Malware Discussion Essay

The use of malware is a way for tryers to gain find to person information from a personal information processing system or community information from an organization. There are several(prenominal) types of malware which take computer virus, root fits, and worms. individually malware serves contrary purposes to achieve the goal of an attacker. An attacker could be envious of a preceding(a) lover and could send a virus to their telecommunicate to shutdown the operations of their computer. A disgruntle employee could send a worm to their gray-haired social club and slow down production of the comp both.A random person looking for for a thrill could set up a rootkit on a comp anys network to gain access to company secrets. Each malware is given a take a crap specified for its cause, for example the Trojan Worm. The name is given to this virus because of the activity that happens once it is executed. Viruses are named by antivirus companies who revoke use proper names. The genus Melissa virus was named by its creator, David Smith, for a Miami stripper. This paper pull up stakes discuss 5 different types of malware and inform the targets for these attacks.Discussion of Malware The depression malware that will be discussed is the Melissa Virus. This virus was detected on the twenty-sixth of March 1999. This virus is a Microsoft Word macro virus that is delivered as an E-mail attachment. The virus is activated when an attachment named, list. doc is opened. When it is activated, the Melissa virus searches the Microsoft Outlook address book and sends a message to the showtime 50 names. This virus proliferates itself as users open the attachment. Melissa doesnt work on Outlook Express, just Outlook.The message appears to come from the person just infected, which essence that the message will seem to come from a recogniz equal to(p) email address. Melissa doesnt destroy files or former(a) re tooth roots, but has the contingency to immobilize unified and other mails servers. The origin of the Melissa virus is from an net income alt. sex newsgroup and contains a list of passwords for various Web sites that require memberships. Melissa overly has the ability to disable some security safeguards. Users of Microsoft Word 97 or 2000 with Microsoft Outlook 97, 98, or 200 are most believably to be affected.When the virus attacks, it stand infect the duplicate of Microsoft Word that is installed as well as any following Word documents that are created. It can also change the setting of Microsoft Word to make it easier for the computer to shape infected by it and succeeding macro viruses. Users of Word 97 or 2000 containing any other E-mail programs can be affected also the difference is that Melissa will not automatically redistribute itself to the contacts by means of other E-mail programs. It can still however infect the copy of Microsoft installed on the machine.This infected copy can still be divided with others if a document is created in the infected copy and distributed through E-mail, lax disk, or FTP. Although the virus wont appeal to the mailout on a Mac system, it can be stored and resent from Macs. To avoid this virus, it is suggested to not double-click any file, much(prenominal) as an E-mail attachment, without scanning it first with antivirus software product, regardless of who it is from. The near malware to be discussed is SQL throw inion which is an attack where catty code is placed in within strings that are shortly passed on to an example of SQL legion for parsing and implementation.A form of SQL injection consists of direct placing of code into user- foreplay variables that link with SQL commands and executed. An attack that is not as direct, inserts malicious code into strings that are mean for storage in a table or as metadata. The malicious code is executed once the stored strings are linked into a dynamic SQL command. In SQL Injection, the hacker uses SQL queries and ingenuit y to get to the database of susceptible corporate data through the web application.Websites with features as lumberin pages, support and product pick up forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape new(a) websites and provide businesses with the means necessary to communicate with prospects and nodes are all compromising to SQL Injection attacks. The reason behind this is because the fields purchasable for user input allow SQL statements to pass through and query the database directly. SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input.There have been several reports of SQL attacks, dating back to 2005. The websites that have became victim to these attacks range from Microsoft U. K. to Lady brainsicks website. To avoid SQL injection flaws, it is suggested that developers need to either a) stop theme dynamic queries and/or b) prevent user supplied input which contains malicious SQL from touch on the logic of the executed query. The next malware discussed will be Stuxnet. Stuxnet is a computer worm that targets sec industrial software and equipment running Microsoft Windows, and was spy in June 2010.Although Stuxnet isnt the first attack to target industrial systems, it is however the first