:: wikimiki.org ::

Twin-351 Virus

Twin-351 Virus

To aid the fight against viruses and other malware many security advisory organizations and developers of anti-virus software compile and publish lists of viruses. A single comprehensive list of viruses would make sense, but no definitive list currently exists.

Naming

One fundamental fact that makes the compilation of a unified list of viruses difficult is naming. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. As the developers of anti-virus software compete partly based on how quickly they react to the new threat they usually study and name the viruses independently. By the time it is identified which names denote the same virus the different names have been used enough to stay around. Another source of ambiguity in names is that sometimes a virus initially identified as a completely new virus is found to be a variation of an earlier known virus, in which cases it is often renamed. For example, the second variation of the Sobig worm was initially called Palyh but later renamed Sobig.b. Again, depending on how quickly this happens the old name may persist.

Scope

In terms of scope, there are two major variants: the list of "in-the-wild" viruses, which list viruses in active circulation, and lists of all known viruses, which also contain viruses believed not be in active circulation (also called "zoo viruses"). The sizes are vastly different, in-the-wild lists contain a few hundred viruses but full lists contain tens of thousands.

List of viruses and related programs

Computer virus

In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an infection, and the infected file (or executable code that is not part of a file) is called a host. Viruses are one of the several types of malicious software or malware. In a common parlance, the term virus is often extended to refer to worms, trojan horses and other sorts of malware, however, this can confuse computer users, since viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware. This confusion can have serious consequences, because it may lead to a focus on preventing one genre of malware over another, potentially leaving computers vulnerable to future damage. However, a basic rule is that computer viruses cannot directly damage hardware, but only software. While viruses can be intentionally destructive (for example, by destroying data), many other viruses are fairly benign or merely annoying. Some viruses have a delayed payload, which is sometimes called a bomb. For example, a virus might display a message on a specific day or wait until it has infected a certain number of hosts. A time bomb occurs during a particular date or time, and a logic bomb occurs when the user of a computer takes an action that triggers the bomb. However, the predominant negative effect of viruses is their uncontrolled self-reproduction, which wastes or overwhelms computer resources. Today (as of 2005), viruses are somewhat less common than network-borne worms, due to the popularity of the Internet. Anti-virus software, originally designed to protect computers from viruses, has in turn expanded to cover worms and other threats such as spyware.

Definition

A virus is a type of program that can replicate itself by making (possibly modified) copies of itself. The main criterion for classifying a piece of executable code as a virus is that it spreads itself by means of 'hosts'. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable media. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with worms. A worm, however, can spread itself to other computers without needing to be transferred as part of a host. Many personal computers are now connected to the Internet and to local-area networks, facilitating their spread. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Viruses can infect different types of hosts. The most common targets are executable files that contain application software or parts of the operating system. Viruses have also infected the executable boot sectors of floppy disks, script files of application programs, and documents that can contain macro scripts. Additionally, viruses can infect files in other ways than simply inserting a copy of their code into the code of the host program. For example, a virus can overwrite its host with the virus code, or it can use a trick to ensure that the virus program is executed when the user wants to execute the (unmodified) host program. Viruses have existed for many different operating systems, including MS-DOS, AmigaOS, Mac OS and even Linux; however, the vast majority of viruses affect Microsoft Windows. A legitimate application program that can copy itself as a side-effect of its normal function (e.g. backup software) is not considered a virus. Some programs that were apparently intended as viruses cannot reliably self-replicate, because the infection routine contains bugs. For example, a buggy virus can insert copies of itself into host programs, but these copies never get executed and are thus unable to spread the virus. Self-replicating programs that have very limited spreading capabilities because of bugs should not be considered legitimate viruses.

