About the Book
Source: Wikia. Pages: 65. Chapters: Aep, Badtrans, Beagle, Bizatch, Blackbat, Blackworm, Blaster, Bolzano, Bridex, Bymer, CIH, Coconut, CodeRed, Collo, Conficker, Dasher, Dumaru, Elkern, ExploreZip, Fizzer, Frethem, Funlove, Gibe, Happy99, Hazafi, Hybris, Imsolk, Klez, Lara, Lovgate, MTX, Magistr, Maldal, Mimail, Mylife, Mytob, Navidad, Nimda, Parrot, Prettypark, Quizy, Remex, Roron, Sasser, Sharp, Sircam, Slammer, Smash, Sober, Spybot, Stration, Stuxnet, Swen, Tanatos, Welchia, Winevar, Winux, Winvir, Witty, Yaha, YahaSux, Zhelatin, Zotob. Excerpt: AEP is an early 16-bit Windows virus. It is nonmemory resident and specifically infects NewEXE files, .exe's and .dll's. It appears to take its name from American Eagle Publications, a small publisher in the American state of Arizona, known for its books on security topics, including several classic contraversial books on viruses. There is another virus sometimes also named AEP that also has the name Lamark. Kaspersky Lab. SecureList.com, Virus.Win16.AEP.a. 2000.01.12 Badtrans is an email worm from 2001. Similar to the Nimda worm, Badtrans uses an exploit in Microsoft's Outlook email program, that gives it the ability to launch itself from the preview pane. Badtrans arrives in an email with many possible spoofed sender lines. The sender line may be one collected from SMTP information on the computer it came from or from 15 possible sender lines contained inside the worm. It can launch itself from the preview pane in Microsoft Outlook, but must be downloaded and executed for other email clients. The attachment is 29,020 bytes long. When Badtrans is executed, it copies itself to the Windows system folder as Kernel32.exe and (in Windows 95, 98 and ME) registers itself as a sevice process. It also drops a key log file Cp_25389.nls and the key logger, Kdll.dll in the system folder. The worm displays a dialog box titled, "WinZip Self-eXtractor," which reads, "File data corrupt: probably due to a bad data transmission or b...
