Pages

Friday, January 30, 2009

Spam: know more?

You may noticed that a folder named spam in your email account. Most of the people think that spam is only the email send by a person with another person's identity thereby hiding his own identity. Actually spam is anonymous as described above and is unsolicited bulk e-mail.
The spam is send by a person by hiding his own identity and provide the identity of another person. The receiver will think that the mail has come from the person whose identity is given by the person who created the spam. Generally the intention behind sending spam is to make money. The opening of the email will give the spammer a small amount of money for opening the mail by the recipient. Since the chance of opening the mail by the recipient is very low, spammers send the mail to more persons with fake identity. Fake identity is provided to make the recipient feel that the mail has come from the correct person or a person whom he trust. Often the legitimate mail resembles a spam. Spam message may include political messages, financial scams, etc. But the thing to be given most care is in the case of spams that carry some malwares.
Today the email traffic is dominated by the spams. Most of the spams are targeted to promote the selling of certain goods. But in most cases the selling of these goods are illegal like black market. But the user need not be aware of this illegal trade. In some cases the spams informs the recipient that he had won a cash prize and for the transfer of the amount the recipient must give the details of his bank account. If the recipient sent the details of his bank account, the spammer can empty the bank account of the recipient. In such cases the spam is called scam.
There are different types of spams today. They include: Adult Content, Health, IT, Personal Finance, Education/Training.
Care must be given in handling the e-mail to avoid the spams. The spammers use the combination of words and numbers to create a fake email id. So your e-mail must be in such a way that it must be difficult for creating by the combination of words and numbers. Another thing is that you must maintain two e-mail addresses- one for public use like registering in forums, chating etc and other for your private use. The second one does not declared public. Do not open a message if you are sure that it is a spam. The opening of such messages may help the spammers to gather more information about your e-mail. Do not respond/reply to a spam. This will help the spammers more than what we think. Use a good filtering software for filtering the spam messages.

Thursday, January 29, 2009

Beware of Trojans

Trojans are the most dangerous among the malicious software. They have the capability of wide range of destruction of data and can even disable the software that are installed to defend the computer from trojans and viruses. As the internet became more sophisticated more and more types of trojans arosed. Hacker are responsible for the creation of trojans. Generally a trojan is masked by the author in some useful applications and allows the victim to download and use the software. The author may even declare that the use of product will not cause any harm to the computer. But the trojan attached to the software will do its job sincerely. It will send the data to the attackers computer. Using this data the attacker can validate several things including the browsing habit of the victim. Such trojans even send the private data to the attacker's computer. Some trojans kill the security software and make deals with several useful softwares like browsers for its action. Such trojan can take you to a fake site that looks like the original site and takes information like account number.

Most of the trojans were made for the purpose of spying. As many of you know that the trojan has two module: a server and the client. The sever is installed in the attacker's computer and the client is installed in the victim's computer. The client in the victim's machine send the data in the victim's computer to the server in the attacker's computer. Trojans have the capability to read the keystrokes from the victim's computer and send to the the attacker's computer. Some trojans even send the screen shot of the applications running in the victim's machine.
You can download several types of outdated trojans and easily detected by anti-trojan softwares from VX Heavens (http://vx.netlux.org/). This site also provide several viruses, worms, constructors, simulators, source codes of viruses and more...But keep in mind that making or promotion of malicious software is strictly illegal.
You can protect your system from trojans by installing the anti-trojan softwares. Today several anti-trojan softwares are available in the internet for downloading. It is always better to use a well updated anti-trojan in your system. You will get more information about trojan in http://www.anti-trojan.org/

Some useful links are given below:

http://www.anti-trojan-software-reviews.com/
Contains a survey of some of the top anti-trojan softwares

http://www.anti-trojan.org/
Gives you more information about trojans and related malicious softwares. The site also gives some anti-trojans for downloading.

http://ezinearticles.com/?How-Trojan-Virus-Threats-on-Your-Computer-Can-Put-Your-Financial-Information-at-Risk&id=1585959
This site contain an article about the trojan.

Wednesday, January 28, 2009

Disable Autoruns in XP and Vista

You may know that most of the computer viruses infects the computer through the pen drives is due to the autorun. There are several softwares available in the market that can disable or kill the autoruns. Some anti viruses block the autoruns if the drive is infected. We can disable autoruns in XP and vista in a very easy way.You will take only a little time to disable autoruns in XP and Vista.
There are several methods available for disabling the autoruns. One method which works in both XP and Vista is given below.

