HOME | DD
Skeppio — Computer Viruses 11
#computer #chernobyl #malware #virus #navashield
Published: 2017-11-11 14:01:22 +0000 UTC; Views: 1238; Favourites: 15; Downloads: 3
Redirect to original
Description
Some more new viruses. From left to right:NavaShield - Malware disguised as an antivirus program, this virus would lie dormant for a week after installation before pestering affected users to upgrade the product, complete with annoying ticking sounds and pop-ups. If the user ignored it for a few more weeks, NavaShield would begin simulating malware attacks, including playing continuous laughing noises (if the infected computer has text-to-speech software, NavaShield would even hijack it to create nonsensical taunting messages), redirecting users to porn sites and blocking access to Task Manager. Some versions even display a fake "Disk drive C:\ is being deleted" message before displaying a blank desktop until the computer is rebooted.
Chernobyl - Nicknamed for its payload trigger date (April 26th) coinciding with the date of the Chernobyl nuclear disaster (though the dates are purely coincidental), this virus begins by overwriting the master boot record of infected computers, causing them to fail to boot up. Its second primary payload is to replace portions of a computers BIOS, rendering it completely inoperable. However, this payload fails on computers lacking a BIOS compatible with Chernobyl. It also boasts a unique method of infecting executable files, in which it will search for unused space in a file, break itself up, and spread itself among the empty spaces.
Related content
Comments: 11
👍: 0 ⏩: 1
👍: 0 ⏩: 0
Hope you like my interpretation then! ^_^
👍: 0 ⏩: 0
These are all really good. Do you mind if I give you suggestions?
👍: 0 ⏩: 1
I have some more i plan to get around to sometime, but sure!
👍: 0 ⏩: 1
Alright. Here are two.
Mimail - Mimail is an email worm that steals passwords and was reported to have caused billions of dollars in damage. It arrives in a computer as an email that appears to be from the administrator of the user's domain. If your mail address is kiki_the_black_cat@kitty.cc, the sender line will read admin@kitty.cc. The subject line is "your account" followed by a random string of numbers and letters. The message body informs the user that there is important information about their email account in the attached zip file, Message.zip. Message.zip contains an htm file, Message.htm, which once opened in unpatched versions of Internet Explorer, creates the file Foo.exe in the temporary internet files folder. Foo.exe is actually the Mimail worm. While Foo.exe is running, the browser shows a black field with red text saying "Please wait loading message…..". Mimail copies itself to the Windows folder as Videodrv.exe. It creates another registry key before caopturing text from some windows and send the information to a specific email address. The worm then saves three files to the Windows directory, one, Zip.tmp, a temporary copy of the attachment, Message.zip, a copy of Message.html and eml.tmp, where it will store the email addresses it finds.
Dumaru - A mass mailer worm that installs a remote control and keylogger trojan, this worm attacked the mail servers of the Duma, the Russian Parliament. It is believed by some to have caused billions in damage. It appeared half a month after Mimail, another very destructive Russian-made worm. The worm arrives in an email encouraging users to open an attachment. The sender line will say "Microsoft" with the email address security@microsoft.com. The subject line says "Use this patch immediately !". The message body says "Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected!" The attachment is named patch.exe and is 9,216 bytes long. When executed, the worm copies itself as dllreg.exe into the Windows folder, load32.exe and vxdmgr32.exe to the Windows system folder. The worm drops a windrv.exe into the Windows folder, which is the trojan, Narod.A, that is both a keylogger and a remote controller. When run, it connects to an IRC server and joins a channel to listen for commands from the worm's creator. It then creates the file winload.log, which stores email addresses.
👍: 0 ⏩: 1
Interesting. Mimail sounds familiar. I might've drawn a variant of it before.
I hadn't heard of Dumaru before though.
👍: 0 ⏩: 0
I love how you used lips on NavaShield, gives it a creepy sinister feel. Amazing as always!
👍: 0 ⏩: 2
Thanks! I felt it made the mocking laughing smile bigger and more pronounced. ^_^
👍: 0 ⏩: 0
By the way, I have some suggestions for some viruses!
youareanidiot: A trojan website that infects, saying stuff like YOUAREANIDIOT HA HA HA. It flashes from black and white, which could cause seizures.
Wannacry: Another virus that deals lots of damage, it wreaked havoc in hospitals, banks, airports, etc. It gives a ransom, that if you don't pay it'll delete files, slowly killing your computer.
👍: 0 ⏩: 0