Computer Infections/Attacks
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Computer Infections/Attacks

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675

    Post Computer Infections/Attacks

    Computer Infections/Attacks

    Lately it seems that the good guys are getting hammered by computer infections and attacks more frequently than before. Not only is it coming from the script kiddie, that on his own, he couldn’t write and compile the most simplistic of all “C” programs like:

    #include <stdio.h>
    int main(void)
    {
    printf(“I’m a script kiddie, member of the lost generation!”);
    return 0;
    }

    /*Darn it, now I gave him something he could use to say I resemble some piece of the human anatomy!*/

    But more and more we are seeing folks complaining about Browser Hijacks, Trojans, the Bot-gone-bad, Spam, Cookies, Spyware, Adware, new Viruses and Worms, and of course the mutant versions of the previous strains. So I thought maybe it's time to create one list with the most common of them together and provide a description of those computer infections and attacks of destruction that our adversaries are employing. The hope is that by educating the inquiring minds that venture into AO, we may help them avoid the trends that propagate those forms of infection and attack.

    MALWARE: As the name implies, these are generally undesirable, unfriendly, unsolicited - in that the users didn’t request them, and they may not even initially be aware of their presence. In the earlier years “Malware” generally only applied to Trojans, Viruses, and Worms. However because of the maliciousness of these other forms of attacks, we might as well group them all under the same definition.

    Top of the list is the COOKIE. When you visit a web site, if your browser is set to accept Cookies, they may be downloaded onto your computer. Originally they were small friendly programs that were designed to assist you with websites. They were stored in the “Cookie Folder” thus the name Cookie.

    In existence today, there are still useful cookies that assist you in your Internet Surfing, and of course there are malicious cookies. The latter are the ones we need to be concerned about. They can be very specific about their target, conduct a broad sweep, or a random sample. Many of them possess devious intentions which may include: tracking your surfing habits to assist the Spam-a-Rooniacs in determining which ads to send you, verifying whether your email account is active so they can send you more Spam, and so forth. Unfortunately it does get worse than just Spam. Some sophisticated malicious Cookies actually contain Spyware that allows the deviants to access your computer and all of your files. Regardless, the overall goal of the malicious Cookie is to covertly take advantage of you.

    Next is ADWARE: In our world we have come to acknowledge some advertising as a necessity to keep an activity up and running. Obviously the sponsor wants his due and maybe rightfully so. Well, Adware goes beyond any reasonableness that we have come to expect. It is usually an additional program that is downloaded and installed concurrently with a freeware or shareware program. In some predetermined manner differing ads will appear and disappear. This annoyance is really bothersome if the ads continue to pop-up when you are not running that particular program any longer. Who wants to keep closing all the banners?

    SPAM: Spam is a flooding or a saturation of advertisements (just blindly sending it to everyone they can using mass mailing bots) etc., most commonly found in your email. The objective is to have you do something or to get something from you. In most cases, they want your hard earned money! Although annoying as can be, as of yet, not much harm will most likely come to your computer as a result of normal Spam. Simply delete it without opening it. However, if you open one of them, or click on the box that says something to the effect, “Click here to stop receiving this ad”, you have just let them know that they have found a live host on the other end of that particular email address. After that little slip, you can anticipate receiving additional Spam.

    BROWSER HIJACKS: A Browser hijack assault is completed by programs designed to take charge of your browser and redirect the user to pornographic websites. All efforts to change your browser’s homepage back are usually in vain. A well-known hijacker is CoolWebSearch (or CWS). Once it has infected a computer, in addition to the affects listed above, it makes changes to your registry and can also generate undesirable pop-ups. Unpatched IE browsers are most vulnerable, however, Netscape and Mozilla attacks are starting to emerge as well. How do you get hijacked? Normally it is by visiting a questionable website, but you can also become infected by receiving and opening email from those sites (some of the spam that is starting to litter our accounts as well). Unpatched mail clients are also vulnerable to this attack.

    A TROJAN HORSE or more commonly called a “Trojan”, is a program that contains malicious code that is hidden within what would appear as a normal useful program An obvious type of the Helena of Troy story. Trojans do not generally copy/replicate themselves though. Rather their damage is caused when the program is run. A common casualty is the erasing/formatting of ones hard disk.

    The source code for almost every Trojan is floating around on the Internet. Just like a human viral infection the Trojans are continually mutated. The most common reason is to avoid detection.