Open a notepad and type the following:


REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"


Save the notepad with '.reg' extension(eg:atrun.reg). While saving make sure that the type of file is set to 'All Files'.
Navigate to the saved location and open the file. Windows will display a message asking you wether you want to add these data to the registry. Click 'Yes'.

Friday, January 23, 2009

Vaccine For Virus

Now let us look into how to cure the viruses. We have a problem here is that we do not have a generalized solution. We have to deal with different viruses in different manner. This made the task tougher. But there is no other option.

The first thing we have to know is the type of virus. The next thing we have to know is the working of the virus. The working of the virus can be studied by carefully examining the virus program. Now there are several decompilers and simulators are available for this purpose.

Now let us start with Bootstrap viruses. Suppose a Bootstrap virus copies the contents of the location side 0, track 0 and sector 1 to a location side 0, track 0 and sector 7 (this is in the case of Stone virus).

In this case, we know the location where the virus will copy the original program. So the solution is simple. Boot from a non-infected disk and copy the contents of the location side 0,track 0 and sector 7 to the normal location of side 0, track 0 and sector 1. In the case of the partition table infected by the virus, we can copy-paste or cut-paste the original boot programs to its correct location. But whatever you do to remove the virus from the hard disk or from the floppy, the entire work will be futile as long as the virus is active in the memory. One of the solution is to boot from a safe disk. Most of the anti-virus program try to delete the virus from the memory. Some will end in success while others request for a reboot to kill the virus before booting. If you Avast anti virus you may notice that sometimes the anti-virus shows a message for scheduling a boot scan informing that the virus is active in memory. However the above mentioned era has been gone.

Now we have to deal with advanced viruses. The file viruses are one among them. In the case of file viruses, it attach itself to a file. This is done in different methods. One is to reduce the base address of the file by the size of the virus and get copied to the present memory location of the file. In this case our job become tougher. One solution is to continuously monitoring the size of the file. But this solution would fall when we edit that file or when copy a file from a infected disk. Here there is another effective solution. Each virus has its own signature. Signature is a unique set of codes for each type of virus. By reading the contents of the memory location of the file we are able to check for the virus. If the virus signature is present, we can easily detect the viruses, only provided we should know the codes in the virus signature. This can be done simply by writing a program for reading from the memory and comparing the content of the memory with virus code. If all the code match with any of the part in the file memory, then we can cure the file by reading the file contents only and deleting the virus code. In the extreme case we have to delete the whole file.

Most of the anti-virus has two parts- a database and a program. The database contains the virus signatures and the program compares for a match in the file code and the virus codes. If any of the mismatch occur in the codes occur then the program will leave the entire block since there is no chance for the virus infection. This is the reason why most of the anti-virus requires updates. The updating will enable by adding the virus signatures of the newly found viruses to the anti-virus database and the the anti-virus program is modified for detecting the new viruses according to there method of infection.

So for protecting your PC from the attack of the viruses you have to install an updated anti-virus software and update it whenever it is required. Care should be taken in selecting the anti-virus. Before selecting the anti-virus you must make sure that the anti-virus detects latest viruses and updates are available from time to time.

