Sunday, August 31, 2008
e-commerce
e-commerce :- commerce of buying and selling products conducted over the internet and through web based application.
*Advantage of E-Commerce system:
You can reach customers around the globe instead of a limited geographic location.
You have the ability to be open twenty-four hours a day, seven days a week.
You can automate the process of taking and fulfilling orders.
In addition to automating the order taking, you can receive many more orders at one time than you can with one salesperson working at the physical store location.
* Tools used for E-Commerce application:
VS 2005.
SQL Server.
IIS
SSL Cerificate.
- The Microsoft Solution Framework (MSF) is a set of guidelines, principles, concepts, and proven practices for designing and engineering software applications with Microsoft technologies.
* How to gather information?
· Interview.
· Documentation:- Organizing the info. Collected from client in well manner and analyzing that information.
· Official Requirement for building any e-commerce application
§ Product Catalog.
§ Shopping Cart.
§ Paypal credit card handling.
§ Tracking Information.
§ Content Management System(CMS).
§ About Us.
§ Contact Form.
§ User Account/Login form.
§ Product of the Month.
This information is taken into consideration with the help of case study they have provided in book (Little Italy Vineyards-Sonoma Valley).
* Turning Sales into Profit:-
· Selling Main Products.
· Selling Affiliate (Connected or Related) products.
· Partnering with similar business.
· Creating a user membership.
· Selling advertising space.
* Risks Involved in e-commerce:-
· Supply for demand: Company unable to meet the orders due to less production as compared to demand..
· System downtime:- due to heavy traffic, many request to server.
· Payment processing: SSL certificate, use paypal processing system.
· Physical and logical attacks: Hacker stills the data, logical hack is the one in which hacker hacks the system or software ie it targets the code and the software.
· Sensitive information and data.
*Advantage of E-Commerce system:
You can reach customers around the globe instead of a limited geographic location.
You have the ability to be open twenty-four hours a day, seven days a week.
You can automate the process of taking and fulfilling orders.
In addition to automating the order taking, you can receive many more orders at one time than you can with one salesperson working at the physical store location.
* Tools used for E-Commerce application:
VS 2005.
SQL Server.
IIS
SSL Cerificate.
- The Microsoft Solution Framework (MSF) is a set of guidelines, principles, concepts, and proven practices for designing and engineering software applications with Microsoft technologies.
* How to gather information?
· Interview.
· Documentation:- Organizing the info. Collected from client in well manner and analyzing that information.
· Official Requirement for building any e-commerce application
§ Product Catalog.
§ Shopping Cart.
§ Paypal credit card handling.
§ Tracking Information.
§ Content Management System(CMS).
§ About Us.
§ Contact Form.
§ User Account/Login form.
§ Product of the Month.
This information is taken into consideration with the help of case study they have provided in book (Little Italy Vineyards-Sonoma Valley).
* Turning Sales into Profit:-
· Selling Main Products.
· Selling Affiliate (Connected or Related) products.
· Partnering with similar business.
· Creating a user membership.
· Selling advertising space.
* Risks Involved in e-commerce:-
· Supply for demand: Company unable to meet the orders due to less production as compared to demand..
· System downtime:- due to heavy traffic, many request to server.
· Payment processing: SSL certificate, use paypal processing system.
· Physical and logical attacks: Hacker stills the data, logical hack is the one in which hacker hacks the system or software ie it targets the code and the software.
· Sensitive information and data.
Monday, August 25, 2008
Panda assigns a threat level to each virus in order to inform users about the type of risk a virus or other threat presents at any given moment. This means that the threat level can change with time.
The criteria used by Panda to determine the threat presented by a virus or other threat depends on: its distribution and the damage it can cause. Discover the new innovations in this gauge. The following diagram shows the different threat levels.
Low threat: the virus is neither damaging nor widely spread.
Moderate threat: the virus is either fairly widely spread and causes significant damage or not widely spread but causes serious damage.
High threat: the virus is either very widespread and causes damage or relatively widespread and seriously damaging.
Severe threat: the virus is widely spread and the virus is very damaging.
Logically, the threat level of a virus can vary, from low threat in one moment to severe in another, depending on how widespread it becomes. The Panda Threat Level monitors these changes in real-time.
[ top ]
Distribution
Indicates the spread of a virus. The more widespread a virus is, the higher the probability it has of infecting users' computers.
The distribution of a virus is determined by the infection rate, which measures the percentage of infected computers against the total number of computers scanned.
The distribution levels are as follows:
Epidemic: The percentage of computers examined and infected by the virus is more than 10%
High: The percentage of computers examined and infected by the virus is between 7.5% and 10%.
Medium: The percentage of computers examined and infected by the virus is more than 1.0% and less than 7.5%.
Low: Less than 1.0% of computers are infected by the virus.
[ top ]
Damage level
Indicates the possible damage a virus can cause in a computer.
This damage can be more or less severe: messages appearing on the screen, lost or altered information, collapsed systems, program malfunctions, etc.
The damage levels of a virus are:
Severe: causing serious damage. For example, the destruction or modification of files, formatting hard drives, sending information to third parties, generation of heavy traffic in servers, reducing system performance, opening security holes, permanent damage, etc.
High: causes moderate effects. All viruses, as inoffensive as they may seem, attempt to cause damage to the user. Those that do not result in destructive action are classified as simply moderately damaging. For example, those that create messages to appear on the screen.
The Panda Virus Laboratory establishes the level of damage when the virus in question is analyzed for the first time.
[ top ]
What makes the Panda Threat Level different?
This gauge was conceived to respond to genuine user concerns: What is the probability that I will be hit by a virus? If I am infected, what kind of damage can it cause?
Panda assigns a threat level to each virus automatically and objectively. Its final goal is to measure the type of threat a virus presents at a given moment, so that the proper preventive measures can be taken.
Panda gives more weight to the spread of a virus than to the damage it can cause, because the more widespread a particular virus is, the easier it is to become infected by it. All viruses attempts to harm a users computer no matter how slightly.
As opposed to other gauges, the Panda Threat Level is calculated in real-time, based on the continuous worldwide virus activity. If you notice that the value has changed since last you checked, it means that the virus is either expanding or decreasing.
Virus entry points
Virus entry points
The infection techniques and software vulnerabilities exploited by viruses and other computer threats.
Internet
Networks
Removable Disks
If you want to prevent virus attacks, knowing how they can enter your system is a vital first step.
Internet
The Internet has become the most widely used form of sending and receiving information. Unfortunately, it also serves as the fastest way to spread viruses and other computer threats.
a) E-Mail. The most common way to spread a virus or other threat, and where almost 80 percent of virus infections originate. The biggest dangers of a virus spread through e-mail include:
Rapid transmission. One infected message can, in just a few minutes, infect thousands of computers.
