Sunday, January 27, 2019

Malware Discussion Essay

The use of malware is a way for feelerers to gain chafe to person information from a personal reckoner or fellowship information from an organization. There are several(prenominal) types of malware which entangle computer computer virus, root kit ups, and worms. to each one malware serves divergent purposes to achieve the goal of an attacker. An attacker could be envious of a aside lover and could send a virus to their e-mail to shutdown the operations of their computer. A disgruntle employee could send a worm to their honest-to-god ships comp whatsoever(prenominal) and slow down production of the company.A random person sounding for a thrill could set up a rootkit on a companys network to gain access to company secrets. Each malware is given a score specified for its cause, for example the Trojan Worm. The name is given to this virus because of the activity that happens once it is executed. Viruses are named by antivirus companies who empty utilize proper names. The g enus Melissa virus was named by its creator, David Smith, for a Miami stripper. This paper forget discuss 5 different types of malware and inform the targets for these attacks.Discussion of Malware The basic malware that will be discussed is the Melissa Virus. This virus was detected on the twenty-sixth of March 1999. This virus is a Microsoft Word macro virus that is delivered as an E-mail attachment. The virus is activated when an attachment named, list. doc is opened. When it is activated, the Melissa virus searches the Microsoft Outlook address book and sends a message to the frontmost 50 names. This virus proliferates itself as users open the attachment. Melissa doesnt work on Outlook Express, just Outlook.The message appears to come from the person just infected, which kernel that the message will seem to come from a recogniz subject email address. Melissa doesnt destroy files or other re solutions, but has the hypothesis to immobilize unified and other mails servers. The origin of the Melissa virus is from an network alt. sex newsgroup and contains a list of passwords for various Web sites that require memberships. Melissa besides has the ability to disable some security safeguards. Users of Microsoft Word 97 or 2000 with Microsoft Outlook 97, 98, or 200 are most believably to be affected.When the virus attacks, it toilette infect the double of Microsoft Word that is installed as well as any following Word documents that are created. It can also change the setting of Microsoft Word to make it easier for the computer to construct infected by it and succeeding macro viruses. Users of Word 97 or 2000 containing any other E-mail programs can be affected also the difference is that Melissa will not automatically redistribute itself to the contacts by means of other E-mail programs. It can still however infect the copy of Microsoft installed on the machine.This infected copy can still be share with others if a document is created in the infect ed copy and distributed through E-mail, lax disk, or FTP. Although the virus wont appeal to the mailout on a Mac system, it can be stored and resent from Macs. To avoid this virus, it is suggested to not double-click any file, such(prenominal) as an E-mail attachment, without scanning it first with antivirus packet, regardless of who it is from. The succeeding(a) malware to be discussed is SQL interjection which is an attack where poisonous code is placed in within strings that are shortly passed on to an example of SQL emcee for parsing and implementation.A form of SQL injection consists of direct placing of code into user- enter variables that link with SQL commands and executed. An attack that is not as direct, inserts malicious code into strings that are intend for storage in a table or as metadata. The malicious code is executed once the stored strings are linked into a dynamic SQL command. In SQL Injection, the hacker uses SQL queries and ingenuity to get to the database of susceptible corporate data through the web application.Websites with features as poundin pages, support and product crave forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape fresh websites and provide businesses with the means necessary to communicate with prospects and customers are all open to SQL Injection attacks. The reason behind this is because the fields visible(prenominal) for user input allow SQL statements to pass through and query the database directly. SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input.There have been several reports of SQL attacks, dating back to 2005. The websites that have became victim to these attacks range from Microsoft U. K. to Lady barbarians website. To avoid SQL injection flaws, it is suggested that developers need to either a) stop writing dynamic queries and/or b) prevent user supplied input which contains malicious SQL from touch on the logic of the executed query. The next malware discussed will be Stuxnet. Stuxnet is a computer worm that targets due south industrial software and equipment running Microsoft Windows, and was observe in June 2010.Although Stuxnet isnt the first attack to target industrial systems, it is however the first