IN TODAYS MODERN TECHNICAL WORLD WE MUST AWARE WITH DANGEROUS THREADS ATTACHED WITH DIGITAL DATA .VIRUSES ARE OF MANY KIND AND KNOWNING THEIR PREVENTION IS HELPFUL TO PROTECT OUR IMPORTANT FILES/DATA/PC/COMPUTER SYSTEM..There are numerous threats to security of applications and data. With the increasing use of internet and the advancing IT, applications are becoming increasingly vulnerable to threats that could be a malicious code, viruses, worms, etc.
Some of the security threats are as follows:-
Virus Attack
 |
| VIRUS MADE PC CORRUPT |
A computer virus is a man-made program or piece of code that is loaded onto one‘s computer without the victims‘ knowledge and runs against his/her wishes.
Viruses can also replicate themselves over and over again and is relatively easy to produce. Even a simple virus is dangerous because it corrupts the system.
An even more dangerous type of virus is the one capable of transmitting itself across networks and bypassing security systems.
Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD.
The sender of the e-mail note, downloaded file, or diskette you've received is usually unaware that it contains a virus. Some viruses wreak havok as soon as their code is executed while other viruses lie dormant until circumstances cause their code to be executed by the computer.
E-mail viruses:
An e-mail virus travels as an attachment to e- mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click they launch when you view the infected message in the preview pane of your e-mail software.
The different damages a virus can cause:
• An annoying message appearing on the computer screen.
• Reduce memory or disk space.
• Modify existing data.
• Overwrite or Damage files.
• Erase hard drive.
PROTECTION TIPS:
 |
| VARIOUS ANTIVIRUS SOFTWARES USED |
|
• Use anti-virus from good brands like Mc-Afee or Kaspersky.
• Turn on ‗auto update‘ option for your browser and plug-ins.
• Install Anti- malware.
• For extra security, run anti-malwares by different brands.
• Set a strong password for your FTP.
• Configure FTP client settings. Activate the option to ―Always use SFTP‖.
• Avoid sites that do not look trustworthy.
• Avoid sites in which ‗https‘ is clearly striked out.
• Quick Scan pen drives and flash drives when you insert them into your systems.
• Scan your systems frequently.
Worm
Computer worms are standalone malware programs that will use your computer network to replicate themselves in order to spread to other computers. Unlike a computer virus, it does not need to attach itself to any program, file or document.
In some ways worms are more deadly than viruses because they don‘t need to lodge themselves into programs to replicate. Worms can replicate independently through your system.
Once in your system, worms will look scan your network for other machines that may have similar security holes. If the worm finds one, it will copy itself into the new computer and start the process all over again.
Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. Worms can perform a variety of operations according to how it has been designed.
• It can cause a denial of service attack
• It gets attached to Microsoft outlook or any such mailing facility and sends mails to everybody on the address list (replicates itself and passes on the worm to everyone in the address list),
• overwrites your files and documents, and
• Makes your computer slow and dis-functional.
Illustration:
The ILOVEYOU virus comes in an e-mail note with "I LOVE YOU" in the subject line and contains an attachment that, when opened, results in the message being re-sent to everyone in the recipient's Microsoft Outlook address book and, perhaps more seriously, the loss of every JPEG, MP3, and certain other files on the recipient's hard disk.
As Microsoft Outlook is widely installed as the e-mail handler in corporate networks, the ILOVEYOU virus can spread rapidly from user to user within a corporation. On May 4, 2000, the virus spread so quickly that e-mail had to be shut down in a number of major enterprises such as the Ford Motor Company. The virus reached an estimated 45 million users in a single day.
PROTECTION TIPS:
• Use anti-virus from good brands like Mc-Afee or Kaspersky.
• Turn on ‗auto update‘ option for your browser and plug-ins.
• Install Anti- malware.
• For extra security, run anti-malwares by different brands.
• Set a strong password for your FTP.
• Configure FTP client settings. Activate the option to ―Always use SFTP‖.
• Avoid sites that do not look trustworthy.
• Avoid sites in which ‗https‘ is clearly removed.
• Scan pen drives and flash drives when you insert them into your systems.
• Scan your systems frequently.
Trojan
In the 12th century BC, Greece declared war on the city of Troy. The dispute was caused due to the fact that the prince of Troy and the Queen of Sparta eloped. Hence declaring that they intend to marry.
The Greeks besieged Troy for 10 years but met with no success as Troy was very well fortified.
In a last effort, the Greek army pretended to be retreating, and left behind a huge wooden horse. The people of Troy saw the horse and thought it was a gift from the Greeks.
