Multiuser systems, typically found on server systems, usually have the rights and authorized actions for users partitioned into groups. One group may be able to read most of the system, for example, but not modify system files. Another may be able to read sensitive files but not modify them. A superuser group, in contrast, has total access to the system and is able to read or write to arbitrary files and directories. In UNIX, this account is typically called “root” and has an ID of 0. In Windows NT, 2000, and XP, this is the “Administrator” account.
One of the reasons a worm such as Code Red or Nimda was able to do as much damage to systems as it did was the privilege level gained by the malicious worm. The server software that was attacked ran with system-level rights, meaning any actions it made were executed with elevated rights as well. When an attacker strikes the server and executes arbitrary commands, they are done in the context of the compromised application.
Read the rest of this entry »
The growth of viruses especially today are consider more worms as their spread infecting traffic and became big in volume. As we know there are several types of worms, most of them infecting computer or specific file with the help of internet. Internet in here of course trigger by something, commonly from email or by downloading certain files.
Based on the history as well some traffic infection by worms already occurs long time ago, As examples, Christma Exec and Morris worms are quite popular back then. Lets have a look more further about it.
Read the rest of this entry »
Island hopping named because it treats network blocks as islands on which it focuses attention before hopping away to a new, random destination. First discussed as a theoretical spread model after the release of Code Red 1, this spread pattern has proven to be highly effective in the long term.
The amount of attention spent on each network block can vary depending on the worm implementation. Typically, these boundaries fall on classfull network boundaries, such as /24, /16, /8, and, of course, /0. While this does not match many of today’s classless networks (which are subnetted on nonoctet boundaries), it does work well for the average case.
Read the rest of this entry »
Having established a system of interconnected nodes, their value can be increased by means of a control mechanism. The command interface provides this capability to the worm nodes. This interface can be interactive, such as a user shell, or indirect, such as electronic mail or a sequence of network packets.
Through the combination of the communication channel and the command interface, the worm network resembles a DDoS network. In this model, a hierarchy of nodes exists that can provide a distributed command execution pathway, effectively magnifying the actions of a host.
Read the rest of this entry »
Until recently, network security was something that the average home user did not have to understand. Hackers were not interested in cruising for hosts on the dial-up modems of most private, home-based users. The biggest concern to the home user was a virus that threatened to wipe out all of their files (which were never backed up, of course).
Now the situation has changed. Broadband technologies have entered the common home, bringing the Internet at faster speeds with 24-hour connectivity. Operating systems and their application suites became network centric, taking advantage of the Internet as it grew in popularity in the late 1990s. And hackers decided to go for the number of machines compromised and not high-profile systems, such as popular Web sites or corporate systems.
Read the rest of this entry »
A virus hoax is essentially the same as a chain letter, but contains “information” about some fictitious piece of malware. A virus hoax doesn’t do damage itself, but consumes resources – human and computer – as the hoax gets propagated. Some hoaxes may do damage through humans, advising a user to make modifications to their system which could damage it, or render it vulnerable to a later attack. What are lupus symptoms and lupus signs in women?
There are three parts to a typical hoax email:
1. The hook.
This is something that grabs the hoax recipient’s attention.
Read the rest of this entry »
There are several methods in detecting viruses, is it already infecting your computer or not. Today, lets discuss the first method, which is detecting through behavior monitors or blockers.
A behavior blocker is anti-virus software which monitors a running program’s behavior in real time, watching for suspicious activity. If such activity is seen, the behavior blocker can prevent the suspect operations from succeeding, can terminate the program, or can ask the user for the appropriate action to perform. Behavior blockers are sometimes called behavior monitors, but the latter term implies (rightly or wrongly) that no action is taken, and the burglars are only watched while they steal the silver. Products cables for the sound system. Cheap audio cables.
Read the rest of this entry »