Tuesday, January 20, 2009

Booting From An Infected Disk

I for got to put a post on how the booting from an infected floppy disk or drive affects the computer. Now let us look into it. A infected disk means it contains potentially harmful files such as viruses or Trojans. If it is a bootable disk the virus may be in the boot sector of the disk which is a very dangerous condition. In the case of hard disks the virus may be in the partition table or boot sector or in both location. The virus in the infected boot disk ensures the original content of the boot sector are copied to a safe location so that it will not be lost easily.
Now let us checkout how the booting from an infected disk affects the computer. Before entering into this topic one must know about the booting procedure. (I have already put a post on booting from a non-infected disk. Click here to refer it.) It will be helpful if you refer it.
The various stages of the booting from infected disk is given below:
a)POST routines are executed.
b)Set up the Interrupt Service Routine Table (IVT).
c)The size of the RAM is calculated during the RAM test and the size is stored in the location 0x413 and 0x414.
d)Standard equipments are initialized.
e)Non standard equipments are initialized.
f)Reading the boot up sequence.
g)The contents in the boot sector are loaded into the main memory and the control is passed to the program in the main memory. In the infected disk virus will be loaded in to the main memory and the control is passed to the virus in the main memory.
h)Virus gets loaded in a memory where a bootstrap program gets loaded. The virus cannot load the file IO.SYS. So virus has to load Disk Bootstrap Program in to the memory. This Disk Bootstrap Program is loaded in the place where the virus is loaded. As a result the virus will be overwritten. Thus the virus in the memory is destroyed. But the virus maker is too tricky and he will not let it to do so. The virus is programmed to load a copy of itself in the high end of the memory before loading the Disk Bootstrap Program. The size of the memory will be available at the location 0x413 and 0x414. The virus after loading into the high end of the main memory, it reduces the size of the memory stored in the location 0x413 and 0x414 by its size. After this process the virus will load the Disk Bootstrap Program and the control is passed to it.
i)The remaining part of the booting will occur in the normal way. But the virus will be active in the memory. It can capture interrupts and perform malicious task. It captures the interrupt for writing into memory and copies itself into the memory whenever the interrupt for memory writing is called. This way by capturing interrupts and being active in the memory the virus is able to spread themselves and perform malicious tasks in the computer. Since these processes does not informs anything to the user, the user feels that everything is OK and the virus will remain undetected. If we try to boot a system with an infected disk, the virus will affect that system also.

Sunday, January 11, 2009

General precautions



It is very hard to keep your computer safe from the attack of the viruses. Today most of the viruses infects the computers through the pen drives and internet. The CDs are also a medium of infection. With the arrival of flash drives the usage of CDs has been reduced to great extend. So we have to take precautions to reduce the infection. Some steps of avoiding infections are listed below:


  • Do not connect the flash drives or other memories that you are not sure about the content.
  • Use autorun killer softwares to increase
  • Install a good anti-virus to defend your system from viruses. It is very important to update the anti-virus periodically. Only the updated anti-virus can detect the new viruses.
  • Enable firewall which will increase the computer's security.
  • Shut down the computer in its proper way otherwise, you are helping the virus (if any) for its action.
  • The booting increases the chance for spreading of the viruses. So if there is an infection, switch on the system when you are ready to kick off the virus from your system.
  • Do not share CDs or DVDs burnt using an infected system.
  • Try to avoid the usage of cracks and patches for the sharewares.
  • Avoid viewing the restricted sites.
  • Some sites ask you to download Activex to view the content. Download Activex only from the publisher site.



These are only precautions. It does not guaranties that your system will be completely free from viruses. Taking these precautions will only reduce the risk of virus infection for your computer.

Saturday, January 10, 2009

Common Symptoms of Virus Infection

It is not possible to protect our system completely from the attack of the viruses. It will enter in to the system by several means. Most of the viruses shows its presence to the user when it has gained almost all the control of the computer.


Since the most commonly used operating system is WINDOWS, the systems running on windows are more subjected to virus attacks. Some of the common symptoms of virus infection are given below:
  • Disabling of the windows applications like Task Manager, Registry Edit, Folder Options etc. Since these applications point out the user about their existence and can be removed by the user easily with the help of these application. some viruses try to disable these applications.
  • You may see .exe files having the icon of folder and having the name of the containing folder. The most commonly seen name is new folder. The user being unknown of this virus tries to open it and the virus starts its job. Its working can be stopped by going to the task manager->processes->(name of the virus)->end process. This will stops the virus temporarily, not permanently.
  • Computer stops or restart responding when try to use certain softwares. This is because the virus may delete some of the files required by the software for its working. This will lead the system to an unknown state or a crash.
  • When you open certains emails with strange attachments, suddenly dialog boxes appear and your system performance will degrade suddenly.
  • The presence of the files havind double extension like .gif.exe, .avi.vbs, etc
  • The uninstalling of the antivirus software or the disabling of the antivirus software.
  • Strange pop ups and notifications appear alerting you about the system security.
  • Your friends receving infected mail from you.
  • Unexpected sounds from the speakers while playing media player. Flickering of the visual display.
  • Certain applications dissappear from your computer without your knowledge.
  • Windows will start normally, but becomes not responding while operating.
  • Windows does not boot displaying messages about the missing files. The files may be deleted by the viruses.
  • Low memory message displays even though you have plenty of RAM remainig unused.
  • You system became running at very low speed consuming more memory and processor's processing power.
  • Disappearing of a partition.
  • Cannot install new programs correctly.
  • Windows restarts unexpectedly.