Increased exploitation of inter-connected computers, as users can send and receive messages to and from any kind of computer or platform.
The sophisticated techniques used by modern viruses and other threats mean they can resend themselves to all the users in your address book, unleashing their infection when the message is opened or exploiting vulnerabilities in mail programs to run automatically.
All this points to the need to thoroughly protect possible network entry points, including communication ports and e-mail protocols (POP3 and SMTP).
b) Internet browsing. Some web pages use programs such as Java applets and ActiveX controls to make web pages more dynamic, but viruses and other threats can also infect these programs and spread to Internet surfers visiting infected sites.
Some new viruses and other threats have the ability to take advantage of security vulnerabilities in web servers, while some viruses can redirect users to pages that have already been infected.
c) File Transfer (FTP). The term FTP stands for File Transfer Protocol. This information exchange system makes it possible to save documents (upload) and copy files (download) from one computer to another, anywhere in the world. When a file is downloaded from an FTP site, it is copied directly to your computer. Files from FTP sites can harbor viruses or other threats which could then be downloaded into your system.
d) News Groups (News). Online newsgroups and interactive messages known as chat (IRC, ICQ, etc.) represent another security risk. These groups have similar functions allowing users to post messages for others to read and respond to. The posted messages can sometimes be infected with a virus.
[ top ]
Networks
Networks are valuable tools for groupwork and for sharing information throughout companies and organizations. However, they also greatly increase the number of entry points for viruses and other threats.
a) Shared disk. A computer can have one or more hard disks which can be shared with a number of users across a network. If these disks were infected, when other computers access the infected drive they would become infected as well, and vice versa.
b) Workstations. Users connected to a network carry out thousands of information transactions daily, both internally (within the network) and externally (outside the network and through the Internet). If not properly protected, each workstation becomes a liability, creating numerous potential entry points for infected files.
c) Servers. Servers allow a network to function; they facilitate the connections between workstations, location of files, e-mail management, outside communications, etc. However, they also use applications which can have vulnerabilities that can be exploited by viruses and other threats.
If a server is infected it can contaminate the workstations connected to a network instantaneously. Likewise, a server can be contaminated by a single workstation or other server.
d) Proxy servers and firewalls. These gateways create the boundaries of the network perimeter, through which all the information entering and leaving a network must pass. Viruses and other threats from outside the network enter the perimeter in the form of infected files or malicious code, passing from one server to another.
e) Viruses spread through networks. Certain viruses and other threats are designed specifically to spread across computer networks, infecting all possible areas of the IT infrastructure.
Although they share similar objectives, they often use different means to access a system: exploiting vulnerabilities in software, attacking certain file or mail servers, sneaking through proxy servers and firewalls.
In order to properly protect a network, both inbound and outbound traffic passing through the perimeter must be monitored. The biggest danger that viruses and other threats present is their ability to spread. So should a they enter the network, they must still be stopped from leaving.
This website offers network administrators specific advice to protect their systems. Other users should consult the practical tips section.
[ top ]
Disks (storage devices)
Disks are storage devices on which data is stored in the form of files, web pages (files with HTML, ASP. extensions), e-mail and downloaded Internet files, etc.
a) DVD and CD-ROM. Abundant memory and versatility make these disks compatible with a large variety of hardware and software, replacing traditional floppy disks. The increasingly widespread use of DVD and CD-ROM presents a potential danger.
b) Removable/extractable disk drives. A removable disk drive is a drive that allows users to move information from one computer to another by connecting an external drive. If the information on the drive is infected it can be spread from one computer to another.
c) Shared network drive. This is a shared drive located on one computer and connected to a network of computers. All of the computers on the network then have access to the shared drive. Logically, if the network drive becomes infected, so can all the computers that share it.
d) Zip and Jazz disks. These are portable disks that have a large capacity for storing data which has been compressed and minimized. If they are not properly protected they can also lead to virus transmission.
e) Floppy disks. These were once the most common form of spreading viruses but have been replaced by newer, more versatile disks. Still however, they do represent a significant risk in terms of spreading viruses. Floppy disks (or diskettes) for example, are the only known form of loading a boot virus into a computer, which can affect the system boot sector.
The infection techniques and software vulnerabilities exploited by viruses and other computer threats.
Internet
Networks
Removable Disks
If you want to prevent virus attacks, knowing how they can enter your system is a vital first step.
Internet
The Internet has become the most widely used form of sending and receiving information. Unfortunately, it also serves as the fastest way to spread viruses and other computer threats.
a) E-Mail. The most common way to spread a virus or other threat, and where almost 80 percent of virus infections originate. The biggest dangers of a virus spread through e-mail include:
Rapid transmission. One infected message can, in just a few minutes, infect thousands of computers.
Increased exploitation of inter-connected computers, as users can send and receive messages to and from any kind of computer or platform.
The sophisticated techniques used by modern viruses and other threats mean they can resend themselves to all the users in your address book, unleashing their infection when the message is opened or exploiting vulnerabilities in mail programs to run automatically.
All this points to the need to thoroughly protect possible network entry points, including communication ports and e-mail protocols (POP3 and SMTP).
b) Internet browsing. Some web pages use programs such as Java applets and ActiveX controls to make web pages more dynamic, but viruses and other threats can also infect these programs and spread to Internet surfers visiting infected sites.
Some new viruses and other threats have the ability to take advantage of security vulnerabilities in web servers, while some viruses can redirect users to pages that have already been infected.
c) File Transfer (FTP). The term FTP stands for File Transfer Protocol. This information exchange system makes it possible to save documents (upload) and copy files (download) from one computer to another, anywhere in the world. When a file is downloaded from an FTP site, it is copied directly to your computer. Files from FTP sites can harbor viruses or other threats which could then be downloaded into your system.
d) News Groups (News). Online newsgroups and interactive messages known as chat (IRC, ICQ, etc.) represent another security risk. These groups have similar functions allowing users to post messages for others to read and respond to. The posted messages can sometimes be infected with a virus.
[ top ]
Networks
Networks are valuable tools for groupwork and for sharing information throughout companies and organizations. However, they also greatly increase the number of entry points for viruses and other threats.
a) Shared disk. A computer can have one or more hard disks which can be shared with a number of users across a network. If these disks were infected, when other computers access the infected drive they would become infected as well, and vice versa.
b) Workstations. Users connected to a network carry out thousands of information transactions daily, both internally (within the network) and externally (outside the network and through the Internet). If not properly protected, each workstation becomes a liability, creating numerous potential entry points for infected files.
c) Servers. Servers allow a network to function; they facilitate the connections between workstations, location of files, e-mail management, outside communications, etc. However, they also use applications which can have vulnerabilities that can be exploited by viruses and other threats.
