How To Predict Computer Viruses Attacks by Jo Cohen

How To Predict Computer Viruses Attacks by Jo Cohen, President IIPA Chapter, France

According to Systems’ Approach, the planet Mercury governs telecommunications and all network infrastructures dedicated to the exchange of data among corporations and individuals. Everything in relation to the Internet is correlated with the state of the transit of Mercury and the various influences it receives. Next big attack: May 25th, 2004 !

Since the beginning of the Internet, and especially since its democratization, the impact of computer viruses took planetary proportions. The phenomenon is easy to observe as it has become a general matter of interest among all media. Even when computer related stories are not its first specialty, the media (also governed by Mercury) informs the general public of all new attacks of scale. The attack of the Mydoom virus, launched on January 28th, 2004 was covered by nearly all major newspapers, radios and televisions all over the world. This focus reminds us that viruses cost a lot of money to corporations and individual users. According to Trend Micro, they would have cost 55 billion dollars in 2003, compared to 20 to 30 billion in 2002 and approximately 13 in 2001. Trend Micro expects these numbers to raise in 2004. It is a true plague that companies must face. Viruses and worm attack permanently computer systems. Their malicious code is permanently in evolution. They are “sleeping” a certain time before doing damages for which they were programmed at moments that are not random at all.

These attacks are perfectly predictible according to Systems’ Approach. They appear when specific astrological criteria regarding to Mercury are met : weakness and affliction by the nodes, Rahu and Ketu. Of course, the configurations being able to disrupt Mercury vary from case to case and each one has its own specificity. A retrospective of the main attacks of computer viruses from end of 2002 to beginning 2004 will allow us to understand the main influences at play.

The Bugbear Virus

Around September 10th 2002 , the first release of the Bugbear virus appears on the Internet when Mercury is at 18°33’ Virgo, receiving malefic influence of Rahu at 18°46’ Taurus. The speed of Rahu and Mercury being kind of fast and Mercury being more powerful as it occupies its own Moolatrikona sign, the impact of this attack remained a limited one.

That was not the case in June 2003 when a new version of the same virus, named Bugbear.B, invaded the Internet around the 12th: on this day, Mercury is at 5°40’ Taurus, in conjunction with Rahu at 5°29’ in the same sign. Mercury receives also the influence of Venus at 9°18’ in Taurus. But, there are several differences with the September 2002 attack: Rahu is stationary since mid-april 2003, increasing its maleficness, and Mercury is debilitated in navamsa, increasing its weakness. The impact of Bugbear.B was more harmful as reported by the « Symantec Security Response ». This service from the leading software editor specialized in antivirus for PCs reports an increasing number of calls for technical support when a new virus appears. The high number of calls received shows that Bugbear.B is considered by Symantec the most devastating virus of 2003 (see Symantec Top Ten figures). The comments made by Symantec are very clear : « Bugbear.B is the virus of the year 2003 in terms of infections. Bugbear.B represents 11% of the infections inventoried by Symantec and it continuously circulates and infects non protected computers. Circulating by e-mail, the virus uses a security hole for which a corrective patch is available since March 2001. It executes itself automatically as soon as the user passes his mouse on the title of the infected message. Once in the computer, it broadcasts itself to all persons whose e-mail is present in the address book. The virus installs a tool saving of strikes keyboard and a trojan horse allowing access to the infected computer. Another characteristic of Bugbear.B : it targets specific sectors of economy as financial institutions. If the virus detects that the infected computer is part of a network belonging to a bank, it is programmed to send automatically the stored passwords in the mask of Internet and the strikes keyboards recorded to a list of given e-mail addresses. This allows the hacker to recover the precious data. » The specific target of Bugbear.B is related to the conjunction of Venus present at the time of the first attack.

The Worm BAT911

Rahu is not the only planet to trigger attacks of computer viruses. Ketu has the same kind of activating influence. It was the case in March 2003 with BAT911. The worm BAT911 is discovered on March 22nd when Mercury is debilitated at 7°42’ in Pisces, under the exact aspect of Ketu at 7°20’ in Libra. Ketu was not stationary at that time. “This worm”, explains Symantec, « remains inapparent », which is a classic characteristic of Ketu. This worm is interesting from the standpoint of its conception. It looks for IP address at all popular ISP and tries to infect all the computers that have activated filesharing capabilities without the protection of a password. Once the computer infected, the worm calls SOS phone numbers (911 to the United States ) through connected modems. The conjunction of Sun to Mercury on this March 22nd allowed the discovery of this “hidden worm”, totally inapparent before that.

