Computer viruses and worms
Computer viruses and worms are types of malicious software, or malware, designed to cause harm to computers, networks, and digital devices through embedded instructions. Their significance lies in their ability to disrupt systems and potentially inflict severe financial damage, with the capability to spread rapidly across vast networks. Law enforcement, including the US Department of Justice, actively investigates malware cases due to their links to organized crime, identity theft, and terrorism, making the distribution of such software a serious federal crime under the Computer Fraud and Abuse Act of 1984.
Historically, computer viruses have been disseminated via email attachments and downloads, leading to the emergence of professional virus writers. Tracking these authors poses significant challenges, involving complex investigative methods, including code analysis and digital forensics. Notable cases, such as the Melissa virus and the Zotob worm, highlight the efforts to apprehend those responsible for these attacks. As cyber threats evolve, especially with incidents like ransomware targeting various sectors, the need for advanced forensics and cybersecurity measures becomes increasingly critical to safeguard digital infrastructures and prosecute offenders effectively.
On this Page
Subject Terms
Computer viruses and worms
DEFINITION: Malicious computer programs, also known as malware, that use embedded instructions to carry out destructive behavior on computers, computer networks, and digital devices.
SIGNIFICANCE: Computer viruses and worms have the potential to disrupt computer networks and thus to cause great damage to a nation’s economy. The US Department of Justice has devoted significant resources to investigating and prosecuting persons who release viruses or worms on the Internet. In addition, government agencies investigate connections between malware and organized crime, identity theft, and terrorism.
Given the capacity of computer viruses and worms to spread to millions of computers within minutes and cause billions of dollars in damage, the distribution of malware is a criminal act. In the United States, causing damage to a computer connected to the Internet is a federal crime that carries substantial penalties for those convicted. The principal US law enforcement weapon against malware is the Computer Fraud and Abuse Act of 1984.
Many dangerous computer viruses have been spread through e-mail attachments and files downloaded from websites, and a rise has been seen in the numbers of professional virus writers—that is, people who are paid to infect computers with malware. Tracking down and catching virus authors is extremely difficult. The investigative methods used in this work include analyzing virus code for clues about the authors; searching online bulletin boards, where virus authors may boast of their accomplishments; and reviewing network log files for originating IP (Internet Protocol) addresses of viruses. Even when law enforcement agencies make concerted efforts in applying these techniques, it is still extremely difficult to track down virus and worm authors.
Some malware authors have been apprehended. When the Melissa virus overwhelmed commercial, government, and military computer systems in 1999, the Federal Bureau of Investigation (FBI) launched a large-scale Internet manhunt. Investigators succeeded in tracking down the virus creator by following several evidence trails. They identified David L. Smith of Aberdeen, New Jersey, as the suspect by analyzing the virus and the e-mail account used to send it, by searching America Online (AOL) log files that showed whose phone line had been used to send the virus, and by searching online bulletin boards intended for people interested in learning how to write viruses. Smith tried to hide the electronic evidence related to Melissa by deleting files from his computer and then disposing of it. The FBI found the computer and used computer forensics techniques to recover incriminating evidence. Smith was caught within two weeks. He was the first person prosecuted for spreading a computer virus.
In August 2005, Turkish and Moroccan hackers released an Internet worm named Zotob to steal credit card numbers and other financial information from infected computers. Zotob crashed innumerable computer systems worldwide. Investigators gathered data, including IP addresses, e-mail addresses, names linked to those addresses, hacker nicknames, and other clues uncovered in the computer code. Less than eight days after the malicious code hit the Internet, two suspects were arrested. Computer forensic experts on the FBI’s Cyber Action Team (CAT) verified that the code found on seized computers matched what was released into cyberspace.
Government responses to hacking became more intense following several high-profile computer security breaches targeting government servers in the 2010s. In 2014, the US government charged five Chinese military hackers working for the Chinese military's Unit 61398 for cyber espionage against American corporations, which was undertaken to gain a competitive advantage. The indictment marked the first time criminal charges were filed against known state actors for hacking. In 2015, the Chinese military's Unit 61398 was again implicated in cyber attacks against the Australian Bureau of Meteorology, in which hundreds of terabytes of data were stolen.
In 2016, the US Central Intelligence Agency (CIA) reported that the Russian government was behind a hack of the Democratic National Convention in which nearly 20,000 emails were stolen and leaked. The CIA told US legislators that the agency had concluded Russia carried out the hack with the aim of influencing the 2016 US presidential election. The following year, the WannaCry virus took computer files hostage in 150 countries, and in 2020, the US medical field experienced its largest ransomware attack, stalling surgeries and procedures. Ransomware was an increasing threat in the 2020s, affecting school districts, law enforcement agencies, businesses, and private individuals.
As hacking becomes more common, the targets more prominent, and the stakes higher, computer forensics techniques will need to become ever more advanced to prevent and prosecute hackers.
Bibliography
Dwight, Ken. Bug-Free Computing: Stop Viruses, Squash Worms, and Smash Trojan Horses. Houston: TeleProcessors, 2006.
Entous, Adam, Ellen Nakashima, and Greg Miller. "Secret CIA Assessment Says Russia Was Trying to Help Trump Win White House." The Washington Post, 9 Dec. 2016, www.washingtonpost.com/world/national-security/obama-orders-review-of-russian-hacking-during-presidential-campaign/2016/12/09/31d6b300-be2a-11e6-94ac-3d324840106c‗story.html. Accessed 2 Feb. 2023.
Erbschloe, Michael. Trojans, Worms, and Spyware: A Computer Security Professional’s Guide to Malicious Code. Boston: Butterworth-Heinemann, 2005.
Gerencer, Tom. “The Top 10 Worst Computer Viruses in History.” HP, 4 Nov. 2020, www.hp.com/us-en/shop/tech-takes/top-ten-worst-computer-viruses-in-history. Accessed 2 Feb. 2023.
International Council of E-Commerce Consultants. Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage. 4 vols. 2nd ed., Cengage Learning, 2016.
Maras, Marie-Helen. Computer Forensics: Cybercriminals, Laws and Evidence. Jones & Bartlett Learning, 2015.
US Department of Justice. "U.S. Charges Five Chinese Military Hackers for Cyber Espionage against U.S. Corporations and a Labor Organization for Commercial Advantage." US Dept. of Justice, 19 May 2014, www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor. Accessed 2 Feb. 2023.
"What Is Ransomware?" Kaspersky, usa.kaspersky.com/resource-center/threats/ransomware. Accessed 14 Aug. 2024.