    The Trojans in use today may be found using the full spectrum of port numbers. The higher port numbers have been most commonly used for inserting backdoors for remote access and are usually accessed through the Internet, dial-up, network, and so on. The lower port numbers are used for stealing user information such as passwords and user identification. The Trojan may also employ the service directly related to the lower ports. Such as telnet, etc.

    Virus: Computer code that hitches a ride on real programs, documents, etc. Similar to it’s biological counterpart that infects the “ugly bag of mostly water” carbon units (Old Star Trek series). Of itself, it can’t do any harm. It requires a host to survive and is transmitted from one unit to another. A computer virus duplicates itself by using the host’s programs and it usually carries a “payload” that causes some type of damage at a specified time. The degree of damage is based on what type of virus it is and the objectives of the dark side. Normally, three stages make up the life of a computer virus.

    When the computer first catches the virus, the virus is considered “activated”. The most common ways, in which to become infected with a virus is through a floppy disk that is carrying the virus, an email attachment from what appears to be a friend or a subject of interest, and warez (pirated software).

    After the infestation has begun, the next stage starts as the virus attempts to “duplicate” itself. The goal here is to infect as many additional computers as it can. A classic manner in which this transpires is through the address books on our email programs. The virus sends itself to every name listed therein.

    The most common final dastardly deed the virus will attempt to complete is to “dump its payload” at a specified time. That does not necessarily mean an actual period of time according to a clock or a date. Rather it may well be your next reboot of your computer or the next time you try to defrag your hard drive, etc.

    Worm: A worm differs from a virus in that the worm does not require a host (program or document, etc.) to infect a computer. It is a self-contained, self-compiling program that copies itself. It thrives in a computer network environment. Generally it searches for a known exploit/vulnerability in a particular operating system or software on one workstation, clones itself onto that machine, then searches the Network or even the Internet for it’s next victim. It may have different objectives including allowing someone to check out the contents of your hard disk.

    Defenses: The only sure defense is to never hook your computer up to a network, never go online, and never even turn it on because once you install some software, it could already have malicious junk included! So if you want to follow that advise, don’t buy a computer. But rather, go outside and get a rock and place it on your computer table. That way you’d have a paperweight that didn’t cost too much. The unfortunate part about that thought process is that the rock probably has it’s own critters on the underside, so now you’re infected anyway.

    We don’t need to be that fearful about going online, but rather exercise prudent judgment regarding your surfing habits and create a layered defense. There are many outstanding threads in AO that discuss the topic of computer security and how to set up your defenses. So at your leisure peruse through them.

    Just a few closing reminders: if you visit sites that are questionable don’t expect to slip out of there unscathed. If you open an email attachment from an unknown source, without scanning it for viruses first, you may well infect your computer. If you download programs from sites that do not have proper certificates or are not reputable, don’t be surprised at what may happen. The dark side is full of characters that like to wreak havoc and many of them produce sophisticated code that can and will avoid initial detection regardless of all of our efforts. Just as quickly as patches/updates can be produced the other side is creating and mutating code. And finally, use that gray matter stored in your brain-housing group. If it looks and smells like a skunk, don’t go up and kick it in the butt. Stay away from it.

    As Paul Harvey would say, “Good Day!”

    Sources:

    Most current information obtained with: www.google.com

    Other Sources:
    -Steal This Computer Book 2, by Wallace Wang.
    -Secrets of Computer Espionage, by Joel McNamara.
    -Hack Attacks Revealed, by John Chirillo.
    -Hacking Exposed – Network Security Secrets and Solutions, by Stuart McClure, Joel Scambray, and George Kurtz.
    Connection refused, try again later.

  2. #2
    Shouldnt this be a tutorial ? Very good inormation on a lot of different things.

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Well I guess it could be. However I wanted to target the guest that comes to look at the subject. And to my surprise, I just checked the Users Online area and some guests were looking at it! Mission accomplished.

    cheers
    Connection refused, try again later.

  4. #4
    Ok, stupid question: I'm well aware of the dangers of cookies and block 90% accordingly. However, I didn't realize how far they could go acting as programs. How does this work since they're text files rather than executables?

  5. #5
    Member
    Join Date
    Oct 2003
    Posts
    40
    As a systems administrator I'd recommend creating a mirror to this list: system vulnerabilities that permit these infections/attacks to cause damage. The problem with understanding these terms in the original post and how these attackers work is that understanding how one does its thing doesn't necessarily prepare a person to prevent attacks in the future.