The above mentioned things need not be a symptiom of virus infection. Some other problems related to both software and hardware also shows some of the above symptoms. So judgement must be done carefully.

Friday, January 9, 2009

Top 10 Notorious Viruses


When the internet and other services are becoming more and more sophisticated, some people misuse their knowledge for the creation of evil things like viruses. Some of them created viruses for their fame. Here are a list of 10 viruses that causes destruction world wide.






  1. Melissa
Melissa was one of the first computer viruses to get the public's attention. It was invented in 1999 by David L. Smith. He named the virus 'Melissa' named after an exotic dancer from Florida. Melissa was a macro viruses which spread through e-mails. the Melissa computer virus tempts recipients into opening






David L. Smith who is the creator of the virus Melissa





A Sreen Shot of Melissa


According to FBI, Melissa awoke interest in the part of government. Since the traffic of e-mail increased and due to the spreading of this virus, some companies have stopped their e-mail programs till the virus was brought to control. The Smith was sentenced with 20 month jail and he was fined with $5,000. He was also forbidden from using the computer networks without the proper authorization. Later Melissa virus was brought to control.


2. ILOVEYOU

One year after the invention of Melissa a new virus originated in Philippines. It is the ILOVEYOU virus. It is a worm that infected several computers. The worms are capable of infecting several computers independent of the operating system in the computer. They have the capability of self replication. Like Melissa virus this worm also spread through e-mail. The message of the email is that it was a love letter from a admirer. The attachment of the e-mail is the virus file with the name LOVE-LETTER-FOR-YOU.TXT.vbs. The .vbs in name stands for the language used by hacker to create the virus (Visual Basic Scripting).




Screen shot of the ILOVEYOU virus


ILOVEYOU virus had a wide range of attacks: It replicates several times and hide the copies in several folders in the victims computer. It added new values to the victim's computers registry keys. It placed several files with its copy in the victim's computer. It send its copy to several other computers through chats and e-mails. It downloaded a file called WIN-BUGSFIX.EXE from the Internet and executed it. This program was a password-stealing application that e-mailed secret information to the hacker's e-mail address. Some think it was Onel de Guzman of the Philippines created the ILOVEYOU virus. Filipino authorities investigated de Guzman on charges of theft -- at the time the Philippines had no computer espionage or sabotage laws. Citing a lack of evidence, the Filipino authorities dropped the charges against de Guzman, who would neither confirm nor deny his responsibility for the virus. According to some estimates, the ILOVEYOU virus caused $10 billion in damage.

3.The Klez Virus

The Klez virus was discovered in the 2001. The variations of this virus plagued the Internet for several months. The basic Klez worm infected a victim's computer through an e-mail message, replicated itself and then sent itself to people in the victim's address book. Some variations of the Klez virus carried other harmful applications that could render a victim's computer inoperable. Depending on the version, the Klez virus could act like a normal computer virus, a worm or a Trojan horse. It could even disable virus-scanning software and pose as a virus-removal tool. Fortunately for consumers, there's no shortage of antivirus software suites on the market.



Scree shot of Klez Virus


Shortly after it appeared on the Internet, hackers modified this Klez virus in a way that made it far more effective. Like other viruses, it could peep into a victim's address book and send itself to contacts. But it could also take another name from the contact list and place that address in the "From" field in the e-mail client. It's called spoofing -- the e-mail appears to come from one source when it's really coming from somewhere else.

Spoofing an e-mail address accomplishes a couple of goals. For one thing, it doesn't do the recipient of the e-mail any good to block the person in the "From" field, since the e-mails are really coming from someone else. A Klez worm programmed to spam people with multiple e-mails could clog an inbox in short order, because the recipients can't judge what is the real source of the problem. Also, the e-mail's recipient might recognize the name in the "From" field and therefore be more chance for the recipient to open it.


4. Code Red and Code Red II

The Code Red and Code Red II worms popped up in 2001. Both worms exploited an operating system's vulnerability that was found in machines running Windows 2000 and Windows NT. The vulnerability was a buffer overflow problem, which means when a machine running on these operating systems receives more information than its buffers can handle, it starts to overwrite adjacent memory.

The original Code Red worm initiated a distributed denial of service (DDoS) attack on the White House. That means all the computers infected with Code Red tried to contact the Web servers at the White House at the same time causing the overloading of the machines.

