VIRUS
The Morris Worm
In 1998 Robert Morris, a university student, unleashed a worm which affected 10 per cent of all the computers connected to the internet (at the time the net was estimated to consist of 60,000 computers), slowing them down to a halt. Morris is now an associate professor at MIT.
ILOVEYOU
The Love Bug flooded internet users with ILOVEYOU messages in May 2000, forwarding itself to everybody in the user's address book. It was designed to steal internet access passwords for its Filipino creator.
The Melissa Virus
The Melissa virus, written by David L Smith in homage to a Florida stripper, was the first successful email-aware virus and inserted a quote from The Simpsons in to Word documents. Smith was later sentenced to jail for causing over $80 million worth of damage.
The Blaster Worm
The Blaster worm launched a denial of service attack against Microsoft's website in 2003, and infected millions of computers around the world by exploiting a security hole in Microsoft's software. Its author has never been found.
Netsky and Sasser
Sven Jaschan, a German teenager, was found guilty of writing the Netsky and Sasser worms. Jaschan was found to be responsible for 70 per cent of all the malware seen spreading over the internet at the time, but escaped prison and was eventually hired by a security company as an "ethical hacker".
WORMS
Jerusalem (also known as Black Box)
Jerusalem is one of the earliest worms. It is also one of the most commonly known viruses, deleting files that are executed comes from the city in which it was first detected, the city of Jerusalem.The worm, which infects DOS, increases the file size of all files run within DOS (with the exception of COMMAND.COM).Jerusalem is a variant of the Suriv virus, which also deletes files at random periods during the year (April Fool's Day and/or Friday the 13thdepending on the variant). The Jerusalem worm inspired a host of similar worms that grow by a specified file size when executed. Another variant ,Frère, plays the song Frère Jacques on the 13th day of the month.
Sobig
In 2003, millions of computers were infected with the Sobig worm and its variants. The worm was disguised as a benign email. The attachment was often a *.pif or *.scr file that would infect any host if downloaded and executed. Sobig infected hosts would then activate their own SMTP host, gathering email addresses and continually propagating through additional messages.
Sobig depended heavily on public websites to execute additional stagesof the virus. Fortunately, in earlier cases, these sites were shut down after the discovery of the worm. Later, when Geocities was found to be theprimary hosting point for Sobig variants, the worm would insteadcommunicate with cable modems that were hacked that would later serveas another stage in the worm's execution.
MSBlast
The summer of 2003 wasn't much easier for those building anti-virusdefinitions or those at businesses or academic institutions. In July of thatyear, Microsoft announced a vulnerability within Windows. A month later,that vulnerability was exploited. This worm was called MSBlast, a namecreated by the worm's author, and it included a personal message fromthe author to Bill Gates. The note read, "billy gates why do you make thispossible? Stop making money and fix your software!!"When MSBlast hit, it installed a TFTP (Trivial File Transfer Protocol)server and downloaded code onto the infected host. Within several hoursof its discovery, it had hit nearly 7,000 computers. Six months later, over25 million hosts were known to be infected. The Windows Blaster WormRemoval Tool was finally launched by Microsoft in January of 2004 toremove traces of the worm.
Nimda
In the fall of 2001, Nimda ("admin" spelled backwards) infected a varietyof Microsoft machines very rapidly through an email exploit. Nimda spreadby finding email addresses in .html files located in the user's web cachefolder and by looking at the user's email contacts as retrieved by theMAPI service. The consequences were heavy: all web related files wereappended with Javascript that allowed further propagation of the worm,users' drives were shared without their consent, and "Guest" useraccounts with Administrator privileges were created and enabled.A market research firm estimated that Nimda caused $530 million indamages after only one week of propagation.
Code Red
Friday the 13th was a bad day in July of 2001; it was the day Code Red was released. The worm took advantage of a buffer overflow vulnerability in Microsoft IIS servers and would self-replicate by exploiting the same vulnerability in other Microsoft IIS machines. Web servers infected by theCode Red worm would display the following message:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!
After 20 to 27 days, infected machines would attempt to launch a denialof service on many IP addresses, including the IP address ofwww.whitehouse.gov.
TROJAN HORSE
Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows. While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. It is also used to install the Crypto Locker ransom ware.[1] Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation,[2] it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and Business Week.
Beast is a Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a "RAT".[1] It is capable of infecting versions of Windows from 95 toXP.[citation needed] Written in Delphi and released first by its author Tataye in 2002,[2] it became quite popular due to its unique features. It used the typicalclient–server model where the client would be under operation by the attacker and the server is what would infect the victim. Beast was one of the first trojans to feature a reverse connection to its victims, and once established it gave the attacker complete control over the infected computer.[2][3] The virus would be harmless until opened. When opened, the virus would use the code injection method to inject itself into other applications.[1]
On a machine running Windows XP, removal of these three files in safe mode with system restore turned off would disinfect the system.
Gh0st RAT is a Trojan horse for the Windows platform that the operators of GhostNet used to hack into some of the most sensitive computer networks on Earth.[2] It is a cyber spying computer program. The "Rat" part of the name refers to the software's ability to operate as a "Remote Administration Tool".
The GhostNet system disseminates malware to selected recipients via computer code attached to stolen emails and addresses, thereby expanding the network by allowing more computers to be infected.[3] According to the Infowar Monitor (IWM), "GhostNet" infection causes computers to download a Trojan known as "Gh0st RAT" that allows attackers to gain complete, real-time control.[4] Such a computer can be controlled or inspected by its hackers, and the software even has the ability to turn on the camera and audio-recording functions of an infected computer that has such capabilities, enabling monitors to see and hear what goes on in a room.