If a server is infected it can contaminate the workstations connected to a network instantaneously. Likewise, a server can be contaminated by a single workstation or other server.
d) Proxy servers and firewalls. These gateways create the boundaries of the network perimeter, through which all the information entering and leaving a network must pass. Viruses and other threats from outside the network enter the perimeter in the form of infected files or malicious code, passing from one server to another.
e) Viruses spread through networks. Certain viruses and other threats are designed specifically to spread across computer networks, infecting all possible areas of the IT infrastructure.
Although they share similar objectives, they often use different means to access a system: exploiting vulnerabilities in software, attacking certain file or mail servers, sneaking through proxy servers and firewalls.
In order to properly protect a network, both inbound and outbound traffic passing through the perimeter must be monitored. The biggest danger that viruses and other threats present is their ability to spread. So should a they enter the network, they must still be stopped from leaving.
This website offers network administrators specific advice to protect their systems. Other users should consult the practical tips section.
[ top ]
Disks (storage devices)
Disks are storage devices on which data is stored in the form of files, web pages (files with HTML, ASP. extensions), e-mail and downloaded Internet files, etc.
a) DVD and CD-ROM. Abundant memory and versatility make these disks compatible with a large variety of hardware and software, replacing traditional floppy disks. The increasingly widespread use of DVD and CD-ROM presents a potential danger.
b) Removable/extractable disk drives. A removable disk drive is a drive that allows users to move information from one computer to another by connecting an external drive. If the information on the drive is infected it can be spread from one computer to another.
c) Shared network drive. This is a shared drive located on one computer and connected to a network of computers. All of the computers on the network then have access to the shared drive. Logically, if the network drive becomes infected, so can all the computers that share it.
d) Zip and Jazz disks. These are portable disks that have a large capacity for storing data which has been compressed and minimized. If they are not properly protected they can also lead to virus transmission.
e) Floppy disks. These were once the most common form of spreading viruses but have been replaced by newer, more versatile disks. Still however, they do represent a significant risk in terms of spreading viruses. Floppy disks (or diskettes) for example, are the only known form of loading a boot virus into a computer, which can affect the system boot sector.
Transmission and camouflage techniques
Transmission and camouflage techniques
How they spread. Where they hide.
Transmission
Camouflage
Vulnerabilities
New Tactics
Viruses and other threats are constantly evolving new disguises and ways to penetrate network security. As IT companies produce new applications, viruses and other threats seek out weaknesses and new entry points into systems and networks.
Transmission
Some of the more common ways for viruses and other threats to spread include:
Attaching HTML code in the AutoSignature of e-mail messages.
Installing and activating the virus when messages are viewed in the Preview Pane.
Sending code that, when the user opens an infected message, causes the execution of the infected file.
Exploiting flaws or vulnerabilities in Internet Explorer and the Outlook and Outlook Express mail clients.
Using network drives and directories to access information and resources shared by users.
Hiding in online file-sharing networks like Gnutella. General strategies used to spread viruses and other threats include gaining the confidence of users or deceiving people into downloading a file that appears to contain music, images, documents of interest etc. but is in fact infected.
In the immediate future, means of transmission will no doubt be created. There is already a type of virus that sends out text messages to GSM mobile phones and even cable TV systems may soon be at risk.
Today, not all files are susceptible to virus attacks or other types of attack, but this may change in the future. Once it was assumed that web pages could not spread viruses but we know now that this is possible.
[ top ]
Camouflage Techniques
Viruses disguise themselves from antiviruses and other security devices using a host of complex techniques:
a) Stealth. Viruses that use this technique hide the normal characteristics that would indicate their presence.
For example, the size of the file will normally increase when it is infected. However, by only inserting code in free file sections, this type of virus tricks the system by making it seem that the file size has not changed.
During file infections the date and time are registered as file modifications. However, when these viruses infect a file, they do not make such changes and the file date and time information will remain as it was before the infection.
To avoid suspicion, stealth viruses will hide some files and change their attributes so that they cannot be viewed.
b) Tunneling. The 'tunneling' system is quite complicated, as these viruses try to avoid detection by the antivirus software by directly intercepting the interrupt handlers of the operating system and effectively 'burying' under the detection software.
c) Armoring. Viruses that use the 'armoring' techniques disguise their code so that it cannot be read. To detect armored code, antiviruses must use heuristic scanning techniques.
d) Self-Encrypting. Antivirus programs search for certain tell-tale signs of virus activity such as groups of characters or instructions. These viruses encode or encrypt their code to make it more difficult for the antivirus program to detect them. However, modern antivirus solutions use algorithms to detect the encryption routine of these viruses.
e) Polymorphism. Polymorphic viruses encrypt their code in a different way with each infection (their signature changes from one infection to the next). They take encryption one step further by also encrypting the way (routine or algorithm) in which their signature is encrypted. This means that a polymorphic virus is capable of creating different variants of itself from one infection to the next, changing its 'shape' with each infection.
Fortunately, the virus cannot completely encrypt itself, as it needs to keep part of its original code unencrypted to be able to run. Antivirus programs can detect polymorphic viruses by locating the routine or algorithm that allow the virus to execute.
[ top ]
Vulnerabilities
Vulnerabilities are weaknesses or security holes in certain applications or software programs.
Attacks exploiting vulnerabilities have increased in frequency, especially those preying on the more commonly used programs and operating systems. Some of the most recent ones include:
a) Internet Explorer Vulnerabilities.
Cross-site scripting. Affects Internet Explorer (versions 5.01, 5.5 and 6.0), spreading viruses to users by executing malicious code through a web page or through e-mail in HTML format.
Additional Information: Microsoft Security Bulletin MS02-008.
Solution: Available on Microsoft website, under Knowledge Base article Q321323 and under Windows Update.
XMLHTTP Control Can Allow Access to Local Files. Allows access to local files by sending and receiving XML data in HTTP format. The problem arises from the way the XMLHTTP control configures Internet Explorer, giving access to local files.
Additional Information: Microsoft Security Bulletin MS02-008.
Solution: Available on Microsoft website under Knowledge Base article Q317244.
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files. Permits an attacker to access frames in other domains through web pages or e-mails in HTML format. Internet Explorer does not correctly recognize the domain when using code written in Visual Basic Script programming language, making it possible for an attacker to access confidential information.
Additional Information: Microsoft Security Bulletin MS02-009.
Solution: Available on Microsoft website under Knowledge Base article Q318089.
Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone. Gives attacker access to web pages on the Internet with low levels of security and allows them to redirect the computer to a predetermined website. Finally, it permits a malicious programmer to log on to remote sessions of Telnet through Internet Explorer.
Additional Information: Microsoft Security Bulletin MS01-051.
Incorrect MIME Header Can Cause IE to Execute E-mail attachment. A vulnerability preventing IE from interpreting HTML code correctly.
Additional Information and Solution: Microsoft Security Bulletin MS01-020. b) Outlook Vulnerabilities.