The CERT Coordination Center at Carnegie-Mellon university published an advisory alerting the public to the dangers of the Code Red virus.


A Windows 2000 machine infected by the Code Red II worm no longer obeys the owner. That's because the worm creates a backdoor into the computer's operating system, allowing a remote user to access and control the machine. In computing terms, this is a system-level compromise, and it's bad news for the computer's owner. The person behind the virus can access information from the victim's computer or even use the infected computer to commit crimes. That means the victim not only has to deal with an infected computer, but also may fall under suspicion for crimes he or she didn't commit.

While Windows NT machines were more vulnerable to the Code Red worms, the viruses' effect on these machines wasn't as extreme. Web servers running Windows NT might crash more often than normal, but that was about as bad as it got. Compared to the woes experienced by Windows 2000 users, that's not so bad.

Microsoft released software patches that addressed the security vulnerability in Windows 2000 and Windows NT. Once patched, the original worms could no longer infect a Windows 2000 machine; however, the patch didn't remove viruses from infected computers -- victims had to do that themselves.



5. Nimda

Another virus to hit the Internet in 2001 was the Nimda (which is admin spelled backwards) worm. Nimda spread through the Internet rapidly, becoming the fastest propagating computer virus at that time. In fact, according to TruSecure CTO Peter Tippett, it only took 22 minutes from the moment Nimda hit the Internet to reach the top of the list of reported attacks.

The Nimda worm's primary targets were Internet servers. While it could infect a home PC, its real purpose was to bring Internet traffic to a crawl. It could travel through the Internet using multiple methods, including e-mail. This helped spread the virus across multiple servers in record time.


Removal of Nimda Virus


The Nimda worm created a backdoor into the victim's operating system. It allowed the person behind the attack to access the same level of functions as whatever account was logged into the machine currently. In other words, if a user with limited privileges activated the worm on a computer, the attacker would also have limited access to the computer's functions. On the other hand, if the victim was the administrator for the machine, the attacker would have full control.

The spread of the Nimda virus caused some network systems to crash as more of the system's resources became fodder for the worm. In effect, the Nimda worm became a distributed denial of service (DDoS) attack.

6. SQL Slammer/Sapphire


The Slammer virus hit South Korea hard, cutting it off from the Internet and leaving Internet cafes like this one relatively empty.

­In late January 2003, a new Web server virus spread across the Internet. Many computer networks were unprepared for the attack, and as a result the virus brought down several important systems. The Bank of America's ATM service crashed, the city of Seattle suffered outages in 911 service and Continental Airlines had to cancel several flights due to electronic ticketing and check-in errors.

The culprit was the SQL Slammer virus, also known as Sapphire. By some estimates, the virus caused more than $1 billion in damages before patches and antivirus software caught up to the problem. The progress of Slammer's attack is well documented. Only a few minutes after infecting its first Internet server, the Slammer virus was doubling its number of victims every few seconds. Fifteen minutes after its first attack, the Slammer virus infected nearly half of the servers that act as the pillars of the Internet .


7. MyDoom

The MyDoom virus inspired politicians like U.S. Senator Chuck Schumer to propose a National Virus Response Center.

The MyDoom (or Novarg) virus is another worm that can create a backdoor in the victim computer's operating system. The original MyDoom virus have several variants had two triggers. One trigger caused the virus to begin a denial of service (DoS) attack starting Feb. 1, 2004. The second trigger commanded the virus to stop distributing itself on Feb. 12, 2004. Even after the virus stopped spreading, the backdoors created during the initial infections remained active.

Later that year, a second outbreak of the MyDoom virus gave several search engine companies grief. Like other viruses, MyDoom searched victim computers for e-mail addresses as part of its replication process. But it would also send a search request to a search engine and use e-mail addresses found in the search results. Eventually, search engines like Google began to receive millions of search requests from corrupted computers. These attacks slowed down search engine services and even caused some to crash.

MyDoom spread through e-mail and peer-to-peer (P-P) networks. According to the security firm MessageLabs, one in every 12 e-mail messages carried the virus at one time. MyDoom could spoof e-mails so that it became very difficult to track the source of the infection.


8. Sasser and Netsky

Sometimes computer virus programmers escape detection. But once in a while, authorities find a way to track a virus back to its origin. Such was the case with the Sasser and Netsky viruses. A 17-year-old German named Sven Jaschan created the two programs and unleashed them onto the Internet. While the two worms behaved in different ways, similarities in the code led security experts to believe they both were the work of the same person.

