May 25th, 2004, 03:23 AM
Lately it seems that the good guys are getting hammered by computer infections and attacks more frequently than before. Not only is it coming from the script kiddie, that on his own, he couldn’t write and compile the most simplistic of all “C” programs like:
printf(“I’m a script kiddie, member of the lost generation!”);
/*Darn it, now I gave him something he could use to say I resemble some piece of the human anatomy!*/
But more and more we are seeing folks complaining about Browser Hijacks, Trojans, the Bot-gone-bad, Spam, Cookies, Spyware, Adware, new Viruses and Worms, and of course the mutant versions of the previous strains. So I thought maybe it's time to create one list with the most common of them together and provide a description of those computer infections and attacks of destruction that our adversaries are employing. The hope is that by educating the inquiring minds that venture into AO, we may help them avoid the trends that propagate those forms of infection and attack.
MALWARE: As the name implies, these are generally undesirable, unfriendly, unsolicited - in that the users didn’t request them, and they may not even initially be aware of their presence. In the earlier years “Malware” generally only applied to Trojans, Viruses, and Worms. However because of the maliciousness of these other forms of attacks, we might as well group them all under the same definition.
Top of the list is the COOKIE. When you visit a web site, if your browser is set to accept Cookies, they may be downloaded onto your computer. Originally they were small friendly programs that were designed to assist you with websites. They were stored in the “Cookie Folder” thus the name Cookie.
In existence today, there are still useful cookies that assist you in your Internet Surfing, and of course there are malicious cookies. The latter are the ones we need to be concerned about. They can be very specific about their target, conduct a broad sweep, or a random sample. Many of them possess devious intentions which may include: tracking your surfing habits to assist the Spam-a-Rooniacs in determining which ads to send you, verifying whether your email account is active so they can send you more Spam, and so forth. Unfortunately it does get worse than just Spam. Some sophisticated malicious Cookies actually contain Spyware that allows the deviants to access your computer and all of your files. Regardless, the overall goal of the malicious Cookie is to covertly take advantage of you.
Next is ADWARE: In our world we have come to acknowledge some advertising as a necessity to keep an activity up and running. Obviously the sponsor wants his due and maybe rightfully so. Well, Adware goes beyond any reasonableness that we have come to expect. It is usually an additional program that is downloaded and installed concurrently with a freeware or shareware program. In some predetermined manner differing ads will appear and disappear. This annoyance is really bothersome if the ads continue to pop-up when you are not running that particular program any longer. Who wants to keep closing all the banners?
SPAM: Spam is a flooding or a saturation of advertisements (just blindly sending it to everyone they can using mass mailing bots) etc., most commonly found in your email. The objective is to have you do something or to get something from you. In most cases, they want your hard earned money! Although annoying as can be, as of yet, not much harm will most likely come to your computer as a result of normal Spam. Simply delete it without opening it. However, if you open one of them, or click on the box that says something to the effect, “Click here to stop receiving this ad”, you have just let them know that they have found a live host on the other end of that particular email address. After that little slip, you can anticipate receiving additional Spam.
BROWSER HIJACKS: A Browser hijack assault is completed by programs designed to take charge of your browser and redirect the user to pornographic websites. All efforts to change your browser’s homepage back are usually in vain. A well-known hijacker is CoolWebSearch (or CWS). Once it has infected a computer, in addition to the affects listed above, it makes changes to your registry and can also generate undesirable pop-ups. Unpatched IE browsers are most vulnerable, however, Netscape and Mozilla attacks are starting to emerge as well. How do you get hijacked? Normally it is by visiting a questionable website, but you can also become infected by receiving and opening email from those sites (some of the spam that is starting to litter our accounts as well). Unpatched mail clients are also vulnerable to this attack.