Use of the word "virus"

The term "virus" was first used in an academic publication by Fred Cohen in his 1984 paper Experiments with Computer Viruses, where he credits Len Adleman with coining it. However, a 1972 science fiction novel by David Gerrold, When H.A.R.L.I.E. Was One, includes a description of a fictional computer program called "VIRUS" that worked just like a virus (and was countered by a program called "ANTIBODY"); and John Brunner's 1975 novel The Shockwave Rider describes programs known as "tapeworms" which spread through a network for deleting data. The term "computer virus" with current usage also appears in the comic book "Uncanny X-Men" No. 158, published in 1982. Therefore, we may conclude that although Cohen's use of "virus" may, perhaps, have been the first "academic" use, the term had been used earlier. Westworld is often cited as containing an early usage of the term, though the exact phrase is not actually used in the film. The term "virus" is often used in common parlance to describe all kinds of malware (malicious software), including those that are more properly classified as worms or trojans. Most popular anti-virus software packages defend against all of these types of attack. The English plural of "virus" is "viruses". Some people use "virii" or "viri" as a plural, although computer professionals seldom use these words. For a discussion about whether "viri" and "virii" are correct alternatives for "viruses", see plural of virus.

History

A program called "Elk Cloner" is credited with being the first computer virus to appear "in the wild" -- that is, outside the single computer or lab where it was created. Written in 1982 by Rich Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk. The first PC virus was a boot sector virus called (c)Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of software they had written.[http://www.brain.net.pk/aboutus.htm] Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days of personal computers, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk. As bulletin board systems and online software exchange became popular in the late 1980s and early 1990s, more viruses were written to infect popularly traded software. Shareware and bootleg software were equally common vectors for viruses on BBSes. Within the "pirate scene" of hobbyists trading illicit copies of commercial software, traders in a hurry to obtain the latest applications and games were easy targets for viruses. Since the mid-1990s, macro viruses have become common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel. These viruses spread in the Microsoft Office monoculture by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well. Numerically, most of these viruses did not have the ability to send infected e-mail. The ones that did usually worked by accessing the Microsoft Outlook COM interface. Some versions of Word have had bugs in the calls by which macros replicate themselves, causing occasional replication errors, which has sometimes resulted in actual evolution by natural selection. Also, again closely analogous to biological viruses, sometimes when a system gets infected with two Word macro viruses at the same time, recombination can produce a new virus (much as an animal host infected with multiple strains of influenza can produce a novel strain of influenza). [http://www.people.frisk-software.com/~bontchev/papers/macidpro.html] A computer virus may also be transmitted through instant messaging. A virus may send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted source), goes to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.

Why people create computer viruses

Unlike biological viruses, computer viruses do not simply evolve by themselves, except in the cases where copying errors and recombination have led to actual evolution of computer viruses; however, these cases are very rare compared to the rapid generation of new malware by human programmers. They cannot come into existence spontaneously, nor can they be created by bugs in regular programs. They are deliberately created by programmers, or by people who use virus creation software. Virus writers can have various reasons for creating and spreading malware. Viruses have been written as research projects, pranks, vandalism, to attack the products of specific companies, to distribute political messages, and financial gain from identity theft or spyware. Some virus writers consider their creations to be works of art, and see virus writing as a creative hobby. Additionally, many virus writers oppose deliberately destructive payload routines. Some viruses were intended as "good viruses". They spread improvements to the programs they infect, or delete other viruses. These viruses are, however, quite rare, still consume system resources, may accidentally damage systems they infect, and, on occasion, have become infected and acted as vectors for malicious viruses. Moreover, they normally operate without asking for permission of the owner of the computer. Since self-replicating code causes many complications, it is questionable if a well-intentioned virus can ever solve a problem in a way which is superior to a regular program that does not replicate itself. Releasing computer viruses (as well as worms) is a crime in most jurisdictions. See also [http://news.bbc.co.uk/1/hi/technology/3172967.stm BBC News' Why people write computer viruses]

Replication Strategies

In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus' code may be executed first. Viruses can be divided into two types, on the basis of their behavior when they get executed. Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.

Nonresident viruses

Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file. For simple viruses the replicator's task is to: # Open the new file # Check if the executable file has already been infected (if it is, return to the finder module) # Append the virus code to the executable file # Save the executable's starting point # Change the executable's starting point so that it points to the start location of the newly copied virus code # Save the old start location to the virus in a way so that the virus branches to that location right after its execution. # Save the changes to the executable file # Close the infected file # Return to the finder so that it can find new files for the replicator to infect.