The Sasser worm attacked computers through a Microsoft Windows vulnerability. Unlike other worms, it didn't spread through e-mail. Instead, once the virus infected a computer, it looked for other vulnerable systems. It contacted those systems and instructed them to download the virus. The virus would scan random IP addresses to find potential victims. The virus also altered the victim's operating system in a way that made it difficult to shut down the computer without cutting off power to the system.

The Netsky virus moves through e-mails and Windows networks. It spoofs e-mail addresses and propagates through a 22,016-byte file attachment. As it spreads, it can cause a denial of service (DoS) attack as systems collapse while trying to handle all the Internet traffic. At one time, security experts at Sophos believed Netsky and its variants accounted for 25 percent of all computer viruses on the Internet.


Image of Sven Jaschan


Sven Jaschan spent no time in jail; he received a sentence of one year and nine months of probation. Because he was under 18 at the time of his arrest, he avoided being tried as an adult in German courts.



9. Leap-A/Oompa-A

This virus attacks Macs than ordinary PCs. Mac computers are partially protected from virus attacks because of a concept called security through obscurity. Apple has a reputation for keeping its operating system (OS) and hardware a closed system -- Apple produces both the hardware and the software. This keeps the OS obscure. Traditionally, Macs have been a distant second to PCs in the home computer market. A hacker who creates a virus for the Mac won't hit as many victims as he or she would with a virus for PCs.

In 2006, the Leap-A virus, also known as Oompa-A, debuted. It uses the iChat instant messaging program to propagate across vulnerable Mac computers. After the virus infects a Mac, it searches through the iChat contacts and sends a message to each person on the list. The message contains a corrupted file that appears to be an innocent JPEG image.

A Screen Shot of Leap-A virus


The Leap-A virus doesn't cause much harm to computers, but it does show that even a Mac computer can fall prey to malicious software. As Mac computers become more popular, we'll probably see more hackers create customized viruses that could damage files on the computer or snarl network traffic.

10. Storm Worm


The latest virus on our list is the dreaded Storm Worm. It was late 2006 the computer security experts first identified the worm. The public began to call the virus the Storm Worm because one of the e-mail messages carrying the virus had as its subject "230 dead as storm batters Europe." Antivirus companies call the worm other names. For example, Symantec calls it Peacomm while McAfee refers to it as Nuwar. This might sound confusing, but there's already a 2001 virus called the W32. Storm.Worm. The 2001 virus and the 2006 worm are completely different programs.



A Screen shot of Storm Worm


The Storm Worm is a Trojan horse program. Its payload is another program, though not always the same one. Some versions of the Storm Worm turn computers into zombies or bots. As computers become infected, they become vulnerable to remote control by the person behind the attack. Some hackers use the Storm Worm to create a botnet and use it to send spam mail across the Internet.

Many versions of the Storm Worm fool the victim into downloading the application through fake links to news stories or videos. The people behind the attacks will often change the subject of the e-mail to reflect current events. For example, just before the 2008 Olympics in Beijing, a new version of the worm appeared in e-mails with subjects like "a new deadly catastrophe in China" or "China's most deadly earthquake." The e-mail claimed to link to video and news stories related to the subject, but in reality clicking on the link activated a download of the worm to the victim's computer.

Several news agencies and blogs named the Storm Worm one of the worst virus attacks in years. By July 2007, an official with the security company Postini claimed that the firm detected more than 200 million e-mails carrying links to the Storm Worm during an attack that spanned several days. Fortunately, not every e-mail led to someone downloading the worm.

Although the Storm Worm is widespread, it's not the most difficult virus to detect or remove from a computer system. If you keep your antivirus software up to date and remember to use caution when you receive e-mails from unfamiliar people or see strange links, you'll save yourself some major headaches.




Monday, January 5, 2009

Other Malicious Softwares

In the olden days of computing the only thing the viruses spread through is the infected floppies. The booting from infected floppies causes the viruses to spread in to the host machine. With the advancement of the technology the medium of spreading also widened. The medium of spreading became internet, pen drives etc. The internet service has resulted in the formation of several malicious softwares. There are several such softwares available in the internet.


  • Trojans

The most important difference between the Trojans and viruses is that Trojans cannot spread themselves whereas the viruses spread themselves. The Trojans disguise themselves as useful softwares and the user will download and install it thinking that it is a useful software. He only recognizes the harmful effect of Trojans only after it has started its job.

