code
5 Vulnerability and countermeasures
5.1 The vulnerability of operating systems to viruses
5.2 The role of software development
5.3 Anti-virus software and other preventive measures
5.4 Recovery methods
5.4.1 Virus removal
5.4.2 Operating system reinstallation
6 See also
7 References
8 Further reading
9 External links
History
Academic work
The first academic work on the theory of computer viruses (although the term
"computer virus" was not invented at that time) was done by John von Neumann
in 1949 who held lectures at the University of Illinois about the "Theory and
Organization of Complicated Automata". The work of von Neumann was later
published as the "Theory of self-reproducing automata".[5] In his essay von
Neumann postulated that a computer program could reproduce.
In 1972 Veith Risak published his article "Selbstreproduzierende Automaten mit
minimaler Informationsübertragung" (Self-reproducing automata with minimal
information exchange).[6] The article describes a fully functional virus written in
assembler language for a SIEMENS 4004/35 computer system.
In 1980 Jürgen Kraus wrote his diplom thesis "Selbstreproduktion bei
Programmen" (Self-reproduction of programs) at the University of Dortmund.[7]
In his work Kraus postulated that computer programs can behave in a way
similar to biological viruses.
In 1984 Fred Cohen from the University of Southern California wrote his paper
"Computer Viruses - Theory and Experiments".[8] It was the first paper to
explicitly call a self-reproducing program a "virus"; a term introduced by his
mentor Leonard Adleman.
An article that describes "useful virus functionalities" was published by J. B.
Gunn under the title "Use of virus functions to provide a virtual APL interpreter
under user control" in 1984.[9]
Science Fiction
The Terminal Man, a science fiction novel by Michael Crichton (1972), told (as a
sideline story) of a computer with telephone modem dialing capability, which had
been programmed to randomly dial phone numbers until it hit a modem that is
answered by another computer. It then attempted to program the answering
3. computer with its own program, so that the second computer would also begin
dialing random numbers, in search of yet another computer to program. The
program is assumed to spread exponentially through susceptible computers.
The actual term 'virus' was first used in David Gerrold's 1972 novel, When
HARLIE Was One. In that novel, a sentient computer named HARLIE writes viral
software to retrieve damaging personal information from other computers to
blackmail the man who wants to turn him off.
Virus programs
The Creeper virus was first detected on ARPANET, the forerunner of the
Internet, in the early 1970s.[10] Creeper was an experimental self-replicating
program written by Bob Thomas at BBN Technologies in 1971.[11] Creeper used
the ARPANET to infect DEC PDP-10 computers running the TENEX operating
system.[12] Creeper gained access via the ARPANET and copied itself to the
remote system where the message, "I'm the creeper, catch me if you can!" was
displayed. The Reaper program was created to delete Creeper.[13]
A program called "Elk Cloner" was the first computer virus to appear "in the wild"
— that is, outside the single computer or lab where it was created.[14] Written in
1981 by Richard Skrenta, it attached itself to the Apple DOS 3.3 operating
system and spread via floppy disk.[14][15] This virus, created as a practical joke
when Skrenta was still in high school, was injected in a game on a floppy disk.
On its 50th use the Elk Cloner virus would be activated, infecting the computer
and displaying a short poem beginning "Elk Cloner: The program with a
personality."
The first PC virus in the wild was a boot sector virus dubbed (c)Brain,[16] created
in 1986 by the Farooq Alvi Brothers in Lahore, Pakistan, reportedly to deter
piracy of the software they had written.[17]
Before computer networks became widespread, most viruses spread on
removable media, particularly floppy disks. In the early days of the personal
computer, many users regularly exchanged information and programs on
floppies. Some viruses spread by infecting programs stored on these disks, while
others installed themselves into the disk boot sector, ensuring that they would be
run when the user booted the computer from the disk, usually inadvertently. PCs
of the era would attempt to boot first from a floppy if one had been left in the
drive. Until floppy disks fell out of use, this was the most successful infection
strategy and boot sector viruses were the most common in the wild for many
years.[1]
Traditional computer viruses emerged in the 1980s, driven by the spread of
personal computers and the resultant increase in BBS, modem use, and software
sharing. Bulletin board-driven software sharing contributed directly to the spread
of Trojan horse programs, and viruses were written to infect popularly traded
software. Shareware and bootleg software were equally common vectors for
viruses on BBS's.[citation needed]
Macro viruses have become common since the mid-1990s. Most of these viruses
are written in the scripting languages for Microsoft programs such as Word and
Excel and spread throughout Microsoft Office by infecting documents and
spreadsheets. Since Word and Excel were also available for Mac OS, most could
4. also spread to Macintosh computers. Although most of these viruses did not
have the ability to send infected email messages, those viruses which did take
advantage of the Microsoft Outlook COM interface.[citation needed]
Some old versions of Microsoft Word allow macros to replicate themselves with
additional blank lines. If two macro viruses simultaneously infect a document, the
combination of the two, if also self-replicating, can appear as a "mating" of the
two and would likely be detected as a virus unique from the "parents".[18]
A virus may also send a web address link as an instant message to all the
contacts on an infected machine. If the recipient, thinking the link is from a friend
(a trusted source) follows the link to the website, the virus hosted at the site may
be able to infect this new computer and continue propagating.
Viruses that spread using cross-site scripting were first reported in 2002,[19] and
were academically demonstrated in 2005.[20] There have been multiple
instances of the cross-site scripting viruses in the wild, exploiting websites such
as MySpace and Yahoo.
Infection strategies
In order to replicate itself, a virus must be permitted to execute code and write to
memory. For this reason, many viruses attach themselves to executable files that
may be part of legitimate programs. If a user attempts to launch an infected
program, the virus' code may be executed simultaneously. Viruses can be
divided into two types based on their behavior when they are executed.
Nonresident viruses immediately search for other hosts that can be infected,
infect those targets, and finally transfer control to the application program they
infected. Resident viruses do not search for hosts when they are started. Instead,
a resident virus loads itself into memory on execution and transfers control to the
host program. The virus stays active in the background and infects new hosts
when those files are accessed by other programs or the operating system itself.
Nonresident viruses
Nonresident viruses can be thought of as consisting of a finder module and a
replication module. The finder module is responsible for finding new files to
infect. For each new executable file the finder module encounters, it calls the
replication module to infect that file.
Resident viruses
Resident viruses contain a replication module that is similar to the one that is
employed by nonresident viruses. This module, however, is not called by a finder
module. The virus loads the replication module into memory when it is executed
instead and ensures that this module is executed each time the operating system
is called to perform a certain operation. The replication module can be called, for
example, each time the operating system executes a file. In this case the virus
infects every suitable program that is executed on the computer.
Resident viruses are sometimes subdivided into a category of fast infectors and a
category of slow infectors. Fast infectors are designed to infect as many files as
possible. A fast infector, for instance, can infect every potential host file that is
accessed. This poses a special problem when using anti-virus software, since a
virus scanner will access every potential host file on a computer when it performs
5. a system-wide scan. If the virus scanner fails to notice that such a virus is
present in memory the virus can "piggy-back" on the virus scanner and in this
way infect all files that are scanned. Fast infectors rely on their fast infection rate
to spread. The disadvantage of this method is that infecting many files may make
detection more likely, because the virus may slow down a computer or perform
many suspicious actions that can be noticed by anti-virus software. Slow
infectors, on the other hand, are designed to infect hosts infrequently. Some slow
infectors, for instance, only infect files when they are copied. Slow infectors are
designed to avoid detection by limiting their actions: they are less likely to slow
down a computer noticeably and will, at most, infrequently trigger anti-virus
software that detects suspicious behavior by programs. The slow infector
approach, however, does not seem very successful.
Vectors and hosts
Viruses have targeted various types of transmission media or hosts. This list is
not exhaustive:
Binary executable files (such as COM files and EXE files in MS-DOS, Portable
Executable files in Microsoft Windows, the Mach-O format in OSX, and ELF files
in Linux)
Volume Boot Records of floppy disks and hard disk partitions
The master boot record (MBR) of a hard disk
General-purpose script files (such as batch files in MS-DOS and Microsoft
Windows, VBScript files, and shell script files on Unix-like platforms).
Application-specific script files (such as Telix-scripts)
System specific autorun script files (such as Autorun.inf file needed by Windows
to automatically run software stored on USB Memory Storage Devices).
Documents that can contain macros (such as Microsoft Word documents,
Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access
database files)
Cross-site scripting vulnerabilities in web applications (see XSS Worm)
Arbitrary computer files. An exploitable buffer overflow, format string, race
condition or other exploitable bug in a program which reads the file could be used
to trigger the execution of code hidden within it. Most bugs of this type can be
made more difficult to exploit in computer architectures with protection features
such as an execute disable bit and/or address space layout randomization.
PDFs, like HTML, may link to malicious code. PDFs can also be infected with
malicious code.
In operating systems that use file extensions to determine program associations
(such as Microsoft Windows), the extensions may be hidden from the user by
default. This makes it possible to create a file that is of a different type than it
appears to the user. For example, an executable may be created named
"picture.png.exe", in which the user sees only "picture.png" and therefore
assumes that this file is an image and most likely is safe, yet when opened runs
the executable on the client machine.
An additional method is to generate the virus code from parts of existing
operating system files by using the CRC16/CRC32 data. The initial code can be
6. quite small (tens of bytes) and unpack a fairly large virus. This is analogous to a
biological "prion" in the way it works but is vulnerable to signature based
detection. This attack has not yet been seen "in the wild".
Methods to avoid detection
In order to avoid detection by users, some viruses employ different kinds of
deception. Some old viruses, especially on the MS-DOS platform, make sure that
the "last modified" date of a host file stays the same when the file is infected by
the virus. This approach does not fool anti-virus software, however, especially
those which maintain and date Cyclic redundancy checks on file changes.
Some viruses can infect files without increasing their sizes or damaging the files.
They accomplish this by overwriting unused areas of executable files. These are
called cavity viruses. For example, the CIH virus, or Chernobyl Virus, infects
Portable Executable files. Because those files have many empty gaps, the virus,
which was 1 KB in length, did not add to the size of the file.
Some viruses try to avoid detection by killing the tasks associated with antivirus
software before it can detect them.
As computers and operating systems grow larger and more complex, old hiding
techniques need to be updated or replaced. Defending a computer against
viruses may demand that a file system migrate towards detailed and explicit
permission for every kind of file access.
