return to Computers

VIRUSES / WORMS

 

90% of computer viruses are delivered via e-mail.

1 in 16 e-mail messages carried a virus in 2004.
1 in 33 e-mail messages carried a virus in 2003.

There are at least 81,000 different computer viruses in existence.
50 new computer viruses are released every day.

 

 

 

To avoid viruses and worms:

1. Don't use Microsoft products   see below

 

 

 

Computer worms with the biggest impact during the
2 1/2 year period from January 2003 thru June 2005:

1. Blaster only affects Microsoft Windows
2. MyDooom only affects Microsoft Windows
3. Netsky
4. Sasser only affects Microsoft Windows
5. Slammer
6. SoBig


1. The Blaster worm exploits the DCOM RPC vulnerability using TCP port 135.
The worm targets only Microsoft Windows machines.
Infected 10 million computers.
24-year old Dan Dumitru Ciobanu of Romania has been charged with cybercrime offenses
for unleashing the Blaster.F Internet worm, a low-grade variant of the Blaster worm.
-IEEE Security, 2003

2. MyDoom only targets computers running Microsoft Windows 2000, Windows 95,
Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
• Uses its own SMTP engine to send itself to all the email addresses that it finds
• Contains keylogging capabilities - the "From" field of the email is spoofed
• Acts as a backdoor on infected systems

4. The Sasser worm attacks a software vulnerability in Windows XP, 2000 and Windows Server 2003.
Written by 18 year-old German Sven Jaschan, and released May 2004, Sasser causes
Microsoft Windows machines to crash and reboot. Macintosh and Linux systems are immune.
Sven was arrested in Rotenberg, Germany on May 8, 2004, and received a 21-month suspended sentence.

 

 



 

 

 

Zotob, a worm and backdoor trojan, exploit a vulnerabilty in Microsoft Windows Plug and Play service.
Zotob copies itself into the Windows SYSTEM folder, prevents the user from getting help from online anti-virus web sites,
and can connect to an IRC server, allowing external control of the computer.
Zotob first appeared August 14, 2005. Within a week, 19 different worms that exploit the same flaw were circulating.
The worm only affects computers running Windows 2000 or Windows XP.
Farid Essebar was arrested in Morocco and Atilla Ekici was detained in Turkey.


Virus & Worm History
1. Chernobyl / CIH
infected Microsoft Windows 95,98,ME
spread via executable files, especially games
overwrites data on hard drive and overwrites BIOS
$20-$40M damage
created in Taiwan
June 1998

2. Melissa / W97M
Microsoft Word Macro script virus
spread via Microsoft Outlook - emails itself to 50 names on user's contact list
email has Subject: "Here is the document you asked for... don't show anyone else. :-)"
modifies user Word documents with quotes from "The Simpsons" TV show
$300-$600M damage
March 29, 1999

3. ILOVEYOU / LoveLetter / Love Bug
Microsoft Visual Basic script virus
email has Subject: "ILOVEYOU" and an attachment "Love-Letter-For-You.TXT.vbs
overwrites music, image and other files with a copy of itself, &
searched out user IDs and passwords and emailed them to the author of the virus
$10B-$15B in damage
created in Philipines
Hong Kong / May 3, 2000

4. Code Red / Bady
Microsoft Windows IIS (web server) worm
seeks other IIS servers to infect
infected web site displays message:
"HELLO! Welcome to http://www.worm.com/! Hacked By Chinese!"
after 20 days, launches DoS attack on certain IP addresses, including White House web server
$2.6B damage
July 13, 2001

5. SQL Slammer / Sapphire
infects Microsoft SQL Server
generates random IP addresses and sends itself to them
single packet, 376-byte worm
January 25, 2003

6. Blaster / Lovsan / MSBlast
infects Microsoft Windows 2000,XP
presents user with dialog box indicating that a system shutdown was imminent
hidden in code of worm's executable file are messages:
"I just want to say LOVE YOU SAN!!" and
"billy gates why do you make this possible? Stop making money and fix your software!!"
triggers a DoS attack on www.windowsupdate.com on April 15
$2B-$10B damage
August 11, 2003

7. Sobig.F
spread via email
generated over 1M copies of itself in first 24 hours
on September 10, 2003 it deactivated itself
Microsoft has $250K reward for indentity of Sobig.F
author was never caught
$5B-$10B damage
August 19. 2003

8. Bagle / Beagle
Microsoft email worm - email attachment
opens a back door to a TCP port that can be used by remote users
to access data on the infected system
Bagle.B variant stopped spreading after January 28, 2004
$tens of M in damage
January 18, 2004