The Worm Sobig

In August 2003 appeared Sobig, a worm that does its first appearance in January 2003 with a first version that propagates itself in a classical manner through the electronic mail. Many versions of Sobig appeared throughout the year, each one being programmed to activate itself at a specific date. According to Symantec, it is difficult to explain why Sobig.F, the version that appeared August 18th, 2003 , had more success than the others, infecting hundreds of thousands of computers all over the world. August 18th 2003 , Mercury was at 28°30’ Leo, weakened by being in old age and by the infant state of its dispositor Sun at 01°30’ in Leo. More, Mercury was receiving narrow aspect from Rahu at 0°54’ Taurus. The infections generated by Sobig.F were aggravated by the fact that the subject and the body of the message were looking like innocent SPAM. Nevertheless, according to Symantec, no one explained why this specific version pushed as many users to open the attachment. According to Systems’ Approach, it is simple to understand that every person is, more or less according to his natal chart, under the same affliction of Mercury which weakens his ability to judge objectively. Taking a bad initiative and click on the attachment in such circumstances is quite normal.

Mimail, Blaster, Welchia and Swen

Other attacks took place during august 2003. First, the virus Mimail propagated itself by e-mail by stealing the data allowing its broadcast. It’s a “creative” virus in its wording since it personalizes itself to the user. It appears as a message coming from the domain administrator to which the user is connected. Many users were trapped opening the infected attachments. The success of this procedure was reused in the eighth following versions of the virus, whose other components were created to steal credit cards numbers. Among other attacks that took place during this time on august 2003, let’s mention the famous virus Blaster and Welchia, a second virus conceived to “correct” the security hole used by Blaster. The consequences of these two viruses are very similar in terms of computer system and infected networks: restart of computers, saturation of networks, etc. It is important to note that this is the first time ever that these type of worms infect the general public, previously they were targeted exclusively to servers. The examination of the planetary movements during august 2003 explains perfectly this turmoil. On August 15th, Mercury enters the orb of affliction of Rahu and at the same time becomes old. On August 21st, Mercury, very much weakened by the change of sign, receives exact and malefic aspect of Rahu. Because retrogradation began on August 28th, Mercury continued to remain very weak and had been narrowly afflicted by Rahu until September 11th. Such astrological circumstances are not very frequent. On September 18th, Mercury transit became direct. On September 27th, Mercury entered again into the orb of affliction of Rahu for eight days. According to Symantec, at the end of September 2003, benefiting from the psychosis created by Blaster, Sobig.F and Mimail, the virus Swen.A took the outlook of a corrective e-mail originating from Microsoft. « Swen.A hits and wins a relative success, the 8th position of the TOP 10 of 2003 after only 4 months of activity! » With Swen.A, the execution of the attachment gives the user the wrong feeling he installed a corrective patch originated from Microsoft.

The Virus Mydoom

At the beginning of 2004, the virus Mydoom is on every newspapers’ front pages. January 28th, when Mydoom starts to infect the Internet, Mercury is at 22°12’ Sagittarius, receiving exact aspect of Rahu at 22°42’ Aries. Mercury and Rahu showing respectively fast moves and Mercury being weakened only by the exact aspect of Rahu that receives its dispositor: consequently, the length of this virus impact was very short.

When Are The Next attacks?

During 2004, Mercury will receive at several times the malefic influence of Rahu and Ketu: on March 3rd, May 25th, June 24th, the 2nd and August 19th, September 12th, October 17th. For each of these dates, the media will probably evoke the endless threat of computer viruses. Nevertheless, the speed and the power of Mercury indicate that the possible attacks will have a limited breadth. Among these dates, May 25th and the ones of august will be the most dangerous of 2004 because of the stationary state of Rahu or of Mercury. This dangerousness will not be equal to the one of august 2003 and should somehow remain inferior to the one of the virus Mydoom.

A next possible very large attack could be seen in July/ August 2005, when Mercury will be afflicted by Rahu during quite a month.

Corporations informed of these future attacks need to be more vigilant during theses periods, eradicating for instance all the attachments coming from unknown emitters. They could also warn all their staff on the aggravated dangers during these periods. Prevention has always prooved better than cure.

Jo Cohen, February 13th 2004

President, IIPA Chapter, France

Top 10 viruses for 2003 (based on more than 1.1 million requests sent to the Symantec Security Response )

1. W32.Bugbear.B@mm 11.06%

2. W32.Klez.H@mm 07.80%

3. HTML.Redlof.A 03.70%

4. W95.Hybris.worm 02.22%

5. W32.sobig.F@mm 02.05%

6. W32.Blaster.Worm 01.91%

7. W32.Swen.A@mm 01.67%

8. W32.Nimda.E@mm 01.15%

9. W32.Bugbear.B.Dam 01.02%

10. W32.Sobig.A@mm 00.98%