Advertisement


Advertisement

Thread Rating:
  • 4 Vote(s) - 2.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
A details on Virus & malwares
Advertisement
#1
Three Criteria for Malware Existence
No operating system or application is vulnerable to malicious programs unless external programs, no matter how simple, can be launched. If an external program, even the simplest, can be launched within an operating system or application, then it will be vulnerable to malicious programs. Most contemporary operating systems and applications need to work with other programs, so they do end up being vulnerable. Potentially vulnerable OS and applications include:
All popular desktop operating systems
Most office applications
Most graphical editors
Project applications
Any applications with in-built script language

Computer viruses, worms, Trojans have been written for countless operating systems and applications. On the other hand, there are still numerous OSs and applications that are free from malware so far. Why is this so? What makes one OS more attractive to virus writers than others?

Malware appears in any given environment when the following criteria are met:
The operating system is widely used
Reasonably high-quality documentation is available
The targeted system is insecure or has a number of documented vulnerabilities

All three criteria are key factors and all three need to be met before the given system will be targeted by virus writers.

In the first place, in order for hackers and cyber vandals to even consider any system, the target needs to be popular enough for them to access it. Once an OS or application is widely available and marketed successfully, it turns into a viable target for virus writers.

A quick look at the number of malicious programs written for Windows and Linux shows that the volume of malware is roughly proportional to the respective market share of these two operating systems.

Detailed documentation is necessary for both legal developers and hackers, since documentation includes descriptions of available services and rules for writing compatible programs.

For instance, most mobile phone vendors do not share this information, leaving both legal vendors and hackers helpless. On the other hand, some vendors of smart phones do publish their documentation. The first viruses for Symbian (Worm.SymbOS.Cabir.a) and Windows CE (WinCE.Duts.a) appeared shortly after the documentation was published in mid-2004.

The architecture of a well-built (constructed designed) OS or applications needs to take security into account. A secure solution does not allow new or unsanctioned programs extensive access to files or potentially dangerous services. This leads to difficulties, as a fully secure system, will block not only malware, but 'friendly' programs as well. As a result, none of the widely available systems can be called truly secure.

Java machines that launch Java applications in 'sandbox' mode come close to achieving secure conditions. As a matter of fact, there have been no viruses or Trojans which pose a serious threat written in Java for a long time, though non-viable proof of concept malware does occasionally appear. Malware written in Java appeared only when vulnerabilities in Java Virtual Machine security were discovered and publicized.

Malicious Programs Descriptions
Malicious programs can be divided into the following groups: worms, viruses, Trojans, hacker utilities and other malware. All of these are designed to damage the infected machine or other networked machines.
Network Worms

This category includes programs that propagate via LANs or the Internet with the following objectives:
Penetrating remote machines
Launching copies on victim machines
Spreading further to new machines

Worms use different networking systems to propagate: email, instant messaging, file-sharing (P2P), IRC channels, LANs, WANs and so forth.

Most existing worms spread as files in one form or another - email attachments, in ICQ or IRC messages, links to files stored on infected websites or FTP servers, files accessible via P2P networks and so on.

There are a small number of so-called fileless or packet worms; these spread as network packets and directly penetrate the RAM of the victim machine, where the code is then executed.

Worms use a variety of methods for penetrating victim machines and subsequently executing code, including:
Social engineering; emails that encourage recipients to open the attachment
Poorly configured networks; networks that leave local machines open to access from outside the network
Vulnerabilities in operating systems and applications

Today's malware is often a composite creation: worms now often include Trojan functions or are able to infect exe files on the victim machine. They are no longer pure worms, but blended threats.
Classic Viruses

This class of malicious programs covers programs that spread copies of themselves throughout a single machine in order to:
Launch and/or execute this code once a user fulfills a designated action
Penetrate other resources within the victim machine

Unlike worms, viruses do not use network resources to penetrate other machines. Copies of viruses can penetrate other machines only if an infected object is accessed and the code is launched by a user on an uninfected machine. This can happen in the following ways:
The virus infects files on a network resource that other users can access
The virus infects removable storage media which are then attached to a clean machine
The user attaches an infected file to an email and sends it to a 'healthy' recipient

Viruses are sometimes carried by worms as additional payloads or they can themselves include backdoor or Trojan functionality which destroy data on an infected machine.
Trojan Programs

This class of malware includes a wide variety of programs that perform actions without the user's knowledge or consent: collecting data and sending it to a cyber criminal, destroying or altering data with malicious intent, causing the computer to malfunction, or using a machine's capabilities for malicious or criminal purposes, such as sending spam.

