Venomcrack
From Wikipedia, the free encyclopedia
Venomcrack is the title of a software project that led to the creation of the YAABL.A virus, which was first distributed at 4:12am on August 7th, 2004. The YAABL.A virus was unique in the fact that it was written purely to single-out and attack computer hackers, damaging their data and (in some cases) rendering their computers completely inoperable.
Contents |
[edit] Distribution
Targeting an underground community of malicious hackers, this program was distributed under the guise that it was powerful hacking software that had been leaked. Written in the Python programming language, The Venomcrack project was a collection of open source files in the form of shell scripts that did indeed allow its users to break into America Online's chat-based AOL Instant Messenger network. However, certain packages containing the Venomcrack project also contained a hidden form of the YAABL.A virus (loaded in the compiled installation program) propigated briefly, then remained dormant in wait for remote activation.
Since the YAABL.A virus was released in active underground hacking communities, communication was constantly flowing. If a computer virus were discovered, the news would instantly spread. Therefore, in order to affect the maximum number of people, the YAABL.A virus had a unique activation system.
[edit] W32/YAABL.A Activation
The YAABL.A virus demonstrated a unique method of activation which allowed it to invisibly infect thousands of computers without being noticed, only to 'detonate' on all of them simultaneously around the world.
After the virus had established itself on a victim's computer, it would periodically download a text file on a remote web server. This text file would contain a number, usually 3600. This number would represent the number of seconds until the virus would download the same file again. The web server allowed the virus writer to keep close watch on exactly how many computers were infected, how often the text file was downloaded, and who was being infected. Running in an endless loop, as more and more computers became infected with the virus, the same file (and the same number) kept being downloaded every hour.
When a sufficient number of computers were infected and running in the endless loop cycle, the virus writer modified the text file on the web server, decreasing the number periodically. Computers began to download the file every 30 minutes, then every 10 minutes, and finally every 1 minute. This synchronized all of the computers all over the world to read the text file simultaneously. Finally, the text file's number was changed to 666, signaling any YAABL.A virus that downloaded it to begin damaging the user's computer. This method utilizing a remote text file and countdown system meant that thousands of peoples' computers were damaged within a 60 second window period, rendering news warnings completely useless. By the time anyone had discovered the YAABL.A virus, it had already completed its damage.
[edit] Damage
The YAABL.A virus modified the hard drive of the computer it had infected once it received the activation signal. This virus never deleted a single file. Folder names, drive letters, and directory structures were left intact. Instead, the YAABL.A virus renamed individual files in such a way that made them difficult to work with. When the YAABL.A virus modified a filename, it began by stripping the original filename. It generated a filename beginning with "OWNED_BY_SCOTT_" followed by a 13 character string of random data, and ending with ".hah" as the file extension.
Once completed, the YAABL.A virus would perform this operation to every file on the victim's computer. Initially the user would notice random files had been renamed. As the program ran, it would modify more and more of the victim's hard drive. An example affected folder is displayed to the right. Eventually, the contents of the Start menu would appear scrambled and icons would have odd names. If the user tried to restart the computer, it would fail to boot once a significant portion of the critical Windows directories had been damaged.
[edit] Affected Population
The incredibly narrow range of people who were affected by this computer virus seems to be closely tied to the primary reason this virus was created. In other words, the writer of this virus (who is believed to go by the alias "knighthacker" and/or "vonshin" - it is unclear as to who initially wrote the virus) wrote it as a means by which to attack malicious computer hackers. The only people who were affected by the YAABL.A virus were those who tried to use the Venomcrack hacking software in the first place. While this virus was not considered a large threat to the general public, the YAABL.A virus was analyzed by antivirus companies and its virus signature was added to most anti-virus software packages.
The creator of the YAABL.A virus, Scott Harden, used malicious coding techniques in an attempt to thwart the efforts of malice from other malicious hackers. This particular computer virus only affected the underground hacking community, and seemed to come around full circle to attack the very people who use their computer knowledge to attack others. Apparently the writer of the YAABL.A virus had little respect for the underground hacking community, for it is believed that YAABL stands for "You Are All Brainless Losers".
[edit] External links
- Mischel Internet Security Virus signature database update displaying the YAABL.A virus signature.
- AimForum.com is believed to be the initial source of distribution for the YAABL.A virus.
- Python.org contains information on the Python programming language.