|
(III) Classification of malicious code |
|
|
Benjamin Franklin (1706 - 1790); US statesman, inventor.
- (III) Classification of malicious code -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, July 25, 2003 - In this third edition of the Oxygen3 24h-365d about
the classification of malicious codes, we are going to focus on worms, the
most numerous group right now.
Most of these computer worms spread using e-mails, normally in a file
attached to the message. When the file is run, the worm will send itself out
to all contacts in the user's address book, or to addresses found in other
applications or files. However, as users got wise to these techniques, the
creators of these worms realized that they would have to get more
sophisticated if they wanted their creations to spread across the Internet.
For that reason, the creators have modified the codes, so that they can
reach a larger number of computers. As a result, worms can be classified
according to the following groups:
- Social engineering worms use techniques to trick the user into running
the file that contains the malicious code. LoveLetter was probably the most
effective virus of this type. With just three words: I Love You this worm
managed to infect hundreds of thousands of computers around the world.
- Worms with their own SMTP engine. This allows a malicious code to send
itself out without the user realizing and without leaving any traces of its
activity. They can use both the SMTP server that the user of the affected
computer normally uses or a default server defined by the virus writer.
Worms of this type include Lentin.L which, regardless of the mail reader,
sends itself out to the addresses in Windows, MSN Messenger, .NET Messenger,
Yahoo Pager, and all those it finds in the HTM files on the computer.
- Worms that exploit vulnerabilities in commonly used software. These are
designed to exploit security holes in the most widely used programs, such as
e-mail clients, Internet browsers, etc. By doing this they can carry out a
wide range of actions, including the possibility to run automatically. This
group includes the worms Nimda and Klez.I, which exploit a vulnerability in
the browser Internet Explorer to run automatically when the message carrying
the worm is viewed in the preview pane. Others exploit vulnerabilities in
servers, such as CodeRed, which targeted IIS servers or Slammer, which
attacks SQL servers.
The next edition of Oxygen3 24h-365d will look at the other means of
transmission used by computer worms, such as, worms that spread across local
networks, instant messaging and chat, etc.
For further information about these and other viruses, visit Panda
Software's Virus Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/
NOTE: The address above may not show up on your screen as one line. This
would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's
free, online scanner: 1)Bugbear.B; 2)PSW/Bugbear.B; 3)Klez.I; 4)Mapson;
5)Parite.B.
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
|
|
|
 |
| "(III) Classification of malicious code" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