Resident viruses

Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can get called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer. Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they will not slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behaviour by programs. The slow infector approach doesn't seem very successful however. Viruses that are common in the wild are mostly relatively fast to extremely fast infectors.

Host types

Viruses have targeted various types of hosts. This is a non-exhaustive list:
- Binary executable files (such as COM-files and EXE-files in MS-DOS, Portable Executable files in Microsoft Windows, and ELF files in Linux)
- Boot sectors of floppy disks and hard disk partitions
- The master boot record of a harddisk
- General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, and shell script files on UNIX platforms).
- Application-specific script files (such as Telix-scripts)
- Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files)

Methods to avoid detection

In order to avoid detection by users, some viruses employ different kinds of obfuscation. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however. Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file. Recent viruses avoid any kind of detection attempt by attempting to forcefully kill the tasks associated with the virus scanner before it can detect them. As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced.

Avoiding bait files and other undesirable hosts

A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program however. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of hosts that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:
- Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small infected bait file, than to exchange a large application program that has been infected by the virus.
- Anti-virus professionals can use bait files to study the behaviour of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.
- Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system. Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'. A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.

Stealth

Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by ensuring that a request of anti-virus software to read an infected file is passed to the virus, instead of to the operating system. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean". Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean.

Self-modification

Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" the infected file. Some viruses employ techniques that make detection by means of signatures difficult or impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.

Simple self-modifications

In the past, some viruses modified themselves only in fairly simple ways. For example, they regularly exchanged subroutines in their code. This poses no problems to a somewhat advanced virus scanner however.

Encryption with a variable key

A more advanced method is the use of simple encryption to encode the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Mostly, the decryption techniques that these viruses employ are fairly simple and mostly done by just xoring each byte with a randomized key that was saved by the parent virus. The use of XOR-operations has the additional advantage that the encryption and decryption routine are the same (a xor b = c, c xor b = a.)

Polymorphic code

Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts that stay the same on each infection, making it impossible to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. Some viruses employ polymorphic code in a way which constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that, as a result of this, some instances of the virus may be able to avoid detection.

Metamorphic code

To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. W32/Simile consisted of over 14000 lines of assembly code, for example. 90% of it is part of the metamorphic engine.

Viruses and legitimate software

The vulnerability of operating systems to viruses

Another analogy to biological viruses: just as genetic diversity in a population decreases the chance of a single disease wiping out a population, the diversity of software systems on a network similarly limits the destructive potential of viruses. This became a particular concern in the 1990s, when Microsoft gained market dominance in desktop operating systems and office suites. Users who still use Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses, since Microsoft software often includes many errors and holes. Integrated applications, applications with scripting languages with access to the file system (for example Visual Basic Script (VBS), and applications with networking features) are also particularly vulnerable. Microsoft's software is also targeted by virus writers because of their desktop dominance. Although Windows is by far the most popular operating system for virus writers, some few viruses also exist on other platforms. It is important to note that any operating system that allows third-party programs to run can theoretically run viruses. However, some operating systems are less secure than others. Unix-based OSes (and NTFS-aware applications on Windows NT based platforms) only allow their users to run executables within their protected space in their own directories. Unix systems are inherently secure against viruses by virtue of the underlying secure architecture. According to Newsweek's [http://www.msnbc.msn.com/id/9863957/site/newsweek/ Stephen Levy], "Symantec's security team has yet to find a single Mac virus; by contrast, it spotted almost 11,000 new Windows viruses in the first half of 2005 alone." The fact that Symantec has found no viruses for Mac indicates that there is little if any reason to even bother running anti-virus software on computers running Mac OS X or Linux. It also indicates a vulnerability to viruses that is fundamental to the design of Microsoft Windows that is absent from Unix based operating systems such as Linux. Windows and Unix have similar scripting abilities, but while Unix natively blocks normal users from having access to make changes to the operating system environment, Windows does not. Thus, any programs and scripts, even if written by a third-party, are harmless to the Unix system when executed by users who are not running as root, the superuser of the system. More recently, Microsoft's Outlook (but not Outlook Express) e-mail client has developed similar features when dealing with executable file types that Outlook may download as attachments. Windows users would do well to patch their operating systems and e-mail clients to try prevent viruses and worms from reproducing through security "holes" which prudence and virus scanners are unable to prevent.

