Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

The Security Breach

Briefly, a computer virus is a program that, when allowed to run on a victim's computer, infects or attaches itself to other programs and tries to reproduce itself. Viruses try to harm information, collect information, or create backdoors for access. A worm is just a self-propagating virus; in some cases, it can carry a Trojan horse with it. Worms attempt large-scale access via known exploits and can be used for damaging systems or creating backdoors.

A Trojan horse is a program that performs some action while pretending to do something else. Trojan horses attempt to get users to access the Trojan horse and thereby reveal usernames or other useful data. One common computer and web Trojan creates fake logins and collects passwords by prompting for this information just like a normal login program does. But a Trojan horse normally doesn't attempt to reproduce itself like a virus does.

Here are some examples.

  • The W32/Nimda virus infected the Microsoft CD. A particular malicious aspect of the Nimda virus is that it exploits security holes left behind by a previous Trojan or Code Red attack on a computer. Once it finds these holes, Nimda tries to open additional security holes, resulting in the attacker being given administrative powers to the infected system.

  • The Code Red worm, a particularly nasty piece of code, can infect roughly a half million IP addresses a day by exploiting the vulnerabilities in systems using Microsoft Internet Information Server (IIS). It spreads itself throughout a network by creating a sequence of random IP addresses and then attacking those addresses. The worm also has the ability to launch a denial-of-service attack targeted at the IP address 198.137.240.91 (which until very recently was assigned to http://www.whitehouse.gov).

  • Altnet is an example of a Trojan horse. This distributed computing software within file-sharing software is used in the KaZaA P2P network. Critics of KaZaA—including some of the anti-virus software companies—call Altnet a "trojan program" because it's contained within the KaZaA program and is currently running on millions of computers. What makes the anti-virus software companies nervous is that KaZaA places code on the user's computer that allows others to use that machine. The intent—buried deep in the user agreement that people agree to before downloading the software—is to allow the makers of KaZaA to "sell" a user's excess CPU time to other people. Using excess CPU time of many computers is a strategy used legitimately by NASA in their SETI project. The user downloads a screen saver that runs a program for SETI, analyzing data that NASA has collected in the hopes of finding a signal from an intelligent origin in space. But because of the nature of these "distributed computing programs"—and KaZaA in particular—Altnet could be employed by malicious users to launch potent distributed denial-of-service attacks across the Internet.

That was then. This is now. And "now" is seeing a more ominous form of these cyber-diseases. In May 2002, Simile.D was released into the wild. Simile.D is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. Simply stated, the virus uses internal encryption and compression and other hiding mechanisms to enter undetected by current anti-virus programs. The key thing about this virus is that it's designed to attack dissimilar operating systems: Linux and Windows. It's useful to note that damage from the first iteration of this virus is limited in Linux to the user ID of the user who executes the virus. Wide system damage is only possible with access to the system administrator's user ID.

  • + Share This
  • 🔖 Save To Your Account