Tuesday, April 9, 2019
Malware Discussion Essay Example for Free
Malw atomic number 18 Discussion EssayThe use of malware is a fashion for attackers to gain access to person reading from a personal electronic computing device or comp whatever in earnation from an organization. There are several types of malware which include computer virus, rootkits, and worms. Each malware serves different purposes to achieve the goal of an attacker. An attacker could be envious of a past lover and could send a virus to their email to shutdown the operations of their computer. A disgruntle employee could send a worm to their old company and slow down performance of the company. A random person looking for a thrill could set up a rootkit on a companys net overwork to gain access to company secrets. Each malware is given a name specified for its cause, for example the Trojan Worm. The name is given to this virus because of the activity that happens once it is executed. Viruses are named by antivirus companies who avoid using right(a) names. The Melissa vi rus was named by its creator, David Smith, for a Miami stripper. This paper allow for discuss 5 different types of malware and inform the targets for these attacks.Discussion of Malware The first malware that leave be discussed is the Melissa Virus. This virus was detected on the 26th of March 1999. This virus is a Microsoft Word macro virus that is delivered as an e-mail attachment. The virus is activated when an attachment named, list. doc is opened. When it is activated, the Melissa virus searches the Microsoft Outlook address fix and sends a message to the first 50 names. This virus proliferates itself as substance abusers open the attachment. Melissa doesnt work on Outlook Express, just Outlook.The message appears to come from the person just septic, which means that the message allow for seem to come from a recognizable email address. Melissa doesnt destroy files or well-nigh former(a) resources, but has the possibility to immobilize corporate and some opposite mails servers. The origin of the Melissa virus is from an Internet alt. wind up newsgroup and contains a list of passwords for various Web sites that require memberships. Melissa too has the ability to disable some security safeguards. Users of Microsoft Word 97 or 2000 with Microsoft Outlook 97, 98, or 200 are most possible to be affected.When the virus attacks, it base give the copy of Microsoft Word that is installed as well as any following Word documents that are created. It can excessively change the setting of Microsoft Word to make it easier for the computer to become infected by it and succeeding macro viruses. Users of Word 97 or 2000 containing any other E-mail programs can be affected also the difference is that Melissa will not mechanically redistribute itself to the contacts through other E-mail programs. It can still however infect the copy of Microsoft installed on the machine.This infected copy can still be shared with others if a document is created in the infecte d copy and distributed through E-mail, floppy disk, or FTP. Although the virus wont appeal to the mail let out on a Mac system, it can be stored and resent from Macs. To avoid this virus, it is suggested to not double-click any file, much(prenominal) as an E-mail attachment, without scanning it first with antivirus software package, regardless of who it is from. The next malware to be discussed is SQL injection which is an attack where malicious legislation is located in within thread that are shortly passed on to an example of SQL Server for parsing and implementation.A form of SQL injection consists of direct placing of code into user-input variables that link with SQL commands and executed. An attack that is not as direct, inserts malicious code into strings that are intended for storage in a table or as metadata. The malicious code is executed once the stored strings are linked into a propellant SQL command. In SQL Injection, the hacker uses SQL queries and tact to get to the database of susceptible corporate data through the web application.Websites with features as login foliates, support and product need forms, feedback forms, search pages, shopping carts and the general delivery of fighting(a) content, shape modern websites and provide businesses with the means requirement to communicate with prospects and customers are all vulnerable to SQL Injection attacks. The reason behind this is because the fields available for user input allow SQL statements to pass through and query the database directly. SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input.There have been several reports of SQL attacks, dating back to 2005. The websites that have became victim to these attacks present from Microsoft U. K. to Lady GaGas website. To avoid SQL injection flaws, it is suggested that developers need to either a) stop writing dynamic queries and/or b) prevent user supplied input whic h contains malicious SQL from affecting the logic of the executed query. The next malware discussed will be Stuxnet. Stuxnet is a computer worm that targets second industrial software and equipment running Microsoft Windows, and was discovered in June 2010.Although Stuxnet isnt the first attack to target