The role of software development

Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. Software development strategies which produce large numbers of bugs will generally also produce potential exploits. Closed-source software development as practiced by Microsoft and other proprietary software companies is seen by many as a security weakness. Open source software such as Linux, for example, allows all users to look for and fix security problems without relying on a single vendor. Some advocate that proprietary software makers practice vulnerability disclosure to ameliorate this weakness.

Anti-virus software and other countermeasures

Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. Some virus scanners can also warn a user if a file is likely to contain a virus based on the file type; some antivirus vendors also claim the effective use of other types of heuristic analysis. Some industry groups do not like this practice because it often increases the number of false positives the anti-virus software detects. They work by examining the contents of the computer's memory (its RAM, and boot sector) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". Some anti-virus programs are able to scan opened files in addition to sent and received emails 'on the fly' in a similar manner. This practice is known as "on-access scanning." Anti-virus software does not change the underlying capability of host software to transmit viruses. There have been attempts to do this but adoption of such anti-virus solutions can void the warranty for the host software. Users must therefore update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to gain knowledge about the latest threats and hoaxes.

External links

Anti virus

- [http://www.softpanorama.org/Malware/index.shtml Softpanorama (slightly skeptical) Viruses, Worms and Spyware Defense Strategy]
- [http://www.all.net/books/virus/part5.html Fred Cohen's 1984 paper]
- [http://www.sophos.com/virusinfo/explained/ Virus glossary and best practice]
- [http://librenix.com/?inode=80 An editorial on beneficial viruses (con)]
- [http://www.windowsecurity.com/articles/Protecting_Email_Viruses_Malware.html Email Viruses] - an article about how to protect your email from viruses
- For a thorough, hypothetical pro discussion, see: [http://vx.netlux.org/lib/avb02.html "Are Good Viruses still a Bad idea?"]
- [http://www.pcvirus.org/links Malicious Code & Viruses - Articles, Links, and Whitepapers]
- [http://www.wildlist.org The Wildlist] List of viruses and worms 'in the wild' (i.e. regularly encountered by anti-virus companies)
- [http://www.digitalcraft.org/iloveyou/index.htm I love you [rev.eng] exhibition]
- [http://www.virusbtn.com/ Virus Bulletin] (Same owner as Sophos)
- [http://softwaremart.biz/virus/threats/ Latest Virus Threats] — Real-time listing of the latest Virus threats from McAfee and Symantec.
- [http://www.theglobeandmail.com/servlet/story/RTGAM.20050519.gtwvirus19/BNStory/Technology/ The Globe and Mail: Cellphone acting sick? Might be a virus] (free registration required)
- [http://securityresponse.symantec.com/avcenter/vinfodb.html Symantec's Virus Database]
- [http://www.antisource.com Computer Virus Alerts, News, and Help]
- [http://www.nerdhelp.com/ Computer Tech Support] — Free online knowledge base for everything from hardware problems to virus fixes.

Pro virus

- [http://www.totallygeek.com/vscdb/ Virus Source Code Database]
- [http://vx.netlux.org/ VX Heaven - Sources & Guides]
- [http://www.hackpalace.com/virii/indexe.shtml Hackpalace Virii] Virus Virus als:Computervirus ko:컴퓨터 바이러스 ja:コンピュータウイルス th:ไวรัสคอมพิวเตอร์

