Malware
Malware is short for malicious software, a general term used to cover a wide range of programs that are purposely designed to attack, degrade or prevent the intended use of a computer.
Spyware is software which monitors what you are doing on your computer, eg: what web site you are visiting and reports this information back to someone. Key loggers are a particular type of spyware that record every keystroke you make.
Adware is software which displays unwanted adverts on your screen, often as popups.
Rogue diallers can take over a modem and cause it to dial-up expensive websites.
The following is a list of free anti-spyware programs that are very popular and useful. You can visit the home page for each product by clicking on the links.
Microsoft Windows Defender
Spybot Search & Destroy
AVG Anti-Spyware
Microsoft has announced that it will be building anti-spyware protection into future versions of Windows, but at the moment users of XP and 2000 can download Bit Defender free from the Microsoft website.
Once the anti-spyware has been installed it can be set to scan the system for spyware that can be deleted. There are generally two types of scan that can be carried out, a Quick Scan or a Deep Scan.
A Deep Scan should be performed immediately after installation to check all of your system. After that, regular Quick Scans and occasional Deep Scans, should be enough to keep persistent spyware out.
All good anti-spyware software allows for the regular updating of its spyware database. This is a vital component because of the growing number of different spyware programs created every day. Updates can be downloaded manually on a regular basis or automatically at a certain time (often during the night).
Tuesday 27 November 2007
Tuesday 20 November 2007
Backdoors and Rootkits
A backdoor is a way of accessing a computer without going through the normal access routines, such as entering a name and password. It can be installed by a virus or sometimes even by legitimate programs.
This is closely related to another type of attack known as a rootkit, which is used to conceal programs or files to help hackers avoid detection. A rootkit can be used to open a backdoor, allowing hackers into a system. An example of a virus that installs a backdoor is the MyDoom worm, created to send junk mail from infected computers.
One of the most famous rootkits was installed when a copy-protected Sony CD was played on a computer.
This is closely related to another type of attack known as a rootkit, which is used to conceal programs or files to help hackers avoid detection. A rootkit can be used to open a backdoor, allowing hackers into a system. An example of a virus that installs a backdoor is the MyDoom worm, created to send junk mail from infected computers.
One of the most famous rootkits was installed when a copy-protected Sony CD was played on a computer.
Mail bomb
A mail bomb is a form of denial of service attack. The idea is to flood someone's system with more e-mail than it can cope with.
There are two ways to make a mail bomb. The first is to send millions of e-mails to one address simultaneously. This leads to the system filling up and crashing. The second is to send small compressed files that, when decompressed, expand to extremely large files, again filling up the e-mail server and causing a crash. One example of this is the Win32.Netsky.J worm.
There are two ways to make a mail bomb. The first is to send millions of e-mails to one address simultaneously. This leads to the system filling up and crashing. The second is to send small compressed files that, when decompressed, expand to extremely large files, again filling up the e-mail server and causing a crash. One example of this is the Win32.Netsky.J worm.
Tuesday 13 November 2007
stealth virus
There is a continual war between virus writers and anti-virus software writers. As soon as new viruses are created, anti-virus software is created to neutralise and remove them. Virus writers have adopted various strategies to fool anti-virus software. One of the most popular and successful ways of fooling anti-virus software is to create a stealth virus.
Stealth viruses contain code that inserts itself between the operating system and the anti-virus software. Whenever a check is made for a virus, the stealth virus tells the operating system that there is no problem. In this way, the anti-virus software can be ignored and the virus can continue doing its work
Stealth viruses contain code that inserts itself between the operating system and the anti-virus software. Whenever a check is made for a virus, the stealth virus tells the operating system that there is no problem. In this way, the anti-virus software can be ignored and the virus can continue doing its work
Script virus
like macro virus, script viruses uses language programming to attack computers. VBS (Visual Basic Script edition) and is used for scripting in web applications like Internet Explorer. The worm ILoveYou was written in VBSJS is JavaScript, a variation on the Java programming language. Unlike the other script languages mentioned above, JavaScript cannot itself be used to harm a system as it works in a "sandbox" or protected area of the computer. Instead, JavaScript is used to exploit security problems in other programs such as web browsers..
Resident Virus
some viruses can only attack a system . Others which are more sophisticated stay in the computers memory ready to attack when a program is running. These are Resident, or memory resident, viruses.
A Reqsident virus can hide in RAM and take advantage of Multi-tasking
A Reqsident virus can hide in RAM and take advantage of Multi-tasking
Macro virus
A macero virus is a virus that is written in a Macro language. it infects an application like microsoft word and causes a sequence of actions. A common effect is insertion of comic text into a document. thwe melissa virus is a fast spreading Macro virus which adds attachments of its self to e-mails. it is different from other viruses because it replaces the regular commands with the same name and runs when the command is selected.