Avoiding bait files and other undesirable hosts
A virus needs to infect hosts in order to spread further. In some cases, it might be
a bad idea to infect a host program. For example, many anti-virus programs
perform an integrity check of their own code. Infecting such programs will
therefore increase the likelihood that the virus is detected. For this reason, some
viruses are programmed not to infect programs that are known to be part of anti-
virus software. Another type of host that viruses sometimes avoid are bait files.
Bait files (or goat files) are files that are specially created by anti-virus software,
or by anti-virus professionals themselves, to be infected by a virus. These files
can be created for various reasons, all of which are related to the detection of the
virus:
Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy
of a program file that is infected by the virus). It is more practical to store and
exchange a small, infected bait file, than to exchange a large application program
that has been infected by the virus.
Anti-virus professionals can use bait files to study the behavior of a virus and
evaluate detection methods. This is especially useful when the virus is
polymorphic. In this case, the virus can be made to infect a large number of bait
files. The infected files can be used to test whether a virus scanner detects all
versions of the virus.
Some anti-virus software employs bait files that are accessed regularly. When
these files are modified, the anti-virus software warns the user that a virus is
probably active on the system.
Since bait files are used to detect the virus, or to make detection possible, a virus
can benefit from not infecting them. Viruses typically do this by avoiding
7. suspicious programs, such as small program files or programs that contain
certain patterns of 'garbage instructions'.
A related strategy to make baiting difficult is sparse infection. Sometimes, sparse
infectors do not infect a host file that would be a suitable candidate for infection in
other circumstances. For example, a virus can decide on a random basis
whether to infect a file or not, or a virus can only infect host files on particular
days of the week.
Stealth
Some viruses try to trick antivirus software by intercepting its requests to the
operating system. A virus can hide itself by intercepting the antivirus software’s
request to read the file and passing the request to the virus, instead of the OS.
The virus can then return an uninfected version of the file to the antivirus
software, so that it seems that the file is "clean". Modern antivirus software
employs various techniques to counter stealth mechanisms of viruses. The only
completely reliable method to avoid stealth is to boot from a medium that is
known to be clean.
Self-modification
Most modern antivirus programs try to find virus-patterns inside ordinary
programs by scanning them for so-called virus signatures. A signature is a
characteristic byte-pattern that is part of a certain virus or family of viruses. If a
virus scanner finds such a pattern in a file, it notifies the user that the file is
infected. The user can then delete, or (in some cases) "clean" or "heal" the
infected file. Some viruses employ techniques that make detection by means of
signatures difficult but probably not impossible. These viruses modify their code
on each infection. That is, each infected file contains a different variant of the
virus.
Encryption with a variable key
A more advanced method is the use of simple encryption to encipher the virus. In
this case, the virus consists of a small decrypting module and an encrypted copy
of the virus code. If the virus is encrypted with a different key for each infected
file, the only part of the virus that remains constant is the decrypting module,
which would (for example) be appended to the end. In this case, a virus scanner
cannot directly detect the virus using signatures, but it can still detect the
decrypting module, which still makes indirect detection of the virus possible.
Since these would be symmetric keys, stored on the infected host, it is in fact
entirely possible to decrypt the final virus, but this is probably not required, since
self-modifying code is such a rarity that it may be reason for virus scanners to at
least flag the file as suspicious.
An old, but compact, encryption involves XORing each byte in a virus with a
constant, so that the exclusive-or operation had only to be repeated for
decryption. It is suspicious for a code to modify itself, so the code to do the
encryption/decryption may be part of the signature in many virus definitions.
Polymorphic code
Polymorphic code was the first technique that posed a serious threat to virus
scanners. Just like regular encrypted viruses, a polymorphic virus infects files
with an encrypted copy of itself, which is decoded by a decryption module. In the
8. case of polymorphic viruses, however, this decryption module is also modified on
each infection. A well-written polymorphic virus therefore has no parts which
remain identical between infections, making it very difficult to detect directly using
signatures. Antivirus software can detect it by decrypting the viruses using an
emulator, or by statistical pattern analysis of the encrypted virus body. To enable
polymorphic code, the virus has to have a polymorphic engine (also called
mutating engine or mutation engine) somewhere in its encrypted body. See
Polymorphic code for technical detail on how such engines operate.[21]
Some viruses employ polymorphic code in a way that constrains the mutation
rate of the virus significantly. For example, a virus can be programmed to mutate
only slightly over time, or it can be programmed to refrain from mutating when it
infects a file on a computer that already contains copies of the virus. The
advantage of using such slow polymorphic code is that it makes it more difficult
for antivirus professionals to obtain representative samples of the virus, because
bait files that are infected in one run will typically contain identical or similar
samples of the virus. This will make it more likely that the detection by the virus
scanner will be unreliable, and that some instances of the virus may be able to
avoid detection.
Metamorphic code
To avoid being detected by emulation, some viruses rewrite themselves
completely each time they are to infect new executables. Viruses that utilize this
technique are said to be metamorphic. To enable metamorphism, a metamorphic
engine is needed. A metamorphic virus is usually very large and complex. For
example, W32/Simile consisted of over 14000 lines of Assembly language code,
90% of which is part of the metamorphic engine.[22][23]
Vulnerability and countermeasures
The vulnerability of operating systems to viruses
Just as genetic diversity in a population decreases the chance of a single
disease wiping out a population, the diversity of software systems on a network
similarly limits the destructive potential of viruses. This became a particular
concern in the 1990s, when Microsoft gained market dominance in desktop
operating systems and office suites. The users of Microsoft software (especially
networking software such as Microsoft Outlook and Internet Explorer) are
especially vulnerable to the spread of viruses. Microsoft software is targeted by
virus writers due to their desktop dominance, and is often criticized for including
many errors and holes for virus writers to exploit. Integrated and non-integrated
Microsoft applications (such as Microsoft Office) and applications with scripting
languages with access to the file system (for example Visual Basic Script (VBS),
and applications with networking features) are also particularly vulnerable.
Although Windows is by far the most popular target operating system for virus
writers, viruses also exist on other platforms. Any operating system that allows
third-party programs to run can theoretically run viruses. Some operating
systems are more secure than others. Unix-based operating systems (and
NTFS-aware applications on Windows NT based platforms) only allow their users
to run executables within their own protected memory space.
9. An Internet based experiment revealed that there were cases when people
willingly pressed a particular button to download a virus. Security analyst Didier
Stevens ran a half year advertising campaign on Google AdWords which said "Is
your PC virus-free? Get it infected here!". The result was 409 clicks.[24][25]
As of 2006, there are relatively few security exploits targeting Mac OS X (with a
Unix-based file system and kernel).[26] The number of viruses for the older Apple
operating systems, known as Mac OS Classic, varies greatly from source to
source, with Apple stating that there are only four known viruses, and
independent sources stating there are as many as 63 viruses. Many Mac OS
Classic viruses targeted the HyperCard authoring environment. The difference in
virus vulnerability between Macs and Windows is a chief selling point, one that
Apple uses in their Get a Mac advertising.[27] In January 2009, Symantec
announced the discovery of a trojan that targets Macs.[28] This discovery did not
gain much coverage until April 2009.[28]
While Linux, and Unix in general, has always natively blocked normal users from
having access to make changes to the operating system environment, Windows
users are generally not. This difference has continued partly due to the
widespread use of administrator accounts in contemporary versions like XP. In
1997, when a virus for Linux was released – known as "Bliss" – leading antivirus
vendors issued warnings that Unix-like systems could fall prey to viruses just like
Windows.[29] The Bliss virus may be considered characteristic of viruses – as
opposed to worms – on Unix systems. Bliss requires that the user run it explicitly,
and it can only infect programs that the user has the access to modify. Unlike
Windows users, most Unix users do not log in as an administrator user except to
install or configure software; as a result, even if a user ran the virus, it could not
harm their operating system. The Bliss virus never became widespread, and
remains chiefly a research curiosity. Its creator later posted the source code to
Usenet, allowing researchers to see how it worked.[30]
The role of software development
Because software is often designed with security features to prevent
unauthorized use of system resources, many viruses must exploit software bugs
in a system or application to spread. Software development strategies that
produce large numbers of bugs will generally also produce potential exploits.
Anti-virus software and other preventive measures
Many users install anti-virus software that can detect and eliminate known
viruses after the computer downloads or runs the executable. There are two
common methods that an anti-virus software application uses to detect viruses.
The first, and by far the most common method of virus detection is using a list of
virus signature definitions. This works by examining the content of the computer's
memory (its RAM, and boot sectors) and the files stored on fixed or removable
drives (hard drives, floppy drives), and comparing those files against a database
of known virus "signatures". The disadvantage of this detection method is that
users are only protected from viruses that pre-date their last virus definition
update. The second method is to use a heuristic algorithm to find viruses based
on common behaviors. This method has the ability to detect novel viruses that
anti-virus security firms have yet to create a signature for.
10. Some anti-virus programs are able to scan opened files in addition to sent and
received email messages "on the fly" in a similar manner. This practice is known
as "on-access scanning". Anti-virus software does not change the underlying
capability of host software to transmit viruses. Users must update their software
regularly to patch security holes. Anti-virus software also needs to be regularly
updated in order to recognize the latest threats.
One may also minimize the damage done by viruses by making regular backups
of data (and the operating systems) on different media, that are either kept
unconnected to the system (most of the time), read-only or not accessible for
other reasons, such as using different file systems. This way, if data is lost
through a virus, one can start again using the backup (which should preferably
be recent).
If a backup session on optical media like CD and DVD is closed, it becomes
read-only and can no longer be affected by a virus (so long as a virus or infected
file was not copied onto the CD/DVD). Likewise, an operating system on a
bootable CD can be used to start the computer if the installed operating systems
become unusable. Backups on removable media must be carefully inspected
before restoration. The Gammima virus, for example, propagates via removable
flash drives.[31][32]
Recovery methods
Once a computer has been compromised by a virus, it is usually unsafe to
continue using the same computer without completely reinstalling the operating
system. However, there are a number of recovery options that exist after a
computer has a virus. These actions depend on severity of the type of virus.
Virus removal
One possibility on Windows Me, Windows XP, Windows Vista and Windows 7 is
a tool known as System Restore, which restores the registry and critical system
files to a previous checkpoint. Often a virus will cause a system to hang, and a
subsequent hard reboot will render a system restore point from the same day
corrupt. Restore points from previous days should work provided the virus is not
designed to corrupt the restore files or also exists in previous restore points.[33]
Some viruses, however, disable System Restore and other important tools such
as Task Manager and Command Prompt. An example of a virus that does this is
CiaDoor. However, many such viruses can be removed by rebooting the
computer, entering Windows safe mode, and then using system tools.