Sobig

The Sobig Worm was a computer worm that infected millions of Internet-connected, Microsoft Windows computers in August 2003. Although there were indications that tests of the worm were carried out as early as August 2002, Sobig.A was first found in the wild in January 2003. Sobig.B was released on May 2003. It was first called Palyh, but was later renamed to Sobig.B after anti-virus experts discovered it was a new generation of Sobig. Sobig.C was released May 31 and fixed the timing bug in Sobig.B. Sobig.D came a couple of weeks later followed by Sobig.E in June 25. On August 19, Sobig.F became known and set a record in sheer volume of e-mails. The worm was most widespread in its "Sobig.F" variant. Sobig is a computer worm in the sense that it replicates by itself, but also a Trojan horse in that it masquerades as something other than malware. The Sobig worm will appear as an electronic mail with one of the following subjects:
- Re: Approved
- Re: Details
- Re: Re: My details
- Re: Thank you!
- Re: That movie
- Re: Wicked screensaver
- Re: Your application
- Thank you!
- Your details It will contain the text: "See the attached file for details" or "Please see the attached file for details." It also contains an attachment by one of the following names:
- application.pif
- details.pif
- document_9446.pif
- document_all.pif
- movie0045.pif
- thank_you.pif
- your_details.pif
- your_document.pif
- wicked_scr.scr

Technical details

The Sobig viruses infect a host computer by way of the above mentioned attachment. When this is started they will replicate by using their own SMTP agent engine. Email addresses that will be targeted by the virus is gathered from files on the host computer. The file extensions that will be searched for email addresses are:
- .dbx
- .eml
- .hlp
- .htm
- .html
- .mht
- .wab
- .txt The Sobig.F variant was programmed to contact 20 IP addresses on UDP port 8998 on August 26, 2003 to install some program or update itself. It is unclear what this program was, but earlier versions of the virus had installed the Wingate proxy server software, a backdoor often used by spammers to distribute unsolicited email. The Sobig worm was written using the Microsoft Visual C++ compiler, and subsequently compressed using a data compression program called tElock. The Sobig.F worm deactivated itself on September 10, 2003. On November 5 the same year, Microsoft announced that they will pay $250,000 for information leading to the arrest of the creator of the Sobig worm.

External links

- [http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html Information on Sobig from Symantec]
- [http://www.2-spyware.com/remove-sobig.html SoBig Worm removal] Information about Sobig worm and removal tool
- http://www.lurhq.com/sobig.html
- [http://it.slashdot.org/it/04/11/01/1410229.shtml So, who wrote SoBig?] Category:Computer viruses

