These Trojans are archived files coded to sabotage the de-compressor when it attempts to open the infected archived file. The victim machine will slow or crash when the Trojan bomb explodes, or the disk will be filled with nonsense data. ArcBombs are especially dangerous for servers, particularly when incoming data is initially processed automatically: in such cases, an ArcBomb can crash the server.
There are three types of ArcBombs: incorrect header in the archive, repeating data and a series of identical files in the archive.
An incorrect archive header or corrupted data can both cause the de-compressor to crash when opening and unpacking the infected archive.
A large file containing repeating data can be packed into a very small archive: 5 gigabytes will be 200 KB when packed using RAR and 480 KB in ZIP format.
Moreover, special technologies exist to pack an enormous number of identical files in one archive without significantly affecting the size of the archive itself: for instance, it is possible to pack 10100 identical files into a 30 KB RAR file or a 230 KB ZIP file.
Wednesday, February 14, 2007
Trojan Programs - Rootkits
A rootkit is a collection of programs used by a hacker to evade detection while trying to gain unauthorized access to a computer. This is done either by replacing system files or libraries, or by installing a kernel module. The hacker installs the rootkit after obtaining user-level access: typically this is done by cracking a password or by exploiting a vulnerability. This is then used to gather other user IDs until the hacker gains root, or administrator, access to the system.
The term originated in the Unix world, although it has since been applied to the techniques used by authors of Windows-based Trojans to conceal their actions. Rootkits have been used increasingly as a form of stealth to hide Trojan activity, something that is made easier because many Windows users log in with administrator rights.SERICOL, Лаки УФ-отверждения,SERICOL, Лаки УФ-отверждения,SERICOL, Лаки УФ-отверждения
The term originated in the Unix world, although it has since been applied to the techniques used by authors of Windows-based Trojans to conceal their actions. Rootkits have been used increasingly as a form of stealth to hide Trojan activity, something that is made easier because many Windows users log in with administrator rights.SERICOL, Лаки УФ-отверждения,SERICOL, Лаки УФ-отверждения,SERICOL, Лаки УФ-отверждения
Trojan Programs - Trojan Notifiers
These Trojans inform the 'master' about an infected machine. Notifiers confirm that a machine has been successfully infected, and send information about IP-address, open port numbers, the email address etc. of the victim machine. This information may be sent by email, to the master's website, or by ICQ.
Notifiers are usually included in a Trojan 'pack' and used only to inform the master that a Trojan has been successfully installed on the victim machine.ловля спиннингом с лодки
Notifiers are usually included in a Trojan 'pack' and used only to inform the master that a Trojan has been successfully installed on the victim machine.ловля спиннингом с лодки
Trojan Programs - Trojan Spies
This family includes a variety of spy programs and key loggers, all of which track and save user activity on the victim machine and then forward this information to the master. Trojan-spies collect a range of information including:
- Keystrokes
- Screenshots
- Logs of active applications
- Other user actions
These Trojans are most often used to steal banking and other financial information to support online fraud.
- Keystrokes
- Screenshots
- Logs of active applications
- Other user actions
These Trojans are most often used to steal banking and other financial information to support online fraud.
Trojan Programs - Trojan Proxies
Trojan Proxies
These Trojans function as a proxy server and provide anonymous access to the Internet from victim machines. Today these Trojans are very popular with spammers who always need additional machines for mass mailings. Virus coders will often include Trojan-proxies in Trojan packs and sell networks of infected machines to spammers.запасные части для струйных принтеров,
These Trojans function as a proxy server and provide anonymous access to the Internet from victim machines. Today these Trojans are very popular with spammers who always need additional machines for mass mailings. Virus coders will often include Trojan-proxies in Trojan packs and sell networks of infected machines to spammers.запасные части для струйных принтеров,
Trojan Programs - Trojan Droppers
These Trojans are used to install other malware on victim machines without the knowledge of the user. Droppers install their payload either without displaying any notification, or displaying a false message about an error in an archived file or in the operating system. The new malware is dropped to a specified location on a local disk and then launched.
Droppers are normally structured in the following way:
Main file
contains the dropper payload
File 1
first payload
File 2
second payload
...
as many files as the coder chooses to include
The dropper functionality contains code to install and execute all of the payload files.
In most cases, the payload contains other Trojans and at least one hoax: jokes, games, graphics and so forth. The hoax is meant to distract the user or to prove that the activity caused by the dropper is harmless, whereas it actually serves to mask the installation of the dangerous payload.
Hackers using such programs achieve two objectives:
- Hidden or masked installation of other Trojans or viruses
- Tricking antivirus solutions which are unable to analyse all components
Droppers are normally structured in the following way:
Main file
contains the dropper payload
File 1
first payload
File 2
second payload
...
as many files as the coder chooses to include
The dropper functionality contains code to install and execute all of the payload files.
In most cases, the payload contains other Trojans and at least one hoax: jokes, games, graphics and so forth. The hoax is meant to distract the user or to prove that the activity caused by the dropper is harmless, whereas it actually serves to mask the installation of the dangerous payload.
Hackers using such programs achieve two objectives:
- Hidden or masked installation of other Trojans or viruses
- Tricking antivirus solutions which are unable to analyse all components
Trojan Programs - Trojan Downloaders
This family of Trojans downloads and installs new malware or adware on the victim machine. The downloader then either launches the new malware or registers it to enable autorun according to the local operating system requirements. All of this is done without the knowledge or consent of the user.
The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website or other Internet location.
The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website or other Internet location.
Trojan Programs - Trojan Clickers
This family of Trojans redirects victim machines to specified websites or other Internet resources. Clickers either send the necessary commands to the browser or replace system files where standard Internet urls are stored (e.g. the 'hosts' file in MS Windows).