The Trojan has two parts: a server and a client. The server is the part that is installed in the attacker's system. It is the client that disguised themselves as a useful software and get installed in the victims machine. The client is present in the peer to peer networks and unofficial download sites. Once the Trojans enter in to the victims site, it has vast capability of destruction. The Trojans are highly sophisticated that they can be used according to the wish of the attacker. The attacker can decide the degree of harmness that can be caused by the Trojans. There are different types of Trojans. Some of them are listed below. A Trojan could have any or one of the combination of the below mentioned functionalities.



  • Remote Access Trojans

These Trojans give full control of the victim's machine to the attacker. The attacker can gather several information from the victim's machine including confidential thins like passwords, credit card number etc stored in the victim's machine.


  • Password Sending Trojans

These type of Trojans possesses great threats even today. The purpose of these Trojans is to send the password stored in the cached memory. They can also steal the passwords as you enter the passwords. They then send it to the specified e-mail without the users knowledge. Passwords of the restricted sites, e-mail, messaging services and FTP services come under the threat of these Trojans.


  • Keyloggers

These Trojans log victim's keystroke end send the log files to the attacker. They can be active in two modes: one in online mode and the other in the offline mode. The attacker can get several information including the passwords. The logs are send in the daily basis.


  • Destructive

The only function of these Trojans is to destroy all files in the core system. They performs the destructive work according to the will of the programmer or can be programmed to work as a logic bomb which can be activated in a special date or time.



  • Denial of Service (DoS) Attack Trojans

The main aim of this kind of Trojans is to reduce the bandwidth of the victims machine by increasing the net traffic. This makes the internet connection too overloaded to let the user to visit a website or download anything. One of the variation of this type of Trojans is the mail-bomb Trojan, whose main aim aim is to infect maximum systems as possible and simultaneously attack a specific e-mail address with random subjects and content that cannot be filtered. However today the e-mail service providers use advanced filters to filter out these malicious softwares upto an extend.



  • Proxy/Wingate Trojans

These Trojans turn the victim's system into a Proxy/Wingate server. Thus the victim's machine will be opened to many other systems connected to the network. The attacker can easily use this victim's system to anonymously browse in to the restricted sites and access various risky internet services. The attacker can register domains or access pornographic sites with stolen credit card number or can perform several similar illegal activities.



  • FTP Trojans

These Trojans are commonly very simple. But most of them does not exist today. It does nothing but opens the port for the FTP transfer that is port 21. So everyone connected to the network can access files from the victim's machine. Today the systems are password protected so that only attacker can connect to the computer.


  • Software Detection Killers

The main aim of these Trojans is to kill the softwares or firewalls that protect your computer from malicious softwares. This will reduces your computer's defense to the malicious softwares and becomes easily vulnerable to attacks. These Trojans exists even today. Some anti-virus asks the displays a confirmation message when they are to be uninstalled.



  • Worms

Computer worms are programs that reproduce themselves and run independently. They can travel across the network connections They are platform independent, so they can attack system running on any operating system. The difference between a worm and a virus is the method in which they reproduce and spread. A virus is dependent on a host file or a boot sector, and transfer of files between the machines to spread, while a worm can run completely independent and spread of its own through the network connections.

The security threat of worm is same as that of the viruses. Worms are capable of doing wide range of damages such as destroying essential files in the victim's computer, slowing it down to the maximum extend and even causes some of the essential programs to crash. Two famous worms are MS-Blaster and Sasser worms.


  • Spyware

Spyware is also an Adware (advertising-supported software). Advertising in shareware products is a way for shareware authors to make money, other than by selling it to the user. There are several large companies that offer to place banner ads in their products in exchange for a portion of the revenue from banner sales. If the user finds the banner annoying, there is usually an opinion to get rid of it by paying the license fee.

Unfortunately, the advertising companies often also install additional tracking software in your system that is continuously using your internet connection to send the statistical data back to the advertisers. Although the companies claims that they did not collect any personal information from the user so that he will be anonymous, the fact is that there is a server running in your computer that will send the information about you and your surfing habits to a remote location using the bandwidth of your internet connection.


Spyware slows down the speed of your internet connection. They also reduces the processing power of your computer. Sometimes unwanted pop ups will irritate the user. It also changes the settings of your browser like changing the home page or default search engines. Many people does not consider it as illegal. But unfortunately there is no way to get rid of such nuisance.