Wikipedia:Requests for adminship/Redux

Redux

Final (19/1/0) ending 22:30 July 28 2005 (UTC) I have been around for over a year now, and have made 3,039 edits (according to Kate's Tool) up until this point. I am not as active as some great users who have recently been given Adminship, but I feel I could contribute further to the project if also given Adminship. My user page contains the details about how long I've been here, some of my interests, etc. Feel free to visit. My contributions were mainly to contents of articles, but recently I've started being more present in such forums as the Village Pump and VfD, as well as checking the Recent Changes listing more often. Hopefully, I will be increasing my level of participation in those areas. Redux 22:30, 21 July 2005 (UTC) :Candidate, please indicate acceptance of the nomination here: Not applicable, self-nom. Accepted. Support # Unconditional support. Denelson 83 23:46, 21 July 2005 (UTC) #I've seen a lot of good contributions from Redux over a long period of time. I am glad to support. Acegikmo1 00:59, 22 July 2005 (UTC) #Support I think Redux will be a trustworthy and friendly admin. He (or she) made a lot of edits. And the edits are very high quality.--Exir Kamalabadi | Contributions 02:03, July 22, 2005 (UTC) # Support - Redux is a valuable, polite, and friendly contributer who would make an excellent admin. Hand him the mop! Sango123 02:35, July 22, 2005 (UTC) # Support - I worked with Redux on many issues, including the Brazil Wikiportal and various Barnstar awards. He is great to work with, great to know and gives great insight on many issues. Zscout370 (Sound Off) 02:56, 22 July 2005 (UTC) #Support. Grue 07:10, 22 July 2005 (UTC) #Support. Shanes 10:06, 22 July 2005 (UTC) #200% Support - one of the very few who listens and tries to work in cooperation without being rude. wish you all the luck and all the best Antares911 13:25, 22 July 2005 (UTC) #Support. Does good work and knows the Wikipedia policies. His work on Barnstars also shows his dedication to the recognition of others. --Death phoenix 13:42, 22 July 2005 (UTC) #Support. Devotion to civility is admirable, and a willingness to apologize when he goofs is equally valuable. TenOfAllTrades(talk) 15:37, 22 July 2005 (UTC) #Support. JuntungWu 05:35, 23 July 2005 (UTC) #Support. Intelligent user. Deb 11:33, 23 July 2005 (UTC) #User:Merovingian (t) (c) 12:43, July 23, 2005 (UTC) #Emphatic support. 172 | Talk 19:49, 23 July 2005 (UTC) #Support Poli (talk • contribs) 22:11, 2005 July 23 (UTC) #Support -- helpful friendly user, always willing to communicate with other users. ∞Who ?¿? 21:41, 24 July 2005 (UTC) #Support, Pavel Vozenilek 22:12, 25 July 2005 (UTC) #Support, Thunderbrand 02:45, July 27, 2005 (UTC) #Support; thanks for the work on Brazil topics and for explaining your previous conflicts with other users. --Spangineer (háblame) 15:22, July 28, 2005 (UTC) Oppose # Oppose. Redux has shown too much undesirable traits to be trusted with any power over others. I remind that he has not even promised anything about refraining from admin actions on behalf of "his friends". His own admissions already say much about his past behavior - and there has been no apologies from him to persons he insulted or abused then. Redux has sometimes, but however repeatedly, made personal attacks and used abusive foul language. And Redux has repeatedly made accusations of sockpuppetry when he must have understood that there were no more than one username in use (he then tried to fabricate an allegation of another username, baselessly). Redux has shown himself a possessive nature - one of the examples is him putting a WIP tag into an article, keeping it days (also continued when reminded that the tag is intended for only 30-180 minutes, not longer), and reversed a valid edit by another, when such had been made over half a day after Redux' installation of WIP tag. Redux has even shown some paranoia and certain querulous nature. (Wonder if anyone would really give him admin powers here, after all such behavior.) Arrigo 22:35, 22 July 2005 (UTC) #: Here since July 6, offensive comments like [http://en.wikipedia.org/w/index.php?title=User_talk:Aoi&diff=prev&oldid=19517571], hmmm ... Perhaps your vote should be treated as badge of honor for Redux. Pavel Vozenilek 22:12, 25 July 2005 (UTC) #::Well Pavel, if you want to support Redux who has shown himself to be a supporter of that continuous cut-and-paste mover Antares... Cut-and-paste moves are not accepted here (and after so many repeated cut-and-paste moves by Antares, certainly deserving clear words, as more lenient wording somehow has not got understood), or are you making changes to that principle? Arrigo 09:16, 26 July 2005 (UTC) Redux has shown himself to be biased when it comes to the Maria Olivia Da Silva controversy (he claims that she is 125 years old and proven...no scientist in the world has made that assertion). In addition, it seems that his only goal is self-glorification, which is not a good reason to give him more power.66.64.156.146 05:14, 28 July 2005 (UTC) :Unregistered users cannot vote in the RfA. I don't really understand your indignation though. I only added an entry to the article, naming a source that provided proof of validation. There didn't seem to be any controversy there, otherwise I wouldn't have added the name to the list. No one said anything about it in the article's talk page either. I'm more than willing to discuss it there. If the evidence I provided is insufficient, I don't have any problems with removing the entry from the article. Please, assume good faith in situations like this. All I wanted was to help out. Regards, Redux 05:41, 28 July 2005 (UTC) Neutral # Comments
- Kate's tool says that Redux made 3042 edits, with 1681 on articles--Exir Kamalabadi | Contributions 02:03, July 22, 2005 (UTC)
- To make everybody's lives easier, I'd like to say that I'm a "he". I should have said it sooner, thanks Exir. Redux 02:55, 22 July 2005 (UTC)
- Arrigo is (or used to be) the anon I talked about in my answer to question 3. The description is accurate, since he still posts anonymously regularly, under the IP address. Naturally, he is entitled to his opinion about me, but I can't really respond to a personal dislike from someone that has caused problems with several users. I have said, however, that I did loose my patience during my exchanges with him on account of his aggressiveness (but not as he claims), and this particular tone of Arrigo's has been acknowledged by several users thus far. As I said, this was not to my credit, and I have since taken myself out of the equation. Let this be the end of it. Redux 23:03, 22 July 2005 (UTC) :Redux, you wrote below "..who was very aggressive and ironical in his comments. I did loose my patience, which is not to my credit."