They pulled the horse into their city, unaware that the hollow wooden horse had some of the best Greek soldiers hiding inside it.
Under the cover of night, the soldiers snuck out and opened the gates of the city, and later, together with the rest of the army, besieged and destroyed Troy. Similar to the wooden horse, a Computer Trojan (also referred to as Trojan Horse program) pretends to do one thing while actually doing something completely different.
A Trojan horse program is a program that appears to have some useful or benign purpose, but really masks some hidden malicious functionality.
Today‘s Trojan horses try to sneak past computer security fortifications (such as firewalls), by employing like-minded trickery. By looking like normal software, Trojan horse programs are used for the following goals:
• Duping a user or system administrator into installing the Trojan horse in the first place. In this case, the Trojan horse and the unsuspecting user becomes the entry vehicle for the malicious software on the system.
• Blending in with the ―normal‖ programs running on a machine. The Trojan horse camouflages itself to appear to belong on the system so users and administrators continue their activity, unaware of the malicious code‘s presence.
Attackers have devised a myriad of methods for hiding malicious capabilities inside their wares on your computer. These techniques include
• employing simple, yet highly effective naming games,
• using executable wrappers,
• attacking software distribution sites,
• manipulating source code,
• co-opting software installed on your system, and
• disguising items using polymorphic coding techniques.
As we discuss each of these elements, we must bear in mind that the attackers‘ main goal is to disguise the malicious code so that the victims do not realize what the attacker is up to.
Types of Trojans
The most common types of Trojans found today are:
1. Remote Administration Trojans (RATs)
These are the most popular Trojans. They let a hacker access the victim's hard disk, and also perform many functions on his computer (shut down his computer, open and shut his CD-ROM drive etc.).
Modern RATs are very simple to use. They come packaged with two files - the server file and the client file.
The hacker tricks someone into running the server file, gets his IP address and gets full control over the victim computer.
Some Trojans are limited by their functions, but more functions also mean larger server files. Some Trojans are merely meant for the attacker to use them to upload another Trojan to the target's computer and run it; hence they take very little disk space. Hackers also bind Trojans into other programs, which pear to be legitimate, e.g. a RAT could be bound with an e- greeting card.
Most RATs are used for malicious purposes - to irritate or scare people or harm computers. There are many programs that detect common Trojans. Firewalls and anti-virus software can be useful in tracing RATs.
RATs open a port on your computer and bind themselves to it (make the server file listen to incoming connections and data going through these ports). Then, once someone runs his client program and enters the victim's IP address, the Trojan starts receiving commands from the attacker and runs them on the victim's computer.
Some Trojans let the hacker change this port into any other port and also put a password so only the person who infects the specific computer will be able to use the Trojan. In some cases the creator of the Trojan would also put a backdoor within the server file itself so he'll be able to access any computer running his Trojan without the need to enter a password.
This is called "a backdoor within a backdoor" e.g. CIA, Netbus, Back Orifice, Sub7.
2. Password Trojans
Password Trojans search the victim‘s computer for passwords and then send them to the attacker or the author of the Trojan. Whether it's an Internet password or an email password there is a Trojan for every password. These Trojans usually send the information back to the attacker via email.
3. Privileges-Elevating Trojans
These Trojans are usually used to fool system administrators. They can either be bound into a common system utility or pretend to be something harmless and even quite useful and appealing. Once the administrator runs it, the Trojan will give the attacker more privileges on the system. These Trojans can also be sent to less-privileged users and give the attacker access to their account.
4. Key loggers
These Trojans are very simple. They log all of the victim‘s keystrokes on the keyboard (including passwords), and then either save them on a file or email them to the attacker once in a while. Key loggers usually don't take much disk space and can masquerade as important utilities, thus becoming very hard to detect.
5. Joke Programs
Joke programs are not harmful. They can either pretend to be formatting your hard drive, sending all of your passwords to some hacker, turning in all information about illegal and pirated software you might have on your computer to the police etc. In reality, these programs do not do anything.
Logic Bomb
A logic bomb is a piece of code intentionally inserted into a software system which when triggered will set off a malicious task such as reformatting, and/or deleting, altering or corrupting data on a hard drive. It's secretly inserted into the code of a computer's existing software, where it lies dormant until that event occurs.
A program in which damage is delivered when a particular logical condition occurs; e.g., not having the author's name in the payroll file. Logic bombs are a kind of Trojan Horse and most viruses are logic bombs.
PROTECTION TIPS:
• Always change passwords frequently. They save users from a lot of trouble.
• Use security measures to detect insider threats in your system. Basic anti-viruses are not efficient enough.
