Most malware is platform-specific: It targets specific operating systems, applications,
and vulnerabilities to spread more quickly.
Trojan horses
Trojan horses — named after the infamous Greek wooden horse used to penetrate the city of Troy .
Trojan are executable files, often transmitted via e-mail, that masquerade as legitimate programs but actually perform malicious acts.
Trojan-horse code works in the background — doing things like deleting information,
gathering passwords, and capturing keystrokes — while a legitimatelooking program, such as a screen saver or game, runs in the foreground.
Many Trojans — called remote-access Trojans, or RATs — set up backdoors on the systems they infect, allowing hackers to access them remotely and control them from across the Internet. Many Trojans aren’t detected by antivirus programs. With all things being equal (and antivirus software running), this is the malware you should be afraid of. Some common RATs are NetBus,
SubSeven, and Back Orifice.
Viruses
Computer viruses are the best-known malware category. Viruses are programs that are often self-replicating — meaning that they can make copies of themselves — and attach to executable files, deleting information and crashing computers whenever a user or other process runs the program. Even PDA viruses exist, some of which drain batteries and call 911 for you — how
thoughtful!
Worms
Worms are self-propagating programs that travel around the Internet at lightning
speed. They load up in memory, effectively exploit known software vulnerabilities,
and often end up crashing the systems.
Rootkits
Rootkits are nasty applications that hackers can use to control a computer completely, with the ultimate prize of crashing the system or stealing information. Rootkits are mostly found on UNIX systems but are becoming popular on the Windows platform. Rootkits are sets of programs that either :-
Masquerade as typical administrator command-line programs
Integrate into the kernel, or core, of the operating system
Kernel-based rootkits, such as Knark for Linux and the FU rootkit for Windows, tie into the actual operating system. With these programs, hackers can
Hide system processes and applications from the Windows Task Manager
or the process list in UNIX
Change the group membership of processes and applications so that a malicious program can run as the system, administrator, or root account
Modify environment variables
Make programs look like they were run by another user, concealing the hacker’s identity in audit logs
Spyware
Spyware programs spy on you and sometimes even capture and transmit
confidential information from your computer. They’re installed as cookies,
Windows Registry entries, and even executables on the local computer.
“Legitimate” spyware that may be installed by an administrator or other
person to watch someone’s computer usage includes SpectorSoft’s eBlaster
and Spector Pro, and TrueActive (formerly known as WinWhatWhere).
These programs are extremely powerful and capture video screen shots, turn
on the local microphone, track Web browsing, and even forward copies of
e-mails sent and received to a third-party address. Powerful and scary!
Adware is similar to spyware but a little less intrusive. It tracks Internet usage
and pulls targeted ads to specific users, based on their habits.
Built-in programming interfaces
Programming interfaces built into operating systems can be used maliciously:
Java applets are programs written in the Sun Microsystems programming
language. Although these programs run in a sandbox — or safe area — to
ensure that the local system is not compromised by malicious code, they
can still cause security problems.
Microsoft .NET applications are programs written based on the new
application framework from Microsoft. Like Java applets, these programs
have their own playpen that helps ensure that malicious code is
not executed.
ActiveX controls are Microsoft-based programs that everyone loves to
hate. ActiveX controls can be executed with minimal effort in such applications
as Internet Explorer, Outlook, and other Microsoft programs.
Their control over a computer can potentially cause serious harm to a
computer system and its stored information.
VBScripts are scaled-down versions of Microsoft’s Visual Basic programming
language. Similar to ActiveX controls, these scripts can wreak
havoc on local data.
Many of the common malware programs traversing the Internet today
are VBScripts.
Windows Script Host (WSH) is a script processor built into Windows —
similar to DOS batch files — that can be used to perform malicious acts.
JavaScript programs, which are similar to ActiveX and VBScripts, are
written in Netscape’s scripting language. They can cause computers
harm if users willingly run them within Web browsers and e-mails.
Not all applications written in these programming interfaces are malicious.
Many legitimate programs are used every day that run just fine and don’t do
any harm.
Logic bombs
A logic bomb is a program — often, an automated script using regular network
administration tools — that is scheduled to run when it’s triggered by a certain
event, such as someone’s logging in, or run on a specific date or time, such as
two weeks after an employee is let go.
Logic bombs are a common way for disgruntled employees to seek revenge
on their former employers. Some logic bombs have destroyed entire databases
of information, including the famous logic bomb planted by Tim Lloyd
at Omega Engineering a few years back. This program erased all the information
from the company’s NetWare server, putting a stop to its manufacturing
processes. This event resulted in $10 million in damages to the company, and
ultimately, 80 employees got laid off.
Security tools
Your own security tools can be used against you. This includes the following
tools:
Vulnerability scanners, such as Nessus and even the tried-and-true
Netcat tool, can place backdoors in your systems.
Network analyzers, including the ARP poisoning tools ettercap and
dsniff.
Application Hacking
The DOS debug program that still ships with Windows.
The NetWare debugger backdoor.
You access the backdoor by pressing Shift+Alt+Shift+Esc all at the same
time (using both Shift keys) at the server console.
To Know "how malware propogates " see here...
0 comments:
Post a Comment