Could you please give us verbatim examples (and not only your own interpretations) how, i.e in which words, that commentator was aggressive in comments towards you before you "lost your patience". Arrigo 00:12, 23 July 2005 (UTC) ::This is really not the place for this. As far as what happened between us, we both made mistakes. I've acknowledged mine and I do regret them. As far as I am concerned, this is all behind us. If we can't work together, it's best for the community that we at least don't disturb one another's work in the project. This is what I've been trying to do. My report in the Village Pump was to get further assessment of what appeared to be a serious problem. From my very first comment, I said that I could not confirm it, since I lacked the means, which, of course, left clearly open the possibility that what I thought could be happening might not really be happening. If that was the case, all the better! It would not have happened if you had not been contributing under a registered account and an IP address simultaneously, as Choess explained to you in your user talk page. I understand, however, that things between us were left on less than good terms. I admit that, as a more experienced user, I could have done a better job at preventing this from happening. For not having done that, I am sorry. I thought some about it since our last exchange, but for what happened, I believe I've become a better contributor. If you have any concerns about any possible action of mine against you when (or, at this point, if) I become an Admin, you can rest assured you have nothing to worry about. As I said in the last part of my last answer, I will not, ever, use Admin tools in any issue with which I'm involved personally, directly or indirectly. For the sake of transparency and trustworthiness of Administrators' operations, I would not be the indicated person to use those tools in issues involving you. People could request that of me, but I'd refuse and ask them to address someone else on the issue. At the most, if requested, I would give my honest opinion, and if it happens that you are right, you can be certain that I will go right out and say: "Arrigo is right on this one". Does that address your concerns? Redux 01:36, 23 July 2005 (UTC) :My concerns are addressed when you remain as non-privileged user. You can refrain from applying for adminship. Remember that of us two, you are the one trying to have a position which I feel you unsuitable to. I think I am quite objective in this - my opposition does not come from any personal fear, it comes from my experiences of your nature. If you are now having a better day, we must look forward to you having again bad days. It belongs to the pattern of your behavior.
As to the question I posed, I think there will be found out that you used very foul language without anything such that you could present here legitimately as provocation - after all, your possessiveness IS against wikipedia principles. I asked for authentic verbatim samples for (1) to give others opportunity to assess those samples objectively (I do not want to be the one to give interpretation), and (2) even offered you the possibility to pick up samples.Arrigo 02:03, 23 July 2005 (UTC) ::I'm sorry that you feel this way. Your concerns are noted. Perhaps one day you will find out that I'm one of the good guys around here. What happened between us was unfortunate and, hopefully, will not happen again. Redux 02:24, 23 July 2005 (UTC) Questions for the candidate
A few generic questions to provide guidance for voters: :1. What sysop chores, if any, would you anticipate helping with? (Please read the page about administrators and the administrators' reading list.) ::A. My main areas of interest would be VfD, dealing with vandalism, copyright problems (for both text and images), 3RR issues and mediating and, if necessary, applying the rules applicable to personal attacks issues. As an admin, I'd be willing to get involved and try to defuse conflicts. I've had great mentors in the art of staying cool. :2. Of your articles or contributions to Wikipedia, are there any about which you are particularly pleased, and why? ::A. I've contributed to many articles pertaining to Brazil. My intention is to expand the coverage we have on the country. I am the creator of the Brazil Wikiportal, which I also maintain and update regularly. I am also proud of my involvement with the Barnstars on Wikipedia project — I also empower the Kindness Campaign by awarding Barnstars whenever I find a worthy recipient. My motto is "credit where credit is due" (corny, but true). :3. Have you been in any conflicts over editing in the past or do you feel other users have caused you stress? How have you dealt with it and how will you deal with it in the future? ::A. Yes. Anyone who has been around as long as I have is bound to have been in a couple of conflicts. The most recent one I had was with an anon user (now registered, I believe) who was very aggressive and ironical in his comments. I did loose my patience, which is not to my credit. But as soon as I realized where things were going, I took myself "out of the equation", as we say. A couple of days back, I ran into evidence that seemed to point to the anon and another user being involved in a rivalry that seemed to include sockpuppets and impersonations. I reported this on the Village Pump, in order to get a broader peer assessment of the issue. I did it being as impartial as possible, but giving my views on what appeared to be happening. The anon didn't like it, and wrote some personal attacks in the IP talk page. I have not responded, and nor do I intend to. Rivalries are not why I'm here. All I want is to advance the project. Another time, a frustration due to a very insistent vandal led me to criticize another user who did not deserve my words. I admitted the mistake and apologized to the user in his talk page. I have also apologized to another user for allowing myself to be dragged into an unpleasant discussion with an anon on said user's talk page. And if ever I mess up again (I'm only human), I will apologize again, that's part of the learning process. Here's something I will vow: if given Adminship, I will never use Admin tools in any issue that I happen to be involved with personally (hopefully, never again). If it's the case to get an Admin involved, I will contact someone else and ask for an opinion, or make my case in the RfC or some other appropriate forum. I am very serious about this: Admin opperations must be transparent and spotless. I realize the responsibility I'd be taking on. Other than that, I often defuse misunderstandings and potential issues by being polite and explaining thoroughly my reasons on talk pages. That's how I'd prefer to deal with problems: talking it out politely and in a civil manner. That's what I intend to do, always. The self-nominated candidate, Redux, has written (in User talk:John Kenney): "Spoken like a true paranoid. Who do you think you're fooling dude? Rambling on will not change anything.... Redux 13:42, 11 July 2005 (UTC)" - It is possible that Redux' eagerness to have sysop powers derives from his "frustration" over not succeeding to impose his will in that indicated case, due to also technical reasons. 217.140.193.123 11:46, 23 July 2005 (UTC)