Administrators have the option to disable such tools from limited users for various
reasons (for example, to reduce potential damage from and the spread of
viruses). A virus can modify the registry to do the same even if the Administrator
is controlling the computer; it blocks all users including the administrator from
accessing the tools. The message "Task Manager has been disabled by your
administrator" may be displayed, even to the administrator.[citation needed]
Users running a Microsoft operating system can access Microsoft's website to
run a free scan, provided they have their 20-digit registration number. Many
websites run by anti-virus software companies provide free online virus scanning,
with limited cleaning facilities (the purpose of the sites is to sell anti-virus
products). Some websites allow a single suspicious file to be checked by many
11. antivirus programs in one operation.
Operating system reinstallation
Reinstalling the operating system is another approach to virus removal. It
involves either reformatting the computer's hard drive and installing the OS and
all programs from original media, or restoring the entire partition with a clean
backup image. User data can be restored by booting from a Live CD, or putting
the hard drive into another computer and booting from its operating system with
great care not to infect the second computer by executing any infected programs
on the original drive; and once the system has been restored precautions must
be taken to avoid reinfection from a restored executable file.
These methods are simple to do, may be faster than disinfecting a computer, and
are guaranteed to remove any malware. If the operating system and programs
must be reinstalled from scratch, the time and effort to reinstall, reconfigure, and
restore user preferences must be taken into account. Restoring from an image is
much faster, totally safe, and restores the exact configuration to the state it was
in when the image was made, with no further trouble.
See also
Adware
Antivirus software
Computer insecurity
Computer worm
Crimeware
Cryptovirology
Linux malware
List of computer virus hoaxes
Computer security portal
List of computer viruses
List of computer viruses (all)
Malware
Mobile viruses
Multipartite virus
Spam
Spyware
Trojan horse (computing)
Virus hoax
References
^ a b Dr. Solomon's Virus Encyclopedia, 1995, ISBN 1897661002, Abstract at
http://vx.netlux.org/lib/aas10.html
^ Jussi Parikka (2007) "Digital Contagions. A Media Archaeology of Computer
Viruses", Peter Lang: New York. Digital Formations-series. ISBN
978-0-8204-8837-0, p. 19
^ http://www.bartleby.com/61/97/C0539700.html
^ "What is a Computer Virus?". Actlab.utexas.edu. 1996-03-31. Retrieved
2010-08-27.
12. ^ von Neumann, John (1966). "Theory of Self-Reproducing Automata". Essays
on Cellular Automata (University of Illinois Press): 66–87. Retrieved June 10.,
2010.
^ Risak, Veith (1972), "Selbstreproduzierende Automaten mit minimaler
Informationsübertragung", Zeitschrift für Maschinenbau und Elektrotechnik
^ Kraus, Jürgen (February 1980), Selbstreproduktion bei Programmen
^ Cohen, Fred (1984), Computer Viruses - Theory and Experiments
^ Gunn, J.B. (June 1984). "Use of virus functions to provide a virtual APL
interpreter under user control". ACM SIGAPL APL Quote Quad archive (ACM
New York, NY, USA) 14 (4): 163–168. ISSN 0163-6006.
^ "Virus list". Retrieved 2008-02-07.
^ Thomas Chen, Jean-Marc Robert (2004). "The Evolution of Viruses and
Worms". Retrieved 2009-02-16.
^ Jussi Parikka (2007) "Digital Contagions. A Media Archaeology of Computer
Viruses", Peter Lang: New York. Digital Formations-series. ISBN
978-0-8204-8837-0, p. 50
^ See page 86 of Computer Security Basics by Deborah Russell and G. T.
Gangemi. O'Reilly, 1991. ISBN 0937175714
^ a b Anick Jesdanun (1 September 2007). "School prank starts 25 years of
security woes". CNBC. Retrieved 2010-01-07.
^ "The anniversary of a nuisance".[dead link]
^ "Boot sector virus repair". Antivirus.about.com. 2010-06-10. Retrieved
2010-08-27.
^ "Amjad Farooq Alvi Inventor of first PC Virus post by Zagham". YouTube.
Retrieved 2010-08-27.
^ Vesselin Bontchev. "Macro Virus Identification Problems". FRISK Software
International.
^ Berend-Jan Wever. "XSS bug in hotmail login page".
^ Wade Alcorn. "The Cross-site Scripting Virus".
^ "Virus Bulletin : Glossary - Polymorphic virus". Virusbtn.com. 2009-10-01.
Retrieved 2010-08-27.
^ Perriot, Fredrick; Peter Ferrie and Peter Szor (May 2002). "Striking Similarities"
(PDF). Retrieved September 9, 2007.
^ "Virus Bulletin : Glossary — Metamorphic virus". Virusbtn.com. Retrieved
2010-08-27.
^ "Need a computer virus?- download now". Infoniac.com. Retrieved 2010-08-27.
^ ""Is your PC virus-free? Get it infected here!" « Didier Stevens".
Blog.didierstevens.com. 2006-10-23. Retrieved 2010-08-27.
^ "Malware Evolution: Mac OS X Vulnerabilities 2005-2006". Kaspersky Lab.
2006-07-24. Retrieved August 19, 2006.
^ Apple - Get a Mac
^ a b Sutter, John D. (22 April 2009). "Experts: Malicious program targets Macs".
CNN.com. Retrieved 24 April 2009.
^ McAfee. "McAfee discovers first Linux virus". news article.
^ Axel Boldt. "Bliss, a Linux "virus"". news article.
^ "Symantec Security Summary — W32.Gammima.AG."
13. http://www.symantec.com/security_response/writeup.jsp?
docid=2007-082706-1742-99
^ "Yahoo Tech: Viruses! In! Space!" http://tech.yahoo.com/blogs/null/103826
^ "Symantec Security Summary — W32.Gammima.AG and removal details."
http://www.symantec.com/security_response/writeup.jsp?
docid=2007-082706-1742-99&tabid=3
Further reading
Mark Russinovich, Advanced Malware Cleaning video, Microsoft TechEd: IT
Forum, November 2006
Szor, Peter (2005). The Art of Computer Virus Research and Defense. Boston:
Addison-Wesley. ISBN 0321304543.
Jussi Parikka (2007) "Digital Contagions. A Media Archaeology of Computer
Viruses", Peter Lang: New York. Digital Formations-series. ISBN
978-0-8204-8837-0
Burger, Ralf, 1991 Computer Viruses and Data Protection
Ludwig, Mark, 1996 The Little Black Book of Computer Viruses
Ludwig, Mark, 1995 The Giant Black Book of Computer Viruses
Ludwig, Mark, 1993 Computer Viruses, Artificial Life and Evolution
External links
Viruses at the Open Directory Project
US Govt CERT (Computer Emergency Readiness Team) site
'Computer Viruses - Theory and Experiments' - The original paper published on
the topic
How Computer Viruses Work
A Brief History of PC Viruses" (early) by Dr. Alan Solomon
Are 'Good' Computer Viruses Still a Bad Idea?
Protecting your Email from Viruses and Other MalWare
Hacking Away at the Counterculture by Andrew Ross
A Virus in Info-Space by Tony Sampson
Dr Aycock's Bad Idea by Tony Sampson
Digital Monsters, Binary Aliens by Jussi Parikka
The Universal Viral Machine" by Jussi Parikka
Hypervirus: A Clinical Report" by Thierry Bardini
Virus removal and other Malware
The Cross-site Scripting Virus
The Virus Underground
History's 50 Deadliest Computer Viruses by O.C. Ugwu
[hide]v · d · eMalware
Infectious malware
Computer virus · Macro virus · List of computer viruses · Computer worm · List of
computer worms · Timeline of notable computer viruses and worms
Concealment
Trojan horse · Rootkit · Backdoor
Malware for profit
14. Privacy-invasive software · Spyware · Botnet · Keystroke logging · Web threats ·
Fraudulent dialer · Malbot
By operating system
Linux malware · Palm OS viruses · Mobile virus
Protection
Antivirus software · Defensive computing · Firewall · Intrusion detection system ·
Data loss prevention software
Law enforcement
Computer surveillance · Operation: Bot Roast
Categories: Computer viruses | Computer security exploits
Worms
From Wikipedia, the free encyclopedia
Morris Worm source code disk at the Computer History Museum.
Spread of Conficker worm.
A computer worm is a self-replicating malware computer program, which uses a
computer network to send copies of itself to other nodes (computers on the
network) and it may do so without any user intervention. This is due to security
shortcomings on the target computer. Unlike a computer virus, it does not need
to attach itself to an existing program. Worms almost always cause at least some
harm to the network, even if only by consuming bandwidth, whereas viruses
almost always corrupt or modify files on a targeted computer.
Contents [hide]
1 Payloads
2 Worms with good intent
3 Protecting against dangerous computer worms
4 Mitigation techniques
5 History
6 See also
7 References
8 External links
Payloads
Many worms that have been created are only designed to spread, and don't
attempt to alter the systems they pass through. However, as the Morris worm
and Mydoom showed, even these "payload free" worms can cause major
disruption by increasing network traffic and other unintended effects. A "payload"
is code in the worm designed to do more than spread the worm–it might delete
15. files on a host system (e.g., the ExploreZip worm), encrypt files in a cryptoviral
extortion attack, or send documents via e-mail. A very common payload for
worms is to install a backdoor in the infected computer to allow the creation of a
"zombie" computer under control of the worm author. Networks of such machines
are often referred to as botnets and are very commonly used by spam senders
for sending junk email or to cloak their website's address.[1] Spammers are
therefore thought to be a source of funding for the creation of such worms,[2][3]
and the worm writers have been caught selling lists of IP addresses of infected
machines.[4] Others try to blackmail companies with threatened DoS attacks.[5]
Backdoors can be exploited by other malware, including worms. Examples
include Doomjuice, which spreads better using the backdoor opened by
Mydoom, and at least one instance of malware taking advantage of the rootkit
and backdoor installed by the Sony/BMG DRM software utilized by millions of
music CDs prior to late 2005.[dubious – discuss]
Worms with good intent
Beginning with the very first research into worms at Xerox PARC, there have
been attempts to create useful worms. The Nachi family of worms, for example,
tried to download and install patches from Microsoft's website to fix vulnerabilities
in the host system–by exploiting those same vulnerabilities. In practice, although
this may have made these systems more secure, it generated considerable
network traffic, rebooted the machine in the course of patching it, and did its work
without the consent of the computer's owner or user.
