Skip to main content

Viruses and Hidden Code

We have already discussed the amount of devastation viruses can wreak on systems. Melissa, I LOVE YOU, Love Bug, and other viruses shut down companies for days to deal with the cleanup and recovery from the virus. The threat from viruses varies with the type of malicious activity they attempt to perform. Some viruses offer only simple annoyances, while others enable remote attackers to gain unauthorized access to systems. The widespread problems resulting from these viruses demonstrate hackers' abilities to hide malicious code relatively well. It also shows how easy it is for users to unknowingly execute this code and compromise the security of the company. Virus-scanning products are quite advanced now, but the scanners are only as good as the virus definitions. Virus scanners must be constantly updated. Additionally, many new viruses may not appear in the database and may be missed. Virus-scanning tools that employ heuristics and sandboxes should be used to attempt to catch these undefined viruses. Heuristics involve looking for code or programs that resemble or could potentially be viruses. Sandboxes actually execute the code in a quarantined environment and examine what the program does. If the program appears to be a virus, the virus package quarantines the program and performs an alert function. The heuristics and sandboxes hopefully catch any newly developed exploits and viruses that may not have been included in the most recent virus definitions update.

Hidden code is directly related to viruses. A hacker can trick users into executing hidden code that will open access for the hacker into the internal network or system. The code could be hidden a number of ways. Hackers can hide remote Java or Active X code on a remote Web server. Users could unknowingly execute this code while browsing the site. Hackers also frequently hide malicious code in e-mails or e-mail attachments. The malicious programs and scripts commonly open holes in the victim's system, enabling the hacker to effectively bypass firewalls and other perimeter controls and directly access the internal network.
System administrators need to take a layered approach to defend against this threat. First, users must be educated not to accept and open e-mail and attachments from unknown sources. Perimeter virus and heuristics scanning should be installed at the network's border to scan all incoming e-mail, attachments, and Internet downloads. E-mail and Internet downloads should be scanned before they are allowed to enter the network. By employing a layered scanning defense (heuristics, gateway scanning, and desktop scanning), security administrators hopefully will be able to catch viruses that may have been able to bypass one or two layers of the defense. Finally, administrators should configure user browsers to not run remote Java and Active X scripts.
Labels:

Comments

Post a Comment

Popular posts from this blog

Password Crackers

There are password crackers for almost every password-protected system available. A quick search on the Internet identifies password crackers for Windows NT, UNIX, Novell, PGP, Word, VNC, pcAnywhere, Lotus Notes, Cisco routers, WinZip, and many others. Password crackers can be effective tools to use during penetration testing to help ensure users are selecting strong passwords. If a strong password is used, password crackers can take weeks, months, or even years to crack it. If a weak password is used, the cracker could succeed in hours, minutes, or even seconds. In this chapter we concentrate on OS-specific password crackers and describe their use during testing. L0phtCrack URL: www.L0pht.com Client OS: Windows 9x/NT Target OS: Windows NT Price: Under $100 Description:  L0phtCrack is the premier NT password cracker. The first version provided administrators the ability to extract user names and encrypted password hashes from the SAM database and perform a dictionary and brute for...
Post a Comment
Read more

How AI can change the world?

There are many ways in which AI (artificial intelligence) can change the world, both positive and negative. Some potential impacts include: Improved decision-making: AI algorithms can analyze large amounts of data quickly and accurately, allowing businesses and governments to make more informed decisions. Increased efficiency: AI-powered systems can automate tasks and processes, freeing up human workers to focus on more complex tasks. Enhanced healthcare: AI can be used to analyze patient data and diagnose diseases more accurately, improving patient outcomes and reducing healthcare costs. Increased safety: AI can be used in transportation, such as self-driving cars, to reduce accidents and improve safety on the roads. Environmental benefits: AI can be used to optimize energy usage, reducing waste and helping to reduce greenhouse gas emissions. However, there are also potential negative impacts of AI, such as job displacement and the potential for AI to be used for nefarious purposes, s...
Post a Comment
Read more

Nmap

URL: www.insecure.org/nmap/ Client OS: UNIX, Windows NT (ported by eEye Digital Security) Target OS: TCP/IP networks Classification: Discovery tool Price: Free Description:  While Nmap is a most powerful port scanner, it can also serve as a more sophisticated ping sweep utility. In this chapter, we discuss only Nmap's ping capability. If the target network is blocking ICMP ECHO requests and replies, Pinger and other normal ping utilities will not be able to identify any active systems. Additionally, the target network may have the most crucial systems configured to not respond to ICMP ping but may allow some nonessential systems to respond to ICMP ping to trick attackers. By finding some interesting hosts that respond to ping, the attacker may not think to use a more sophisticated ping tool to identify hosts not responding to ICMP ping. Nmap provides the capability to perform TCP pings on TCP ports rather than the usual ICMP that everyone associates w...
Post a Comment
Read more