Malicious Code Attacks
The primary vulnerabilities for end-user workstations are worm, virus, and Trojan horse attacks.
A worm executes code and installs copies of itself in the memory of the infected computer, which can, in turn, infect other hosts.
A virus is malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation.
A Trojan horse is different from a worm or virus only in that the entire application was written to look like something else, when in fact it is an attack tool.
Worms
The anatomy of a worm attack is as follows:
The enabling vulnerability-A worm installs itself by exploiting known vulnerabilities in systems, such as naive end users who open unverified executable attachments in e-mails.
Propagation mechanism-After gaining access to a host, a worm copies itself to that host and then selects new targets.
Payload-Once a host is infected with a worm, the attacker has access to the host, often as a privileged user. Attackers could use a local exploit to escalate their privilege level to administrator.
Typically, worms are self-contained programs that attack a system and try to exploit a specific vulnerability in the target. Upon successful exploitation of the vulnerability, the worm copies its program from the attacking host to the newly exploited system to begin the cycle again. In January 2007, a worm infected the popular MySpace community. Unsuspecting users enabled propagation of the worm, which began to replicate itself on user sites with the defacement "w0rm.EricAndrew".
Worm attack mitigation requires diligence on the part of system and network administration staff. Coordination between system administration, network engineering, and security operations personnel is critical in responding effectively to a worm incident. The following are the recommended steps for worm attack mitigation:
Viruses and Trojan Horses
A virus is malicious software that is attached to another program to execute a particular unwanted function on a workstation. An example is a program that is attached to command.com (the primary interpreter for Windows systems) and deletes certain files and infects any other versions of command.com that it can find.
A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. An example of a Trojan horse is a software application that runs a simple game on a workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every address in the user's address book. The other users receive the game and play it, thereby spreading the Trojan horse to the addresses in each address book.
A virus normally requires a delivery mechanism-a vector-such as a zip file or some other executable file attached to an e-mail, to carry the virus code from one system to another. The key element that distinguishes a computer worm from a computer virus is that human interaction is required to facilitate the spread of a virus.
These kinds of applications can be contained through the effective use of antivirus software at the user level, and potentially at the network level. Antivirus software can detect most viruses and many Trojan horse applications and prevent them from spreading in the network. Keeping up to date with the latest developments in these sorts of attacks can also lead to a more effective posture toward these attacks. As new virus or Trojan applications are released, enterprises need to keep current with the latest versions of antivirus software.
Sub7, or subseven, is a common Trojan horse that installs a backdoor program on user systems. It is popular for both unstructured and structured attacks. As an unstructured threat, inexperienced attackers can use the program to cause mouse cursers to disappear. As a structured threat, crackers can use it to install keystroke loggers (programs that record all user keystrokes) to capture sensitive information.
PLEASE donate if you find post useful to keep updating with new post.
The primary vulnerabilities for end-user workstations are worm, virus, and Trojan horse attacks.
A worm executes code and installs copies of itself in the memory of the infected computer, which can, in turn, infect other hosts.
A virus is malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation.
A Trojan horse is different from a worm or virus only in that the entire application was written to look like something else, when in fact it is an attack tool.
Worms
The anatomy of a worm attack is as follows:
The enabling vulnerability-A worm installs itself by exploiting known vulnerabilities in systems, such as naive end users who open unverified executable attachments in e-mails.
Propagation mechanism-After gaining access to a host, a worm copies itself to that host and then selects new targets.
Payload-Once a host is infected with a worm, the attacker has access to the host, often as a privileged user. Attackers could use a local exploit to escalate their privilege level to administrator.
Typically, worms are self-contained programs that attack a system and try to exploit a specific vulnerability in the target. Upon successful exploitation of the vulnerability, the worm copies its program from the attacking host to the newly exploited system to begin the cycle again. In January 2007, a worm infected the popular MySpace community. Unsuspecting users enabled propagation of the worm, which began to replicate itself on user sites with the defacement "w0rm.EricAndrew".
Worm attack mitigation requires diligence on the part of system and network administration staff. Coordination between system administration, network engineering, and security operations personnel is critical in responding effectively to a worm incident. The following are the recommended steps for worm attack mitigation:
- Containment-Contain the spread of the worm in and within the network. Compartmentalize uninfected parts of the network.
- Inoculation-Start patching all systems and, if possible, scanning for vulnerable systems.
- Quarantine-Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network.
- Treatment-Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
Viruses and Trojan Horses
A virus is malicious software that is attached to another program to execute a particular unwanted function on a workstation. An example is a program that is attached to command.com (the primary interpreter for Windows systems) and deletes certain files and infects any other versions of command.com that it can find.
A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. An example of a Trojan horse is a software application that runs a simple game on a workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every address in the user's address book. The other users receive the game and play it, thereby spreading the Trojan horse to the addresses in each address book.
A virus normally requires a delivery mechanism-a vector-such as a zip file or some other executable file attached to an e-mail, to carry the virus code from one system to another. The key element that distinguishes a computer worm from a computer virus is that human interaction is required to facilitate the spread of a virus.
These kinds of applications can be contained through the effective use of antivirus software at the user level, and potentially at the network level. Antivirus software can detect most viruses and many Trojan horse applications and prevent them from spreading in the network. Keeping up to date with the latest developments in these sorts of attacks can also lead to a more effective posture toward these attacks. As new virus or Trojan applications are released, enterprises need to keep current with the latest versions of antivirus software.
Sub7, or subseven, is a common Trojan horse that installs a backdoor program on user systems. It is popular for both unstructured and structured attacks. As an unstructured threat, inexperienced attackers can use the program to cause mouse cursers to disappear. As a structured threat, crackers can use it to install keystroke loggers (programs that record all user keystrokes) to capture sensitive information.
0 comments:
Post a Comment