Articles

Articles / Viruses, trojans and other malware

Prepare for MPACK: Date - Oct 10, 2007; Author - Derek Melber; Insight into a new high tech attack that is running around the Internet also known as MPACK.
Binders and Malware (Part 4): Date - Sep 26, 2007; Author - Don Parker; Taking a look under the hood of our newly created malware.
Binders and Malware (Part 3): Date - Jul 11, 2007; Author - Don Parker; Binding malware specimen to Pong.exe with the binder YAB.
Binders and Malware (Part 2): Date - Jun 20, 2007; Author - Don Parker; Malware binder YAB - how to bind various parts together.
Binders and Malware (Part 1): Date - May 16, 2007; Author - Don Parker; How malware authors bind the malware to legitimate files.
Shells for Sale! (Part 3): Date - Nov 10, 2005; Author - Don Parker; We have seen over the past two articles, both the planning and the first steps taken in a practice hack, for the purpose of accumulating exploited computers. In this final part we will see the conclusion of what a semi-skilled hack would look like. Lastly, we will also see how our hacker John, is also quickly caught trying to sell his wares.
Shells for Sale! (Part 2): Date - Nov 01, 2005; Author - Don Parker; With the groundwork having been laid out in part one of this article series, we now move on to the actual execution of the hack. This though is a hack with a slightly higher degree of skill involved. Read on to find out more.
Shells for Sale! (Part 1): Date - Oct 25, 2005; Author - Don Parker; What would happen if a semi-skilled hacker decided to harvest some computers, and then in turn sell access to them? It is an intriguing concept that we will explore over the next few articles. As always, there will be a premium placed on technical detail, which will allow you to recreate what I have done.
Robot Wars – How Botnets Work: Date - Oct 20, 2005; Author - hakin9; One of the most common and efficient DDoS attack methods is based on using hundreds of zombie hosts. Zombies are usually controlled and managed via IRC networks, using so-called botnets. Let's take a look at the ways an attacker can use to infect and take control of a target computer, and let's see how we can apply effective countermeasures in order to defend our machines against this threat.
The Student, the Teacher, and Optix Pro (Part 3): Date - Jul 14, 2005; Author - Don Parker; In this last part of the article series we will show John finding, and retrieving the upcoming math exam, as well as his getting caught. Rounding it out will be a quick incident handling roundup.
The Student, the Teacher, and Optix Pro (Part 2): Date - Jul 07, 2005; Author - Don Parker; In this part of the article series we see John begin to configure his trojan server on the professor’s computer, and will ultimately see him connect to it from his class room.
The Student, the Teacher, and Optix Pro (Part 1): Date - Jun 28, 2005; Author - Don Parker; In this article series we will learn about a Trojan called Optix Pro. This is an especially lethal Trojan. With the first Part we will cover a little of Trojan history, see our fictional college’s network, and round out with our fictional student physically infecting his professor’s computer.
Obfuscated Shellcode, the Wolf in Sheep's Clothing (Part 3): Date - Jun 16, 2005; Author - Don Parker; In this last part of the three part series based on shellcode obfuscation, we will actually substitute the well known NOP sled for one of a differing function. We will also see what, if any, changes are noticed by Snort.
Obfuscated Shellcode, the Wolf in Sheep's Clothing (Part 2): Date - Jun 07, 2005; Author - Don Parker; In this second part we will actually see what a NOP sled is, and looks like. Furthermore, we will use an exploit with an existing NOP sled to see how it shows up on an IDS such as Snort with a default ruleset in place.
Obfuscated Shellcode, the Wolf in Sheep's Clothing (Part 1): Date - May 24, 2005; Author - Don Parker; This article will describe just what shellcode is, and how it relates to exploit code. Also explained will be some advances in exploit code development in an effort to further stealth the presence of certain shellcode characteristics.
