September 27th, 2004, 07:54 AM
Virus Research Information Part Two: Greater Threats
Greetings AntiOnline. Hello and Welcome to Part Two of my "Virus Research Information" tutorial. In my last tutorial, I discussed what are the different types and kinds of viruses out there and I also gave you a basic definition. In this tutorial, I'm going to discuss Greater Threats that are associated with viruses (worm's and trojans). I hope you guy's enjoy and learn from this tutorial.
Greater Threat's: Oh My God, There's More!!
It couldn't possibly be true, but it is. The internet (much like the world) isn't a safe place to be in and just when you thought it was safe and you only had to worry about viruses, along came greater threats. In this little section, we're going to talk about two more greater threats -- The Trojan and The Worm (and no, I don't mean the condom and insect either). These two internet threat's have become such HUGE threats that they are right up there with viruses and hackers (considering hackers can use trojans, but we'll go into that in a bit). It's trojan's such as Sub7 that have given endless amounts of script kiddies the ability to wreak havoc on a foolish user's machine and it's worm's such as Sasser that make even the 6:00 news, as it costs many companies money for the damage it does. Right now I'm going to go into each one seperately and give you a detailed description and example of each. Then I'll give you some method's/way's to prevent being attacked or bitten by these internet hazards.
Trojans: 7h15 15 1337!!
Ahh, one of the many problem's out there that most network administrator's worry will strike their less-informed employee's -- the trojan aka the trojan horse applications. A trojan horse application is best defined IMO in AntiOnline's "Hacker Jargon Files":
Another name for a trojan is a backdoor, and the hacker jargon definition for a backdoor is listed as:
Trojan horse n.
[coined by MIT-hacker-turned-NSA-spook Dan Edwards] A malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses!
Now, trojans and backdoors are basically synonmous. A trojan can basically BE classified as another type of backdoor program (another type of backdoor program is a rootkit, RAT, etc). Both are meant for malicious purposes, both have caused script kiddies worldwide the ability (with a little social engineering skills) to take control over a poor victims PC. Now, trojans don't just give you control.. THEY GIVE YOU CONTROL. By that, you are given access to the systems files, the ability to disable the keyboard, disable the mouse, shutdown/reboot the system, print something from the system, open and close the CD-ROM drive, and MUCH more. Trojans, having a client-side end and a server-side end of it is what makes it unique and differenced from a virus. A virus has the creator who creates the virus and then from there thats it, the virus code does all the work and damage. However a trojan has a client and a server, the client to be administered by the person looking to cause damage, and the server being the "little virus" that goes onto the victims system and act's (like the name says) as a server, allowing the client to connect and have remote administration over the system.
back door n.
[common] A hole in the security of a system deliberately left in place by designers or maintainers. The motivation for such holes is not always sinister; some operating systems, for example, come out of the box with privileged accounts intended for use by field service technicians or the vendor's maintenance programmers. Syn. trap door; may also be called a `wormhole'. See also iron box, cracker, worm, logic bomb.
Historically, back doors have often lurked in systems longer than anyone expected or planned, and a few have become widely known. Ken Thompson's 1983 Turing Award lecture to the ACM admitted the existence of a back door in early Unix versions that may have qualified as the most fiendishly clever security hack of all time. In this scheme, the C compiler contained code that would recognize when the `login' command was being recompiled and insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.
Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler -- so Thompson also arranged that the compiler would recognize when it was compiling a version of itself, and insert into the recompiled compiler the code to insert into the recompiled `login' the code to allow Thompson entry -- and, of course, the code to recognize itself and do the whole thing again the next time around! And having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources.
The talk that suggested this truly moby hack was published as "Reflections on Trusting Trust", "Communications of the ACM 27", 8 (August 1984), pp. 761-763 (text available at http://www.acm.org/classics
). Ken Thompson has since confirmed that this hack was implemented and that the Trojan Horse code did appear in the login binary of a Unix Support group machine. Ken says the crocked compiler was never distributed. Your editor has heard two separate reports that suggest that the crocked login did make it out of Bell Labs, notably to BBN, and that it enabled at least one late-night login across the network by someone using the login name `kt'.
Having security from trojan's isn't as complicated or difficult as it would be made out to be. It is also very similiar to that of way's you could protect yourself from viruses. Below I'm going to list just a few quick tips to protect yourself from Trojans along with a link to an excellent trojan remover application.
-- DO NOT download files from people you don't know. Even people you do know, still scan anyways. It's best to be safe, afterall they may be infected with a trojan themselves.
-- DO NOT download software or programs unless it's from a trusted website or the vendors direct website.
-- DO scan any new software with a trojan remover.
-- DO use paranoia when accepting files from friends.
-- DO scan for trojans on your system using the trojan remover linked to you below.
-- For more tip's on trojan protection, you can use my tutorial "Tiny Virus Protection Tip Guide" and most of the tip's in there can also help you in concerning trojans.
For a really efficient and reliable trojan remover (one of the more widely used ones), click here to download and read up on it.
Worms: The Dirty Slimy Virus Plague
Worm's in today's world have gotten increasingly worse over a periodical amount of time. In short, a worm can be defined as a virus with a mind of it's own that spreads like wildfire. A worm requires no human interference once launched and many worms have been known to cause MAJOR amounts of damage to home systems and network servers alike. Here is AntiOnline's Hacker Jargon Definition of a worm:
A program that propagates itself over a network, reproducing itself as it goes. Compare virus. Nowadays the term has negative connotations, as it is assumed that only crackers write worms. Perhaps the best-known example was Robert T. Morris's Great Worm of 1988, a `benign' one that got out of control and hogged hundreds of Suns and VAXen across the U.S.
One of the more recent worms, Sasser, was talked about even during the 6pm news when it first came out. It affected and continues to affect many systems at an alarming rate. For more information concerning what you should know about Sasser, visit http://www.microsoft.com/security/incident/sasser.mspx
Security in this field is somewhat different in term's of what to go about doing and what to look for. Many people will say, "just follow what you know about virus security". I personally do that and I've never been bitten by a worm. I use my knowledge on the subject (viruses/worms), a little common sense/logic, and of course the following tips to prevent being bitten from worms:
-- Worms tend to like to travel through e-mail as attachments. Be wary of what you download off your e-mail. If it look's suspicious and seem's hazardous, chances are it is. Don't open it and delete it right away.
-- Worms can be disguised as programs/media downloaded off of p2p such as KaZaa. Scan your files and make sure nothing is infected.
-- Be paranoid.
-- Be kept up to date on your system. Always have everything fully patched and updated to the maximum.
-- Be on the look out for new worms. Subscribe to bugtraq or symantec's response team and keep updated on whats new and whats out there. Awareness is key.
-- Try to look online for worm removal tools/guides/etc so you are prepared. Also, remember safe mode is your friend. Atleast it's mine.
-- (Personal Tip) Visit http://www.us-cert.gov/current/current_activity.html to be aware of current activity at the moment. You can never be too aware, since new hazard's are always coming out.
-- Be smart. Treat your system like it's worth gold and make sure your security is baby's ass tight.
In conclusion of this tutorial, I think we have established that both of these two hazards which are classified alongside viruses are just as deadly and fatal to your system/network/PC. Hopefully you will be protected against them and will know what to do in the event of an emergency. I'm going to write a part three of this little "series" discussing Advanced Security Measures that can be taken to fully secure a network (yes, network.. meaning we MIGHT have to spend some money!) from the hazards discussed.