Outlook View Control Exposes Unsafe Functionality. For Outlook versions 98, 2000 and 2002, consists of ActiveX control that allows access to e-mail folders from a web page.
Additional Information and Solution: Microsoft Security Bulletin MS02-038.
Unchecked buffer in vCard Handler. Problem in Outlook Express and vcard manipulation allows an attacker to cause the client program to fail when a vcard is opened. Also allows execution of malicious code in the system which opens the vcard.
Additional Information and Solution: Microsoft Security Bulletin MS02-012.
Malformed E-mail Header. Permits remote execution of malicious code after opening a specially-crafted message sent by an attacker.
Additional Information and Solution: Microsoft Security Bulletin MS00-043, MS00-045 and MS00-046.
Virus Update for Outlook 2000 and 98. Not a vulnerability but a series of updates released by Microsoft to restrict access to executable files.
Security in Outlook in messages with attached unexecutable files. Automatic execution of a file attached to a message.
Additional Information and Solution: Microsoft Security Bulletin MS99-048.
c) Windows XP/2000 Pro/NT/Me/98/95 Vulnerabilities.
Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service en Windows 2000 and Exchange 5.5. Exclusive to Windows 2000 Pro., this vulnerability allows messages to be sent without authorization through the SMTP mail server.
Additional Information and Solution: Microsoft Security Bulletin MS02-011.
Windows 2000 Security Rollup Package 1 (SRP1). Exclusive to Windows 2000 Pro. A patch that includes a series of improvements included since Windows 2000 Pro SP2.
ActiveX Parameter Validation. Exclusive to Windows 2000 Pro. Permits the running of malicious code or viruses from a web page or e-mail using ActiveX. Additional Information and Solution: Microsoft Security Bulletin MS00-085.
Microsoft VM ActiveX Component. For Windows 2000 Pro/NT/Me/98/95. Problems with Virtual Java Machine. The vulnerability could allow remote action to be taken on a computer.
Additional Information and Solution: Microsoft Security Bulletin MS00-075.
DOS Device in Path Name Vulnerability. For Windows 98/95. Vulnerability that could cause a user's system to crash, if they attempted to access a file or folder whose path contained certain reserved words.
Additional Information and Solution: Microsoft Security Bulletin MS00-017.
Autorun File. For Windows 98/95. Permits creation of a file called AUTORUN.INF in the root directory of any disk drive, allowing malicious programmers to execute files containing viruses or other threats.
Additional Information and Solution: To solve this problem substitute the value 0 for 1 in the Autorun key, found in the Windows Registry: HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Cdrom.
Program CMD.EXE - Buffer overflow. For Windows 2000 Pro/NT 4.0. Permits an attacker to consume all or part of the memory of an infected computer.
Additional Information and Solution: Microsoft Security Bulletin MS00-027.
d) Viruses, Threats and Vulnerabilities.
One of the most common vulnerabilities is found in Internet Explorer (versions 5.01 and 5.5). Viruses and other threats take advantage of the Microsoft browser to automatically run code when the message carrying the virus is viewed through the Preview Pane.
Other vulnerabilities have been found in Internet IIS and Apache servers, where viruses have been able to execute malicious code.
In the future, there is also a threat of the appearance of a virus that could take advantage of a vulnerability in the Winamp player, used for listening to sound files with MP3 extensions.
[ top ]
New Tactics
Viruses and other threats are constantly evolving into new forms and using more complicated techniques, increasing the risks to users. These recently detected viruses and threats are based on notably sophisticated technology:
SWF/LMF-926, the first virus that infects files with a SWF extension (Shockwave Flash).
Donut, pioneer virus designed to infect Microsoft's .NET platform files.
Dadinu, first e-mail worm to infect files with CLP extensions.
Kazoa, spreads using the popular file exchange program KaZaa.
Other examples infamously known for their advanced engineering include:
WorldCup (Chick.F) users the subject field and content of this infected message to dupe users into believing that the attached file contains the World Cup 2002 match results.
Gibe is sent through an e-mail message disguised as an update from Microsoft to fix various vulnerabilities.
Petlil.A sent as en e-mail message that attracts the attention of the receiver using erotic pictures.
Kazoa uses files that appear to be games, movies and music to infect users of KaZaa.
How they spread. Where they hide.
Transmission
Camouflage
Vulnerabilities
New Tactics
Viruses and other threats are constantly evolving new disguises and ways to penetrate network security. As IT companies produce new applications, viruses and other threats seek out weaknesses and new entry points into systems and networks.
Transmission
Some of the more common ways for viruses and other threats to spread include:
Attaching HTML code in the AutoSignature of e-mail messages.
Installing and activating the virus when messages are viewed in the Preview Pane.
Sending code that, when the user opens an infected message, causes the execution of the infected file.
Exploiting flaws or vulnerabilities in Internet Explorer and the Outlook and Outlook Express mail clients.
Using network drives and directories to access information and resources shared by users.
Hiding in online file-sharing networks like Gnutella. General strategies used to spread viruses and other threats include gaining the confidence of users or deceiving people into downloading a file that appears to contain music, images, documents of interest etc. but is in fact infected.
In the immediate future, means of transmission will no doubt be created. There is already a type of virus that sends out text messages to GSM mobile phones and even cable TV systems may soon be at risk.
Today, not all files are susceptible to virus attacks or other types of attack, but this may change in the future. Once it was assumed that web pages could not spread viruses but we know now that this is possible.
[ top ]
Camouflage Techniques
Viruses disguise themselves from antiviruses and other security devices using a host of complex techniques:
a) Stealth. Viruses that use this technique hide the normal characteristics that would indicate their presence.
For example, the size of the file will normally increase when it is infected. However, by only inserting code in free file sections, this type of virus tricks the system by making it seem that the file size has not changed.
During file infections the date and time are registered as file modifications. However, when these viruses infect a file, they do not make such changes and the file date and time information will remain as it was before the infection.
To avoid suspicion, stealth viruses will hide some files and change their attributes so that they cannot be viewed.
b) Tunneling. The 'tunneling' system is quite complicated, as these viruses try to avoid detection by the antivirus software by directly intercepting the interrupt handlers of the operating system and effectively 'burying' under the detection software.
c) Armoring. Viruses that use the 'armoring' techniques disguise their code so that it cannot be read. To detect armored code, antiviruses must use heuristic scanning techniques.
d) Self-Encrypting. Antivirus programs search for certain tell-tale signs of virus activity such as groups of characters or instructions. These viruses encode or encrypt their code to make it more difficult for the antivirus program to detect them. However, modern antivirus solutions use algorithms to detect the encryption routine of these viruses.
e) Polymorphism. Polymorphic viruses encrypt their code in a different way with each infection (their signature changes from one infection to the next). They take encryption one step further by also encrypting the way (routine or algorithm) in which their signature is encrypted. This means that a polymorphic virus is capable of creating different variants of itself from one infection to the next, changing its 'shape' with each infection.