Tuesday 6 November 2007
Image Viruses
Image viruses cannot cause any damage to a computer by themselves. Instead the code they contain exploits problems in other programs. For example, the code to draw images in the Microsoft Windows operating system was found to have a flaw. This flaw allowed images to access parts of the system that they would not normally be allowed to access. An infected image, transferred to your computer on a web page, in a document or in a chat window could access your system and plant a virus.
Images are not usually seen as a threat, so these viruses are not stopped by normal anti-virus software. It is important to check for any system updates (hotfixes) provided by the manufacturer of your operating system. The original version of this image virus was known as Trojan.Moo.
There have also been problems with .wmf files, another graphics file format. See Wikipedia's Windows Metafile venerability.
Images are not usually seen as a threat, so these viruses are not stopped by normal anti-virus software. It is important to check for any system updates (hotfixes) provided by the manufacturer of your operating system. The original version of this image virus was known as Trojan.Moo.
There have also been problems with .wmf files, another graphics file format. See Wikipedia's Windows Metafile venerability.
screen savers
On a Microsoft Windows computer a .SCR file is a screen saver. As screen savers are just computer programs they are a useful way of inserting a virus into your computer. Typically SCR viruses come as an attachment to an e-mail. The text urges the recipient to click the attached file by promising perhaps a funny cartoon or enticing picture.
Once clicked the virus then installs itself onto your computer. As the SCR file pretends to be something else it is another example of a Trojan.
Perhaps the most famous example of a SCR virus is the SOBIG worm, which installed software to send spam. Another well-known example is the Friendship Screen Saver, also known as Yaha.E. However the well-publicised Budweiser Frogs screen saver virus turned out to be a hoax.
Once clicked the virus then installs itself onto your computer. As the SCR file pretends to be something else it is another example of a Trojan.
Perhaps the most famous example of a SCR virus is the SOBIG worm, which installed software to send spam. Another well-known example is the Friendship Screen Saver, also known as Yaha.E. However the well-publicised Budweiser Frogs screen saver virus turned out to be a hoax.
Logic Bombs and Time Bombs
Like other viruses, logic bombs are designed to cause harm to your computer. Logic bombs, however, only trigger when specific conditions are met. For example a computer programmer may insert code into a payroll program that deletes files if her name is not found on the list. This means that files will be deleted if she is ever fired. A company named Omega Engineering lost millions of dollars as a result of a logic bomb left by a former employee.
Other viruses, called time bombs, may only detonate on a specific date or time. An example of this is the Jerusalem virus which, every Friday the 13th, deletes all the files on an infected computer.
Other viruses, called time bombs, may only detonate on a specific date or time. An example of this is the Jerusalem virus which, every Friday the 13th, deletes all the files on an infected computer.
Worms
Worms can replicate themselves from computer to computer without infecting a host program, unlike viruses, which must be carried by a host. Although worms are often carried inside another file, usually a Word document or an Excel spreadsheet, they use the host in a different way from a virus.
A worm will usually release a document that already has the worm macro inside it. The entire document travels from system to system, so the entire document should be regarded as a worm. W32.Mydoom.AX@mm is an example of a worm. It was designed to allow spammers to send spam e-mail from infected computers
Like Trojans, worms are self contained programs that are designed to copy themselves from computer to computer. Different worms exploit different weaknesses in the programs that allow computers to communicate with each other.
A common purpose of worms is to install a backdoor into a computer. These are programs that allow others to gain access to your computer.
You can find out more about the differences between viruses, Trojans and worms by visiting the following web site: Viruses, Trojans and Worms.
A worm will usually release a document that already has the worm macro inside it. The entire document travels from system to system, so the entire document should be regarded as a worm. W32.Mydoom.AX@mm is an example of a worm. It was designed to allow spammers to send spam e-mail from infected computers
Like Trojans, worms are self contained programs that are designed to copy themselves from computer to computer. Different worms exploit different weaknesses in the programs that allow computers to communicate with each other.
A common purpose of worms is to install a backdoor into a computer. These are programs that allow others to gain access to your computer.
You can find out more about the differences between viruses, Trojans and worms by visiting the following web site: Viruses, Trojans and Worms.
Trojans
A Trojan is a virus that hides inside another program. Named after the Trojanhorse of Greek mythology, a computer Trojan disguises itself as something else in order to gain access to your computer.
Trojans normally claim to do something useful but are actually malicious. One major difference between Trojans and true viruses is that they do not replicate. Trojans contain malicious code that can cause loss or theft of data. Trojans must be invited onto your computer, eg: by opening an email attachment or downloading and running a file. Trojan.Vundo is an example.