    A simplistic version of this list (and I don't want to divert the thread by writing out the whole thing) would include:

    software vulnerabilities
    system misconfigurations
    shared confidential data
    user misbehavior.

    Come to think of it, I agree that this could be bumped out into a fundamental security tutorial which uses vocabulary as its basis. It strikes me that Relyt may be focusing on the problem of misunderstanding among newbies regarding the terms in his list, and I agree with that whole-heartedly. Some of the problems people have with these terms (and consequently taking advice about how to deal with them) reminds of a lonnnnnngggg discussion I had to have with my dad once trying to explain that his 'PC' is not really his 'hard drive'.

  6. #6
    AntiOnline n00b
    Join Date
    Feb 2004
    Posts
    665
    Ok, stupid question: I'm well aware of the dangers of cookies and block 90% accordingly. However, I didn't realize how far they could go acting as programs. How does this work since they're text files rather than executables?
    hi

    You are well aware of the dangers of cookeis . What kind of dangers are we talking about. Cookies aren't that dangerous . Tey can't act as programs/Aplications nor they can contain Virues. They just Contain User Information that you might have supplied to a particular Web Site.

    Only danger that i see is cookies made by advertising agencies. And there are a lot of them these days. Those huge Banned that we see everywhere now a days. Now they might use the information in your cookies to track your Internet usage and use that information to tailor the ads that you see(e.g Double Click you must have heard about it). Thats the only danger that i see people keeping track of your surfing habits , if you are a Privacy Freak like me you should block them ..

    And cookes made by one Server say Yahoo can't be viewed by other so don't worry about information stealing. Only the one that made it can access it.

    Hope this helps AngelicKnight
    _good Luck--

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    brichards99,

    As you recognized, my intent was to provide definitions/descriptions for folks that were cruising through looking for that very thing.

    So I thought maybe it's time to create one list with the most common of them together and provide a description of those computer infections and attacks
    At work, I continually hear all kinds of misconceptions about trojans, viruses, etc.. And for the most part it is because they are unaware. The next obvious step may be what you mentioned:

    creating a mirror to this list: system vulnerabilities that permit these infections/attacks to cause damage.
    And if you want to take the lead and do that please jump in and have fun.

    Also the cleanup after the computer(s) have been infected is well covered in AO by other threads so we won't need to do that.

    cheers
    Connection refused, try again later.

  8. #8
    Cookies aren't that dangerous . Tey can't act as programs/Aplications nor they can contain Virues. They just Contain User Information that you might have supplied to a particular Web Site.
    ...verifying whether your email account is active so they can send you more Spam, and so forth. Unfortunately it does get worse than just Spam. Some sophisticated malicious Cookies actually contain Spyware that allows the deviants to access your computer and all of your files.
    These two statements seem to be in conflict. Which is correct? If the latter, I'm back at my first question -- How does this work since cookies are text files and not executables?

  9. #9
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    AngelicKnight

    Hello,

    Survery says:
    Some sophisticated malicious Cookies actually contain Spyware
    But you block most of them anyway. I'll send you some more specifics in a pm. Thanks for bringing it up though.

    edit: well incase it comes up again, thought I'd post it here rather than a pm:

    Here ya be:

    CERT® Coordination Center

    http://www.cert.org/tech_tips/malicious_code_FAQ.html

    What might happen if my web browser is exposed to a malicious script?

    Among the possibilities are capturing your password and other information you believe is protected. You should also be concerned because malicious scripts can be used to expose restricted parts of your organization's local network (such as their intranet) to attackers who are on the Internet.

    Attackers may also be able to use malicious scripts to infect cookies with copies of themselves. If the infected cookie is sent back to a vulnerable web site and passed back to your browser, the malicious script may start running again. Note: This is not a vulnerability in web cookies; rather, a malicious script takes advantage of the functionality of cookies.
    Connection refused, try again later.

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Relyt,

    I think that you should incorporate one or two of the suggestions and make this into a tutorial.

    Http://www.winpatrol.com

    Nice free (for private use) tool that incorporates a good cookie manager...........fools the site into thinking that its cookie has been set, then eats it! You can also set generic keywords and partial keywords which will get any cookie containing them eaten.

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides