Timbals

Tuesday, October 14th, 2008

Computer Security

Nowadays computer security is becoming of a greater concern everyday. As computers penetrate to all spheres of our business, social, and informational life, the dependence upon their stable and secure work increases from day to day. But even though that much had been thought, introduced and used to insure computer security, the armor of every computer system has holes. System administrators may constantly insure and improve the security of the systems, but there will always be some ways to pass and avoid it. People in majority reason in the similar way and in the similar way they also act. So what one man had invented will once come to the mind of some one else, and things once hidden will be found.

The problem of computer security is number one problem in nowadays networks and Internet engineering. The computer attacks of viruses, Trojan horses, worms and other software engineered by computer crackers causes a lot of damage to personally used computers, computer networks, and banking systems. The damage made by computer attacks appears to be 100 billions dollars every year just in the USA.

As it`s well known Trojan horses and different kinds of viruses or worms cause the biggest damage.

As hackers use different means to crack the security systems it often happens to be impossible to resist and computer security system fail. The computer attacks made by hackers are not simple virus attacks, but they usually combine all existing meanings to destroy the security. The case that happened with Axiom Corporation is a good proof of it.

Florida resident was arrested, being accused in a big theft of personal data. The case, against Scott Levine, 45, represents “what may be the largest cases of intrusion of personal data to date,” U.S. Assistant Attorney General Christopher A. Wray said Wednesday at a news conference in Washington.

Scott Levine is accused in 144 counts that include illegal money transactions, cheating, and escape from justice. The victim of the crime is Acxiom Corporation, one of the world leading corporations in management of personal, corporative, and financial data. After getting into Acxiom`s internal network through Internet, Levine, had thieved ” a huge amount” of confidential data. By the words of official sources the size of the information that was thieved by Levine equals to 8.2 gigabytes, and the damage caused by the thief equals to 7 million dollars.

“We are committed to safeguarding our systems and the data that we store and manage on behalf of our clients,” the company said. “Since evidence of this crime was uncovered and halted in the summer of 2003, Acxiom has made a strong security system even stronger.”

This case arose from the one last year in which Daniel Baas of Milford, Ohio, pleaded guilty to hacking into Acxiom. During follow-up investigations, the company detected a second set of intrusions, coming from a different Internet protocol address, which was traced to Levine, prosecutors said.

The usage of password generators and Trojans open new horizons to hackers, as they can get any hidden personal informational they want using Trojan horses. Once “infected” by the Trojan horse, the computer won`t remain same secure as it was pretended to be before, because most of Trojan horse programs generate all the personal data (or data needed) in hidden files and send them back to the sender if the computer is still connected to the network.(that`s a question of a big concern that most of beginner users ask: “If I don`t surf online, why is it still data exchange between my computer and server?”)

Even more dangerous than Trojans can be worm viruses.

“A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.” One of the most well know worms “Mydoom or Norvarg” did a lot of harm during the period of its activation to the computer network worldwide. “Message Labs, a company which scans e-mail for viruses, said that 1 in every 12 messages contained the worm.”

“Mikko Hypponen, manager of anti-virus research at F-Secure in Finland, estimated that 200,000 to 300,000 computers were hit worldwide. The worm was also programmed to flood the website of the SCO Group Inc, beginning on February 1 with requests in an attempt to crash its.”

This mail worm is spreading by email messages with attached files that are the primary body of the worm. The size of a file that contains a worm, is 34797 bytes, the executive file of the worm has the text document icon that confuse computer user and prompts him to click on the icon of the worm. After the worm`s file was executed, it appears an error message that has one of the following lines:

 Unable to open specified file
 File cannot be opened
 File is corrupted

Then Mydoom.f copies itself to the Windows folder, giving a random name to the file with extension .exe. It also makes a record in the Windows register that causes automatic execution of the worm with booting of the system: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
< random name > = %SysDir%< random file name >

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
< random name > = %SysDir%< random file name >
At the same time worm makes a dll-file (dynamic library file) in Windows System folder with a random name. This dll-library has a worm`s Back-door module.

Then I-Worm.Mydoom.f sends itself by email. Addresses for distribution are combined from files with the following extensions: WAB, MBX, NCH, MMF, ODS, RTF, UIN, OFT, MHT, VBS, MSG, PL, EML, ADB, TBB, DBX, ASP, PHP, SHT, HTM, TXT. Worm omits email addresses that contain some of the following sub lines:

 mozilla

 utgers.ed

 tanford.e

 fsf.

 gnu

 mit.e

 bsd

 math

 unix

 berkeley

 ripe.

 arin.

 sendmail

 rfc-ed

 ietf

 iana

 irix

 solaris

 sgi.com

 sun.com

 slashdot

 source

The contents of the creating messages is forming in the following way:
sender`s address: the name is chosen from the list:

 jerry

 bill

 smith

 jim

 sam

 james

 alex



Domain of the sender can be one of the following:

 aol.com

 msn.com

 yahoo.com

 hotmail.com

 .edu

The topic of the messages may be of a diverse contents: from greetings that are sent on a regular base by corresponding persons, to something official that has to deal with computer, internet or message delivery services, for example: Registration confirmation

 Confirmation

 Confirmation Required

 Returned Mail

 Registration confirmation

 Your order was registered

 Your request was registered

 Your order is being processed

 Your request is being processed

The body of the message may contain any kind of regular options that refer to the attachment file, for example:

 Check the attached document.

 The document was sent in compressed format.

 Please see the attached file for details

The name of the attached file is in the way that will refer only to some kind of official and trusting information, not a nude or erotic pictures that are recently sent by hackers to infect the computer with virus.
The extension of the attached file is chosen from the list:

 .exe

 .scr

 .com

 .pif

 .bat

 .cmd

or it can also have double extension.

Destructive functions of the worm: the worm is looking for files on all hard disks (from C: to Z: ) that have extension mdb, doc, xls, sav, jpg, avi, bmp and deletes them in random order. As it can be obviously understood these types of files have the most valuable information for uses, because they are the storage for data used in business.

DoS attack: worm is making a DoS attack on web-sites www.riaa.com or www.microsoft.com. The attack is made only when the system date is between 17th or 22nd day of any month. During the attack a worm is making random quantity of links, sends a request to the attacking site.

Backdoor-module

Backdoor-module opens 1080 TCP/IP port. Having connected to this port of “infected” computer malefactor may use it like proxy-server or to give commands for files downloading and execution.

There are following ways to reduce the risks while working in the network. First is not to install programs that will be of no use, especially from suspicious sites. A lot of users surf online just to download and install something “fancy and new”. While surfing, it`s more secure to reject all the suggestions to install new plug-ins, editions and patches, if a user is not confident in the security of the information. Most of the computers allow to disable floppy-booting feature in BIOS, if the computer allows this feature then it`ll be additional “plus” to make the computer more secure, because a lot viruses come to the computer through infected floppy disks and they activate during booting from the floppy disk, at the same time infecting DOS extension of the hard drive. To prevent from macro viruses that often come in text or MS word documents it`s necessary to enable Macro Virus protection in all the Windows applications, especially in the MS Office applications.

It`s important as well to update operation system and antiviral software regularly.

The most secure measure that can be taken is installation of the special software as firewalls or other “spy” identifying programs. Those software applications have a special mechanism that allows determining risky sites on Internet and they`ll always ask if it`s needed to establish connection to the following web site, or if to allow sending data or receiving data.
It`ll also make more secure the computer if to put anti spam protection on email messengers.

One of the main reasons why computer attacks happen so often is that most of users leave their computers working all day long, for months. Because it`s open for attacks it has a big probability to be attacked by Trojans or to get infected by virus, as well as be used as “proxy server” by hackers. The last one is also dangerous for the user of that computer, because the “proxy” can happen to the last in the chain of computer attack spreading and can be accused in being a scammer.

A powerful tool to prevent from virus attacks will be using of UNIX operation system or similar to it (Linux), these operation systems disable most of the virus features and keep them away from the hard disks as well as unwanted visitors.

The best weapon against computer attacks is information, and reasonable exploitation of the computer and network. If the PC user keeps in mind all the responsibilities and applies his even very little knowledge about computer security to insure his PC he`ll be in advantage, and will be more likely to avoid attacks.

John Nilson is a senior writer at Custom Essays Writing Service. He is an experienced writer of custom essays and term papers and will be glad to share his experience with you.

This entry was posted on Tuesday, October 14th, 2008 at 6:00 pm and is filed under Web Of Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

---

Comments are closed.

---

---