-
Hi quod
You asked about malware and vulnerabilities? I would guess that maybe 95% of malware written in the last 6 months use "vulnerabilities", generally in the operating system.
Viruses are by far the oldest malware, and tend to rely on stealth & infection. Trojans tend to rely on User stupidity to run them. Worms just travel the net, and frequently rely on an unwary user to unleash them. Some are network aware, and use vulnerabilities in the OS.
DoS and DDoS attacks rely on machines having already been taken over. Of themselves, they just generate massive traffic to swamp a target. The means of the "bots" getting taken over might be by exploitation of a vulnerability, but could be a trojan that an unsuspecting user has launched? probably from an e-mail attachment.
Nukes and vandals are crude, full frontal destructive assaults. They may or may not exploit vulnerabilities in the operating system. (Buffer overflows and suchlike)
I think the message is that current trends are for exploits based on vulnerabilities in the operating systems, rather than the stealth and infection that I usually associate with viruses.
We have actually seen a decline in the social engineering approach I think....that is where the User is fooled into opening an attachment (running a script) that loads the malware.
To make things even more complicated, there has been a trend of late for malware to use more than one method, so thay don't fall nicely into categories any more.
Now that I am sure I have totally confused you, I might as well join DeafLamb and get drunk :D
Have a good week-end
EDIT: Sites?...Try CERT, CIAC and the Microsoft Security Bulletins themselves.
Cheers
-
Quote:
Originally posted here by qod
btw , who writes exploits
Uhhhh... whoever owns a computer...
Or peaple with alot more brains/time on their hands than you?
http://www.antionline.com/showthread...294#post667294
http://www.antionline.com/showthread...329#post668329
Quote:
Originally posted here by qod
and any good sites on the subject.
BugTraq, SecurityFocus, (Google)... you name it. The list goes on from there.
-
Well thought I would check back on this thread. Have quite a bit of Killian's Irish Red in be now. Looks like the thread is going quite splendidly. All I know is that my computer is probably quite vulnerable, but has not been exploited.
Haha I made a funny.
Love, Peace, and The Penguin.
DeafLamb
-
are there any types of exploits??
-
heh , well yes of course there are types of exploits... There are exploits that are designed to run on a specific architecture.. So don't go get dev c++ and try to compile an exploit on your windows box designed to exploit a vulnerability in Sun lol... More info at www.insecure.org
-
Nihil, I hope you are enjoying yourself as much as I am right now. Back to the vulnurbulity (don't know if i spelled that right) issue. Pretty much having a computer becomes a vulnurbulity. Increase that 10 fold if the computer is connected to a network. Increase the chances even more if the computer is connected to the internet. No computer is one hundred percent safe, ever. Given a long enough amount of time, and enough devotion, any system can be compromised. It's just the nature of the beast, even if your computer is not connected to any network, no computer is physicaly safe. That in itself is a vulnurbuility, if your computer can be accessed physicaly by strangers (ie at work after hours), then it can be exploited.
Now that I'm done with my conspricary theory that everyone is out to get me, I'll drink more beer.
Enjoy
DeafLamb
-
Quod,
It seems to be more usual to describe the vulnerability, rather than the exploit TYPE.
For example you might see "The ABC worm exploits the XYZ vulnerability in Internet Explorer"
The actual "exploit" is usually only defined at a high level such as "trojan", "worm", "Mass Mailer" and so on. This is because the exploit is totally dependent on the vulnerable environment and the lack of patches, rather than standing alone in its own right like a traditional virus.
Viruses tend to be classed into types.
You might go to the Semantec(Norton) and NAI (McAfee) websites and see how they classify malware.
Be warned! there is no "standard" in the AV/security industry, so one company may use a different name from another, for the same malware.
Cheers