Fortunately, the virus cannot completely encrypt itself, as it needs to keep part of its original code unencrypted to be able to run. Antivirus programs can detect polymorphic viruses by locating the routine or algorithm that allow the virus to execute.
[ top ]
Vulnerabilities
Vulnerabilities are weaknesses or security holes in certain applications or software programs.
Attacks exploiting vulnerabilities have increased in frequency, especially those preying on the more commonly used programs and operating systems. Some of the most recent ones include:
a) Internet Explorer Vulnerabilities.
Cross-site scripting. Affects Internet Explorer (versions 5.01, 5.5 and 6.0), spreading viruses to users by executing malicious code through a web page or through e-mail in HTML format.
Additional Information: Microsoft Security Bulletin MS02-008.
Solution: Available on Microsoft website, under Knowledge Base article Q321323 and under Windows Update.
XMLHTTP Control Can Allow Access to Local Files. Allows access to local files by sending and receiving XML data in HTTP format. The problem arises from the way the XMLHTTP control configures Internet Explorer, giving access to local files.
Additional Information: Microsoft Security Bulletin MS02-008.
Solution: Available on Microsoft website under Knowledge Base article Q317244.
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files. Permits an attacker to access frames in other domains through web pages or e-mails in HTML format. Internet Explorer does not correctly recognize the domain when using code written in Visual Basic Script programming language, making it possible for an attacker to access confidential information.
Additional Information: Microsoft Security Bulletin MS02-009.
Solution: Available on Microsoft website under Knowledge Base article Q318089.
Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone. Gives attacker access to web pages on the Internet with low levels of security and allows them to redirect the computer to a predetermined website. Finally, it permits a malicious programmer to log on to remote sessions of Telnet through Internet Explorer.
Additional Information: Microsoft Security Bulletin MS01-051.
Incorrect MIME Header Can Cause IE to Execute E-mail attachment. A vulnerability preventing IE from interpreting HTML code correctly.
Additional Information and Solution: Microsoft Security Bulletin MS01-020. b) Outlook Vulnerabilities.
Outlook View Control Exposes Unsafe Functionality. For Outlook versions 98, 2000 and 2002, consists of ActiveX control that allows access to e-mail folders from a web page.
Additional Information and Solution: Microsoft Security Bulletin MS02-038.
Unchecked buffer in vCard Handler. Problem in Outlook Express and vcard manipulation allows an attacker to cause the client program to fail when a vcard is opened. Also allows execution of malicious code in the system which opens the vcard.
Additional Information and Solution: Microsoft Security Bulletin MS02-012.
Malformed E-mail Header. Permits remote execution of malicious code after opening a specially-crafted message sent by an attacker.
Additional Information and Solution: Microsoft Security Bulletin MS00-043, MS00-045 and MS00-046.
Virus Update for Outlook 2000 and 98. Not a vulnerability but a series of updates released by Microsoft to restrict access to executable files.
Security in Outlook in messages with attached unexecutable files. Automatic execution of a file attached to a message.
Additional Information and Solution: Microsoft Security Bulletin MS99-048.
c) Windows XP/2000 Pro/NT/Me/98/95 Vulnerabilities.
Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service en Windows 2000 and Exchange 5.5. Exclusive to Windows 2000 Pro., this vulnerability allows messages to be sent without authorization through the SMTP mail server.
Additional Information and Solution: Microsoft Security Bulletin MS02-011.
Windows 2000 Security Rollup Package 1 (SRP1). Exclusive to Windows 2000 Pro. A patch that includes a series of improvements included since Windows 2000 Pro SP2.
ActiveX Parameter Validation. Exclusive to Windows 2000 Pro. Permits the running of malicious code or viruses from a web page or e-mail using ActiveX. Additional Information and Solution: Microsoft Security Bulletin MS00-085.
Microsoft VM ActiveX Component. For Windows 2000 Pro/NT/Me/98/95. Problems with Virtual Java Machine. The vulnerability could allow remote action to be taken on a computer.
Additional Information and Solution: Microsoft Security Bulletin MS00-075.
DOS Device in Path Name Vulnerability. For Windows 98/95. Vulnerability that could cause a user's system to crash, if they attempted to access a file or folder whose path contained certain reserved words.
Additional Information and Solution: Microsoft Security Bulletin MS00-017.
Autorun File. For Windows 98/95. Permits creation of a file called AUTORUN.INF in the root directory of any disk drive, allowing malicious programmers to execute files containing viruses or other threats.
Additional Information and Solution: To solve this problem substitute the value 0 for 1 in the Autorun key, found in the Windows Registry: HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Cdrom.
Program CMD.EXE - Buffer overflow. For Windows 2000 Pro/NT 4.0. Permits an attacker to consume all or part of the memory of an infected computer.
Additional Information and Solution: Microsoft Security Bulletin MS00-027.
d) Viruses, Threats and Vulnerabilities.
One of the most common vulnerabilities is found in Internet Explorer (versions 5.01 and 5.5). Viruses and other threats take advantage of the Microsoft browser to automatically run code when the message carrying the virus is viewed through the Preview Pane.
Other vulnerabilities have been found in Internet IIS and Apache servers, where viruses have been able to execute malicious code.
In the future, there is also a threat of the appearance of a virus that could take advantage of a vulnerability in the Winamp player, used for listening to sound files with MP3 extensions.
[ top ]
New Tactics
Viruses and other threats are constantly evolving into new forms and using more complicated techniques, increasing the risks to users. These recently detected viruses and threats are based on notably sophisticated technology:
SWF/LMF-926, the first virus that infects files with a SWF extension (Shockwave Flash).
Donut, pioneer virus designed to infect Microsoft's .NET platform files.
Dadinu, first e-mail worm to infect files with CLP extensions.
Kazoa, spreads using the popular file exchange program KaZaa.
Other examples infamously known for their advanced engineering include:
WorldCup (Chick.F) users the subject field and content of this infected message to dupe users into believing that the attached file contains the World Cup 2002 match results.
Gibe is sent through an e-mail message disguised as an update from Microsoft to fix various vulnerabilities.
Petlil.A sent as en e-mail message that attracts the attention of the receiver using erotic pictures.
Kazoa uses files that appear to be games, movies and music to infect users of KaZaa.
types of virus
Types of virus
Computer viruses are often classified according to diverse criteria.
Resident
Multipartites
Direct Action
File infectors
Overwrite
Companion
Boot
FAT
Macro
Worms
Directory
Trojans
Encrypted
Logic Bombs
Polymorphic
False Viruses
Viruses can be classified using multiple criteria: origin, techniques, types of files they infect, where they hide, the kind of damage they cause, the type of operating system or platform they attack etc.
