Archive for the ‘Detailed Security Information’ Category

Trojan

EmailPrintShare

Trojan

A trojan is a self-contained malicious program that does not replicate (as a worm would) nor infect other files (as a virus would).

Many of the the earlier Trojans were used to launch Distributed Denial of Service (DDoS) attacks, such as those suffered by Yahoo and eBay in the latter part of 1999. Today, Trojans are most often used to gain backdoor access – remote, surreptitious access – to the computer.

There are several different types of Trojans: Remote Access Trojans (RAT), Backdoor Trojans (backdoors), IRC Trojans (IRCbots), and Keyloggers(To gain your bank account logon details for eaxmple). Many of these different types can be employed in a single Trojan. For example, a keylogger that also operates as a backdoor may commonly be disguised as a game hack. IRC Trojans are often combined with backdoors and RATs to create collections of infected computers known as botnets.

EmailPrintShare

Spyware

EmailPrintShare

Why is it called “Spyware” ?

While this may be a great concept, the downside is that the advertising companies also install additional tracking software on your system, which is continuously “calling home”, using your Internet connection and reports statistical data to the “mothership”. While according to the privacy policies of the companies, there will be no sensitive or identifying data collected from your system and you shall remain anonymous, it still remains the fact, that you have a “live” server sitting on your PC that is sending information about you and your surfing habits to a remote location…..

Are all Adware products “Spyware”?
No, but the majority are. There are also products that do display advertising but do not install any tracking mechanism on your system. These products are not indexed in our database.

Is Spyware illegal?
Even though the name may indicate so, Spyware is not an illegal type of software in any way. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product. This usually involves the tracking and sending of data and statistics via a server installed on the user’s PC and the use of your Internet connection in the background.

What’s the hype about?
While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement (linked from our database), there is almost no way for the user to actually control what data is being sent. The fact is that the technology is in theory capable of sending much more than just banner statistics – and this is why many people feel uncomfortable with the idea.

On the other hand…
Millions of people are using advertising supported “spyware” products and could not care less about the privacy hype…, in fact some “Spyware” programs are among the most popular downloads on the Internet.

Real spyware…
There are also many PC surveillance tools that allow a user to monitor all kinds of activity on a computer, ranging from keystroke capture, snapshots, email logging, chat logging and just about everything else. These tools are often designed for parents, businesses and similar environments, but can be easily abused if they are installed on your computer without your knowledge.

These tools are perfectly legal in most places, but, just like an ordinary tape recorder, if they are abused, they can seriously violate your privacy.

EmailPrintShare

Viruses

EmailPrintShare

Viruses come in many shapes and sizes, such as:

File infectors
These viruses attach themselves to regular programs, such as COM or EXE files under DOS. Thus, they are invoked each time the infected program is run.

Cluster infectors
They modify the file system so that they are run prior to other programs. Note that, unlike file infectors, they do not actually attach themselves to programs.

Macro viruses
Word processing documents can serve as sources of transmission for viruses that take advantage of the auto-execution macro capabilities in products such as Microsoft Word. Simply by opening an infected document, the virus, written in a product’s macro language, can spread. Macro viruses are placed inside one or more of the macros inside the document. At this moment, the number of macro viruses is growing very fast (more than 6,000 in August 2000). Due to the powerful features of Visual Basic for Applications, it is very easy to use all the facilities offered by Microsoft in Windows. For example, to send an e-mail you need at most 10 code lines. That is probably why many macro viruses have worm capabilities (the best example is W97M/Melissa.A@MM).

System infectors
Computer operating systems typically set aside a portion of each disk for code to boot the computer. Under DOS, this section is called a boot sector on floppies or a master boot record (MBR) for hard disks. System infectors store themselves in this area and hence are invoked whenever the disk is used to boot the system. System infector viruses, when infecting a drive, do not change the MBR content or the boot sector, but partially modify the FAT allocation of IO.SYS (or its equivalent, IBMBIO.COM) to allow inclusion of their own viral code sequence at the beginning of this file. Because, at boot time, DOS reads IO.SYS in a linear way, the virus will be read before the IO.SYS code. On the other hand, if the IO.SYS file is opened with a text viewer, it will appear perfectly normal, because the FAT allocation chain correctly includes the area overwritten by the virus, which has been saved to another area on the disk.

A virus must be executed by someone, perhaps unwittingly, in order to spread. Some ways in which this occurs include:

Booting from an infected floppy

System infectors are loaded each time an infected disk is used to boot the system. This can happen even if a disk is not equipped with the files needed to truly boot the computer, as is the case with most floppies. With PCs, the initial infection typically occurs when someone boots – or reboots – a computer with an infected floppy accidentally left in drive A. It is always a good habit to check and remove any floppies that might be in the drives before booting your machine.