Phishing & Spoofing attacks
In the 19th century, British comedian Arthur Roberts invented a game called Spoof, which involved trickery and nonsense. This gave the English speaking world a new word that today symbolizes a gamut of hacking technologies.
Spoofing attacks primarily include e-mail spoofing, SMS spoofing, IP spoofing, and web spoofing. Spoofing attacks are used to trick people into divulging confidential information (e.g. credit card data) or doing something that they would usually not do (e.g. installing malicious software on their own computers).
Such use of spoofing attacks is commonly referred to as Phishing.
Sending an e-mail from somebody else‘s e-mail ID is the simplest form of Email spoofing. Innumerable tools exist on the Internet which can easily be used to send e-mails appearing to have been sent by somebody else. The effects are intense.
Case: Many customers received an email from their bank asking them to verify their usernames and passwords for the bank records. The emails were spoofed, but thousands of customers clicked on the link in the email and submitted the information at the webpage that opened up. On investigation, it is found that the emails were sent by a disgruntled employee.
Case: Thousands of employees of a global IT company ended up installing viruses on their computers when they executed an attachment appearing to have been sent out by their officers. The employees even disabled the anti-virus software because the email said that ―the attachment may be incorrectly detected as a virus!‖ On investigation, it was found that the emails had been sent out by a rival company.
SMS spoofing is very similar to e-mail spoofing. The major difference being that instead of an email ID, a cell phone number is spoofed and instead of a spoofed e-mail, a spoofed SMS is sent.
Case: A young lady received an SMS from her husband‘s cell phone informing her that he had had an accident and was at the hospital and urgently needed money. On receiving the SMS, she rushed out of the house with the money. She was attacked and robbed by the person who had sent her the spoofed SMS.
An IP address (e.g. 75.125.232.93) is the primary identification of a computer connected to a network (e.g. the Internet). A criminal usually uses IP spoofing to bypass IP based authentication or to mislead investigators by leaving a trail of false evidence. IP spoofing can be accomplished using proxy servers and simple PHP scripts that are readily and freely available online.
Case: Internet users in many countries use proxy servers to bypass Government imposed Internet censorship. (We are not passing any comment on whether is it right or wrong to impose Internet censorship or bypass it, as the case may be.)
DNS spoofing involves manipulating the domain name system to take unsuspecting victims to fake websites (that look identical to the original ones). Sitting at the computer you may type in www.asianlaws.org but the site that opens up may be a fake site!
This can and has been done at the local organizational level (e.g. by host file rewriting or by a network administrator with malicious intentions) or at the national or international level (by hackers exploiting vulnerabilities in the BIND software that runs most of the world‘s domain name servers).
Case: Hundreds of employees at a global financial services company received emails from a popular online store about a huge discount on some popular books and DVDs. On clicking the link in the email, users were taken to what appeared to the website of the online store. Most of the recipients of the emails placed orders using their credit cards. No one got the books or the DVDs, all got was a hefty credit card bills at the end of the month.
On investigation it was uncovered that the network administrators had connived to carry out a simple Phishing attack. It was a fake email and a fake website. None of the victims (most of whom were advanced computer users) realized that something was amiss.
PROTECTION TIPS:
• Enable authentication based on the key exchange on your network. IPsec will significantly reduce the risk of spoofing.
• Ensure you use access control to deny private IP addresses on your downstream interface.
• Filter inbound and outbound traffic.
• Preferably, in cases of suspicion, always ensure if the sender actually sent the mail or sms.
Malware (Malicious Software)
Malware, short for malicious software, is software used or created by hackers to infiltrate or damage or disrupt computer operation, gather sensitive information, or gain access to private computer systems. While it is often software, it can also appear in the form of scripts or code. 'Malware' is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.
Malware includes computer, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states. Some malware is disguised as genuine software, and may come from an official company website.
Malware is used primarily to steal sensitive personal, financial, or business information for the benefit of others. It can also hijack your browser, redirect your search attempts, serve up nasty pop-up ads, track what web sites you visit etc. Malware is sometimes used broadly against corporations to gather guarded information, but also to disrupt their operation in general. Many malwares will reinstall themselves even after you think you have removed them, or hide themselves deep within Windows, making them very difficult to clean.
Left un-guarded, personal and networked computers can be at considerable risk against malware threats.
As per an analysis done in the Kaspersky lab, the following is the result.
PROTECTION TIPS:
• Use a firewall.
• Keep track and control your emails.
• Use up-to date antivirus software.
• Scan your computer frequently to detect unknown malicious programs running.
• Secure your browser.