A single virus, if it is particularly complex, may come under several different categories. And as new viruses emerge, it may sometimes be necessary to redefine categories or, very occasionally, create new categories.
The following are the most common types of viruses:
Resident Viruses
This type of virus hides permanently in the RAM memory. From here it can control and intercept all of the operations carried out by the system: corrupting files and programs that are opened, closed, copied, renamed etc.
Resident viruses can be treated as file infector viruses. When a virus goes memory resident, it will remain there until the computer is switched off or restarted (waiting for certain triggers to activate it, such as a specific date and time). In the meantime it sits and waits in hiding, unless of course an antivirus can locate and eliminate it.
Examples include: Randex, CMJ, Meve, MrKlunky.
Direct Action Viruses
The principal aim of these viruses is to replicate and take action when they are run. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file path. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.
Files infected with this type of virus can be disinfected, and completely restored to their original condition.
Overwrite Viruses
This type of virus is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.
Infected files do not change size, unless the virus occupies more space than the original file, because instead of hiding within a file, the virus replaces the files content.
The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.
Some examples of overwrite viruses include: Way, Trj.Reboot, Trivial.88.D.
Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.
This kind of virus does not affect files, but rather the disks that contain them. First they attack the boot sector of the disk then, once you start your computer, the boot virus will infect the hard drive of your computer.
The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.
Some examples of boot viruses include: Polyboot.B, AntiEXE
Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain macros. These include Word documents (DOC extensions), Excel spreadsheets (XLS extensions), PowerPoint presentations (PPS extensions), Access databases (MDB extensions), Corel Draw etc.
A macro is a small program that a user can associate to a file created using certain applications. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.
When a document containing macros is opened, they will automatically be loaded and may be executed immediately or when the user decides to do so. The virus will then take effect by carrying out the actions it has been programmed to do, often regardless of the program's built-in macro virus protection.
There is not just one type of macro virus, but one for each tool: Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Access, Corel Draw, Lotus Ami Pro, etc.
Some examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.
Directory Virus
An operating system finds files by looking up the path (composed of the disk drive and directory) in which each file is stored.
Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unwittingly running the virus program, while the original file and program have been previously moved by the virus.
Once infected it becomes impossible to locate the original files.
Encrypted
Encryption is a technique used by viruses so that they cannot be detected by antivirus programs.
The virus encodes or encrypts itself so as to be hidden from scans, before performing its task it will decrypt itself. Once it has unleashed its payload the virus will then go back into hiding.
Examples of encrypted viruses include: Elvira, Trile.
Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.
This makes it impossible for antiviruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.
Some examples include: Elkern, Marburg, Satan Bug, Tuareg.
Multipartite Virus
These advanced viruses can create multiple infections using several techniques. Their objective is to attack any elements that can be infected: files, programs, macros, disks, etc.
They are considered fairly dangerous due to their capacity to combine different infection techniques.
Some examples include: Ywinz.
File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified according to the actions that they carry out.
Companion Viruses
Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).
Some examples include: Stator, Asimov.1539, Terrax.1069.
FAT Virus
The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.
This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.
Worms
A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses. However, worms are not strictly viruses, as they do not need to infect other files in order to reproduce.
Worms can exist without damaging files, and can reproduce at rapid speeds, saturating networks and causing them to collapse.
Worms almost always spread through e-mail, networks and chat (such as IRC or ICQ). They can also spread within the memory of a computer.
Some examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.
Trojans or Trojan Horses
Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.
Trojans work in a similar way to their mythological namesake, the famous wooden horse that hid Greek soldiers so that they could enter the city of Troy undetected.
They appear to be harmless programs that enter a computer through any channel. When that program is executed (they have names or characteristics which trick the user into doing so), they install other programs on the computer that can be harmful.
A Trojan may not activate its effects at first, but when they do, they can wreak havoc on your system. They have the capacity to delete files, destroy information on your hard drive and open up a backdoor to your system. This gives them complete access to your system allowing an outside user to copy and resend confidential information.
Some examples of Trojans are: IRC.Sx2, Trifor.
Logic Bombs
They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.
Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.
False Viruses
These messages are often confused for viruses but are something else entirely. It is important to know the difference between a real virus threat and a false virus.
Hoaxes are not viruses, they are false messages sent by e-mail, warning users of a non-existent virus. The intention is to spread rumors causing panic and alarm among users who receive this kind of information.
Occasionally, hoax warnings include technical terms to mislead users. On some other occasions, the names of some press agencies are mentioned in the heading of the warnings. In this way, the hoax author attempts to trick users into believing that they have received a warning about a real virus. Hoaxes try to fool the user into performing a series of actions to protect themselves from the virus, sometimes leading to negative results.
Users are advised not to pay attention to these misleading warnings and delete these messages once received without sending them to others.
Symptoms of Virus Infection
Symptoms of Virus Infection
. While reading this article you may sound the tips too childish but nevertheless they can be critical. So don't overlook them and read on.
10 virus symptoms
Programs take longer to load. Memory-intensive operations take a lot of time to start.
A change in dates against the filenames in the directory. When the virus modifies a file the operating system changes the date stamp.
The floppy disk or hard disk is suddenly accessed without logical reason.
Increased use of disk space and growth in file size-the virus attaches itself to many files.
Abnormal write-protect errors. The virus trying to write to a protected disk.
Strange characters appear in the directory listing of filenames.
Strange messages like "Type Happy Birthday Joshi" (Joshi Virus) or "Driver Memory Error" (kak.worm) appear on the screen and in documents.
Strange graphic displays such as falling letters or a bouncing ball appear on screen.
Programs may hang the computer or not work at all.
Junk characters overwrite text in document or data files.
Your guide to safe computing
Listed below are some of the steps recommended by experts to safeguard your PC from viruses. These are a compilation of my past experiences and magazine sources.
Write-protect your floppy disks when using them on other computers.
Remove floppy disks from drives while booting.
Change a setting in the BIOS that enables your PC to boot from the C-drive first.
Use a good anti-virus program to scan floppy disks before copying files. Recommended ones are Norton Antivirus 2000 and Mcaffee 5.
Install software only from original write-protected disks with the publisher’s label.
Do not install pirated software, especially computer games.
Activate watch-guard programs (monitors) that look out for suspicious activity.
Use the update service offered by software vendors and update the anti-virus software every month.
Scan the entire hard disk twice a month.
Scan files downloaded from the Internet or those transferred through a network.
Prepare a rescue disk with critical system files. Preferably, it should be bootable.
Keep the original CD-ROM or diskettes containing the operating system handy.
. While reading this article you may sound the tips too childish but nevertheless they can be critical. So don't overlook them and read on.
10 virus symptoms
Programs take longer to load. Memory-intensive operations take a lot of time to start.
A change in dates against the filenames in the directory. When the virus modifies a file the operating system changes the date stamp.