A subset of Trojans damage remote machines or networks without compromising infected machines; these are Trojans that utilize victim machines to participate in a DoS attack on a designated web site.
Hacker Utilities and other malicious programs

This diverse class includes:
Utilities such as constructors that can be used to create viruses, worms and Trojans
Program libraries specially developed to be used in creating malware
Hacker utilities that encrypt infected files to hide them from antivirus software
Jokes that interfere with normal computer function
Programs that deliberately misinform users about their actions in the system
Other programs that are designed to directly or indirectly damage local or networked machines

Who Writes Malicious Programs and Why?
Virus writers: four general types

Virus writers belong to one of four broad groups: cyber-vandals, who can be divided into two categories, and more serious programmers, who can again be split into two groups.
Cyber vandalism - stage 1

In the past, most malware was written by young programmers: kids who just had learned to program who wanted to test their skills. Fortunately most of these programs did not spread widely - the majority of such malware died when disks were reformatted or upgraded. Viruses like these were not written with a concrete aim or a definite target, but simply for the writers to assert themselves.
Cyber vandalism - stage 2

The second largest group of contributors to malware coding were young people, usually students. They were still learning programming, but had already made a conscious decision to devote their skills to virus writing. These were people who had chosen to disrupt the computing community by committing acts of cyber hooliganism and cyber vandalism. Viruses authored by members of this group were usually extremely primitive and the code contained a large number of errors.

However, the development of the Internet provided space and new opportunities for these would-be virus writers.Numerous sites, chat rooms and other resources sprang up where anyone could learn about virus writing: by talking to experienced authors and downloading everything from tools for constructing and concealing malware to malicious program source code.
Professional virus writers

And then these 'script kiddies' grew up. Unfortunately, some of them did not grow out of virus writing. Instead, they looked for commercial applications for their dubious talents. This group remains the most secretive and dangerous section of the computer underground: they have created a network of professional and talented programmers who are very serious about writing and spreading viruses.

Professional virus writers often write innovative code designed to penetrate computers and networks; they research software and hardware vulnerabilities and use social engineering in original ways to ensure that their malicious creations will not only survive, but also spread widely.
Virus researchers: the 'proof-of-concept' malware authors

The fourth and smallest group of virus writers is rather unusual. These virus writers call themselves researchers, and they are often talented programmers who devote their skills to developing new methods for penetrating and infecting systems, fooling antivirus programs and so forth. They are usually among the first to penetrate new operating systems and hardware. Nevertheless, these virus writers are not writing viruses for money, but for research purposes. They usually do not spread the source code of their 'proof of concept viruses', but do actively discuss their innovations on Internet resources devoted to virus writing.

All of this may sound innocent or even beneficial. However, a virus remains a virus and research into new threats should be conducted by people devoted to curing the disease, not by amateurs who take no responsibility for the results of their research. Many proof of concept viruses can turn into serious threats once the professional virus writers gain access to them, since virus writing is a source of income for this group.
Why write viruses?
Fraud

The computer underground has realised that paid for Internet services, such as Internet access, email and web hosting, provides new opportunities for illegal activity with the additional satisfaction of getting something for nothing. Virus writers have authored a range of Trojans which steal login information and passwords to gain free access to other users' Internet resources.

The first password stealing Trojans appeared in 1997: the aim was to gain access to AOL. By 1998 similar Trojans appeared for all other major Internet service providers. Trojans stealing log in data for dial-up ISPs, AOL and other Internet services are usually written by people with limited means to support their Internet habit, or by people who do not accept that Internet resources are a commercial service just like any other, and must therefore be paid for.

For a long time, this group of Trojans constituted a significant portion of the daily 'catch' for antivirus companies worldwide. Today, the numbers are decreasing in proportion to the decreasing cost of Internet access.

Computer games and software license keys are another target for cyber fraud. Once again, Trojans providing free access to these resources are written by and for people with limited financial resources. Some hacking and cracking utilities are also written by so-called 'freedom fighters', who proclaim that all information should be shared freely throughout the computing community. However, fraud remains a crime, no matter how noble the aim is made out to be.
Organised cyber crime

The most dangerous virus writers are individuals and groups who have turned professional. These people either extract money directly from end users (either by theft or by fraud) or use zombie machines to earn money in other ways, such as creating and selling a spamming platform, or organizing DoS attacks, with the aim here being blackmail.