Some worms, such as XSS worms, have been written for research to determine
the factors of how worms spread, such as social activity and change in user
behavior, while other worms are little more than a prank, such as one that sends
the popular image macro of an owl with the phrase "O RLY?" to a print queue in
the infected computer. Another research proposed what seems to be the first
computer worm that operates on the second layer of the OSI model (Data link
Layer), it utilizes topology information such as Content-addressable memory
(CAM) tables and Spanning Tree information stored in switches to propagate and
probe for vulnerable nodes until the enterprise network is covered.[6]
Most security experts regard all worms as malware, whatever their payload or
their writers' intentions.
Protecting against dangerous computer worms
Worms spread by exploiting vulnerabilities in operating systems. Vendors with
security problems supply regular security updates[7] (see "Patch Tuesday"), and
if these are installed to a machine then the majority of worms are unable to
spread to it. If a vulnerability is disclosed before the security patch released by
the vendor, a Zero-day attack is possible.
Users need to be wary of opening unexpected email,[8] and should not run
attached files or programs, or visit web sites that are linked to such emails.
However, as with the ILOVEYOU worm, and with the increased growth and
efficiency of phishing attacks, it remains possible to trick the end-user into
running a malicious code.
16. Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with
new pattern files at least every few days. The use of a firewall is also
recommended.
In the April–June, 2008, issue of IEEE Transactions on Dependable and Secure
Computing, computer scientists describe a potential new way to combat internet
worms. The researchers discovered how to contain the kind of worm that scans
the Internet randomly, looking for vulnerable hosts to infect. They found that the
key is for software to monitor the number of scans that machines on a network
sends out. When a machine starts sending out too many scans, it is a sign that it
has been infected, allowing administrators to take it off line and check it for
viruses.[9][10]
Mitigation techniques
ACLs in routers and switches
Packet-filters
Nullrouting
TCP Wrapper/libwrap enabled network service daemons
History
The actual term "worm"' was first used in John Brunner's 1975 novel, The
Shockwave Rider. In that novel, Nichlas Haflinger designs and sets off a data-
gathering worm in an act of revenge against the powerful men who run a national
electronic information web that induces mass conformity. "You have the biggest-
ever worm loose in the net, and it automatically sabotages any attempt to monitor
it... There's never been a worm with that tough a head or that long a tail!"[11]
On November 2, 1988, Robert Tappan Morris, a Cornell University computer
science graduate student, unleashed what became known as the Morris worm,
disrupting perhaps 10% of the computers then on the Internet[12][13] and
prompting the formation of the CERT Coordination Center[14] and Phage mailing
list.[15] Morris himself became the first person tried and convicted under the
1986 Computer Fraud and Abuse Act.[16]
See also
Computer surveillance
Computer virus
Helpful worm
Spam
Timeline of notable computer viruses and worms
Trojan horse (computing)
XSS Worm
References
^ Ray, Tiernan (February 18, 2004). "Business & Technology: E-mail viruses
blamed as spam rises sharply". The Seattle Times.
^ McWilliams, Brian (October 9, 2003). "Cloaking Device Made for Spammers".
Wired.
17. ^ "Unavailable".
^ "Uncovered: Trojans as Spam Robots". heise online.
^ "Hacker threats to bookies probed". BBC News. February 23, 2004.
^ Al-Salloum, Z.; et al. (2010). "A Link-Layer-Based Self-Replicating Vulnerability
Discovery Agent". ISCC 2010.. IEEE
^ USN list | Ubuntu
^ Information on the Nimda Worm
^ Sellke, S. H.; Shroff, N. B.; Bagchi, S. (2008). "Modeling and Automated
Containment of Worms". IEEE Transactions on Dependable and Secure
Computing 5 (2): 71–86.
^ "A New Way to Protect Computer Networks from Internet Worms". Newswise.
Retrieved June 5, 2008.
^ Brunner, John (1975). The Shockwave Rider. New York: Ballantine Books.
ISBN 0060105593.
^ "The Submarine".
^ During the Morris appeal process, the U.S. Court of Appeals estimated the cost
of removing the virus from each installation was in the range of $200–53,000.
Possibly based on these numbers, Harvard spokesman Clifford Stoll estimated
the total economic impact was between $100,000–10,000,000. "Bs2.com
homepage". Retrieved 20 November 2010.
^ "Security of the Internet". CERT/CC.
^ "Phage mailing list". securitydigest.org.
^ Dressler, J. (2007). "United States v. Morris". Cases and Materials on Criminal
Law. St. Paul, MN: Thomson/West. ISBN 9780314177193.
External links
The Wildlist - List of viruses and worms 'in the wild' (i.e. regularly encountered by
anti-virus companies)
Jose Nazario discusses worms - Worms overview by a famous security
researcher.
Computer worm suspect in court
Vernalex.com's Malware Removal Guide - Guide for understanding, removing
and preventing worm infections
John Shoch, Jon Hupp "The "Worm" Programs - Early Experience with a
Distributed Computation"
RFC 1135 The Helminthiasis of the Internet
Surfing Safe - A site providing tips/advice on preventing and removing viruses.
Computer Worms Information
The Case for Using Layered Defenses to Stop Worms
Worm Evolution Paper from Digital Threat
[hide]v · d · eMalware
Infectious malware
Computer virus · Macro virus · List of computer viruses · Computer worm · List of
computer worms · Timeline of notable computer viruses and worms
Concealment
Trojan horse · Rootkit · Backdoor
18. Malware for profit
Privacy-invasive software · Spyware · Botnet · Keystroke logging · Web threats ·
Fraudulent dialer · Malbot
By operating system
Linux malware · Palm OS viruses · Mobile virus
Protection
Antivirus software · Defensive computing · Firewall · Intrusion detection system ·
Data loss prevention software
Law enforcement
Computer surveillance · Operation: Bot Roast
Trojan
From Wikipedia, the free encyclopedia
An email box folder littered with spam messages.
Spam is the use of electronic messaging systems (including most broadcast
media, digital delivery systems) to send unsolicited bulk messages
indiscriminately. While the most widely recognized form of spam is e-mail spam,
the term is applied to similar abuses in other media: instant messaging spam,
Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam,
online classified ads spam, mobile phone messaging spam, Internet forum spam,
junk fax transmissions, social networking spam, television advertising and file
sharing network spam.
Spamming remains economically viable because advertisers have no operating
costs beyond the management of their mailing lists, and it is difficult to hold
senders accountable for their mass mailings. Because the barrier to entry is so
low, spammers are numerous, and the volume of unsolicited mail has become
very high. In the year 2011 the estimated figure for spam messages are around
seven trillion. The costs, such as lost productivity and fraud, are borne by the
public and by Internet service providers, which have been forced to add extra
capacity to cope with the deluge. Spamming has been the subject of legislation in
many jurisdictions.[1]
People who create electronic spam are called spammers.[2]
Contents [hide]
1 In different media
1.1 E-mail
1.2 Instant Messaging
1.3 Newsgroup and forum
1.4 Mobile phone
1.5 Online game messaging
1.6 Spam targeting search engines (spamdexing)
19. 1.7 Blog, wiki, and guestbook
1.8 Spam targeting video sharing sites
1.9 SPIT
2 Noncommercial forms
3 Geographical origins
4 History
4.1 Pre-Internet
4.2 Etymology
4.3 History of Internet forms
5 Trademark issues
6 Cost Benefit Analyses
6.1 General costs
7 In crime
8 Political issues
9 Court cases
9.1 United States
9.2 United Kingdom
9.3 New Zealand
10 Newsgroups
11 See also
12 References
12.1 Notes
12.2 Sources
13 Further reading
14 External links
In different media
E-mail
Main article: E-mail spam
E-mail spam, known as unsolicited bulk Email (UBE), junk mail, or unsolicited
commercial email (UCE), is the practice of sending unwanted e-mail messages,
frequently with commercial content, in large quantities to an indiscriminate set of
recipients. Spam in e-mail started to become a problem when the Internet was
opened up to the general public in the mid-1990s. It grew exponentially over the
following years, and today composes some 80 to 85% of all the email in the
world, by a "conservative estimate".[3] Pressure to make e-mail spam illegal has
been successful in some jurisdictions, but less so in others. Spammers take
advantage of this fact, and frequently outsource parts of their operations to
countries where spamming will not get them into legal trouble.
Increasingly, e-mail spam today is sent via "zombie networks", networks of virus-
or worm-infected personal computers in homes and offices around the globe;
many modern worms install a backdoor which allows the spammer access to the
computer and use it for malicious purposes. This complicates attempts to control
the spread of spam, as in many cases the spam doesn't even originate from the
spammer. In November 2008 an ISP, McColo, which was providing service to
botnet operators, was depeered and spam dropped 50%-75% Internet-wide. At
20. the same time, it is becoming clear that malware authors, spammers, and
phishers are learning from each other, and possibly forming various kinds of
partnerships.[citation needed]
An industry of e-mail address harvesting is dedicated to collecting email
addresses and selling compiled databases.[4] Some of these address harvesting
approaches rely on users not reading the fine print of agreements, resulting in
them agreeing to send messages indiscriminately to their contacts. This is a
common approach in social networking spam such as that generated by the
social networking site Quechup.[5]
Instant Messaging
Main article: Messaging spam
Instant Messaging spam makes use of instant messaging systems. Although less
ubiquitous than its e-mail counterpart, according to a report from Ferris
Research, 500 million spam IMs were sent in 2003, twice the level of 2002. As
instant messaging tends to not be blocked by firewalls, it is an especially useful
channel for spammers. This is very common on many instant messaging system
such as Skype.
Newsgroup and forum
Main article: Newsgroup spam
Newsgroup spam is a type of spam where the targets are Usenet newsgroups.
Spamming of Usenet newsgroups actually pre-dates e-mail spam. Usenet
convention defines spamming as excessive multiple posting, that is, the repeated
posting of a message (or substantially similar messages). The prevalence of
Usenet spam led to the development of the Breidbart Index as an objective
measure of a message's "spamminess".
Main article: Forum spam
Forum spam is the creating of messages that are advertisements or otherwise
unwanted on Internet forums. It is generally done by automated spambots. Most
forum spam consists of links to external sites, with the dual goals of increasing
search engine visibility in highly competitive areas such as weight loss,
pharmaceuticals, gambling, pornography, real estate or loans, and generating
more traffic for these commercial websites. Some of these links contain code to
track the spambot's identity if a sale goes through, when the spammer behind the
spambot works on commission.