MiniPanzer and MegaPanzer are two variants of a BundesTrojaner (German for state-sponsored trojan horse ) written for ERA IT Solutions (a Swiss federal government contractor) by software engineer Ruben Unteregger, and later used by the Federal Department of Environment, Transport, Energy and Communications (UVEK) to intercept Skype and more generally Voice-over-IP traffic on Windows XPsystems.[1][2]
The source code of the programs was released as GPL in 2009 by their author, who retained the copyright.[1] Thereafter, the trojan was apparently detected in the wild;[3] one of its designations given by anti-virus companies was Trojan.Peskyspy.
DarkComet is a remote access Trojan (RAT) which was developed by Jean-Pierre Lesueur (known as DarkCoderSc), an independent programmer and computer security coder from France.[1] The developer does not call it a “remote administration Trojan,” but rather a “remote administration tool”. Although the RAT was developed back in 2008, it began to proliferate at the start of 2012.
DarkComet allows a user to control the system with a Graphical User Interface (GUI). It has many features which allows a user to use it as administrative remote help tool; however, DarkComet has many features which can be used maliciously. DarkComet is commonly used to spy on the victims by taking screen captures, key-logging, or password cracking.
LOGIC BOMBS
A rabbit (also known as computer bacteria) in computing and cryptovirology is any computer program(usually malicious) which lacks a logic bomb.[1] Rabbits tend to replicate themselves or perform actions at a rate which ultimately lowers the computer's available resources to the point that it runs slowly or becomes unresponsive. Rabbit programs may be intentional, or the result of an oversight during programming. Rabbit programs are named for their similarity to biological rabbits and bacteria, which have a high rate of reproduction and replication over a short period of time.
Easter Eggs are secret responses that occur as a result of an undocumented set of commands. The results can vary from a simple printed message or image, to a page of programmer credits or a small videogame hidden inside an otherwise serious piece of software. Videogame cheat codesare a specific type of Easter egg, in which entering a secret command will unlock special powers or new levels for the player.
Stuxnet is a malicious computer worm believed to be a jointly built American-Israeli cyber weapon.[1]Although neither state has confirmed this openly,[2] anonymous US officials speaking to the Washington Post claimed the worm was developed during the Obama administration to sabotage Iran’s nuclear program with what would seem like a long series of unfortunate accidents.
Time Bomb refers to a computer program that has been written so that it will stop functioning after a predetermined date or time is reached. The term "time bomb" does not refer to a program that stops functioning a specific number of days after it is installed; instead, the term "trialware" applies. Time bombs are commonly used in beta (pre-release) software when the manufacturer of the software does not want the beta version being used after the final release date. One example of time bomb software would be Microsoft's Windows Vista Beta 2, which was programmed to expire on May 31, 2007.[1] The time limits on time bomb software are not usually as heavily enforced as they are on trial software, since time bomb software does not usually implementsecure clock functions.
Cyberwarfare has been defined as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption,"[1]:6 but other definitions also include non-state actors, such as terrorist groups, companies, political or ideological extremist groups, hacktivists, and transnational criminal organizations.
BACKDOORS
Back Orifice (often shortened to BO) is a controversialcomputer program designed for remote system administration. It enables a user to control a computerrunning the Microsoft Windows operating system from a remote location.[1] The name is a play on words onMicrosoft BackOffice Server software. It can also control multiple computers at the same time using imaging.
Asymmetric backdoors
A traditional backdoor is a symmetric backdoor: anyone that finds the backdoor can in turn use it. The notion of an asymmetric backdoor was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology: Crypto '96. An asymmetric backdoor can only be used by the attacker who plants it, even if the full implementation of the backdoor becomes public (e.g., via publishing, being discovered and disclosed by reverse engineering, etc.). Also, it is computationally intractable to detect the presence of an asymmetric backdoor under black-box queries. This class of attacks have been termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric backdoors is part of a larger field now calledcryptovirology. Notably, NSA inserted a kleptographic backdoor into the Dual_EC_DRBGstandard.
Compiler backdoors
A sophisticated form of black box backdoor is a compiler backdoor, where not only is a compiler subverted (to insert a backdoor in some other program, such as a login program), but it is further modified to detect when it is compiling itself and then inserts both the backdoor insertion code (targeting the other program) and the code modifying self-compilation, like the mechanism how retroviruses infect their host. This can be done by modifying the source code, and the resulting compromised compiler (object code) can compile the original (unmodified) source code and insert itself: the exploit has been boot-strapped.
A cryptographically secure pseudo-random number generator (CSPRNG) or cryptographic pseudo-random number generator (CPRNG)[1] is a pseudo-random number generator (PRNG) with properties that make it suitable for use in cryptography.
Many aspects of cryptography require random numbers, for example:
- salts in certain signature schemes, including ECDSA, RSASSA-PSS
The "quality" of the randomness required for these applications varies. For example, creating a nonce in some protocols needs only uniqueness. On the other hand, generation of a master key requires a higher quality, such as more entropy. And in the case of one-time pads, the information-theoreticguarantee of perfect secrecy only holds if the key material comes from a true random source with high entropy.
SPYWARE
CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites.
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.
Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions Company. It opens pop-up ads that cover over the Web sites of competing companies.
HuntBar, aka WinTools or Adware,WebSearch was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other SpyWare programs-an example of how SpyWare can install more SpyWare. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements.
Zlob Trojan or just Zlob, Downloads itself to your computer via ActiveX codec and reports information back to Control Server. Some information can be as your search history, the Websites you visited, and even Key Strokes.
No comments:
Post a Comment