Clickers are used:
- To raise the hit-count of a specific site for advertising purposes
- To organize a DoS attack on a specified server or site
- To lead the victim to an infected resource where the machine will be attacked by other malware (viruses or Trojans)
Clickers are used:
- To raise the hit-count of a specific site for advertising purposes
- To organize a DoS attack on a specified server or site
- To lead the victim to an infected resource where the machine will be attacked by other malware (viruses or Trojans)
Trojan Programs - PSW Trojans
This family of Trojans steals passwords, normally system passwords from victim machines. They search for system files which contain confidential information such as passwords and Internet access telephone numbers and then send this information to an email address coded into the body of the Trojan. It will then be retrieved by the 'master' or user of the illegal program.
Some PSW Trojans steal other types of information such as:
- System details (memory, disk space, operating system details)
- Local email client
- IP-address
- Registration details
- Passwords for on-line games
Trojan-AOL are PSW Trojans that steal passwords for aol (American Online) They are contained in a sub-groups because they are so numerous.
Some PSW Trojans steal other types of information such as:
- System details (memory, disk space, operating system details)
- Local email client
- IP-address
- Registration details
- Passwords for on-line games
Trojan-AOL are PSW Trojans that steal passwords for aol (American Online) They are contained in a sub-groups because they are so numerous.
Tuesday, February 13, 2007
Trojan Programs - General Trojans
This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs.
Trojan Programs - Backdoors
Today backdoors are the most dangerous type of Trojans and the most widespread. These Trojans are remote administration utilities that open infected machines to external control via a LAN or the Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.
The only difference between a legal administration tool and a backdoor is that backdoors are installed and launched without the knowledge or consent of the user of the victim machine. Once the backdoor is launched, it monitors the local system without the user's knowledge; often the backdoor will not be visible in the log of active programs.
Once a remote administration utilitiy has been successfully installed and launched, the victim machine is wide open. Backdoor functions can include:
- Sending/ receiving files
- Launching/ deleting files
- Executing files
- Displaying notification
- Deleting data
- Rebooting the machine
In other words, backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. In short, backdoors combine the functionality of most other types of Trojans in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms. The only difference is that worms are programmed to propagate constantly, whereas these "mobile" backdoors spread only after a specific command from the "master".Русская классика,
The only difference between a legal administration tool and a backdoor is that backdoors are installed and launched without the knowledge or consent of the user of the victim machine. Once the backdoor is launched, it monitors the local system without the user's knowledge; often the backdoor will not be visible in the log of active programs.
Once a remote administration utilitiy has been successfully installed and launched, the victim machine is wide open. Backdoor functions can include:
- Sending/ receiving files
- Launching/ deleting files
- Executing files
- Displaying notification
- Deleting data
- Rebooting the machine
In other words, backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. In short, backdoors combine the functionality of most other types of Trojans in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms. The only difference is that worms are programmed to propagate constantly, whereas these "mobile" backdoors spread only after a specific command from the "master".Русская классика,
Adware
Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used.
There are concerns about adware because it often takes the form of spyware, in which information about the user's activity is tracked, reported, and often re-sold, often without the knowledge or consent of the user. Of even greater concern is malware, which may interfere with the function of other software applications, in order to force users to visit a particular web site. It is not uncommon for people to confuse "adware" with spyware and "malware", especially since these concepts overlap. For example, if one user installs "adware" on a computer, and consents to a tracking feature, the "adware" becomes spyware when another user visits that computer, and interacts with and is tracked by the "adware" without their consent. Spyware has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center. Often, spyware applications send the user's browsing habits to an ad-serving company, which then targets adverts at the user based on their interests. Kazaa is one example of a popular file-sharing program that delivers target ads to it's users. Adware programs other than spyware do not invisibly collect and upload this activity record or personal information when the user of the computer has not expected or approved of the transfer, but some vendors of adware maintain that their application which does this is not also spyware, due to disclosure of program activities: for example, a product vendor may indicate that since somewhere in the product's Terms of Use there is a clause that third-party software will be included that may collect and may report on computer use, that this Terms of Use disclosure means the product is just adware. A number of software applications are available to help computer users search for and modify adware programs to block the presentation of advertisements and to remove spyware modules. To avoid a backlash, as with the advertising industry in general, creators of adware must balance their attempts to generate revenue with users' desire to be left alone.
There are concerns about adware because it often takes the form of spyware, in which information about the user's activity is tracked, reported, and often re-sold, often without the knowledge or consent of the user. Of even greater concern is malware, which may interfere with the function of other software applications, in order to force users to visit a particular web site. It is not uncommon for people to confuse "adware" with spyware and "malware", especially since these concepts overlap. For example, if one user installs "adware" on a computer, and consents to a tracking feature, the "adware" becomes spyware when another user visits that computer, and interacts with and is tracked by the "adware" without their consent. Spyware has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center. Often, spyware applications send the user's browsing habits to an ad-serving company, which then targets adverts at the user based on their interests. Kazaa is one example of a popular file-sharing program that delivers target ads to it's users. Adware programs other than spyware do not invisibly collect and upload this activity record or personal information when the user of the computer has not expected or approved of the transfer, but some vendors of adware maintain that their application which does this is not also spyware, due to disclosure of program activities: for example, a product vendor may indicate that since somewhere in the product's Terms of Use there is a clause that third-party software will be included that may collect and may report on computer use, that this Terms of Use disclosure means the product is just adware. A number of software applications are available to help computer users search for and modify adware programs to block the presentation of advertisements and to remove spyware modules. To avoid a backlash, as with the advertising industry in general, creators of adware must balance their attempts to generate revenue with users' desire to be left alone.
Subscribe to:
Posts (Atom)