The floppy disk or hard disk is suddenly accessed without logical reason.
Increased use of disk space and growth in file size-the virus attaches itself to many files.
Abnormal write-protect errors. The virus trying to write to a protected disk.
Strange characters appear in the directory listing of filenames.
Strange messages like "Type Happy Birthday Joshi" (Joshi Virus) or "Driver Memory Error" (kak.worm) appear on the screen and in documents.
Strange graphic displays such as falling letters or a bouncing ball appear on screen.
Programs may hang the computer or not work at all.
Junk characters overwrite text in document or data files.
Your guide to safe computing
Listed below are some of the steps recommended by experts to safeguard your PC from viruses. These are a compilation of my past experiences and magazine sources.
Write-protect your floppy disks when using them on other computers.
Remove floppy disks from drives while booting.
Change a setting in the BIOS that enables your PC to boot from the C-drive first.
Use a good anti-virus program to scan floppy disks before copying files. Recommended ones are Norton Antivirus 2000 and Mcaffee 5.
Install software only from original write-protected disks with the publisher’s label.
Do not install pirated software, especially computer games.
Activate watch-guard programs (monitors) that look out for suspicious activity.
Use the update service offered by software vendors and update the anti-virus software every month.
Scan the entire hard disk twice a month.
Scan files downloaded from the Internet or those transferred through a network.
Prepare a rescue disk with critical system files. Preferably, it should be bootable.
Keep the original CD-ROM or diskettes containing the operating system handy.
Anatomy of A Computer Virus
Anatomy of A Computer Virus
The most common question asked by not-so-informative net audience is the definition of a computer virus. I may say that a computer virus is a type of legitimate program. So what is that makes a virus stand apart from the rest?
The one outstanding feature of a virus is that it sets out with the aim of reproducing itself. People usually associate viruses with other actions such as damaging a system by, for instance, destroying data but this is not essential for a program to be classed as a virus. For example the Tiny series of viruses are coded with small size as there main criteria and don't waste code with damage routines. Other viruses use large amounts of code to hide themselves and thus by not attracting attention to themselves try to ensure there longevity. The name was given to this piece of malicious code due to its inherent ability to reproduce itself. So even if you have a piece of code that does nothing harmful to the system but keeps on making copies of itself then it can be branded as a computer virus.
Note:
By code, I mean any software written in any programming language. It may be legitimate or otherwise. This word will be in frequent use in further articles also.
The Tiny series is a category of computer viruses which get its name due to its small size (<1kb)
Now let us study the anatomy of a basic class of viruses. These properties are inherent of most viruses though the level of adaptation may differ from species to species. I can say that a virus has basically three parts
Replicator - The replicators job is to ensure the survival of the virus on a system. Most successful viruses do this by not inflicting damage on the system but by appending themselves to legitimate programs in the machine. Each time the program is run then the virus will 'wake up' and start to reproduce. As said earlier, this is the most important part of the virus code.
Concealer - This part of the virus has the job of hiding the virus. It uses a number of methods to do this but the point is if you don't know a virus is there then you wont try and kill it. Today's viruses use advance techniques to stop being caught from Antivirus software.
Payload - The payload of a virus can be practically anything, in fact if it can be programmed then it can be the payload. If a virus is going to have a long life then any damage it causes must either be very slight or not take place for a long period after infection. If an obvious payload gets delivered soon after infection then the user is soon going to notice and will go virus hunting. This does not help the long life or wide spread of a virus.
The most common question asked by not-so-informative net audience is the definition of a computer virus. I may say that a computer virus is a type of legitimate program. So what is that makes a virus stand apart from the rest?
The one outstanding feature of a virus is that it sets out with the aim of reproducing itself. People usually associate viruses with other actions such as damaging a system by, for instance, destroying data but this is not essential for a program to be classed as a virus. For example the Tiny series of viruses are coded with small size as there main criteria and don't waste code with damage routines. Other viruses use large amounts of code to hide themselves and thus by not attracting attention to themselves try to ensure there longevity. The name was given to this piece of malicious code due to its inherent ability to reproduce itself. So even if you have a piece of code that does nothing harmful to the system but keeps on making copies of itself then it can be branded as a computer virus.
Note:
By code, I mean any software written in any programming language. It may be legitimate or otherwise. This word will be in frequent use in further articles also.
The Tiny series is a category of computer viruses which get its name due to its small size (<1kb)
Now let us study the anatomy of a basic class of viruses. These properties are inherent of most viruses though the level of adaptation may differ from species to species. I can say that a virus has basically three parts
Replicator - The replicators job is to ensure the survival of the virus on a system. Most successful viruses do this by not inflicting damage on the system but by appending themselves to legitimate programs in the machine. Each time the program is run then the virus will 'wake up' and start to reproduce. As said earlier, this is the most important part of the virus code.
Concealer - This part of the virus has the job of hiding the virus. It uses a number of methods to do this but the point is if you don't know a virus is there then you wont try and kill it. Today's viruses use advance techniques to stop being caught from Antivirus software.
Payload - The payload of a virus can be practically anything, in fact if it can be programmed then it can be the payload. If a virus is going to have a long life then any damage it causes must either be very slight or not take place for a long period after infection. If an obvious payload gets delivered soon after infection then the user is soon going to notice and will go virus hunting. This does not help the long life or wide spread of a virus.
Trojans: The Method of Infection
The most simple method is to send a trojan via email. So you receive a message saying that a wonderful file is attached and it will coerce you to click on it. This one is for dumb heads. I assume you are not one of those who click every attachment without scanning it with an up-to-date AV.
Secondly, you may receive a file from someone you know and the file looks harmless enough. On clicking you find a small application running, so you rest assured that the file was not a trojan. Here is where the ingenuity of the hacker comes into play. What he does is that he joins the trojan horse with an harmless application. . Such joiners are widely available on the Net. (If you want one, try Joiner). He designs a new icon for it using Micro Angelo. If he uses sub 7, the best and the most dangerous trojan according to me, then the latest version comes with an inbuilt icon changer. So one can easily assign a mp3 icon to a sub 7 server. (More on sub seven later)
If you are an experienced net user (I assume male, though I am not gender biased), you can easily restrict yourself from falling prey to above methods. But can you resist the feminine charm? This is one of the most widely used and successful means to catch a prey who is not a fool. For this, you need ICQ (I don't need to tell you about this, right?). So you may meet someone on random chat claiming to be a sultry babe from Amsterdam. She arouses your erotic senses and then says that she wishes to send you an erotic photo of herself. Naturally, no male (Here I am talking about normal males, not those rare ones who can resist such a temptation) would like to miss such an opportunity. So you get an incoming file request, say pic.jpg. Now you know that trojan has to be an .EXE file, so this cannot be one. So you receive it and click it.