A First Look at Microsoft's Anti Spyware Beta: Date - Mar 10, 2005; Author - Brien Posey; Over the last couple of years, spyware has grown from being a nuisance into being an epidemic. Although many tools exist for fighting spyware, they largely focus on the recovery of infected systems and have been mostly ineffective in the war against spyware. A few weeks ago however, Microsoft unveiled the first beta of their own anti spyware solution. Although this software is capable of disinfecting an infected system, its primary goal is to prevent the initial infection. In this article, I will explain how this software works and share my initial impressions of it with you.
Treating Infected Systems: Date - Feb 17, 2005; Author - Amit Zinman; So your computer has a virus, a Trojan, or one of the other growing range of pests, what do you do?
Social Engineering meets the Bot (Part 3) - All is Revealed: Date - Dec 02, 2004; Author - Don Parker; In the final installment of this article series we get to see the trojan operate at the packet level itself. No matter how clever the exploit, or trojan it must still dial home as it were. It will do so at the packet level, which we will examine.
Social Engineering meets the Bot (Part 2): Date - Nov 23, 2004; Author - Don Parker; In part two if this article is where we begin to get some answers. Much like the fabled trojan horse contained soldiers who opened the gates of Troy our supposed ASM is not what it appears to be.
Social Engineering meets the Bot (Part 1): Date - Nov 18, 2004; Author - Don Parker; All exploits or malware leverage a specific weak link in a program. This is done through various means. Social engineering on the other hand exploits the human link. What though if both an exploit and social engineering were combined? Read on to find out how both worlds collide.
Darwinism Meets the Virus and Worm: Date - Nov 16, 2004; Author - Don Parker; Viruses are largely a threat that is contained if one has an anti-virus solution. This begs the question of what then is the next big threat in terms of malware code? The answer to that would be the new, and more lethal worms such as Slammer for one. What would happen though if someone with coding talent were to harness the chaotic world of the worm?
How Spyware And The Weapons Against It Are Evolving: Date - Oct 26, 2004; Author - Brien Posey; Spyware has reached epidemic proportions and is only getting worse. I have seen recent statistics indicating that approximately 95% of the world’s PCs are infected with spyware. Unfortunately, removal techniques that worked just a couple of months ago are no longer effective in many cases and new types of spyware being released are more advanced than most computer viruses. In this article, I will discuss why the spyware problem has gotten so out of hand and more importantly, what you can do about it.
Malware - It's Getting Worse: Date - Mar 18, 2004; Author - Dancho Danchev; The recent MyDoom Worm successfully infected enough victims in order to shut down SCO's web site, followed by new variants that targeted Microsoft's web site. This paper isn't intended to discuss the motives of the author, instead it will help you understand how worms enter your network, how you can block them before they even reach your internal network, and how to act in case they get in.
How spyware & adware programs threaten network security & performance: Date - Dec 17, 2003; Author - Ricky M. Magalhaes; This article will focus on the applications that are installed on your network and home computers, which many security professionals and organizations do not know exist. These applications run in a discrete background operation and function as a spy reporting on user activity and habits that are recorded in day to day use of the computer system.
Trojan Horse Primer: Date - Sep 03, 2003; Author - Robert J. Shimonski; A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can gain control and do its chosen form of damage, such as erasing the data on your hard drive. A Trojan can cause massive harm to you and your systems and worse yet, may turn your system into a killing machine as well! Lets look at Back Orifice specifically so we can highlight why a tool like this can get ugly if installed on your systems.
Trojans FAQ: Date - Jun 26, 2003; Author - The Editor; We have all heard alot about trojan horse programs and the threat that they pose to your network's security. This Trojan FAQ sheds some light on what these programs are, what they do, how they can infect your network and suggests measures that could be taken to prevent such infections. You can make sure that you have a good grasp on these malicious programs by browsing through this regularly updated Trojan FAQ which provides the answers to these questions and many others. With thanks to Dancho Danchev for his contributions to this FAQ.