Most of today's serious outbreaks are caused by professional virus writers who organize the blanket installations of Trojans to victim machines. This may be done by using worms, links to infected sites or other Trojans.
Bot networks

Currently, virus writers either work for particular spammers or sell their wares to the highest bidder. Today, one standard procedure is for virus writers to create bot networks, i.e. networks of zombie computer infected with identical malicious code. In the case of networks used as spamming platforms, a Trojan proxy server will penetrate the victim machines. These networks number from a thousand to tens of thousands of infected machines. The virus writers then sell these networks to the highest bidder in the computer underground.

Such networks are generally used as spamming platforms. Hacker utilities can be used to ensure that these networks run efficiently; malicious software is installed without the knowledge or consent of the user, adware programs can be camoflaged to prevent detection and deletion, and antivirus software may be attacked.
Financial gain

Apart from servicing spam and adware, professional virus writers also create Tojan spies which they use to steal money from e-wallets, Pay Pal accounts and/or directly from Internet bank accounts. These Trojans harvest banking and payment information from local machines or even corporate servers and then forward it to the master.
Cyber extortion

The third major form of contemporary cyber crime is extortion or Internet rackets. Usually, virus writers create a network of zombie machines capable of conducting an organized DoS attack. Then they blackmail companies by threatening to conduct a DoS attack against the corporate website. Popular targets include estores, banking and gambling sites, i.e. companies whose revenues are generated directly by their on-line presence.
Other malware

Virus writers and hackers also ensure that adware, dialers, utilities that redirect browsers to pay-to-view sites and other types of unwanted software function efficiently. Such programs can generate profits for the computer underground, so it's in the interests of virus writers and hackers to make sure that these programs are not detected and are regularly updated.

In spite of the media attention given to young virus writers who manage to cause a global epidemic, approximately 90% of malicious code is written by the professionals. Although all of four groups of virus writers challenge computer security, the group which poses a serious, and growing threat is the community of professional virus writers who sell their services.
[Image: gigigigi.gif]
Reply
Thanks given by:
Advertisement
#2
Wow great information Ananya :up: which antivirus u r using now ???
Reply
Thanks given by:
#3
I am lazy to read this Full Post but I read the outline
Thats Nice Post Sister
கந்தல் ஆனாலும் தாய் மடி போல் ஒரு சுகம் வருமா.....வருமா...
சொர்க்கம் சென்றாலும் சொந்த ஊர் போல் சுதந்திரம் வருமா.... வருமா ...
Reply
Thanks given by:
#4
i am using kaspersky internet security 2009
[Image: gigigigi.gif]
Reply
Thanks given by:
Advertisement




Possibly Related Threads…
Thread Author Replies Views Last Post
  General News: Google Duo makes its debut on Android TV: Check details, how it works nairrk 0 180 09-13-2020, 06:04 PM
Last Post: nairrk
  General News: DocStack app launched by IIT Delhi students as CamScanner alternative: Know details nairrk 0 349 07-22-2020, 06:51 PM
Last Post: nairrk
  General News: 5 best Anti-Virus software and their unique features nairrk 0 768 12-25-2017, 12:17 PM
Last Post: nairrk
  General News: Google Chrome for windows updates with Anti-virus features nairrk 0 690 10-17-2017, 12:02 PM
Last Post: nairrk
  General News: Next-gen virus found; Here's how it works nairrk 0 519 04-12-2016, 08:55 AM
Last Post: nairrk
Information Nikon mirrorless camera details surface nairrk 0 1,892 09-10-2011, 12:43 PM
Last Post: nairrk
Information Help: Facebook users’ account details inadvertently leaked: Symantec nairrk 0 1,147 05-11-2011, 11:46 AM
Last Post: nairrk
  Help: Crumpler camera bags offer sturdy construction, clever details SRK 0 3,764 03-05-2011, 03:14 PM
Last Post: SRK
Bug Help: Virus hacks 1,50,000 cellphones in China nairrk 0 1,154 02-25-2011, 12:19 PM
Last Post: nairrk
Exclamation Beware of Real Kamasutra.pps.exe computer virus.. nairrk 0 1,648 01-17-2011, 02:44 PM
Last Post: nairrk

Forum Jump:


Users browsing this thread: 1 Guest(s)
Advertisement