Results 1 to 10 of 10

Thread: Virus Research Information Part Two: Greater Threats

  1. #1
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055

    Virus Research Information Part Two: Greater Threats

    Greetings AntiOnline. Hello and Welcome to Part Two of my "Virus Research Information" tutorial. In my last tutorial, I discussed what are the different types and kinds of viruses out there and I also gave you a basic definition. In this tutorial, I'm going to discuss Greater Threats that are associated with viruses (worm's and trojans). I hope you guy's enjoy and learn from this tutorial.


    Greater Threat's: Oh My God, There's More!!

    It couldn't possibly be true, but it is. The internet (much like the world) isn't a safe place to be in and just when you thought it was safe and you only had to worry about viruses, along came greater threats. In this little section, we're going to talk about two more greater threats -- The Trojan and The Worm (and no, I don't mean the condom and insect either). These two internet threat's have become such HUGE threats that they are right up there with viruses and hackers (considering hackers can use trojans, but we'll go into that in a bit). It's trojan's such as Sub7 that have given endless amounts of script kiddies the ability to wreak havoc on a foolish user's machine and it's worm's such as Sasser that make even the 6:00 news, as it costs many companies money for the damage it does. Right now I'm going to go into each one seperately and give you a detailed description and example of each. Then I'll give you some method's/way's to prevent being attacked or bitten by these internet hazards.

    Trojans: 7h15 15 1337!!

    Ahh, one of the many problem's out there that most network administrator's worry will strike their less-informed employee's -- the trojan aka the trojan horse applications. A trojan horse application is best defined IMO in AntiOnline's "Hacker Jargon Files":

    Trojan horse n.

    [coined by MIT-hacker-turned-NSA-spook Dan Edwards] A malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses!
    Another name for a trojan is a backdoor, and the hacker jargon definition for a backdoor is listed as:

    back door n.

    [common] A hole in the security of a system deliberately left in place by designers or maintainers. The motivation for such holes is not always sinister; some operating systems, for example, come out of the box with privileged accounts intended for use by field service technicians or the vendor's maintenance programmers. Syn. trap door; may also be called a `wormhole'. See also iron box, cracker, worm, logic bomb.

    Historically, back doors have often lurked in systems longer than anyone expected or planned, and a few have become widely known. Ken Thompson's 1983 Turing Award lecture to the ACM admitted the existence of a back door in early Unix versions that may have qualified as the most fiendishly clever security hack of all time. In this scheme, the C compiler contained code that would recognize when the `login' command was being recompiled and insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.

    Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler -- so Thompson also arranged that the compiler would recognize when it was compiling a version of itself, and insert into the recompiled compiler the code to insert into the recompiled `login' the code to allow Thompson entry -- and, of course, the code to recognize itself and do the whole thing again the next time around! And having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources.

    The talk that suggested this truly moby hack was published as "Reflections on Trusting Trust", "Communications of the ACM 27", 8 (August 1984), pp. 761-763 (text available at http://www.acm.org/classics). Ken Thompson has since confirmed that this hack was implemented and that the Trojan Horse code did appear in the login binary of a Unix Support group machine. Ken says the crocked compiler was never distributed. Your editor has heard two separate reports that suggest that the crocked login did make it out of Bell Labs, notably to BBN, and that it enabled at least one late-night login across the network by someone using the login name `kt'.
    Now, trojans and backdoors are basically synonmous. A trojan can basically BE classified as another type of backdoor program (another type of backdoor program is a rootkit, RAT, etc). Both are meant for malicious purposes, both have caused script kiddies worldwide the ability (with a little social engineering skills) to take control over a poor victims PC. Now, trojans don't just give you control.. THEY GIVE YOU CONTROL. By that, you are given access to the systems files, the ability to disable the keyboard, disable the mouse, shutdown/reboot the system, print something from the system, open and close the CD-ROM drive, and MUCH more. Trojans, having a client-side end and a server-side end of it is what makes it unique and differenced from a virus. A virus has the creator who creates the virus and then from there thats it, the virus code does all the work and damage. However a trojan has a client and a server, the client to be administered by the person looking to cause damage, and the server being the "little virus" that goes onto the victims system and act's (like the name says) as a server, allowing the client to connect and have remote administration over the system.

    Trojan Security

    Having security from trojan's isn't as complicated or difficult as it would be made out to be. It is also very similiar to that of way's you could protect yourself from viruses. Below I'm going to list just a few quick tips to protect yourself from Trojans along with a link to an excellent trojan remover application.

    -- DO NOT download files from people you don't know. Even people you do know, still scan anyways. It's best to be safe, afterall they may be infected with a trojan themselves.

    -- DO NOT download software or programs unless it's from a trusted website or the vendors direct website.

    -- DO scan any new software with a trojan remover.

    -- DO use paranoia when accepting files from friends.

    -- DO scan for trojans on your system using the trojan remover linked to you below.

    -- For more tip's on trojan protection, you can use my tutorial "Tiny Virus Protection Tip Guide" and most of the tip's in there can also help you in concerning trojans.


    For a really efficient and reliable trojan remover (one of the more widely used ones), click here to download and read up on it.

    Worms: The Dirty Slimy Virus Plague

    Worm's in today's world have gotten increasingly worse over a periodical amount of time. In short, a worm can be defined as a virus with a mind of it's own that spreads like wildfire. A worm requires no human interference once launched and many worms have been known to cause MAJOR amounts of damage to home systems and network servers alike. Here is AntiOnline's Hacker Jargon Definition of a worm:

    A program that propagates itself over a network, reproducing itself as it goes. Compare virus. Nowadays the term has negative connotations, as it is assumed that only crackers write worms. Perhaps the best-known example was Robert T. Morris's Great Worm of 1988, a `benign' one that got out of control and hogged hundreds of Suns and VAXen across the U.S.