Mobile phone
Main article: Mobile phone spam
Mobile phone spam is directed at the text messaging service of a mobile phone.
This can be especially irritating to customers not only for the inconvenience but
also because of the fee they may be charged per text message received in some
markets. The term "SpaSMS" was coined at the adnews website Adland in 2000
to describe spam SMS.
Online game messaging
Many online games allow players to contact each other via player-to-player
messaging, chat rooms, or public discussion areas. What qualifies as spam
varies from game to game, but usually this term applies to all forms of message
flooding, violating the terms of service contract for the website. This is particularly
21. common in MMORPGs where the spammers are trying to sell game-related
"items" for real-world money, chiefly among these items is in-game currency.
This kind of spamming is also called Real World Trading (RWT). In the popular
MMORPG Runescape, it is common for spammers to advertise sites that sell
gold in multiple methods of spam. They send spam via the in-game private
messaging system, via using emotes to gain attention, and by yelling publicly to
everyone in the area.
Spam targeting search engines (spamdexing)
Main article: Spamdexing
Spamdexing (a portmanteau of spamming and indexing) refers to a practice on
the World Wide Web of modifying HTML pages to increase the chances of them
being placed high on search engine relevancy lists. These sites use "black hat
search engine optimization (SEO) techniques" to deliberately manipulate their
rank in search engines. Many modern search engines modified their search
algorithms to try to exclude web pages utilizing spamdexing tactics. For example,
the search bots will detect repeated keywords as spamming by using a grammar
analysis. If a website owner is found to have spammed the webpage to falsely
increase its page rank, the website may be penalized by search engines.
Blog, wiki, and guestbook
Main article: Spam in blogs
Blog spam, or "blam" for short, is spamming on weblogs. In 2003, this type of
spam took advantage of the open nature of comments in the blogging software
Movable Type by repeatedly placing comments to various blog posts that
provided nothing more than a link to the spammer's commercial web site.[6]
Similar attacks are often performed against wikis and guestbooks, both of which
accept user contributions.
Spam targeting video sharing sites
Video sharing sites, such as YouTube, are now being frequently targeted by
spammers. The most common technique involves people (or spambots) posting
links to sites, most likely pornographic or dealing with online dating, on the
comments section of random videos or people's profiles. Another frequently used
technique is using bots to post messages on random users' profiles to a spam
account's channel page, along with enticing text and images, usually of a
sexually suggestive nature. These pages may include their own or other users'
videos, again often suggestive. The main purpose of these accounts is to draw
people to their link in the home page section of their profile. YouTube has
blocked the posting of such links. In addition, YouTube has implemented a
CAPTCHA system that makes rapid posting of repeated comments much more
difficult than before, because of abuse in the past by mass-spammers who would
flood people's profiles with thousands of repetitive comments.
Yet another kind is actual video spam, giving the uploaded movie a name and
description with a popular figure or event which is likely to draw attention, or
within the video has a certain image timed to come up as the video's thumbnail
image to mislead the viewer. The actual content of the video ends up being
totally unrelated, a Rickroll, sometimes offensive, or just features on-screen text
of a link to the site being promoted.[7] Others may upload videos presented in an
22. infomercial-like format selling their product which feature actors and paid
testimonials, though the promoted product or service is of dubious quality and
would likely not pass the scrutiny of a standards and practices department at a
television station or cable network.
SPIT
SPIT (SPam over Internet Telephony) is VoIP (Voice over Internet Protocol)
spam, usually using SIP (Session Initiation Protocol).
Noncommercial forms
E-mail and other forms of spamming have been used for purposes other than
advertisements. Many early Usenet spams were religious or political. Serdar
Argic, for instance, spammed Usenet with historical revisionist screeds. A
number of evangelists have spammed Usenet and e-mail media with preaching
messages. A growing number of criminals are also using spam to perpetrate
various sorts of fraud,[8] and in some cases have used it to lure people to
locations where they have been kidnapped, held for ransom, and even murdered.
[9]
Geographical origins
A 2009 Cisco Systems report lists the origin of spam by country as follows:[10]
Rank Country Spam messages per year (in trillions)
1 Brazil 7.7
2 United States 6.6
3 India 3.6
4 South Korea 3.1
5 Turkey 2.6
6 Vietnam 2.5
7 China 2.4
8 Poland 2.4
9 Russia 2.3
10 Argentina 1.5
History
Pre-Internet
In the late 19th Century Western Union allowed telegraphic messages on its
network to be sent to multiple destinations. The first recorded instance of a mass
unsolicited commercial telegram is from May 1864.[11] Up until the Great
Depression wealthy North American residents would be deluged with nebulous
investment offers. This problem never fully emerged in Europe to the degree that
it did in the Americas, because telegraphy was regulated by national post offices
in the European region.
Etymology
According to the Internet Society and other sources, the term spam is derived
from the 1970 Spam sketch of the BBC television comedy series "Monty Python's
Flying Circus".[12] The sketch is set in a cafe where nearly every item on the
menu includes Spam canned luncheon meat. As the waiter recites the Spam-
23. filled menu, a chorus of Viking patrons drowns out all conversations with a song
repeating "Spam, Spam, Spam, Spam... lovely Spam! wonderful Spam!", hence
"Spamming" the dialogue.[13] The excessive amount of Spam mentioned in the
sketch is a reference to the preponderance of imported canned meat products in
the United Kingdom, particularly corned beef from Argentina, in the years after
World War II, as the country struggled to rebuild its agricultural base. Spam
captured a large slice of the British market within lower economic classes and
became a byword among British children of the 1960s for low-grade fodder due
to its commonality, monotonous taste and cheap price - hence the humour of the
Python sketch.
In the 1980s the term was adopted to describe certain abusive users who
frequented BBSs and MUDs, who would repeat "Spam" a huge number of times
to scroll other users' text off the screen.[14] In early Chat rooms services like
PeopleLink and the early days of AOL, they actually flooded the screen with
quotes from the Monty Python Spam sketch. With internet connections over
phone lines, typically running at 1200 or even 300 bit/s, it could take an
enormous amount of time for a spammy logo, drawn in ASCII art to scroll to
completion on a viewer's terminal. Sending an irritating, large, meaningless block
of text in this way was called spamming. This was used as a tactic by insiders of
a group that wanted to drive newcomers out of the room so the usual
conversation could continue. It was also used to prevent members of rival groups
from chatting—for instance, Star Wars fans often invaded Star Trek chat rooms,
filling the space with blocks of text until the Star Trek fans left.[15] This act,
previously called flooding or trashing, came to be known as spamming.[16] The
term was soon applied to a large amount of text broadcast by many users.
It later came to be used on Usenet to mean excessive multiple posting—the
repeated posting of the same message. The unwanted message would appear in
many if not all newsgroups, just as Spam appeared in nearly all the menu items
in the Monty Python sketch. The first usage of this sense was by Joel Furr[17] in
the aftermath of the ARMM incident of March 31, 1993, in which a piece of
experimental software released dozens of recursive messages onto the
news.admin.policy newsgroup.[18] This use had also become established—to
spam Usenet was flooding newsgroups with junk messages. The word was also
attributed to the flood of "Make Money Fast" messages that clogged many
newsgroups during the 1990s.[citation needed] In 1998, the New Oxford
Dictionary of English, which had previously only defined "spam" in relation to the
trademarked food product, added a second definition to its entry for "spam":
"Irrelevant or inappropriate messages sent on the Internet to a large number of
newsgroups or users."[19]
There are several popular false etymologies of the word "spam". One,
promulgated by early spammers Laurence Canter and Martha Siegel, is that
"spamming" is what happens when one dumps a can of Spam luncheon meat
into a fan blade.[citation needed] Some others are the backronym stupid
pointless annoying messages."[citation needed] There was also an effort to
differentiate between types of spam. That which was sent indiscriminately to any
e-mail address was true spam while that which was targeted to more likely
24. prospects, although just as unsolicited, was called velveeta (after the cheese
product). But this latter term didn't persist.
History of Internet forms
The earliest documented spam was a message advertising the availability of a
new model of Digital Equipment Corporation computers sent to 393 recipients on
ARPANET in 1978, by Gary Thuerk.[17][20][21] The term "spam" for this practice
had not yet been applied. Spamming had been practiced as a prank by
participants in multi-user dungeon games, to fill their rivals' accounts with
unwanted electronic junk.[21] The first known electronic chain letter, titled Make
Money Fast, was released in 1988.
The first major commercial spam incident started on March 5, 1994, when a
husband and wife team of lawyers, Laurence Canter and Martha Siegel, began
using bulk Usenet posting to advertise immigration law services. The incident
was commonly termed the "Green Card spam", after the subject line of the
postings. Defiant in the face of widespread condemnation, the attorneys claimed
their detractors were hypocrites or "zealouts", claimed they had a free speech
right to send unwanted commercial messages, and labeled their opponents "anti-
commerce radicals." The couple wrote a controversial book entitled How to Make
a Fortune on the Information Superhighway.[21]
Later that year a poster operating under the alias Serdar Argic posted
antagonistic messages denying the Armenian Genocide to tens of thousands of
Usenet discussions that had been searched for the word Turkey. Within a few
years, the focus of spamming (and anti-spam efforts) moved chiefly to e-mail,
where it remains today.[14] Arguably, the aggressive email spamming by a
number of high-profile spammers such as Sanford Wallace of Cyber Promotions
in the mid-to-late 1990s contributed to making spam predominantly an email
phenomenon in the public mind.[citation needed] By 2009, the majority of spam
sent around the world was in the English language; spammers began using
automatic translation services to send spam in other languages.[22]
Trademark issues
Hormel Foods Corporation, the maker of Spam luncheon meat, does not object
to the Internet use of the term "spamming". However, they did ask that the
capitalized word "Spam" be reserved to refer to their product and trademark.[23]
By and large, this request is obeyed in forums which discuss spam. In Hormel
Foods v SpamArrest, Hormel attempted to assert its trademark rights against
SpamArrest, a software company, from using the mark "spam", since Hormel
owns the trademark. In a dilution claim, Hormel argued that Spam Arrest's use of
the term "spam" had endangered and damaged "substantial goodwill and good
reputation" in connection with its trademarked lunch meat and related products.
Hormel also asserts that Spam Arrest's name so closely resembles its luncheon
meat that the public might become confused, or might think that Hormel
endorses Spam Arrest's products.
