Virus ( Ethics)

Paul John F. Cadag

Professional Ethics

MWF (2:00 – 3:00)

Mydoom Virus 1. How and where the virus originate? Also known as W32.MyDoom@mm, Novarg, Mimail.R and Shimgapi, is a computer worm affecting Microsoft Windows. It was first sighted on 26 January 2004. It became the fastestspreading e-mail worm ever (as of January 2004[update]), exceeding previous records set by the Sobig worm. Mydoom appears to have been commissioned by e-mail spammers so as to send junk e-mail through infected computers. The worm contains the text message “andy; I'm just doing my job, nothing personal, sorry,” leading many to believe that the worm's creator was paid. Early on, several security firms expressed their belief that the worm originated from a programmer in Russia. The actual author of the worm is unknown. 2. Who was responsible and distributing and creating it? Mydoom was named by Craig Schmugar, an employee of computer security firm McAfee and one of the earliest discoverers of the worm. Schmugar chose the name after noticing the text “mydom” within a line of the program's code. He noted: “It was evident early on that this would be very big. I thought having 'doom' in the name would be appropriate. 3. How did the virus work and effect? Mydoom is primarily transmitted via e-mail, appearing as a transmission error, with subject lines including “Error”, “Mail Delivery System”, “Test” or “Mail Transaction Failed” in different languages, including English and French. The mail contains an attachment that, if executed, resends the worm to e-mail addresses found in local files such as a user's address book. It also copies itself to the “shared folder” of peer-to-peer file-sharing application KaZaA in an attempt to spread that way. Mydoom avoids targeting e-mail addresses at certain universities, such as Rutgers, MIT, Stanford and UC Berkeley, as well as certain companies such as Microsoft and Symantec. Some early reports claimed the worm avoids all .edu addresses, but this is not the case. Initial analysis of Mydoom suggested that it was a variant of the Mimail worm—hence the alternate name Mimail.R—prompting speculation that the same persons were responsible for both worms. Later analyses were less conclusive as to the link between the two worms.

4. What prosecutions were brought of any?

This theory was rejected immediately by security researchers. Since then, it has been likewise rejected by law enforcement agents investigating the virus, who attribute it to organized online crime gangs.

I Love You Virus 1. How and where the virus originate? Was a computer worm that successfully attacked tens of millions of Windows computers in 2000 when it was sent as an attachment to an email message with the text "ILOVEYOU" in the subject line. The worm arrived in e-mail boxes on and after 5 May 2000 with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". The final 'vbs' extension was hidden by default, leading unsuspecting users to think it was a mere text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. It also made a number of malicious changes to the user's system. Such propagation mechanism had been known (though in IBM mainframe rather than in the MS Windows environment) and used already in the Christmas Tree EXEC of 1987 which brought down a number of the world's mainframes at the time. 2. Who was responsible and distributing and creating it? The alleged authors of the worm were reported to be Filipinos. Siblings Irene and Onel de Guzman of Manila[5]; Irene's boyfriend, Reomel Lamores who was briefly held in May 2000 in connection with the worm outbreak; and Michael Buenafe, a fellow student of de Guzman at AMA Computer College.[6] Onel finally came forward but denied writing the worm, although he admitted he may have inadvertently been responsible for its release. As there were no laws in the Philippines against writing malware at the time, he was released and in August the prosecutors dropped all charges against him. 3. How did the virus work and effect? This particular malware caused widespread damage. The worm overwrote important files music files, multimedia files, and more - with a copy of itself. It also sent the worm to everyone on a user's contact list. Because it was written in Visual Basic Script and interfaced with the Outlook Windows Address Book, this particular worm only affected computers running the Microsoft Windows operating system. While any other computer accessing email could receive an "ILOVEYOU" e-mail, only Microsoft Windows systems would be infected. It took your contacts from your Outlook list. If you saw the e-mail message "I LOVE YOU" and opened it, it would copy and send out the message again and again. Recipients, who didn't know what was happening, would execute the document only to have most of their files overwritten.

4. What prosecutions were brought of any? Philippine authorities may charge the ILOVEYOU suspects under the Access Devices Regulation Act, which outlaws the use of stolen credit cards. It appears that the suspects used stolen passwords to connect to Internet service providers. Using stolen information to obtain good or services in the Philippines is punishable by five years in prison. Prompted by the virus outbreak, members of the Philippines Congress are now calling for new computer-crime laws. The ILOVEYOU suspects could not be automatically extradited from the Philippines to the United States because the current extradition treaty applies only when both countries share the law in question. However, the United States might be able to persuade the Philippine courts to turn the suspects over to its courts. U.S. law enforcement officials have yet to make such a request.