discovered malware that actually moles on and weakens industrial systems. Stuxnet is also the first malware to include a programmable logic keep in lineler rootkit. Stuxnet is designed to target specifically atomic number 16 supervisory control and data acquisition systems that are configured to control and monitor specific industrial processes. The PLCs are infected by Stuxnet enfeebling the Step-7 software application that is used to reprogram these devices.Stuxnet is different from other malware as it exactly attacks computers and networks that meet a specific configuration requirement. Stuxnet contains a safeguard and if Siemens software isnt discovered on the infected computer will prevent each infected computer from spreading the worm to more than three others, and to erase itself on June 24, 2012. Along with other things for its victims, Stuxnets contains code for a man-in-the-middle attack. Stuxnet will spread through removable devices such as an USB push back in a Windows operating system by using a four zero-day attack.After it has infected the removable drive, it uses other utilizations and techniques to infect and update other computers inside private networks. Stuxnet infects Step 7 software by infecting project files belong to Siemens WinCC/PCS 7 SCADA control software and weakens a key communication library of WinCC called s7otbxdx. dll. It is recommended by Siemens to contact customer support if and infection is detected and advises installing Microsoft patches for security vulnerabilities and prohibiting the use of third-party USB photograph drives. Next, Zeus, also cognize as Zbot virus w ill be discussed.This virus is geared toward financial institutions such as banks. Zeus was first discovered in July 2007 after being used to steal information from the US DOT. Zeus is set up to infect a consumers PC, and wait until the log onto a list of targeted banks and financial institutions and steal their credentials and sends them to a impertinent server in real time. Zeus can also inject HTML into a page that is provided by the browser, this displays its own content kinda of the actual page from the banks web server. By doing this, it is able to obtain users information such card numbers and pins.According to SecureWorks, genus Zeus is sold in the criminal underground as a kit for around $3000-4000, and is likely the one malware most utilized by criminals specializing in financial fraud. According to Lucian Constantin, Zeus is one of the oldest and most popular crimeware toolkits available on the underground market. Up until this year the Trojan could only be acquired for significant sums of money from its original source. However, a few months ago the source code leaked online and now anyone with the proper knowledge can create variations of the malware. in addition according to SecureWorks, The latest version of Zeus as of this date is 1. 3. 4. x and is privately sold. The author has gone to great lengths to protect this version using a Hardware-based Licensing System. The author of Zeus has created a hardware-based licensing system for the Zeus constructor kit that you can only run on one computer. at one time you run it, you get a code from the specific computer, and then the author gives you a key just for that computer. This is the first time they have seen this train of control for malware.The CTU recommends that businesses and home users carry out online banking and financial transactions on isolated workstations that are not used for general Internet activities, such as web browsing and reading email which could increase the put on the line of infection. The last malware that will be discussed is the blaster worm also known as Lovsan, Lovesan, or MSBlast. The Blaster worm spreads on computers that have Windows XP and Windows 2000 as an operating system and was detected in August of 2003. The creator of the B variant of the Blaster worm, Jeffrey Lee Parson was an 18 year old from Hopkins, Minnesota.He was arrested on August 29, 2003, admitted to the creation of the B variant, and was sentenced to 18-months in prison in January 2005. A Windows component known as the DCOM (Distributed Component end Model) interface which is a known vulnerability of Windows is taken advantage of by Blaster. The DCOM handles messages sent using the RPC (Remote Procedure Call) protocol. Vulnerable systems can be compromised without any interaction from a user, according to Johannes Ullrich, chief technology officer at the SANS Internet Storm Center, which monitors threats to the Internet infrastructure.According to Mikko Hypponen, m anager of antivirus research at F-Secure in Helsinki, Blaster unlike the Code Red worm, which contained code for a similar attack against the IP address of White Houses main Web server, targets the windowsupdate. microsoft. com domain, which prevents Microsoft from changing the address of the domain to sidestep the attack. Blasters code is small and can be quickly outside using free tools provided by F-Secure as well as other antivirus vendors, Hypponen said. However, customers should patch their systems before removing Blaster to prevent from getting infected again from the worm, he said.