A TROJAN HORSE or more commonly called a “Trojan”, is a program that contains malicious code that is hidden within what would appear as a normal useful program An obvious type of the Helena of Troy story. Trojans do not generally copy/replicate themselves though. Rather their damage is caused when the program is run. A common casualty is the erasing/formatting of ones hard disk.
The source code for almost every Trojan is floating around on the Internet. Just like a human viral infection the Trojans are continually mutated. The most common reason is to avoid detection.
The Trojans in use today may be found using the full spectrum of port numbers. The higher port numbers have been most commonly used for inserting backdoors for remote access and are usually accessed through the Internet, dial-up, network, and so on. The lower port numbers are used for stealing user information such as passwords and user identification. The Trojan may also employ the service directly related to the lower ports. Such as telnet, etc.
Virus: Computer code that hitches a ride on real programs, documents, etc. Similar to it’s biological counterpart that infects the “ugly bag of mostly water” carbon units (Old Star Trek series). Of itself, it can’t do any harm. It requires a host to survive and is transmitted from one unit to another. A computer virus duplicates itself by using the host’s programs and it usually carries a “payload” that causes some type of damage at a specified time. The degree of damage is based on what type of virus it is and the objectives of the dark side. Normally, three stages make up the life of a computer virus.
When the computer first catches the virus, the virus is considered “activated”. The most common ways, in which to become infected with a virus is through a floppy disk that is carrying the virus, an email attachment from what appears to be a friend or a subject of interest, and warez (pirated software).
After the infestation has begun, the next stage starts as the virus attempts to “duplicate” itself. The goal here is to infect as many additional computers as it can. A classic manner in which this transpires is through the address books on our email programs. The virus sends itself to every name listed therein.
The most common final dastardly deed the virus will attempt to complete is to “dump its payload” at a specified time. That does not necessarily mean an actual period of time according to a clock or a date. Rather it may well be your next reboot of your computer or the next time you try to defrag your hard drive, etc.
Worm: A worm differs from a virus in that the worm does not require a host (program or document, etc.) to infect a computer. It is a self-contained, self-compiling program that copies itself. It thrives in a computer network environment. Generally it searches for a known exploit/vulnerability in a particular operating system or software on one workstation, clones itself onto that machine, then searches the Network or even the Internet for it’s next victim. It may have different objectives including allowing someone to check out the contents of your hard disk.
Defenses: The only sure defense is to never hook your computer up to a network, never go online, and never even turn it on because once you install some software, it could already have malicious junk included! So if you want to follow that advise, don’t buy a computer. But rather, go outside and get a rock and place it on your computer table. That way you’d have a paperweight that didn’t cost too much. The unfortunate part about that thought process is that the rock probably has it’s own critters on the underside, so now you’re infected anyway.
We don’t need to be that fearful about going online, but rather exercise prudent judgment regarding your surfing habits and create a layered defense. There are many outstanding threads in AO that discuss the topic of computer security and how to set up your defenses. So at your leisure peruse through them.
Just a few closing reminders: if you visit sites that are questionable don’t expect to slip out of there unscathed. If you open an email attachment from an unknown source, without scanning it for viruses first, you may well infect your computer. If you download programs from sites that do not have proper certificates or are not reputable, don’t be surprised at what may happen. The dark side is full of characters that like to wreak havoc and many of them produce sophisticated code that can and will avoid initial detection regardless of all of our efforts. Just as quickly as patches/updates can be produced the other side is creating and mutating code. And finally, use that gray matter stored in your brain-housing group. If it looks and smells like a skunk, don’t go up and kick it in the butt. Stay away from it.
As Paul Harvey would say, “Good Day!”
Most current information obtained with: www.google.com
-Steal This Computer Book 2, by Wallace Wang.
-Secrets of Computer Espionage, by Joel McNamara.
-Hack Attacks Revealed, by John Chirillo.
-Hacking Exposed – Network Security Secrets and Solutions, by Stuart McClure, Joel Scambray, and George Kurtz.
Connection refused, try again later.