discovered malware that actually moles on and weakens industrial systems. Stuxnet is also the first malware to include a programmable logic crackler rootkit. Stuxnet is designed to target specifically due south supervisory control and data acquisition systems that are configured to control and monitor specific industrial processes. The PLCs are infected by Stuxnet debilitative the Step-7 software application that is used to reprogram these devices.Stuxnet is different from other malware as it only if attacks computers and networks that meet a specific configuration requirement. Stuxnet contains a safeguard and if Siemens software isnt discovered on the infected computer will prevent each infected computer from spreading the worm to more than three others, and to erase itself on June 24, 2012. Along with other things for its victims, Stuxnets contains code for a man-in-the-middle attack. Stuxnet will spread through removable devices such as an USB private road in a Windows operating system by using a four zero-day attack.After it has infected the removable drive, it uses other utilizations and techniques to infect and update other computers inside private networks. Stuxnet infects Step 7 software by infecting project files belong to Siemens WinCC/PCS 7 SCADA control software and weakens a key communication library of WinCC called s7otbxdx. dll. It is recommended by Siemens to contact customer support if and infection is detected and advises installing Microsoft patches for security vulnerabilities and prohibiting the use of third-party USB gaudy drives. Next, Zeus, also know as Zbot virus will be discussed.This virus is geared toward financial institutions such as banks. Zeus was first discovered in July 2007 after being used to steal information from the US DOT. Zeus is set up to infect a consumers PC, and wait until the log onto a list of targeted banks and financial institutions and steal their credentials and sends them to a foreign server in real time. Zeus can also inject HTML into a page that is provided by the browser, this displays its own content quite of the actual page from the banks web server. By doing this, it is able to obtain users information such card numbers and pins.According to SecureWorks, genus Zeus is sold in the criminal underground as a kit for around $3000-4000, and is likely the one malware most utilized by criminals specializing in financial fraud. According to Lucian Constantin, Zeus is one of the oldest and most popular crimeware toolkits available on the underground market. Up until this year the Trojan could only be acquired for significant sums of money from its original causality. However, a few months ago the source code leaked online and now anyone with the proper knowledge can create variations of the malware. besides according to SecureWorks, The latest version of Zeus as of this date is 1. 3. 4. x and is privately sold. The author has gone to great lengths to protect this version using a Hardware-based Licensing System. The author of Zeus has created a hardware-based licensing system for the Zeus detergent builder kit that you can only run on one computer. erstwhile you run it, you get a code from the specific computer, and then the author gives you a key just for that computer. This is the first time they have seen this level of control for malware.The CTU recommends that businesses and home users carry out online banking and financial transactions on isolated workstations that are not used for general Internet activities, such as web browsing and reading email which could increase the essay of infection. The last malware that w ill be discussed is the chargeman worm also known as Lovsan, Lovesan, or MSBlast. The Blaster worm spreads on computers that have Windows XP and Windows 2000 as an operating system and was detected in August of 2003. The creator of the B variant of the Blaster worm, Jeffrey Lee Parson was an 18 year old from Hopkins, Minnesota.He was arrested on August 29, 2003, admitted to the creation of the B variant, and was sentenced to 18-months in prison house in January 2005. A Windows component known as the DCOM (Distributed Component goal Model) interface which is a known vulnerability of Windows is taken advantage of by Blaster. The DCOM handles messages sent using the RPC (Remote Procedure Call) protocol. Vulnerable systems can be compromised without any interaction from a user, according to Johannes Ullrich, chief technology officer at the SANS Internet Storm Center, which monitors threats to the Internet infrastructure.According to Mikko Hypponen, manager of antivirus research at F-Se cure in Helsinki, Blaster unlike the Code Red worm, which contained code for a similar attack once against the IP address of White Houses main Web server, targets the windowsupdate. microsoft. com domain, which prevents Microsoft from changing the address of the domain to sidestep the attack. Blasters code is small and can be quickly remote using free tools provided by F-Secure as well as other antivirus vendors, Hypponen said. However, customers should patch their systems before removing Blaster to prevent from getting infected again from the worm, he said.

No comments:

Post a Comment