Hormel did not prevail. Attorney Derek Newman responded on behalf of Spam
Arrest: "Spam has become ubiquitous throughout the world to describe
unsolicited commercial e-mail. No company can claim trademark rights on a
25. generic term." Hormel stated on its website: "Ultimately, we are trying to avoid
the day when the consuming public asks, 'Why would Hormel Foods name its
product after junk email?".[24]
Hormel also made two attempts that were dismissed in 2005 to revoke the marks
"SPAMBUSTER"[25] and Spam Cube.[26] Hormel's Corporate Attorney Melanie
J. Neumann also sent SpamCop's Julian Haight a letter on August 27, 1999
requesting that he delete an objectionable image (a can of Hormel's Spam
luncheon meat product in a trash can), change references to UCE spam to all
lower case letters, and confirm his agreement to do so.[27]
Cost Benefit Analyses
The European Union's Internal Market Commission estimated in 2001 that "junk
e-mail" cost Internet users €10 billion per year worldwide.[28] The California
legislature found that spam cost United States organizations alone more than
$13 billion in 2007, including lost productivity and the additional equipment,
software, and manpower needed to combat the problem.[29] Spam's direct
effects include the consumption of computer and network resources, and the cost
in human time and attention of dismissing unwanted messages.[30]
In addition, spam has costs stemming from the kinds of spam messages sent,
from the ways spammers send them, and from the arms race between
spammers and those who try to stop or control spam. In addition, there are the
opportunity cost of those who forgo the use of spam-afflicted systems. There are
the direct costs, as well as the indirect costs borne by the victims—both those
related to the spamming itself, and to other crimes that usually accompany it,
such as financial theft, identity theft, data and intellectual property theft, virus and
other malware infection, child pornography, fraud, and deceptive marketing.
The cost to providers of search engines is not insignificant: "The secondary
consequence of spamming is that search engine indexes are inundated with
useless pages, increasing the cost of each processed query".[2] The methods of
spammers are likewise costly. Because spamming contravenes the vast majority
of ISPs' acceptable-use policies, most spammers have for many years gone to
some trouble to conceal the origins of their spam. E-mail, Usenet, and instant-
message spam are often sent through insecure proxy servers belonging to
unwilling third parties. Spammers frequently use false names, addresses, phone
numbers, and other contact information to set up "disposable" accounts at
various Internet service providers. In some cases, they have used falsified or
stolen credit card numbers to pay for these accounts. This allows them to quickly
move from one account to the next as each one is discovered and shut down by
the host ISPs.
The costs of spam also include the collateral costs of the struggle between
spammers and the administrators and users of the media threatened by
spamming. [31] Many users are bothered by spam because it impinges upon the
amount of time they spend reading their e-mail. Many also find the content of
spam frequently offensive, in that pornography is one of the most frequently
advertised products. Spammers send their spam largely indiscriminately, so
pornographic ads may show up in a work place e-mail inbox—or a child's, the
26. latter of which is illegal in many jurisdictions. Recently, there has been a
noticeable increase in spam advertising websites that contain child pornography.
Some spammers argue that most of these costs could potentially be alleviated by
having spammers reimburse ISPs and persons for their material.[citation needed]
There are three problems with this logic: first, the rate of reimbursement they
could credibly budget is not nearly high enough to pay the direct costs[citation
needed], second, the human cost (lost mail, lost time, and lost opportunities) is
basically unrecoverable, and third, spammers often use stolen bank accounts
and credit cards to finance their operations, and would conceivably do so to pay
off any fines imposed.
E-mail spam exemplifies a tragedy of the commons: spammers use resources
(both physical and human), without bearing the entire cost of those resources. In
fact, spammers commonly do not bear the cost at all. This raises the costs for
everyone. In some ways spam is even a potential threat to the entire e-mail
system, as operated in the past. Since e-mail is so cheap to send, a tiny number
of spammers can saturate the Internet with junk mail. Although only a tiny
percentage of their targets are motivated to purchase their products (or fall victim
to their scams), the low cost may provide a sufficient conversion rate to keep the
spamming alive. Furthermore, even though spam appears not to be economically
viable as a way for a reputable company to do business, it suffices for
professional spammers to convince a tiny proportion of gullible advertisers that it
is viable for those spammers to stay in business. Finally, new spammers go into
business every day, and the low costs allow a single spammer to do a lot of harm
before finally realizing that the business is not profitable.
Some companies and groups "rank" spammers; spammers who make the news
are sometimes referred to by these rankings.[32][33] The secretive nature of
spamming operations makes it difficult to determine how proliferated an
individual spammer is, thus making the spammer hard to track, block or avoid.
Also, spammers may target different networks to different extents, depending on
how successful they are at attacking the target. Thus considerable resources are
employed to actually measure the amount of spam generated by a single person
or group. For example, victims that use common anti-spam hardware, software
or services provide opportunities for such tracking. Nevertheless, such rankings
should be taken with a grain of salt.
General costs
In all cases listed above, including both commercial and non-commercial, "spam
happens" because of a positive Cost-benefit analysis result if the cost to
recipients is excluded as an externality the spammer can avoid paying.
Cost is the combination of
Overhead: The costs and overhead of electronic spamming include bandwidth,
developing or acquiring an email/wiki/blog spam tool, taking over or acquiring a
host/zombie, etc.
Transaction cost: The incremental cost of contacting each additional recipient
once a method of spamming is constructed, multiplied by the number of
recipients. (see CAPTCHA as a method of increasing transaction costs)
Risks: Chance and severity of legal and/or public reactions, including damages
27. and punitive damages
Damage: Impact on the community and/or communication channels being
spammed (see Newsgroup spam)
Benefit is the total expected profit from spam, which may include any
combination of the commercial and non-commercial reasons listed above. It is
normally linear, based on the incremental benefit of reaching each additional
spam recipient, combined with the conversion rate. The conversion rate for
botnet-generated spam has recently been measured to be around one in
12,000,000 for pharmaceutical spam and one in 200,000 for infection sites as
used by the Storm botnet.[34] They specifically say in the paper "After 26 days,
and almost 350 million e-mail messages, only 28 sales resulted".
Spam is prevalent on the Internet because the transaction cost of electronic
communications is radically less than any alternate form of communication, far
outweighing the current potential losses, as seen by the amount of spam
currently in existence. Spam continues to spread to new forms of electronic
communication as the gain (number of potential recipients) increases to levels
where the cost/benefit becomes positive. Spam has most recently evolved to
include wikispam and blogspam as the levels of readership increase to levels
where the overhead is no longer the dominating factor. According to the above
analysis, spam levels will continue to increase until the cost/benefit analysis is
balanced[citation needed].
In crime
Spam can be used to spread computer viruses, trojan horses or other malicious
software. The objective may be identity theft, or worse (e.g., advance fee fraud).
Some spam attempts to capitalize on human greed whilst other attempts to use
the victims' inexperience with computer technology to trick them (e.g., phishing).
On May 31, 2007, one of the world's most prolific spammers, Robert Alan
Soloway, was arrested by U.S. authorities.[35] Described as one of the top ten
spammers in the world, Soloway was charged with 35 criminal counts, including
mail fraud, wire fraud, e-mail fraud, aggravated identity theft and money
laundering.[35] Prosecutors allege that Soloway used millions of "zombie"
computers to distribute spam during 2003.[citation needed] This is the first case
in which U.S. prosecutors used identity theft laws to prosecute a spammer for
taking over someone else's Internet domain name.[citation needed]
Political issues
Spamming remains a hot discussion topic. In 2004, the seized Porsche of an
indicted spammer was advertised on the Internet;[36] this revealed the extent of
the financial rewards available to those who are willing to commit duplicitous acts
online. However, some of the possible means used to stop spamming may lead
to other side effects, such as increased government control over the Internet,
loss of privacy, barriers to free expression, and the commercialization of e-mail.
[citation needed]
One of the chief values favored by many long-time Internet users and experts, as
well as by many members of the public, is the free exchange of ideas. Many
28. have valued the relative anarchy of the Internet, and bridle at the idea of
restrictions placed upon it.[citation needed] A common refrain from spam-fighters
is that spamming itself abridges the historical freedom of the Internet, by
attempting to force users to carry the costs of material which they would not
choose.[citation needed]
An ongoing concern expressed by parties such as the Electronic Frontier
Foundation and the ACLU has to do with so-called "stealth blocking", a term for
ISPs employing aggressive spam blocking without their users' knowledge. These
groups' concern is that ISPs or technicians seeking to reduce spam-related costs
may select tools which (either through error or design) also block non-spam e-
mail from sites seen as "spam-friendly". SPEWS is a common target of these
criticisms. Few object to the existence of these tools; it is their use in filtering the
mail of users who are not informed of their use which draws fire.[citation needed]
Some see spam-blocking tools as a threat to free expression—and laws against
spamming as an untoward precedent for regulation or taxation of e-mail and the
Internet at large. Even though it is possible in some jurisdictions to treat some
spam as unlawful merely by applying existing laws against trespass and
conversion, some laws specifically targeting spam have been proposed. In 2004,
United States passed the CAN-SPAM Act of 2003 which provided ISPs with tools
to combat spam. This act allowed Yahoo! to successfully sue Eric Head,
reportedly one of the biggest spammers in the world, who settled the lawsuit for
several thousand U.S. dollars in June 2004. But the law is criticized by many for
not being effective enough. Indeed, the law was supported by some spammers
and organizations which support spamming, and opposed by many in the anti-
spam community. Examples of effective anti-abuse laws that respect free speech
rights include those in the U.S. against unsolicited faxes and phone calls, and
those in Australia and a few U.S. states against spam.[citation needed]
In November 2004, Lycos Europe released a screen saver called make LOVE
not SPAM which made Distributed Denial of Service attacks on the spammers
themselves. It met with a large amount of controversy and the initiative ended in
December 2004.[citation needed]
While most countries either outlaw or at least ignore spam, Bulgaria is the first
and until now only one to partially legalize it. According to recent changes in the
Bulgarian E-Commerce act anyone can send spam to mailboxes, owned by
company or organization, as long as there is warning that this may be unsolicited
commercial email in the message body. The law contains many other inadequate
texts - for example the creation of a nationwide public electronic register of email
addresses that do not want to receive spam, something valuable only as source
for e-mail address harvesting.
Anti-spam policies may also be a form of disguised censorship, a way to ban
access or reference to questioning alternative forums or blogs by an institution.
