Malware Treats

Malware treats

Introduction

What is malware ? . malware is kind of software that be use for destroy, disturb ,or take in something that call as Malicious sofware to run in computer. malware treat can happen without owner of computer no it , can happen when user install anything software or application from internet for example when you downloading Java applet from web site while user viewing the websites million bytes of the data that you transfer maybe had been modification to you exciting file all happen without you occurring(p.pfleeeger2003,110) .Another thing that malicious can do is writing a massage on computer screen ,stopping and running the program ,generic a sound ,or erasing a stored file .The thing that I though great malicious do is take user authority for example malicious can touch same ways as user touch, and something use have might be out of control of dear safety because malicious can deleted , read, write ,the data without user permission . Actually malware not always dangerous but it just intrusive and irritate your computer

Virus evolution

Over 20 years only computer viruses evolve from urban legend into a real digital disease. Early virus started to invade computer when they were distributed in floppy disk which they reside in boot sector. The boot sector is load when computer are started thus ensuring the virus to be executed.

Later when the hardware evolve, and floppy disk are replaced by compact disk, which cannot be modified. The operating system are becoming more secure on boot sector, thus makes the virus dwindling.

The virus then advance into using e-mail to spread as year 1999 virus named Melissa and iloveyou virus in 2000 were develop using visual basic and pinned as attachment.(howstuffworks.com)

Early anti-virus was created to combat this syndrome by extracting the virus signature to detect the virus copies. Then the virus author encrypted them to hide the virus from the anti-virus.

Anti virus researcher then detect the decryption routine logic of the virus to identify them, until the coming of polymorphic virus, the anti-virus is no longer can use the finger print detection.

The anti-virus has to survive so they come out with emulator to make the virus reveal themselves.
Then virus increase the range by installed themselves in memory so they become stealth.
Anti virus today has developed to scan the memory, network packet and files.( csrc.nist.gov)


Table 1: Characteristics of Malware (source: P. Pfleeger, 2003)

Type Characteristics
virus - Attaches itself to program and copy itself to other program

Trojan horse - Contains unexpected ,additional functionality

Trapdoor - Allows unauthorized ,addition functionality

Backdoor - Allows unauthorized, converted channel

Adware /
spyware - Always Sit in free software

Buffer overflow - Insert malicious data value/instruction code
worm - Propagates copies itself thought network



· virus.
Long name for virus is Vital Information Resources Under Siege (). It call virus because it affect program acting like a biological virus that attack human body. Virus work by infection to the file that running the same time virus in memory ,when the file is infection ,it can spread infection to other files whenever it running. In long time ago virus spread by people using diskettes. but today it spread by CD, and downloading to transfer its self to another computer and automatically run by human .Virus actually
hard to detect, not easy destroy or deactivated ,it can spread infection widely, reinsert program, easily to create and machine and OS independent.

HOW VIRUS WORK
Virus work by tree ways
1) via attach
· 1.1Append to program e-mail
· 1.2 Viruses that surround a program
· 1.3 Integrated viruses and replacements program code


2)Gain control
· Virus replaces target

2) Reside
· In boot sector
· Memory
· Application program
· Libraries

Types of virus
· Boot virus
Boot sector viruses is exist in specific area in PC hard disk, that read and executed
by computer in boot time, actually boot virus infect DOS boot sector only at the same time as a subtype called the MBR virus infects the master boot record .virus is loaded into memory when both of these area of the hard disk are read during, boot process(kb.iu.edu.)

Impaction
A boot sector virus can cause a lot problem to the data for example data can disappear from their entire part, it also can make computer in unstable such as computer might be fails to start up or find the hard drive ,it can cause an error messages such as “ Invalid system disk” could turn into rife, and it also is hard to remove .( kb.iu.edMemory