Running an infected program
As programs infected with a file infector are run, the virus spreads. For this reason, you should regularly scan for viruses any programs you retrieve from a BBS, the net, a colleague, etc… There are even instances of commercial, shrink-wrapped software that have been infected with viruses!

Here under you can find what some other viruses can do:

Boot viruses – they use for replication the boot sector of the floppies, MBR (master boot record) or the boot sectors of the fixed disks. The only way of replication for these viruses is booting from the infected disk. Accessing or copying the infected disks are not dangerous operations as long as the system is not started from the infected disk.

Tips against boot viruses:
Change the boot sequence from BIOS, so the floppy won’t be the first in that sequence. That way, you are protected when you accidentally forget an infected floppy in your floppy drive. Booting from the floppy drive could be necessary only when installing/reinstalling the Operating System or scanning for some special viruses. We recommend you to scan the floppy disk using an antivirus program after formatting and copying system files on it; after that, activate the floppy write-protection.

Parasitic viruses they infect executable files, so that when the infected file is launched, the virus code gains control. They usually execute prior to normal executable code. Then, the original code regains control and, in most cases, executes normally. There are viruses that gains control after the execution of the original code ends or when a routine from this code is called. These viruses are more difficult to detect, but they are less spread too, due to their complexity and the way they replicate.

Because these viruses infect executable files, they could spread through any data storage or transfer media: floppies, CDs, modems, networks. The virus spreads when the host file is executed.

Parasitic viruses may be memory resident (after the launching of an infected file, the virus stays in memory and infects other active files) and non-resident parasitic viruses. The non-resident parasitic viruses infect a number of files, then return control to the host program.
Parasitic viruses need to be able to distinguish between infected and non-infected files. If a virus is unable to do this (such as certain versions of the Jerusalem or Vienna viruses), they will repeatedly infect a file until this will become too large and the virus will be easily detected.

Tips against parasitic viruses:
- When you notice that the programs you usually work with became larger, use an antivirus program. Because the virus can hide itself in your system (stealth viruses), you must launch the antivirus from a bootable clean floppy disk.
- When an installing kit or a program that is capable to verify itself warns you that it is corrupted and you are sure about the functionality of that program, use an antivirus program. If you have a backup copy, we recommend you to use it, after you verify it too. Even if the antivirus cleans the viral code, many viruses change parts of the original program, leading to the impossibility of using that program. The best example is that of Win95/CIH, which overwrites parts of the file supposed to be unused; that is why the installing kits (which verify themselves) won’t work properly after being infected with Win95/CIH.

Companion viruses create a file having the same name, but another executable extension; for example, if you have a file named PROGRAM.EXE and you notice that a file named PROGRAM.COM appears, this is a possible infection with a companion virus (when the operating system encounters two executable files, with the same name but different extensions, it will first launch the .COM file). If the effect is the same for more executable files, the infection is obvious.

Link viruses are extremely dangerous because they use an unusual infection method. Link viruses do not change the content of an executable file; they alter the directory structure, redirecting the directory entry of an infected file to the area that contains the viral code. Once the virus has executed, it can load the executable file, knowing the correct directory entry of the file. Eliminating such a virus from the system is both difficult and risky.

Multipartite viruses combine two or more basic types from those described above. There are viruses capable to infect executables and Word documents, or viruses capable to infect boot sectors and executables, etc.
Viruses’ authors are trying to include as many facilities as possible in their creations. A perfect example is Esperanto, capable to infect files on different operating systems and to run on different hardware architectures (i386 and Mac).

Some viruses are boring, while others are extremely dangerous. The least they can do is to increase the file size and slow down the computer. Many viruses only try to spread, not to damage your computer. There is, however, the possibility for such benign viruses to occasionally interact with other software and damage your computer. That is why there are no viruses that do not produce any damage; even a simple change in an installing kit might be considered one.

Other viruses are far more dangerous, intentionally modifying or destroying data, or deleting files and / or formatting your drive. Till Win95/CIH it was said that viruses couldn’t destroy or damage hardware components. CIH was the first virus (and unfortunately not the last) that was able to modify the Flash BIOS so that the computer would not work when subsequently booting the system.

Another virus capable of hardware damage (but in a strange way) is {Win32,W97M}/Beast. During the night, Beast opens and closes the door of the CD-ROM unit for two hours! This will damage that unit for sure!

EmailPrintShare
This theme is sponsored by Services Listed along with college address, EMR software hosting and hosting logos