This form of occult censorship is mainly used by private companies when they
can not muzzle criticism by legal ways.[37]
Court cases
See also: E-mail spam legislation by country
29. United States
Sanford Wallace and Cyber Promotions were the target of a string of lawsuits,
many of which were settled out of court, up through the famous 1998 Earthlink
settlement[citation needed]which put Cyber Promotions out of business. Attorney
Laurence Canter was disbarred by the Tennessee Supreme Court in 1997 for
sending prodigious amounts of spam advertising his immigration law practice. In
2005, Jason Smathers, a former America Online employee, pled guilty to
charges of violating the CAN-SPAM Act. In 2003, he sold a list of approximately
93 million AOL subscriber e-mail addresses to Sean Dunaway who, in turn, sold
the list to spammers.[38][39]
In 2007, Robert Soloway lost a case in a federal court against the operator of a
small Oklahoma-based Internet service provider who accused him of spamming.
U.S. Judge Ralph G. Thompson granted a motion by plaintiff Robert Braver for a
default judgment and permanent injunction against him. The judgment includes a
statutory damages award of $10,075,000 under Oklahoma law.[40]
In June 2007, two men were convicted of eight counts stemming from sending
millions of e-mail spam messages that included hardcore pornographic images.
Jeffrey A. Kilbride, 41, of Venice, California was sentenced to six years in prison,
and James R. Schaffer, 41, of Paradise Valley, Arizona, was sentenced to 63
months. In addition, the two were fined $100,000, ordered to pay $77,500 in
restitution to AOL, and ordered to forfeit more than $1.1 million, the amount of
illegal proceeds from their spamming operation.[41] The charges included
conspiracy, fraud, money laundering, and transportation of obscene materials.
The trial, which began on June 5, was the first to include charges under the CAN-
SPAM Act of 2003, according to a release from the Department of Justice. The
specific law that prosecutors used under the CAN-Spam Act was designed to
crack down on the transmission of pornography in spam.[42]
In 2005, Scott J. Filary and Donald E. Townsend of Tampa, Florida were sued by
Florida Attorney General Charlie Crist for violating the Florida Electronic Mail
Communications Act.[43] The two spammers were required to pay $50,000 USD
to cover the costs of investigation by the state of Florida, and a $1.1 million
penalty if spamming were to continue, the $50,000 was not paid, or the financial
statements provided were found to be inaccurate. The spamming operation was
successfully shut down.[44]
Edna Fiedler, 44, of Olympia, Washington, on June 25, 2008, pleaded guilty in a
Tacoma court and was sentenced to 2 years imprisonment and 5 years of
supervised release or probation in an Internet $1 million "Nigerian check scam."
She conspired to commit bank, wire and mail fraud, against US citizens,
specifically using Internet by having had an accomplice who shipped counterfeit
checks and money orders to her from Lagos, Nigeria, last November. Fiedler
shipped out $ 609,000 fake check and money orders when arrested and
prepared to send additional $ 1.1 million counterfeit materials. Also, the U.S.
Postal Service recently intercepted counterfeit checks, lottery tickets and eBay
overpayment schemes with a face value of $2.1 billion.[45][46]
United Kingdom
In the first successful case of its kind, Nigel Roberts from the Channel Islands
30. won £270 against Media Logistics UK who sent junk e-mails to his personal
account.[47]
In January 2007, a Sheriff Court in Scotland awarded Mr. Gordon Dick £750 (the
then maximum sum which could be awarded in a Small Claim action) plus
expenses of £618.66, a total of £1368.66 against Transcom Internet Services
Ltd.[48] for breaching anti-spam laws.[49] Transcom had been legally
represented at earlier hearings but were not represented at the proof, so Gordon
Dick got his decree by default. It is the largest amount awarded in compensation
in the United Kingdom since Roberts -v- Media Logistics case in 2005 above, but
it is not known if Mr Dick ever received anything. (An image of Media Logistics'
cheque is shown on Roberts' website[50] ) Both Roberts and Dick are well known
figures in the British Internet industry for other things. Dick is currently Interim
Chairman of Nominet UK (the manager of .UK and .CO.UK) while Roberts is
CEO of CHANNELISLES.NET (manager of .GG and .JE).
Despite the statutory tort that is created by the Regulations implementing the EC
Directive, few other people have followed their example. As the Courts engage in
active case management, such cases would probably now be expected to be
settled by mediation and payment of nominal damages.
New Zealand
In October 2008, a vast international internet spam operation run from New
Zealand was cited by American authorities as one of the world’s largest, and for
a time responsible for up to a third of all unwanted emails. In a statement the US
Federal Trade Commission (FTC) named Christchurch’s Lance Atkinson as one
of the principals of the operation. New Zealand’s Internal Affairs announced it
had lodged a $200,000 claim in the High Court against Atkinson and his brother
Shane Atkinson and courier Roland Smits, after raids in Christchurch. This
marked the first prosecution since the Unsolicited Electronic Messages Act
(UEMA) was passed in September 2007. The FTC said it had received more
than three million complaints about spam messages connected to this operation,
and estimated that it may be responsible for sending billions of illegal spam
messages. The US District Court froze the defendants’ assets to preserve them
for consumer redress pending trial.[51] U.S. co-defendant Jody Smith forfeited
more than $800,000 and faces up to five years in prison for charges to which he
plead guilty.[52]
Newsgroups
news.admin.net-abuse.email
See also
Internet portal
Address munging (avoidance technique)
Advance fee fraud (Nigerian spam)
Anti-spam techniques
Bacn (electronic)
E-mail fraud
Identity theft
31. Image spam
Internet Troll
Job scams
Junk mail
List of spammers
Malware
Network Abuse Clearinghouse
Phishing
Scam
Scad (scam ad)
Social networking spam
SORBS
Spam
Spam Lit
SpamCop
Spamigation
SPIT (SPam over Internet Telephony)
Spoetry
Sporgery
Virus (computer)
Vishing
History
Howard Carmack
Make money fast
Sanford Wallace
Spam King
Usenet Death Penalty
UUnet
References
Notes
^ The Spamhaus Project - The Definition Of Spam
^ a b Gyongyi, Zoltan; Garcia-Molina, Hector (2005). "Web spam taxonomy".
Proceedings of the First International Workshop on Adversarial Information
Retrieval on the Web (AIRWeb), 2005 in The 14th International World Wide Web
Conference (WWW 2005) May 10, (Tue)-14 (Sat), 2005, Nippon Convention
Center (Makuhari Messe), Chiba, Japan.. New York, N.Y.: ACM Press. ISBN
1-59593-046-9
^ "?". maawg.org.
^ FileOn List Builder-Extract URL,MetaTags,Email,Phone,Fax from www-
Optimized Webcrawler
^ Saul Hansell Social network launches worldwide spam campaign New York
Times, September 13, 2007
^ The (Evil) Genius of Comment Spammers - Wired Magazine, March 2004
^ Fabrício Benevenuto, Tiago Rodrigues, Virgílio Almeida, Jussara Almeida and
Marcos Gonçalves. Detecting Spammers and Content Promoters in Online Video
32. Social Networks. In ACM SIGIR Conference, Boston, MA, USA, July 2009..
^ See: Advance fee fraud
^ SA cops, Interpol probe murder - News24.com, 2004-12-31
^ Brasil assume a liderança do spam mundial em 2009, diz Cisco (Portuguese)
^ "Getting the message, at last". The Economist. 2007-12-14.
^ "RFC 2635 - DONx27T SPEW A Set of Guidelines for Mass Unsolicited
Mailings and Postings (spam*):". Retrieved 2010-09-29.
^ "The Origin of the word 'Spam':". Retrieved 2010-09-20.
^ a b Origin of the term "spam" to mean net abuse
^ The Origins of Spam in Star Trek chat rooms
^ Spamming? (rec.games.mud) - Google Groups USENET archive, 1990-09-26
^ a b At 30, Spam Going Nowhere Soon - Interviews with Gary Thuerk and Joel
Furr
^ Darren Waters (31 march 2008). "Spam blights e-mail 15 years on".
news.bbc.co.uk. Retrieved 26 August 2010.
^ "Oxford dictionary adds Net terms" on News.com
^ Reaction to the DEC Spam of 1978
^ a b c Tom Abate (May 3, 2008). "A very unhappy birthday to spam, age 30".
San Francisco Chronicle.
^ Danchev, Dancho. "Spammers go multilingual, use automatic translation
services." ZDNet. July 28, 2009. Retrieved on August 31, 2009.
^ "?". spam.com., Official SPAM Website
^ Hormel Foods v SpamArrest, Motion for Summary Judgment, Redacted
Version (PDF)
^ Hormel Foods Corpn v Antilles Landscape Investments NV (2005) EWHC 13
(Ch)[dead link]
^ "Hormel Foods Corporation v. Spam Cube, Inc". United States Patent and
Trademark Office. Retrieved 2008-02-12.
^ Letter from Hormel's Corporate Attorney Melanie J. Neumann to SpamCop's
Julian Haight
^ "Data protection: "Junk" e-mail costs internet users 10 billion a year worldwide -
Commission study"
^ California business and professions code
^ Spam Cost Calculator: Calculate enterprise spam cost?
^ Thank the Spammers - William R. James 2003-03-10
^ Spamhaus' "TOP 10 spam service ISPs"
^ The 10 Worst ROKSO Spammers
^ Kanich, C.; C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson and S.
Savage (2008-10-28). "Spamalytics: An Empirical Analysis of Spam Marketing
Conversion" (PDF). Proceedings of Conference on Computer and
Communications Security (CCS). Alexandria, VA, USA. Retrieved 2008-11-05.
^ a b Alleged 'Seattle Spammer' arrested - CNET News.com
^ timewarner.com
^ See for instance the black list of the French wikipedia encyclopedia
^ U.S. v Jason Smathers and Sean Dunaway, amended complaint, US District
Court for the Southern District of New York (2003). Retrieved 7 March 2007, from
33. "?". thesmokinggun.com.
^ Ex-AOL employee pleads guilty in spam case. (2005, February 4). CNN.
Retrieved 7 March 2007, from "Ex-AOL employee pleads guilty in spam case".
CNN.com. February 5, 2005. Retrieved 27 August 2010.
^ Braver v. Newport Internet Marketing Corporation et al. -U.S. District Court -
Western District of Oklahoma (Oklahoma City), 2005-02-22
^ "Two Men Sentenced for Running International Pornographic Spamming
Business". United States Department of Justice. October 12, 2007. Retrieved
2007-10-25.