9. MYDOOM / Norvarg
spread via email attachment - appeared to be an error message
contaned text "Mail Transaction Failed."
at its peak, slowed global internet traffic 10%
programmed to stop spreading after February 12, 2004
January 26, 2004

10. SASSER
infected Microsoft Windows 2000, XP
actively scanned for other systems to infect
created by a 17-year old German high school student, who released it on his 18th birthday
given suspended sentence
$tens of M in damagfe
April 30, 2004












 

DoS
Denial of Service attacks

An attack designed to bring the network to a halt by flooding it with useless traffic.









return to top

PHISHING
email that appears to be from a reputable source, often providing what appears to be
a link to a legitimate web site, with the purpose being to steal identity or financial information

 

According to an analysis of internet traffic done by CipherTrust Inc. in October 2004,
just 5 bot networks generate virtually all of the world's phishing scams.

 

 

to avoid PHISHING scams:

 

D'oh!
Of 141 million on-line consumers:
57 million Americans have received phishing e-mails
11 million of them clicked on a link in a phishing e-mail
1.8 million of them submitted personal information
-Gartner Group, April 2004


 

Directory Harvesting Attacks

the "Brute Force" directory harvest attack:
a Spammer sends email to every conceivable username @yourdomain

  • bandwidth to your mailserver is consumed by thousands of the bogus incoming messages
  • most mailservers reject email sent to an invalid username with a "user not found" message, which is
     returned to the sender (the Spammer, in this case)
  • bandwidth from your mailserver is consumed by thousands of "user not found" replies
  • the Spammer assumes any email address not drawing a "user not found" reply is in fact a valid address
  • the Spammer creates a list of valid addresses for future Spamming, and sells this list of addreses to others

To make it more difficult for your mailserver to be "harvested" for its directory,
limit the rate of messages (# of messages per minute or per hour) the mailserver accepts.
This makes it more difficult for the attacker to send and get replies to the thousands of
messages that an attack of this sort requires.

You can imagine how beneficial it would be for ISPs such as yahoo.com and comcast.net to prevent
their mailservers from being attacked and harvested in this fashion.

Things you can do:
1. Make sure your mailserver rejects all invalid messages. If the server is configured to forward all invalid
    email to a specific account, such as postmaster, a directory harvest attack could fill your free disk space.
2. Put a limit on the frequency of email messages accepted by the mailserver.

SQL Injection Attacks

synopsis: A sequence of characters is used in SQL queries which is designed to be destructive or intrusive

 

 

return to top

Verizon's Spring Break (-In)

On May 2, 2004, four DS-3 cards were stolen from a Manhattan co-location
facility owned by Verizon Communications at 240 E. 38th St. just after 10:30pm.
The outage affected area customers of Sprint.

***

According to NYC Police, three DS-3 networking cards were stolen from
a Verizon CO at 240 E. 38th St.  Sprint lost several cards, Qwest also was
a victim. During the burglary, surveillance cameras were not operational.
Sprint, Qwest, XO Communications, and Looking Glass Networks were
affected by the theft.

*** ***

The co-location floor of a Verizon central office on 38th Street in New York City was burgularized,
leaving a handful of Verizon competitors - specifically Sprint Corp, Qwest Communications,
XO Communications, and Looking Glass Networks - without service for up to an entire day.

New York City Police Department officials pegged the heist at $433,000.
Of the 4 separate doors to the 8th floor co-lo office, the main door lacked a working lock.
All of the network racks that were burgularized were secured with simple Allen wrench bolts.
The building's main entrance security cameras were missing the night of May 2, awaiting upgrade.

51 pieces of networking gear, enough equipment to fill 2 duffel bags, was stolen.

from the NYPD crime report:
Inside of 211 East 37 Street
2004.05.02 23:30 Sunday
Grand Larceny

*** *** ***


Personal Computer Privacy Considerations:

Website History Destruction
Typed URL Destruction
Temporary Internet File Destruction
Search History Destruction
Run Programs History Destruction
Recent Document List Destruction
Media Player History Destruction
Recycle Bin Contents Destruction
Cached File Destruction
Cookie Destruction

http://www.intenseschool.com/

 

Captchas
Completely Automated Public Turing test to tell Computers and Humans Apart

Methods such as using wavy words in pictures, that require the user to re-type
the word to gain access.
Ticket scalpers use OCR (optical character recognition) software to get around
the Captchas used by ticketmaster.com.

 

return to top
home

Copyright © billhance.com.  All rights reserved.