industrial systems, it is however the first discovered malware that actually moles on and weakens industrial systems. Stuxnet is also the first malware to include a programmable logic controller rootkit. Stuxnet is designed to target detailally Siemens supervisory control and data acquisition systems that are configured to control and monitor specific industrial processes. The PLCs are infected by Stuxnet weakening the Step-7 software application that is used to reprogram these devices.Stuxnet is different from other malware as it only attacks computers and networks that meet a specific configuration requirement. Stuxnet contains a safeguard and if Siemens software isnt discovered on the infected computer will prevent each infected computer from spreading the worm to more than three others, and to erase itself on June 24, 2012. Along with other things for its victims, Stuxnets contains code for a man-in-the-middle attack. Stuxnet will spread through removable devices such as an USB drive in a Windows direct system by using a four zero-day attack.After it has infected the removable drive, it uses other utilizations and techniques to infect and up come across other computers inside private networks. Stuxnet infects Step 7 software by infecting project files run low to Siemens WinCC/PCS 7 SCADA control software and weakens a key communication library of WinCC called s7otbxdx. dll. It is recommended by Siemens to contact customer support if and infection is detected and advises installing Microsoft patches for security vulnerabilities and prohibiting the use of third-party USB flash drives. Next, Zeus, also known as Zbot virus will be discussed.This virus is g eared toward m whizztary institutions such as banks. Zeus was first discovered in July 2007 after being used to steal information from the US DOT. Zeus is set up to infect a consumers PC, and wait until the log onto a list of targeted banks and financial institutions and steal their credentials and sends them to a remote server in real time. Zeus can also inject HTML into a page that is provided by the browser, this displays its own content instead of the actual page from the banks web server. By doing this, it is able to obtain users information such card meter and pins.According to SecureWorks, ZeuS is sold in the criminal underground as a kit for more or less $3000-4000, and is likely the one malware most utilized by criminals specializing in financial fraud. According to Lucian Constantin, Zeus is one of the oldest and most popular crimeware toolkits available on the underground market. Up until this year the Trojan could only be acquired for significant sums of money from it s original beginning. However, a few months ago the source code leaked online and now anyone with the proper knowledge can create variations of the malware.Also according to SecureWorks, The latest version of Zeus as of this date is 1. 3. 4. x and is privately sold. The author has gone to great lengths to protect this version using a Hardware-based Licensing System. The author of Zeus has created a hardware-based licensing system for the Zeus Builder kit that you can only run on one computer. Once you run it, you get a code from the specific computer, and then the author gives you a key just for that computer. This is the first time they have seen this level of control for malware.The CTU recommends that businesses and home users carry out online banking and financial transactions on isolated workstations that are not used for general Internet activities, such as web browsing and reading email which could increase the risk of infection. The last malware that will be discussed is th e blaster worm also known as Lovsan, Lovesan, or MSBlast. The Blaster worm spreads on computers that have Windows XP and Windows 2000 as an operating system and was detected in August of 2003. The creator of the B variant of the Blaster worm, Jeffrey Lee Parson was an 18 year old from Hopkins, Minnesota.He was arrested on August 29, 2003, admitted to the creation of the B variant, and was sentenced to 18-months in prison in January 2005. A Windows component known as the DCOM (Distributed Component Object Model) port wine which is a known vulnerability of Windows is taken advantage of by Blaster. The DCOM handles messages sent using the RPC (Remote Procedure Call) protocol. undefendable systems can be compromised without any interaction from a user, according to Johannes Ullrich, chief technology officer at the SANS Internet Storm Center, which monitors threats to the Internet infrastructure.According to Mikko Hypponen, manager of antivirus research at F-Secure in Helsinki, Blaste r contrasted the Code Red worm, which contained code for a similar attack against the IP address of White offers main Web server, targets the windowsupdate. microsoft. com domain, which prevents Microsoft from changing the address of the domain to sidestep the attack. Blasters code is small and can be quickly removed using free tools provided by F-Secure as well as other antivirus vendors, Hypponen said. However, customers should patch their systems before removing Blaster to prevent from getting infected again from the worm, he said.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.