^ Gaudin, Sharon, Two Men Convicted Of Spamming Pornography
InformationWeek, June 26, 2007
^ "Crist Announces First Case Under Florida Anti-Spam Law". Office of the
Florida Attorney General. Retrieved 2008-02-23.
^ "Crist: Judgment Ends Duo's Illegal Spam, Internet Operations". Office of the
Florida Attorney General. Retrieved 2008-02-23.
^ "Woman gets prison for 'Nigerian' scam". upi.com.
^ "Woman Gets Two Years for Aiding Nigerian Internet Check Scam (PC World)".
yahoo.com.[dead link]
^ Businessman wins e-mail spam case - BBC News, 2005-12-27
^ Gordon Dick v Transcom Internet Service Ltd.
^ Article 13-Unsolicited communications
^ website
^ Kiwi spam network was 'world's biggest'
^ Court Orders Australia-based Leader of International Spam Network to Pay
$15.15 Million
Sources
Specter, Michael (2007-08-06). "Damn Spam". The New Yorker. Retrieved
2007-08-02.
Further reading
Sjouwerman, Stu; Posluns, Jeffrey, "Inside the spam cartel: trade secrets from
the dark side", Elsevier/Syngress; 1st edition, November 27, 2004. ISBN
978-1-932266-86-3
External links
Wikimedia Commons has media related to: Electronic spam
Spamtrackers SpamWiki: a peer-reviewed spam information and analysis
resource.
Federal Trade Commission page advising people to forward spam e-mail to them
Slamming Spamming Resource on Spam
Why am I getting all this spam? CDT
Cybertelecom:: Federal spam law and policy
Reaction to the DEC Spam of 1978 Overview and text of the first known internet
email spam.
Malware City - The Spam Omelette BitDefender’s weekly report on spam trends
and techniques.
34. 1 December 2009: arrest of a major spammer
EatSpam.org - This website provides you with disposable e-mail addresses
which expire after 15 Minutes. You can read and reply to e-mails that are sent to
the temporary e-mail address within the given time frame.
Spam Analysis of 2010 and estimated Spam for 2011 - Article about Spam
Analysis of 2010 and estimated Spam for 2011
[hide]v · d · eSpamming
Protocols
E-mail spam
Address munging · Bulk email software · Directory Harvest Attack · Joe job ·
DNSBL · DNSWL · Spambot · Pink contract
Other
Autodialer/Robocall · Flyposting · Junk fax · Messaging · Mobile phone ·
Newsgroup · Telemarketing · VoIP
Anti-spam
Disposable e-mail address · E-mail authentication · SORBS · SpamCop ·
Spamhaus · List poisoning · Bayesian spam filtering · Network Abuse
Clearinghouse
Spamdexing
Keyword stuffing · Google bomb · Scraper site · Link farm · Cloaking · Doorway
page · URL redirection · Spam blogs · Sping · Forum spam · Blog spam · Social
networking spam · Referrer spam · Parasite hosting
Internet fraud
Advance-fee fraud · Lottery scam · Make Money Fast · Phishing · Vishing
Adware
From Wikipedia, the free encyclopedia
For the Lavasoft anti-virus program, see Ad-Aware.
This article needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be
challenged and removed. (August 2010)
Adware, or advertising-supported software, is any software package which automatically plays,
displays, or downloads advertisements to a computer. These advertisements can be in the form
of a pop-up.[1] The object of the Adware is to generate revenue for its author. Adware, by itself, is
harmless; however, some adware may come with integrated spyware such as keyloggers and
other privacy-invasive software.[2][3][4]
Contents [hide]
1 Application
1.1 Malware
2 Prevention and detection
35. 3 Examples of adware
4 Examples of advertising-delivery tools
5 See also
6 References
7 Further reading
8 External links
[edit]Application
Advertising functions are integrated into or bundled with the software, which is often designed to
note what Internet sites the user visits and to present advertising pertinent to the types of goods
or services featured there. Adware is usually seen by the developer as a way to recover
development costs, and in some cases it may allow the software to be provided to the user free of
charge or at a reduced price. The income derived from presenting advertisements to the user
may allow or motivate the developer to continue to develop, maintain and upgrade the software
product. Conversely, the advertisements may be seen by the user as interruptions or
annoyances, or as distractions from the task at hand.
Some adware is also shareware, and so the word may be used as term of distinction to
differentiate between types of shareware software. What differentiates adware from other
shareware is that it is primarily advertising-supported. Users may also be given the option to pay
for a "registered" or "licensed" copy to do away with the advertisements. The Eudora e-mail client
is an example of an adware "mode" in a program. After a trial period during which all program
features are available, the user is offered a choice: free of charge with limited functionality, a
mode with full functionality which displays advertisements for Eudora, or a paid mode that
enables all features and turns off the ads.
[edit]Malware
Some adware can also be classified as spyware, a type of malware (malicious software) which
steals information. For example BonziBUDDY, an application marketed as an "Intelligent software
agent", corrupted many of the user's system files, forcing the display of many obscene
advertisements (composed mostly of infected Flash coding); these and the main application
logged browsing details and sent them to various third parties.
[edit]Prevention and detection
Programs have been developed to detect, quarantine, and remove spyware, including Ad-Aware,
Malwarebytes' Anti-Malware, Spyware Doctor and Spybot - Search & Destroy. In addition, almost
all commercial antivirus software currently detect adware and spyware, or offer a separate
spyware detection package.[5]
The reluctance to add adware and spyware detection to commercial antivirus products was fueled
by a fear of lawsuits.[citation needed] Kaspersky, for example, was sued by Zango for blocking
the installation of their products. Zango software and components are almost universally detected
as adware nowadays.[citation needed]
[edit]Examples of adware
180SearchAssistant
Bonzi Buddy
ClipGenie
Comet Cursor
Cydoor
DollarRevenue
ErrorSafe
Gator
Security Tool
VirusProtectPro
[edit]Examples of advertising-delivery tools
Ask.com Toolbar
FlashGet
36. Mirar Toolbar
MyWay Searchbar
Tribal Fusion
Viewpoint Media Player
WhenU SaveNow
Zango products
Zwinky
[edit]See also
Computer insecurity
Greynet
Hosts file
Typhoid adware
[edit]References
^ Aaron Schwabach (2005). Internet and the Law: Technology, Society, and Compromises. ABC-
CLIO. pp. 10. ISBN 978-1-85109-731-9.
^ Tulloch, Mitch (2003). Koch, Jeff; Haynes, Sandra. eds. Microsoft Encyclopedia of Security.
Redmond, Washington: Microsoft Press. p. 16. ISBN 0-7356-1877-1. "Any software that installs
itself on your system without your knowledge and displays advertisements when the user
browses the Internet."
^ "Adware". Adware Protection Information. McAfee, Inc. Retrieved 2010-08-18.
^ "adware". Dictionary.com's 21st Century Lexicon. Dictionary.com, LLC. Retrieved 18 August
2010. "a software application in which advertisements are displayed while the program is running,
esp. in pop-up windows or banners, and which often is installed without the user's knowledge or
consent; also called advertising-supported software"
^ Honeycutt, Jerry (20 April 2004). "How to protect your computer from Spyware and Adware".
Microsoft.com. Microsoft corporation. "Things are changing for the better, though. Most popular
antivirus products now include adware and spyware scanning. For example, the latest versions of
McAfee VirusScan, Norton AntiVirus 2004, and Trend Micro PC-Cillin 2004 now scan for some
adware and spyware."
[edit]Further reading
Honeycutt, Jerry (20 April 2004). "How to protect your computer from Spyware and Adware".
Microsoft.com. Microsoft corporation. Retrieved 18 August 2010.
Hardmeier, Sandi (16 December 2004). "Adware and Bad Things it Does". Internet Explorer
community. Microsoft corporation. Retrieved 18 August 2010.
[edit]External links
Adware and Spyware at the Open Directory Project
Anti-Spyware Coalition
[hide]v · d · eSoftware distribution
Methods
Abandonware · Adware · Bundled · Beerware · Commercial · Donationware · Freely
redistributable software · Free software · Freeware · Nagware · Open source · Pre-installed ·
Postcardware · Proprietary · Public domain · Scareware · Shareware
Related topics
Product Activation · Shovelware · Software bloat
Malware
37. From Wikipedia, the free encyclopedia
Beast, a Windows-based backdoor Trojan horse
Malware, short for malicious software, (sometimes referred to as pestware[1]) is
a software designed to harm or secretly access a computer system without the
owner's informed consent. The expression is a general term used by computer
professionals to mean a variety of forms of hostile, intrusive, or annoying
software or program code.[2]
Software is considered to be malware based on the perceived intent of the
creator rather than any particular features. Malware includes computer viruses,
worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most
rootkits, and other malicious and unwanted software or program. In law, malware
is sometimes known as a computer contaminant, for instance in the legal codes
of several U.S. states, including California and West Virginia.[3][4]
Preliminary results from Symantec published in 2008 suggested that "the release
rate of malicious code and other unwanted programs may be exceeding that of
legitimate software applications."[5] According to F-Secure, "As much malware
[was] produced in 2007 as in the previous 20 years altogether."[6] Malware's
most common pathway from criminals to users is through the Internet: primarily
by e-mail and the World Wide Web.[7]
The prevalence of malware as a vehicle for organized Internet crime, along with
the general inability of traditional anti-malware protection platforms (products) to
protect against the continuous stream of unique and newly produced malware,
has seen the adoption of a new mindset for businesses operating on the Internet:
the acknowledgment that some sizable percentage of Internet customers will
always be infected for some reason or another, and that they need to continue
doing business with infected customers. The result is a greater emphasis on
back-office systems designed to spot fraudulent activities associated with
advanced malware operating on customers' computers.[8]
On March 29, 2010, Symantec Corporation named Shaoxing, China, as the
world's malware capital.[9]
Malware is not the same as defective software, that is, software that has a
legitimate purpose but contains harmful bugs. Sometimes, malware is disguised
as genuine software, and may come from an official site. Therefore, some
security programs, such as McAfee may call malware "potentially unwanted
programs" or "PUP". Though a computer virus is malware that can reproduce
itself, the term is often used erroneously to refer to the entire category.
Contents [hide]
1 Purposes
2 Infectious malware: viruses and worms
2.1 Capsule history of viruses and worms
3 Concealment: Trojan horses, rootkits, and backdoors
3.1 Trojan horses