Virus Programming - Hack. With. Mak. Instant messaging attacks originated in the abuse of the m. IRC /DCC Send command.
A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send. VX Heaven site is dedicted to providing information about computer viruses (virii) and web space for virus authors and groups. Examples of Malicious Computer Programs. As with any rapidly propagating virus or worm. For example, if the BadTrans.B worm could not find the victim's e. Features of vxheaven : Free virus collection for download. All viruses are categorized with their types such as Trojans, spyware, Worms, Rootkits, Hoaxes, Hack Tools. This command can be used to send a file to users connected to a particular discussion channel. Normally, attackers modify a local script file, such as script. IRC to instruct the instant messaging client to send a file to a recipient any time a new participant joins a discussion. In this way, the attacker can avoid modifying any local files. Although several instant messenger software programs require the user to click a button to send a file, worms can enumerate the dialog boxes and . It is also expected that computer worms will exploit buffer overflow vulnerabilities in instant messenger software. For example, certain versions of AOL Instant Messenger software allow remote execution of arbitrary code via a long argument in a game request function. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Unlike a virus a worm is a self-contained program and does not need to attach itself to an executable files. An example of a network worm is Bumerang. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e- mails with viruses as attachments in the e- mail. A worm is similar to a virus by its design, and is considered to be a sub- class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e- mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In more recent worm attacks such as the much- talked- about . Blaster Worm., the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely. A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self- replicate. Added into the mix, we also have what is called a blended threat. A blended threat is a sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one threat. Blended threats use server and Internet vulnerabilities to initiate, transmit and spread an attack. This combination of method and techniques means blended threats can spread quickly and cause widespread damage. Characteristics of blended threats include: causes harm, propagates by multiple methods, attacks from multiple points and exploits vulnerabilities. Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats require no human intervention to propagate. In some cases, it might be a bad idea to infect a host program. For example, many anti- virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti- virus software. Another type of host that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti- virus software, or by anti- virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus. It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus. When these files are modified, the anti- virus software warns the user that a virus is probably active on the system. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week. Stealth. Some viruses try to trick anti- virus software by intercepting its requests to the operating system. A virus can hide itself by intercepting the anti- virus software’s request to read the file and passing the request to the virus, instead of the OS. The virus can then return an uninfected version of the file to the anti- virus software, so that it seems that the file is . Modern anti- virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean. Self- modification. Most modern antivirus programs try to find virus- patterns inside ordinary programs by scanning them for so- called virus signatures. A signature is a characteristic byte- pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) . Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus. Encryption with a variable key. A more advanced method is the use of simple encryption to encipher the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn't required, since self- modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious. An old, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive- or operation had only to be repeated for decryption. It is suspicious code that modifies itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions. Polymorphic code. Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well- written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Anti- virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti- virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. List of computer worms - Wikipedia. From Wikipedia, the free encyclopedia. Name. Alias(es)Type. Subtype. Isolation date. Isolation. Origin. Author. Notes. Badtrans. Mass mailer. November 2. Installed a keylogger; distributed logged information. Bagle. Beagle, Mitglieder, Lodeight. January 1. 8, 2. 00. Mass mailer. Blaster. Lovesan. August 1. Gruel. exe Makes all exe's unusable so the computer probably can't reboot. Hopkins, Minnesota. Jeffrey Lee Parson. Targeted toward Bill Gates; contained message ? Stop making money and fix your software!! Smith. Not originally intended as harmful, but crashed servers by flooding them with e- mail. Morris. November 2, 1. Robert Tappan Morris. Widely considered to be the first computer worm. Although created for academic purposes, the negligence of the author unintentionally caused the worm to act as a denial of service attack. It spread by exploiting known vulnerabilities in UNIX- based systems, cracked weak passwords, and periodically altered its process ID to avoid detection by system operators. Mydoom. W3. 2. My. Doom@mm, Novarg, Mimail. R, Shimgapi. January 2. Fastest- spreading e- mail worm known; used to attack SCO Group. Mylife. W3. 2. My. Life. C@mm. April 2, 2. At startup, it kills the process lsass. Killing lsass causes the computer to reboot one minute later, which would cause sasser to run again. This would continue in an infinite loop until the computer is shut down manually. Sircam. Spread through e- mail with text like.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2016
Categories |