Virus writers contribute to SPAM
December 22, 2002
It’s tempting to look back at the year 2002 and state that, with the exception of Klez, things were relatively quiet on the virus front. But were they, really? Though 2002 may have lacked some of the high profile attacks of years previous, i.e. Nimda, Sircam, and Magistr in 2001, or Kak’s prevalency and Loveletter’s debut in 2000, the insidious development of malicious marketing assures 2002 its own place in virus history.
JS.Exception exploit
The first indication of ad-woes was ushered in with the JS.Exception exploit. Vincent Weafer, senior director of Symantec Corp.'s security response center, noted that Symantec received approximately 40,000 to 50,000 submissions of the JS.Exception exploit during the first quarter of 2002, making it number one on Symantec's most submitted malware for the that time period. The exploit continues to be a headache for users, many of whom have their Internet Explorer homepage hijacked to sites of ill repute.
Benjamin worm
Through the use of the Benjamin worm, KaZaA users unwittingly took part in a marketing scheme designed to drive page hits to a website in a ploy for profit. Disguised under popular monikers such as "South Park Vol.3-divx-full-downloader" or "Star wars Episode 1-divx-full-downloader", according to Mikko Hypponen, Manager of Anti-Virus Research at F-Secure Corporation, “the worm was written to make money for the virus writer.”
JS.NoClose
Antivirus vendor Sophos declares JS.NoClose a JavaScript Trojan and states that it "will minimise Internet Explorer and attempt to access other websites without the user's express permission." Symantec notes that “Closing these windows can be difficult, because when you close one, the window that is "hidden" behind it is displayed." In short, JS.NoClose engineers the lowest form of pop-up advertising, forcing page views on unsuspecting users and making it extremely difficult to maneuver away from the site(s).
(Un)Friendly Greetings
The folks at PerMedia, vis a vis their FriendGreetings.com and cool-downloads.com, gave legitimate greeting card companies a black eye by combining mass-mailing email worm code with a fake greeting card dubbed FriendGreetings. In an attempt to keep it legal, they stated their intent in the End User Licensing Agreement (EULA), which the recipient was required to consent prior to delivery of the bogus E-Card. Thus, eager users accepting the EULA were, in fact, agreeing to allow the same bogus E-Card to be sent to everyone in their address book.
Traditional Threats
Other notable viruses in 2002 include the Britney virus, notorious for the utter lack of interest recipients demonstrated when they failed to open the promised pics of singer Britney Spears. Equally yawn inspiring were the MyLife saga of worms that proved only that the virus writer really needed to get a life. Both Yaha.E and Bugbear achieved high infection rates and, in October 2002, the Opaserv worm joined the pack by creating annoying background chatter on the Internet pipeline. Unwelcome implications were introduced with WineVar, which may forever change how executable file types are defined.
When remembering 2002, however, the bottom line may just be that virus writers finally succeeded at something. They succeeded in giving malicious marketers the tools and ideas needed to disintegrate the Internet experience for us all. Congratulations, guys. You've joined the ranks of spam queens. Just tell me where I can send the coal for your stockings.
