Computer Viruses and Worms

Another alternative for hacktivists has been to disseminate their messages via (sometimes benevolent) worms and viruses that can spread across the world and reach thousands of people for years to come.

One of the earliest hackivist viruses was the 1988 MS-DOS Fu Manchu virus, which buried itself in a computer's memory and waited for the user to type in the name of Ronald Reagan, Margaret Thatcher, or former South African President P.K. Botha. When one of these names was typed, the Fu Manchu virus would change it to an obscene word. Another early hacktivist worm appeared when anti-nuclear protesters tried to stop NASA from launching the Galileo probe toward Jupiter, because the probe's booster contained radioactive plutonium as fuel. On October 16, 1989, hackers infected NASA's network with the WANK worm, which NASA officials estimate cost a half a million dollars' worth of time and resources to clean up. When run, the WANK worm displayed the following message:

W O R M S   A G A I N S T   N U C L E A R   K I L L E R S
______________________________________________________________
\__  ____________  _____    ________     ____  ____  __  _____/
 \ \ \    /\    / /    / /\ \       | \ \  | |    | | / /    /
  \ \ \  /  \  / /    / /__\ \      | |\ \ | |    | |/ /    /
   \ \ \/ /\ \/ /    / ______ \     | | \ \| |    | |\ \   /
    \_\  /__\  /____/ /______\ \____| |__\ | |____| |_\ \_/
     \___________________________________________________ /
      \                                                  /
       \    Your System Has Been Officically WANKed     /
        \_____________________________________________ /

You talk of times of peace for all, and then prepare for war.

In a hacktivist action to protest French nuclear testing, someone wrote the 1996 Nuclear macro virus to infect Microsoft Word and insert the text, "STOP ALL FRENCH NUCLEAR TESTING IN THE PACIFIC!" at the end of every document.

Computer viruses can spread from one computer to another, but they rarely match the distribution speed of an email worm. Two hacktivist worms include the Mari@mm worm and the Injustice worm. These worms work like many others; each can send a copy of itself to every email address stored in a target's Microsoft Outlook address book. When the Mari@mm worm infects a computer, it puts a marijuana icon on the screen. If the user clicks on this marijuana icon, a dialog box appears, as shown in Figure 16-9, promoting the legalization of marijuana.

The Mari@mm worm promotes the legalization of marijuana.

Figure 16-9. The Mari@mm worm promotes the legalization of marijuana.

The Injustice worm emails itself to the first 50 email addresses stored in a Microsoft Outlook address book and displays the following message:

PLEASE ACCEPT MY APOLOGIES FOR DISTURBING YOU.

Remember that one day YOU may be in this situation.

We need every possible help.

Israeli soldiers killed in cold blood 12 year old Palestinian childMohammad Al-Durra, as his father tried to protect him in vain with his own body. As a result of the indiscriminate and excessive use ofmachine gun fire by Israeli soldiers, journalists and bystanders watched helplessly as the child was savagely murdered.

Palestinian Red Crescent Society medic Bassam Balbeisi attempted to intervene and spare the child's life but live ammunition to his chest by Israeli fire took his life in the process. The child and the medic were grotesquely murdered in cold blood. Mohammad's father, Jamal, was critically injured and permanently paralyzed. Similarly, approximately 40 children were slain, without the media taking notice or covering these tragedies.

THESE CRIMINAL ACTS CANNOT BE FORGIVEN OR FORGOTTEN!!!!

HELP US TO STOP THE BLOOD SHED!!

Some other examples of hacktivist viruses and worms include the 2002 Yaha-e worm, written by Indian hackers, which attempted a denial of service attack on a Pakistani government website (www.pak.gov.pk); and the 2001 Mawanella virus, which protests the burning down of two mosques and 100 Muslim-owned shops in Mawanella, Sri Lanka, as part of the ongoing conflict between Muslims and Buddhists there, as shown in Figure 16-10.

The Mawanella virus seeks to publicize the conflict in Sri Lanka.

Figure 16-10. The Mawanella virus seeks to publicize the conflict in Sri Lanka.

Unlike regular viruses or worms, hacktivist creations rarely destroy data deliberately; their intent is to spread a message, not harm users. That wasn't the case in February 1999, however, when 14-year-old Israeli Nir Zigdon told the London Sunday Telegraph that he had single-handedly wiped out an Iraqi government website that, he said, "contained lies about the United States, Britain and Israel, and many horrible statements against Jews." Nir Zigdon said, "I figured that if Israel is afraid of assassinating Saddam Hussein, at least I can try to destroy his site."

Nir Zigdon reportedly sent an email attachment to the site and "claimed I was a Palestinian admirer of Saddam who had produced a virus capable of wiping out Israeli websites. That persuaded them to open the message and click the designated file. Within hours the site had been destroyed. Shortly afterwards I received an email from the site manager, Fayiz, that told me to 'go to hell'."