The file is indeed a Jpg file joined with a trojan. But it is a fact that though you can bind an exe file to a Jpg one, the final file has to be an exe. What the hacker does is that he renames the file as pic.jpg.exe. ICQ shows this as pic.jpg. So you end up making a fool of yourself.
These are not the only ways. New ingenious ways are being designed by thinking minds to get better of you. So keep your senses wide awake when dealing with someone unknown on the Net.
Secondly, you may receive a file from someone you know and the file looks harmless enough. On clicking you find a small application running, so you rest assured that the file was not a trojan. Here is where the ingenuity of the hacker comes into play. What he does is that he joins the trojan horse with an harmless application. . Such joiners are widely available on the Net. (If you want one, try Joiner). He designs a new icon for it using Micro Angelo. If he uses sub 7, the best and the most dangerous trojan according to me, then the latest version comes with an inbuilt icon changer. So one can easily assign a mp3 icon to a sub 7 server. (More on sub seven later)
If you are an experienced net user (I assume male, though I am not gender biased), you can easily restrict yourself from falling prey to above methods. But can you resist the feminine charm? This is one of the most widely used and successful means to catch a prey who is not a fool. For this, you need ICQ (I don't need to tell you about this, right?). So you may meet someone on random chat claiming to be a sultry babe from Amsterdam. She arouses your erotic senses and then says that she wishes to send you an erotic photo of herself. Naturally, no male (Here I am talking about normal males, not those rare ones who can resist such a temptation) would like to miss such an opportunity. So you get an incoming file request, say pic.jpg. Now you know that trojan has to be an .EXE file, so this cannot be one. So you receive it and click it.
The file is indeed a Jpg file joined with a trojan. But it is a fact that though you can bind an exe file to a Jpg one, the final file has to be an exe. What the hacker does is that he renames the file as pic.jpg.exe. ICQ shows this as pic.jpg. So you end up making a fool of yourself.
These are not the only ways. New ingenious ways are being designed by thinking minds to get better of you. So keep your senses wide awake when dealing with someone unknown on the Net.
hacking
The term "hacking" in the 1980's became a buzzword in the media which was taken to be derogatory and which by misuse and overuse was attached to any form of socially non-acceptable computing activity outside of polite society. Within this context "hackers" were assumed to be the fringe society of the computing fraternity, mainly characterized as "youngsters" who did not know any better and who had obtained access to a technology with which they terrorized the world of communications and computing. To be tagged as a "hacker" was to portray a person as member of a less than acceptable group of near criminals whose activities were not be to be undertaken by the upright citizenry.
This was not the view of educated and knowledgeable computer or security professionals. This was the work of the media that created the existence of a hypothetical class of individuals who can then be branded as villains of the cyber era. This built on and the true meaning of the word and the intentions of this class was totally sidetracked.
Hackers are not criminals. They don't have intentions to damage or cause loss. They originated from the class of people who had an intrinsic thirst for knowledge. They wanted to stop at no point for gaining knowledge and letting the world benefit from their knowledge. Many historians will agree to the fact that knowledge always has been dangerous. People like Galileo, Pythagoras, etc had been banned because of the knowledge they possessed which was contradictory to popular belief. Same is the case with hackers. They possess that knowledge which others don't want them to possess.
Hackers are driven by curiosity. They have the urge to win. That makes them more aggressive, more intent and hence more dangerous, not to cyber society but to those narrow minded individuals.
Hacking and cracking are activities that generate intense public interest. Whenever anyone reads that some site was hacked into, some people get delighted, some don't. People who are delighted are those who don't have anything to do with such sites or with the Internet on the whole. Or they may be the persons who were responsible for the incident. Those who didn't excite were those people who are skeptical of this cyber world but still cannot live without it. Also the security world wakes up from sleep.
This was not the view of educated and knowledgeable computer or security professionals. This was the work of the media that created the existence of a hypothetical class of individuals who can then be branded as villains of the cyber era. This built on and the true meaning of the word and the intentions of this class was totally sidetracked.
Hackers are not criminals. They don't have intentions to damage or cause loss. They originated from the class of people who had an intrinsic thirst for knowledge. They wanted to stop at no point for gaining knowledge and letting the world benefit from their knowledge. Many historians will agree to the fact that knowledge always has been dangerous. People like Galileo, Pythagoras, etc had been banned because of the knowledge they possessed which was contradictory to popular belief. Same is the case with hackers. They possess that knowledge which others don't want them to possess.
Hackers are driven by curiosity. They have the urge to win. That makes them more aggressive, more intent and hence more dangerous, not to cyber society but to those narrow minded individuals.
Hacking and cracking are activities that generate intense public interest. Whenever anyone reads that some site was hacked into, some people get delighted, some don't. People who are delighted are those who don't have anything to do with such sites or with the Internet on the whole. Or they may be the persons who were responsible for the incident. Those who didn't excite were those people who are skeptical of this cyber world but still cannot live without it. Also the security world wakes up from sleep.
Viruses – Types and Examples
Viruses – Types and Examples
I assume that you have become familiar with the definition and anatomy of a computer virus. As in medicine, in cases of Computer viruses too we have specialization depending on area of infection and amount of damage. So let us study the basic category of viruses.
Types of viruses
Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting.Examples: Form, Disk Killer, Michelangelo, and Stone virus
Program viruses: These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk.Examples: Sunday, Cascade
Multipartite viruses: A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk.Examples: Invader, Flip, and Tequila
Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.Examples: Frodo, Joshi, Whale
Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101
Macro Viruses: A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers.Examples: DMV, Nuclear, Word Concept.
Active X: ActiveX and Java controls will soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing applets free run into there machine. There has been a lot of commotion behind this and with the amount of power that JAVA imparts, things from the security angle seem a bit gloom.
These are just few broad categories. There are many more specialized types. But let us not go into that. We are here to learn to protect our self, not write a thesis on computer virus specification.
I assume that you have become familiar with the definition and anatomy of a computer virus. As in medicine, in cases of Computer viruses too we have specialization depending on area of infection and amount of damage. So let us study the basic category of viruses.
Types of viruses
Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting.Examples: Form, Disk Killer, Michelangelo, and Stone virus
Program viruses: These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk.Examples: Sunday, Cascade
Multipartite viruses: A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk.Examples: Invader, Flip, and Tequila
Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.Examples: Frodo, Joshi, Whale
Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101
Macro Viruses: A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers.Examples: DMV, Nuclear, Word Concept.
Active X: ActiveX and Java controls will soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing applets free run into there machine. There has been a lot of commotion behind this and with the amount of power that JAVA imparts, things from the security angle seem a bit gloom.
These are just few broad categories. There are many more specialized types. But let us not go into that. We are here to learn to protect our self, not write a thesis on computer virus specification.
Subscribe to:
Posts (Atom)