Sunday, January 4, 2009

Types of viruses

There are thousands of viruses today. More and more viruses are discovered nowadays. So its becoming difficult to detect and destroy new viruses. The new viruses are programmed in such a way that they can enter in to the computer memory without detecting by the anti viruses. So the anti virus companies are stepping up the security levels. There are different types of viruses nowadays. Some of them are given below.


  • File viruses (Parasitic Viruses)

File viruses or parasitic viruses are a piece of code or application that is attached themselves to the other files that are executable or driver files or compressed files. They get activated when the host program is executed. After activation these viruses start spreading by latching themselves to many other files and thus they spread like a forest fire. Then they start destruction to the data or loss of files or corruption of files. Most of the viruses of this type when activated enters in to the computer memory and searches for the other files which can be infected by them. It can even spread and infect the other systems that are shared with it.

Besides spreading themselves these viruses perform destructive activities also. The destructive activity can be activated by means of a 'trigger'. The trigger may be the execution of the host file or the virus file by itself, otherwise the trigger may be some date or time. The date and time can be obtained from the system date and time. The trigger may be the number of times the virus has replicated or something similar to it. The examples of file viruses are: Randex, Meve, MrKlunky, Casino, Boza, Tentacle, Win32/CIH.


  • Boot Sector Viruses
They are also known as System Sector Viruses. Boot Sector Viruses infects the boot sector which is a crucial part of a computer system. The boot sector is where all information about the drive is stored, along with a program that helps the virus in loading into memory at the time of every booting. The Boot Strap Virus does not affects the files. First it moves or overwrites the original boot code, replacing it with infected boot codes. Then the virus will move the original boot sector information to another sector on the disk, marking that sector as a bad spot on the disk so it will not be used in the future. To be infected by this type of virus, you must boot the computer using an infected floppy disk. For example, if a user leaves an infected floppy disk in the disk drive and you reboot the computer, then you will bring the virus into the system. The inability to attack the files leads to their downfall. In the era when floppies where used these viruses spread like a wild fire. But the introduction of CDs reduced their spreading. However some of them still exists. The operating systems of today prevent them from activating. Examples of Boot Sector Viruses: Joshi, Devil's Dance, V-Sign, Polyboot.B, AntiEXE.

  • Multi-Polymorphic Viruses
This type of virus affects both boot sectors and executable files. They can combine some of the characteristics of stealth and polymorphic viruses. These viruses spread through infected media and reside in the memory. They then move to the boot sector of the memory. From there it infect the executable files in the system and it spread across the system. Today also there are many multi-polymorphic viruses in existance. Example of muli-polimorphic virus is Ywinz.

  • Macro Viruses

These kinds of viruses use an application's own macro programming language to distribute themselves. Macro viruses can infect Word files, as well as any other application that uses a programming language. These viruses infect documents, templates but not programs. When you open a document or a template that contains a macro virus, then the virus will spread to other documents and templates you may have on your system. For example, a macro virus can change, delete document contents, change settings in the Word environment, set a password, copy a DOS virus to the user's system and much more… Moreover, macro viruses have the potentiality of spreading across different platforms such as PC to Mac. Because they are programmed to work with the application than with the operating system. This makes them platform independent. If you are familiar with the Word macros you have on your system, you can look through the various macros for ones that you do not recognize. The first macro virus was written for Microsoft Word and was discovered back in August 1995. Today there are thousands of macro viruses exists. Examples of types of macro viruses: AAAZAO, AAAZFS, AutoOpen, FileSaveAs, PayLoad, Relax, Melissa.A, Bablas etc.

For more information about Macro Viruses see http://www.bu.edu/computing/virus/macro-protection.html

  • Network Viruses
These viruses are capable of fast spreading through networks including LAN and internet. It is commonly transfered through shared drives and folders. Once it affects a system it searches for other vulerable systems and infects it. Examples of the Network viruses are: Nimda, SQLSlammer.

  • E-mail Viruses
These viruses are a form of macro virus that spreads itself to all the contacts in the address book. If any of the e-mail recipients opens the attachment of the infected mail, it spreads to the address book of the recipient and thus they spreads like a wild fire. Nowadays viruses are capable of infecting the system even if the infected mail is previewed in a window. Example of the e-mail viruses: ILOVEYOU virus