· Resident virus
Memory resident virus spread is infect the volatile space of Ram,it run automatically when program run. they no memory resident viruses do not infect computer memory being active during finite period.( p.pfleeeger2003)
· Marco viruses
Marco virus are virus that in “document” –file created in different application that do not include only data but also macro. It can spread from one document or computer to another.
Most macro viruses are written to work in Microsoft application such as word or excel or PowerPoint.( avast)
· Polymorphic Virus
Plymorphic computer virus is the complex and difficult to detect, by scanning because each copy of the virus looks different than the othVirus Signatures
 -Virus signatures is characteristic or identity for virus ,
 -it is important to for creating a program ,called virus scanner that can automatically detect and ,and remove viruses .
 for example a scanner look for sign of the code red worm can look for a
paten containing the following characters:
 -When scanner recognize a know virus pattern it can block virus ,inform the user to delete or remove the virus (p.pfleeeger2003)

· WORM
Worm is actually self – replicating virus that can spread from one computer to others without any help from human, it usually spread from e-mail attachment.
What will happen when you attach the e-mail that have worm virus: ()
For example the attachment is called Simpson Episodes. When Simpson Episodes executed,()
 The worm will launch Internet Browser and open a fan site for tv show The Simpson.
 A process attached to the mail will open Outlook Express and send mail to everyone in your address book. If you try to quit the Outlook Express, the worm will re launch it.
The worm will put a copy of itself in your Startup Items folder, so when you restart your computer, the worm automatically runs.

FIigure:1 Example of detected worm by an antivirus(source: komotv)


Figure:2Example command for worm


· ADWARE
Adware short name for ADvertisement SoftWARE it same as spyware it be installed to your computer to show the advisement by sending unwanted popping onto your computer screen
and it might be slow your computer internet connection ,

not all adware is bad ,because same adware that have install itself if your system give permission

· Difference between spyware and adware
spyware – collects personal information about you example keyloggers to take what were word,our numbers when you touch the keyboard
adware – put ads up on your screen such as free screen server

Figure 3 : advertisement pop up on your computer screen: Example of adware

HOW TO REMOWE SPYWARE
Usually use antispyware to remove spawaren for example by using spybot antispaware


· SALAMI ATTACK
Salami attack is a attack by number of dollar cent of money of banking system, like take a money small amount money from awful a lot of account in the banking system
The banking programmer can do salami attack by rounding some amount money example:
$10,000.054 to $10,000.04
Which is the banking programmer stealing $0.001 cents from rounding that number , this attack is very hard to detected .




· TROJAN
History of Trojan Horse
 Trojan horse is attributed from Daniel Edward of NSA , take the name from the legend of TROJAN WAR history , in the war Geek build the very big wooden horse as strategic to win the war , the wooden horse is give to the Greek enemy as the present for offering a peace but inside the wooden horse have a lot of Greek soldier ,so went the wooden horse enter the TROY CITY , in night Greek soldier come out from the wooden horse and the war begin .
 It like look good at outside but have bad inside
How Trojan infected
 Example of Trojan attack is by sending greeting card ,went victim attach it ,Trojan start executables or copied to victim computer
 In window you can see executable program have file extension like
 exe, vbs, com, bat,ect an some of this file extension might be Trojan . such as Svchost32.exe,back.exe


Figure:4:exe.file as Trojan
 Trojan can spread it self to guise of literally, such as free game, movie or song. It actually that vitim download it from www,or FTP, which is famous platform for trojan to find victim .
 It also can act like a important massages that have trojan one of it treat in this era .

Types of Trojan horse payload
· Remote Access
· Email Sending
· Data Destructive
· Downloader
· Proxy Trojan (disguising others as the infected computer)
· denial-of-service attack (DoS
FTP Trojan (adding or copying data from the infected computer
· security software disabler

· URL trojan (directing the infected computer to only connect to the internet via an expensive dial-up connection).

· EXAMPLE OF TROJAN FAMOUS TROJAN
§ Subseven Trojan Server & Client
§ Downloader-ev
§ Pest trap
§ NetBus
§ Flooder
§ Tagasaurus


Subseven Trojan usually use by hacking to attack the computer vitim ,by enter the backdoor port ,27374 .

· HOW TO A VOID FROM GATTING INFECTED FROM FUTURE
· FIRST make check while download something from people ,our web site
· Make sure what the file is before open it, even it came from your friend, because Trojan usually spread to friend account e-mail, scan it with anti virus .
· Beware of hidden file exertion ,because Trojan may executed their self
· Never type command that other ask to type it, or go to stranger web