    One of the more recent worms, Sasser, was talked about even during the 6pm news when it first came out. It affected and continues to affect many systems at an alarming rate. For more information concerning what you should know about Sasser, visit http://www.microsoft.com/security/incident/sasser.mspx

    Worm Security

    Security in this field is somewhat different in term's of what to go about doing and what to look for. Many people will say, "just follow what you know about virus security". I personally do that and I've never been bitten by a worm. I use my knowledge on the subject (viruses/worms), a little common sense/logic, and of course the following tips to prevent being bitten from worms:

    -- Worms tend to like to travel through e-mail as attachments. Be wary of what you download off your e-mail. If it look's suspicious and seem's hazardous, chances are it is. Don't open it and delete it right away.

    -- Worms can be disguised as programs/media downloaded off of p2p such as KaZaa. Scan your files and make sure nothing is infected.

    -- Be paranoid.

    -- Be kept up to date on your system. Always have everything fully patched and updated to the maximum.

    -- Be on the look out for new worms. Subscribe to bugtraq or symantec's response team and keep updated on whats new and whats out there. Awareness is key.

    -- Try to look online for worm removal tools/guides/etc so you are prepared. Also, remember safe mode is your friend. Atleast it's mine.

    -- (Personal Tip) Visit http://www.us-cert.gov/current/current_activity.html to be aware of current activity at the moment. You can never be too aware, since new hazard's are always coming out.

    -- Be smart. Treat your system like it's worth gold and make sure your security is baby's ass tight.


    Conclusions

    In conclusion of this tutorial, I think we have established that both of these two hazards which are classified alongside viruses are just as deadly and fatal to your system/network/PC. Hopefully you will be protected against them and will know what to do in the event of an emergency. I'm going to write a part three of this little "series" discussing Advanced Security Measures that can be taken to fully secure a network (yes, network.. meaning we MIGHT have to spend some money!) from the hazards discussed.
    Space For Rent.. =]

  2. #2
    I was going to post something about the importance of a firewall, but I guess that's part 3. Am I right?

  3. #3
    Senior Member
    Join Date
    May 2004
    Posts
    519
    it is now... heh

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    I was going to post something about the importance of a firewall, but I guess that's part 3. Am I right?
    Yes, you are correct. Part three will be about Advanced Security Measures concerning primarily a network which means (like I stated) we'll talk about solutions which might cost money. Firewall's and it's importance will definitely be discussed.
    Space For Rent.. =]

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Heh, sorry to double post.. but I basically recieved little/no feedback at all on my tutorial and I really like hearing everyone's take and feedback on my tutorial whether positive or negative the comments are. So if you have ANY feedback at all, please post your thoughts. Perhaps what you wanna see in future version(s), what you'd like explained more, what was explained great, what wasn't, etc etc. Thanks and again, sorry to double post.
    Space For Rent.. =]

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    It adds nothing new to this place. It is innacurate in many places and contains poor writing. It is very enthusiastic though. I will leave the point by point deconstruction to someone else.
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    lumpy: Please point out the inaccurate places. I obviously need to correct my tutorial if I'm wrong in certain spots, no? Poor writing? Again, please give me an example. Please refer to the title of it "Virus Research Information Part Two" in reference to it not adding something to this site. It is part two of research information I have been doing/conducting and am writing for, for AntiOnline.

    Any other thoughts, comments, suggestions, recommendations, critisizm, etc?
    Space For Rent.. =]

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Well first I would say that to title the piece "Virus Research Information" and then talk about worms and trojans is a little off base. It might be because you are using dated references. I would suggest getting yourself a copy of Ed Skoudis' book "Malware: Fighting Malicious Code" and give it a good read.... It is a good read....

    Then many of the innacuracies that lumpy alluded to will be clear. Suffice it to say statements like:-

    Worms tend to like to travel through e-mail as attachments.
    would not be in the tutorial, because they don't...... They do if they are a part of a "Blended Threat" piece of Malware but not as a virus. Per Skoudis:- Viruses require human intervention, Worms don't - they propogate independent of human activity. Thus, worms wouldn't fall into your research except as an afternote that referred to Blended Threats.

    That being the case the section on defense against worms would come down to two things:-

    1. Firewall, or turn off all non-essential services
    2. Patch Management

    Section complete... OK... Over-simplified.... But that's the basics....

    You clearly are working hard on this but you started out wrong, IMO. Had you made the subject Malware then you would have been more appropriate with the current subject matter. As it is you have written a three, (or more), part series that is mistitled and therefore, in some ways, mis-informing your audience. To me, (and maybe _only_ to me), that implies you don't know your subject..... You may or may not, but the difference between the title and the content shows, at a minimum, that you seem to be confusing the various concepts and lumping them under the wrong nomenclature..... (sheesh.. big word.... couldn't come up with another appropriate one.... )

    My thoughts on the subject......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    So you think perhaps maybe instead of worms I should have concentrated on malware (a topic I know alot more about as well, which would have benefited myself and the tutorial)?

    Thank you TigerShark for your honest opinion and thoughts
    Space For Rent.. =]

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Worms, viruses and trojans are all Malware. You can probably lump in some of the more invasive spyware and adware nowadays since much of their behavior is being modeled on aspects of Malware itself.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •