Malware Discussion Essay Example for Free

Malware Discussion Essay The use of malware is a way for attackers to gain access to person information from a personal computer or company information from an organization. There are several types of malware which include virus, rootkits, and worms. Each malware serves different purposes to achieve the goal of an attacker. An attacker could be envious of a past lover and could send a virus to their email to shutdown the operations of their computer. A disgruntle employee could send a worm to their old company and slow down production of the company. A random person looking for a thrill could set up a rootkit on a company’s network to gain access to company secrets. Each malware is given a name specified for its cause, for example the Trojan Worm. The name is given to this virus because of the activity that happens once it is executed. Viruses are named by antivirus companies who avoid using proper names. The Melissa virus was named by its creator, David Smith, for a Miami stripper. This paper will discuss 5 different types of malware and inform the targets for these attacks. Discussion of Malware The first malware that will be discussed is the Melissa Virus. This virus was detected on the 26th of March 1999. This virus is a Microsoft Word macro virus that is delivered as an E-mail attachment. The virus is activated when an attachment named, list. doc is opened. When it is activated, the Melissa virus searches the Microsoft Outlook address book and sends a message to the first 50 names. This virus proliferates itself as users open the attachment. Melissa doesn’t work on Outlook Express, just Outlook. The message appears to come from the person just infected, which means that the message will seem to come from a recognizable email address. Melissa doesn’t destroy files or other resources, but has the possibility to immobilize corporate and other mails servers. The origin of the Melissa virus is from an Internet alt. sex newsgroup and contains a list of passwords for various Web sites that require memberships. Melissa also has the ability to disable some security safeguards. Users of Microsoft Word 97 or 2000 with Microsoft Outlook 97, 98, or 200 are most likely to be affected. When the virus attacks, it can infect the copy of Microsoft Word that is installed as well as any following Word documents that are created. It can also change the setting of Microsoft Word to make it easier for the computer to become infected by it and succeeding macro viruses. Users of Word 97 or 2000 containing any other E-mail programs can be affected also; the difference is that Melissa will not automatically redistribute itself to the contacts through other E-mail programs. It can still however infect the copy of Microsoft installed on the machine. This infected copy can still be shared with others if a document is created in the infected copy and distributed through E-mail, floppy disk, or FTP. Although the virus won’t appeal to the mailout on a Mac system, it can be stored and resent from Macs. To avoid this virus, it is suggested to not double-click any file, such as an E-mail attachment, without scanning it first with antivirus software, regardless of who it is from. The next malware to be discussed is SQL injection which is an attack where malicious code is placed in within strings that are shortly passed on to an example of SQL Server for parsing and implementation. A form of SQL injection consists of direct placing of code into user-input variables that link with SQL commands and executed. An attack that is not as direct, inserts malicious code into strings that are intended for storage in a table or as metadata. The malicious code is executed once the stored strings are linked into a dynamic SQL command. In SQL Injection, the hacker uses SQL queries and ingenuity to get to the database of susceptible corporate data through the web application. Websites with features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers are all vulnerable to SQL Injection attacks. The reason behind this is because the fields available for user input allow SQL statements to pass through and query the database directly. SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input. There have been several reports of SQL attacks, dating back to 2005. The websites that have became victim to these attacks range from Microsoft U. K. to Lady GaGa’s website. To avoid SQL injection flaws, it is suggested that developers need to either: a) stop writing dynamic queries; and/or b) prevent user supplied input which contains malicious SQL from affecting the logic of the executed query. The next malware discussed will be Stuxnet. Stuxnet is a computer worm that targets Siemens industrial software and equipment running Microsoft Windows, and was discovered in June 2010. Although Stuxnet isn’t the first attack to target industrial systems, it is however the first discovered malware that actually moles on and weakens industrial systems. Stuxnet is also the first malware to include a programmable logic controller rootkit. Stuxnet is designed to target specifically Siemens supervisory control and data acquisition systems that are configured to control and monitor specific industrial processes. The PLCs are infected by Stuxnet weakening the Step-7 software application that is used to reprogram these devices. Stuxnet is different from other malware as it only attacks computers and networks that meet a specific configuration requirement. Stuxnet contains a safeguard and if Siemens software isn’t discovered on the infected computer will prevent each infected computer from spreading the worm to more than three others, and to erase itself on June 24, 2012. Along with other things for its victims, Stuxnets contains code for a man-in-the-middle attack. Stuxnet will spread through removable devices such as an USB drive in a Windows operating system by using a four zero-day attack. After it has infected the removable drive, it uses other utilizations and techniques to infect and update other computers inside private networks. Stuxnet infects Step 7 software by infecting project files belong to Siemen’s WinCC/PCS 7 SCADA control software and weakens a key communication library of WinCC called s7otbxdx. dll. It is recommended by Siemens to contact customer support if and infection is detected and advises installing Microsoft patches for security vulnerabilities and prohibiting the use of third-party USB flash drives. Next, Zeus, also known as Zbot virus will be discussed. This virus is geared toward financial institutions such as banks. Zeus was first discovered in July 2007 after being used to steal information from the US DOT. Zeus is set up to infect a consumers PC, and wait until the log onto a list of targeted banks and financial institutions and steal their credentials and sends them to a remote server in real time. Zeus can also inject HTML into a page that is provided by the browser, this displays its own content instead of the actual page from the bank’s web server. By doing this, it is able to obtain users information such card numbers and pins. According to SecureWorks, ZeuS is sold in the criminal underground as a kit for around $3000-4000, and is likely the one malware most utilized by criminals specializing in financial fraud. According to Lucian Constantin, Zeus is one of the oldest and most popular crimeware toolkits available on the underground market. Up until this year the Trojan could only be acquired for significant sums of money from its original author. However, a few months ago the source code leaked online and now anyone with the proper knowledge can create variations of the malware. Also according to SecureWorks, The latest version of Zeus as of this date is 1. 3. 4. x and is privately sold. The author has gone to great lengths to protect this version using a Hardware-based Licensing System. The author of Zeus has created a hardware-based licensing system for the Zeus Builder kit that you can only run on one computer. Once you run it, you get a code from the specific computer, and then the author gives you a key just for that computer. This is the first time they have seen this level of control for malware. The CTU recommends that businesses and home users carry out online banking and financial transactions on isolated workstations that are not used for general Internet activities, such as web browsing and reading email which could increase the risk of infection. The last malware that will be discussed is the Blaster worm also known as Lovsan, Lovesan, or MSBlast. The Blaster worm spreads on computers that have Windows XP and Windows 2000 as an operating system and was detected in August of 2003. The creator of the B variant of the Blaster worm, Jeffrey Lee Parson was an 18 year old from Hopkins, Minnesota. He was arrested on August 29, 2003, admitted to the creation of the B variant, and was sentenced to 18-months in prison in January 2005. A Windows component known as the DCOM (Distributed Component Object Model) interface which is a known vulnerability of Windows is taken advantage of by Blaster. The DCOM handles messages sent using the RPC (Remote Procedure Call) protocol. Vulnerable systems can be compromised without any interaction from a user, according to Johannes Ullrich, chief technology officer at the SANS Internet Storm Center, which monitors threats to the Internet infrastructure. According to Mikko Hypponen, manager of antivirus research at F-Secure in Helsinki, Blaster unlike the Code Red worm, which contained code for a similar attack against the IP address of White House’s main Web server, targets the windowsupdate. microsoft. com domain, which prevents Microsoft from changing the address of the domain to sidestep the attack. Blasters code is small and can be quickly removed using free tools provided by F-Secure as well as other antivirus vendors, Hypponen said. However, customers should patch their systems before removing Blaster to prevent from getting infected again from the worm, he said.