How To Predict Computer Viruses Attacks

[Guest guest]

How To Predict Computer Viruses Attacks

by Jo Cohen, IIPA France

 

According to Systems' Approach, the planet Mercury governs

telecommunications and all network infrastructures dedicated to the exchange

of data among corporations and individuals. Everything in relation to the

Internet is correlated with the state of the transit of Mercury and the

various influences it receives. Next big attack: May 25th, 2004!

 

Since the beginning of the Internet, and especially since its

democratization, the impact of computer viruses took planetary proportions.

The phenomenon is easy to observe as it has become a general matter of

interest among all media. Even when computer related stories are not its

first speciality, the media (also governed by Mercury) informs the general

public of all new attacks of scale. The attack of the Mydoom virus, launched

on January 28th, 2004 was covered by nearly all major newspapers, radios and

televisions all over the world. This focus reminds us that viruses cost a

lot of money to corporations and individual users. According to Trend

Micro, they would have cost 55 billion dollars in 2003, compared to 20 to

30 billion in 2002 and approximately 13 in 2001. Trend Micro expects these

numbers to raise in 2004. It is a true plague that companies must face.

Viruses and worm attack permanently computer systems. Their malicious code

is permanently in evolution. They are "sleeping" a certain time before doing

damages for which they were programed at moments that are not random at all.

 

These attacks are perfectly predictible according to Systems' Approach. They

appear when specific astrological criteria regarding to Mercury are met :

weakness and affliction by the nodes, Rahu and Ketu. Of course, the

configurations being able to disrupt Mercury vary from case to case and each

one has its own specificity. A retrospective of the main attacks of computer

viruses from end of 2002 to beginning 2004 will allow us to understand the

main influences at play.

 

The Bugbear virus

Around September 10th 2002, the first release of the Bugbear virus appears

on the Internet when Mercury is at 18°33' Virgo, receiving malefic influence

of Rahu at 18°46' Taurus. The speed of Rahu and Mercury being kind of fast

and Mercury being more powerful as it occupies its own Moolatrikona sign,

the impact of this attack remained a limited one.

 

That was not the case in June 2003 when a new version of the same virus,

named Bugbear.B, invaded the Internet around the 12th: on this day, Mercury

is at 5°40' Taurus, in conjunction with Rahu at 5°29' in the same sign.

Mercury receives also the influence of Venus at 9°18' in Taurus. But, there

are several differences with the September 2002 attack: Rahu is stationary

since mid-april 2003, increasing its maleficness, and Mercury is debilitated

in navamsa, increasing its weakness. The impact of Bugbear.B was more

harmful as reported by the " Symantec Security Response ". This service

from the leading software editor specialized in antivirus for PCs reports an

increasing number of calls for technical support when a new virus appears.

The high number of calls received shows that Bugbear.B is considered by

Symantec the most devastating virus of 2003 (see Symantec Top Ten figures).

The comments made by Symantec are very clear : " Bugbear.B is the virus of

the year 2003 in terms of infections. Bugbear.B represents 11% of the

infections inventoried by Symantec and it continuously circulates and

infects non protected computers. Circulating by e-mail, the virus uses a

security hole for which a corrective patch is available since March 2001.

It executes itself automatically as soon as the user passes his mouse on the

title of the infected message. Once in the computer, it broadcasts itself to

all persons whose e-mail is present in the adress book. The virus installs

a tool saving of strikes keyboard and a trojan horse allowing access to the

infected computer. Another characteristic of Bugbear.B : it targets specific

sectors of economy as financial institutions. If the virus detects that the

infected computer is part of a network belonging to a bank, it is programed

to send automatically the stored passwords in the mask of Internet and the

strikes keyboards recorded to a list of given e-mail adresses. This allows

the hacker to recover the precious data. " The specific target of Bugbear.B

is related to the conjunction of Venus present at the time of the first

attack.

 

The worm BAT911

Rahu is not the only planet to trigger attacks of computer viruses. Ketu

has the same kind of activating influence. It was the case in March 2003

with BAT911. The worm BAT911 is discovered on March 22nd when Mercury is

debilitated at 7°42' in Pisces, under the exact aspect of Ketu at 7°20' in

Libra. Ketu was not stationary at that time. "This worm", explains Symantec,

" remains inapparent ", which is a classic characteristic of Ketu. This

worm is interesting from the standpoint of its conception. It looks for IP

address at all popular ISP and tries to infect all the computers that have

activated filesharing capabilities without the protection of a password.

Once the computer infected, the worm calls SOS phone numbers (911 to the

United States) through connected modems. The conjunction of Sun to Mercury

on this March 22nd allowed the discovery of this "hidden worm", totally

inapparent before that.

 

The worm Sobig

In august 2003 appeared Sobig, a worm that does its first appearance in

January 2003 with a first version that propagates itself in a classical

manner through the electronic mail. Many versions of Sobig appeared

throughout the year, each one being programed to activate itself at a

specific date. According to Symantec, it is difficult to explain why

Sobig.F, the version that appeared August 18th, 2003, had more success than

the others, infecting hundreds of thousands of computers all over the world.