katpar sluby tekst Zapraszamy Jamnik Jamniki Zoja

:: RELATED NEWS ::

Prawo przemian promieniotwórczych
Prawo rozpadu promieniotwórczego (inaczej równanie rozpadu promieniotwórczego, prawo przemian promieniotwórczych) określa szybkość przemian (rozpadu) jąder pierwiastków promieniotwórczych jako: :

\ln \frac = -\lambda t

lub :

N(t) = N_ e^

gdzie:
- t - czas od rozpoczęcia pomiaru
- N(t) - liczba atomów pierwiastka promieniotwórczego pozostałych po czasie t od początku pomiaru
- N_o - liczba atomów pierwiastka p

Równanie rozpadu promieniotwórczego
Prawo rozpadu promieniotwórczego (inaczej równanie rozpadu promieniotwórczego, prawo przemian promieniotwórczych) określa szybkość przemian (rozpadu) jąder pierwiastków promieniotwórczych jako: :

\ln \frac = -\lambda t

lub :

N(t) = N_ e^

gdzie:
- t - czas od rozpoczęcia pomiaru
- N(t) - liczba atomów pierwiastka promieniotwórczego pozostałych po czasie t od początku pomiaru
- N_o - liczba atomów pierwiastka p

Kuweta
Kuweta - płytkie, prostokątne naczynie chemoodporne (plastikowe, szklane lub metalowe), ktore może służyć do wielu celów. W fotografice - w kuwetach umieszcza się roztwory chemikaliów potrzebne do wywoływania, płukania i utrwalania zdjęć. Płaski kształt naczynia ułatwia umieszczanie w roztworach kolejne zdjęcia i łatwą obserwację postępów wywoływania i utrwalania. Często dno kuwet fotograficznych jest prążkowane aby ułatwić dostęp chemikaliów do całej po

Hydrochinon
(z lewej) i hydrochinonem (z prawej)]] Hydrochinon - organiczny związek chemiczny, alkohol aromatyczny (fenol), zawierający dwie grupy hydroksylowe przyłączone do pierścienia benzenu. Wzór sumaryczny: C