There are two types of Trojan:
A program that pretends to do something useful but is actually a virus
A real program that has been altered to contain a virus
Trojans differ from other types of virus in that rather than attaching themselves to existing programs they are complete programs in themselves.
Trojans normally claim to do something useful but are actually malicious. One major difference between Trojans and true viruses is that they do not replicate. Trojans contain malicious code that can cause loss or theft of data. Trojans must be invited onto your computer, eg: by opening an email attachment or downloading and running a file. Trojan.Vundo is an example.
There are two types of Trojan:
A program that pretends to do something useful but is actually a virus
A real program that has been altered to contain a virus
Trojans differ from other types of virus in that rather than attaching themselves to existing programs they are complete programs in themselves.
Types of Virus
There are several different types of viruses:
File infector viruses: these infect program files, such as applications, games or utilities. They are often memory-resident, meaning that once they have been executed they remain active in the computer's memory and can infect more programs. Examples include Jerusalem and Cascade.
Boot sector viruses: floppy disks and hard disks store a small program known as the boot record which is run when the computer starts up. Boot sector viruses attach themselves to this program and execute when the computer tries to start up from an infected disk. Once a computer has been infected, any unprotected floppy disk put into the computer will also be infected. Infected machines will often refuse to start. Examples include Michelangelo and Stoned.
Multi-partite or polypartite viruses: these infect both boot records and program files and are very difficult to repair as the virus code must be removed from both locations. Examples include Anthrax and Tequila.
Macro viruses: these infect data files, such as Word documents or Excel spreadsheets, rather than programs. They are very common and can be difficult and expensive to repair. Macro viruses are written using macro programming languages, designed to allow users to automate tasks within an application. They are easy to produce, so there are now thousands in circulation. Examples of macro viruses include W97M.Melissa and WM.NiceDay.
File infector viruses: these infect program files, such as applications, games or utilities. They are often memory-resident, meaning that once they have been executed they remain active in the computer's memory and can infect more programs. Examples include Jerusalem and Cascade.
Boot sector viruses: floppy disks and hard disks store a small program known as the boot record which is run when the computer starts up. Boot sector viruses attach themselves to this program and execute when the computer tries to start up from an infected disk. Once a computer has been infected, any unprotected floppy disk put into the computer will also be infected. Infected machines will often refuse to start. Examples include Michelangelo and Stoned.
Multi-partite or polypartite viruses: these infect both boot records and program files and are very difficult to repair as the virus code must be removed from both locations. Examples include Anthrax and Tequila.
Macro viruses: these infect data files, such as Word documents or Excel spreadsheets, rather than programs. They are very common and can be difficult and expensive to repair. Macro viruses are written using macro programming languages, designed to allow users to automate tasks within an application. They are easy to produce, so there are now thousands in circulation. Examples of macro viruses include W97M.Melissa and WM.NiceDay.
Viruses, Trojans and Worms
The commonest computer threats are viruses.
Virus
A virus is a computer program which changes the way in which the computer operates without the knowledge of the user.
A virus must execute itself and it must replicate itself, or make additional copies of itself. Some viruses are a threat to system integrity: they damage computers by altering programs, deleting files or other malicious activities. Others simply announce their presence by audio, video or text messages.
Even viruses which don't do any real damage are a nuisance as they can reduce system performance by wasting memory or slowing down a computer. Most viruses can cause a system to behave oddly and some can cause the system to crash, often making it difficult to restart. Some viruses are a threat to data security, as they attempt to steal confidential data from a machine and transmit it to someone.
Viruses can spread by many methods, including attaching themselves to other files such as programs and documents. Viruses are given different names depending on the way they spread. Some of these different types of virus are explained in later sections.
Simply spreading from computer to computer is not itself a major problem. Most viruses contain a payload, a program that they will execute in addition to spreading themselves. The effects of common virus payloads include deleting or corrupting files or disks and passing on usernames and passwords.
introduction to viruses
Most people are aware of threats to their computers. Viruses, Worms and Trojans have become so common that new stories about computer threats appear daily in newspapers and on television. However, you may not realise is that these threats are relatively new. Two things have happened in recent years to make computer threats possible:
-Computers became affordable and therefore common
-The Internet allowed computers to connect easily to each other
This software was the first to copy itself from computer to computer, infecting all the machines it came in contact with.
Some people think that only PCs (IBM clones) are at threat and that Apple Macintosh (Mac) and Unix/Linux systems are immune to threats such as viruses. This is not entirely true. Other computers systems are often more secure than PCs. However, the main reason that more PCs are affected by viruses is simply that there are more PCs in the world.
Subscribe to:
Posts (Atom)