August 18th 2003, Mercury was at 28°30' Leo, weakened by being in old age

and by the infant state of its dispositor Sun at 01°30' in Leo. More,

Mercury was receiving narrow aspect from Rahu at 0°54' Taurus. The

infections generated by Sobig.F were aggravated by the fact that the subject

and the body of the message were looking like innocent SPAM. Nevertheless,

according to Symantec, no one explained why this specific version pushed as

many users to open the attachment. According to Systems'Approach, it is

simple to understand that every person is, more or less according to his

natal chart, under the same affliction of Mercury which weakens his ability

to judge objectively. Taking a bad initiative and click on the attachment in

such circomstances is quite normal.

 

Mimail, Blaster, Welchia and Swen

Other attacks took place during august 2003. First, the virus Mimail

propagated itself by e-mail by stealing the data allowing its broadcast.

It's a "creative" virus in its wording since it personnalises itself to the

user. It appears as a message coming from the domain administrator to which

the user is connected. Many users were trapped opening the infected

attachments. The success of this procedure was reused in the eighth

following versions of the virus, whose other components were created to

steal credit cards numbers. Among other attacks that took place during this

time on august 2003, let's mention the famous virus Blaster and Welchia, a

second virus conceived to "correct" the security hole used by Blaster. The

consequences of these two viruses are very similar in terms of computer

system and infected networks: restart of computers, saturation of networks,

etc. It is important to note that this is the first time ever that these

type of worms infect the general public, previously they were targeted

exclusively to servers. The examination of the planetary movements during

august 2003 explains perfectly this turmoil. On August 15th, Mercury enters

the orb of affliction of Rahu and at the same time becomes old. On August

21st, Mercury, very much weakened by the change of sign, receives exact and

malefic aspect of Rahu. Because retrogradation began on August 28th,

Mercury continued to remain very weak and had been narrowly afflicted by

Rahu until September 11th. Such astrological circumstances are not very

frequent. On September 18th, Mercury transit became direct. On September

27th, Mercury entered again into the orb of affliction of Rahu for eight

days. According to Symantec, at the end of September 2003, benefiting from

the psychosis created by Blaster, Sobig.F and Mimail, the virus Swen.A took

the outlook of a corrective e-mail originating from Microsoft. " Swen.A

hits and wins a relative success, the 8th position of the TOP 10 of 2003

after only 4 months of activity! " With Swen.A, the execution of the

attachement gives the user the wrong feeling he installed a corrective patch

originated from Microsoft.

 

The virus Mydoom

At the beginning of 2004, the virus Mydoom is on every newspapers' front

pages. January 28th, when Mydoom starts to infect the Internet, Mercury is

at 22°12' Sagittarius, receiving exact aspect of Rahu at 22°42' Aries.

Mercury and Rahu showing respectively fast moves and Mercury being weakened

only by the exact aspect of Rahu that receives its dispositor: consequently,

the length of this virus impact was very short.

 

To when the next attacks?

During 2004, Mercury will receive at several times the malefic influence of

Rahu and Ketu: on March 3rd, May 25th, June 24th, the 2nd and August 19th,

September 12th, October 17th. For each of these dates, the media will

probably evoke the endless threat of computer viruses. Nevertheless, the

speed and the power of Mercury indicate that the possible attacks will have

a limited breadth. Among these dates, May 25th and the ones of august will

be the most dangerous of 2004 because of the stationary state of Rahu or of

Mercury. This dangerousness will not be equal to the one of august 2003 and

should somehow remain inferior to the one of the virus Mydoom.

A next possible very large attack could be seen in July August 2005, when

Mercury will be afflicted by Rahu during quite a month.

Corporations informed of these future attacks need to be more vigilant

during theses periods, eradicating for instance all the attachments coming

from unknown emitters. They could also warn all their staff on the

aggravated dangers during these periods. Prevention has always prooved

better than cure.

 

Jo Cohen

February 13th 2004

IIPA France

 

Top 10 viruses for 2003

(based on more than 1,1 million requests sent to the " Symantec Security

Response ")

1. W32.Bugbear.B@mm 11,06%

2. W32.Klez.H@mm 07,80%

3. HTML.Redlof.A 03,70%

4. W95.Hybris.worm 02,22%

5. W32.sobig.F@mm 02,05%

6. W32.Blaster.Worm 01,91%

7. W32.Swen.A@mm 01,67%

8. W32.Nimda.E@mm 01,15%

9. W32.Bugbear.B.Dam 01,02%

10. W32.Sobig.A@mm 00,98%

 

******************************************

Kana Butkovic

 

Vastu Design - Harmonious Living

www.VastuDesign.com

 

Office: +44 (0)1923 23 44 99

Mobile: +44 (0)7968 454 989

Email: kana (AT) vastudesign (DOT) com