Go Back   Let's Roll Forums > Blogs > spanner
Connect with Facebook

Rate this Entry

Global Virus - In The E-mail Range

Posted 12 Sep 2010 at 21:17 PM by spanner
Tags email, global, virus

body,html { overflow-y: hidden; overflow-x: hidden;} Search: Global e-mail virus strikes




An e-mail virus snarled traffic and shut down business and communication around the world Thursday. The cyber-attack, which impacted hundreds of thousands of computers, sent e-mails containing what looked to be .PDF files that, if opened, would overrun computers with this type of e-mail, essentially shutting down valid e-mail delivery.

Beware of Link: E-Mail Virus Plays Havoc With Internet
From the files of: "America, Your Chichens Are Coming Home To Roost" - J. Wright
Obama Government Creates Virus To Effect Immigration Records Of Illegals In America ( " But U.S. officials denied that issues with its servers were related to the virus") Question: Who Has The Best Hackers In The World? Answer: The United States of America
Washington - An insidious e-mail virus remained in the top five Google searches Friday, a day after it snarled traffic and took down [COLOR=blue !important][COLOR=blue !important]servers[/COLOR][/COLOR] at ABC, NASA, Comcast, and Google -- and possibly even swamped the Department of Homeland Security's computers. The Internet Storm Center, a free analysis and warning service that tracks malicious Internet activity, reported that the initial [COLOR=blue !important][COLOR=blue !important]application[/COLOR][/COLOR] that generated the vast cloud of spam clogging servers had been taken down, which should limit the spread of the virus Friday. And there were no new reports of infected servers Friday morning -- but the Web may not be out of the woods just yet. "New variants may well follow," the Storm Center warned. The virus, called “here you have” (or VBMania, though different [COLOR=blue !important][COLOR=blue !important]security [COLOR=blue !important]companies[/COLOR][/COLOR][/COLOR]
have different names for the same virus), is a simple Trojan Horse: An e-mail arrives in your inbox with the odd-but-suggestive subject line “here you have.” The body reads “This is The Document I told you about, you can find it Here” or “This is The Free Download Sex Movies, you can find it Here.” Click the link in the message and you download and launch a program that spams the same Trojan Horse out to everyone in your [COLOR=blue !important][COLOR=blue !important]address [COLOR=blue !important]book[/COLOR][/COLOR][/COLOR], flooding and crippling e-mail servers. Leading virus monitors such as McAfee Labs and Symantecare currently investigating the threat, and have already updated their website to push security products that could protect users. "Stop or remove the virus with Norton [COLOR=blue !important][COLOR=blue !important]Internet [COLOR=blue !important]Security[/COLOR][/COLOR][/COLOR] 2011," advises Symantec on the front page of its site Friday morning. The security companies describe "here you have" as especially challenging to monitor, since the virus may already have replicated into several new forms. “It looks like multiple variants may be spreading and it may take some time to work through them all to paint a clearer picture,” warned Craig Schmugar on McAfee’s Threat Response page. Difficult indeed. In addition to a variety of major corporations, the virus appeared to take down internal servers at the Department of Homeland Security (DHS) on Thursday. Numerous sources told FoxNews.com that some DHS agencies that run on the Immigration and Customs Enforcement server crashed and were mostly disabled throughout Thursday. But U.S. officials denied that issues with its servers were related to the virus, telling FoxNews.com that “neither DHS nor ICE were agencies that were affected.” “It’s a phishing attack -- when you click on the link in an e-mail it goes into the address book. It was clogging a bunch of e-mail and that’s it,” officials told FoxNews.com. “It’s too early to say how sophisticated it was, but a number of companies and agencies were affected.” DHS spokeswoman Amy Kudwa said that Homeland Security’s experts were investigating the situation. She explained the U.S. Computer Emergency Readiness Team -- US-CERT, the agency tasked with preventing cyber attacks against the government -- was actively sharing its expertise with departments and agencies that had been affected, as well as private companies. “US-CERT has received multiple reports from a number of [COLOR=blue !important][COLOR=blue !important]federal [COLOR=blue !important]agencies[/COLOR][/COLOR][/COLOR] and private sector entities experiencing an email worm. A full assessment is being conducted – US-CERT is in the process of collecting and analyzing samples of the malware and has developed and disseminated mitigation strategies.” “Basic cyber security practices and hygiene are essential to maintaining the security of networks and individual computers,” Kudwa advised. She suggested that concerned Internet surfers should not trust unsolicited e-mail, treat all attachments with caution and (of course) never click links in unsolicited e-mails. Hopefully , that advice makes its way back to NASA, where employees were hampered throughout the day -- and took to Twitter to complain about the problem.
NASA's Lunar Science Institute tweeted, "Houston, we have a problem... it's called spam."

E-mail Viruses

Virus authors adapted to the changing computing environment by creating the e-mail virus. For example, the Melissa virus in March 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this:
Someone created the virus as a Word document and uploaded it to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and therefore itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document, thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. At that rate, the Melissa virus quickly became the fastest-spreading virus anyone had seen at the time. As mentioned earlier, it forced a number of large companies to shut down their e-mail systems.
The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who double-clicked on the attachment launched the code. It then sent copies of itself to everyone in the victim's address book and started corrupting files on the victim's machine. This is as simple as a virus can get. It is really more of a Trojan horse distributed by e-mail than it is a virus. The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus. It created a huge mess. Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of virus. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it. In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable.


Worms

A worm is a computer program that has the ability to copy itself from machine to machine. Worms use up computer time and network bandwidth when they replicate, and often carry payloads that do considerable damage. A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt. A worm usually exploits some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem in January 2003) exploited a hole in Microsoft's SQL server. "Wired" magazine took a fascinating look inside Slammer's tiny (376 byte) program. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. The Code Red worm replicated itself more than 250,000 times in approximately nine hours on July 19, 2001 [Source: Rhodes]. The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that did not have the Microsoft security patch installed. Each time it found an unsecured server, the worm copied itself to that server. The new copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies

The Code Red worm had instructions to do three things:
  • Replicate itself for the first 20 days of each month
  • Replace Web pages on infected servers with a page featuring the message "Hacked by Chinese"
  • Launch a concerted attack on the White House Web site in an attempt to overwhelm it [Source: eEye Digital Security]
Upon successful infection, Code Red would wait for the appointed hour and connect to the www.whitehouse.gov domain. This attack would consist of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov (198.137.240.91). The U.S. government changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they installed the security patch. A worm called Storm, which showed up in 2007, immediately started making a name for itself. Storm uses social engineering techniques to trick users into loading the worm on their computers. So far, it's working -- experts believe between one million and 50 million computers have been infected. When the worm is launched, it opens a back door into the computer, adds the infected machine to a botnet and installs code that hides itself. The botnets are small peer-to-peer groups rather than a larger, more easily identified network. Experts think the people controlling Storm rent out their micro-botnets to deliver spam or adware, or for denial-of-service attacks on Web sites.


You can protect yourself against viruses with a few simple steps:
  • If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk.
  • If you are using an unsecured operating system, then buying virus protection software is a nice safeguard.
  • If you simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses.
  • You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.
  • You should never double-click on an e-mail attachment that contains an executable. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). However, some viruses can now come in through .JPG graphic file attachments. A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is never to run executables that arrive via e-mail.
Open the Options dialog from the Tools menu in
Microsoft Word and make sure that Macro Virus Protection is enabled. Newer versions of Word allow you to customize
the level of macro protection you use.
By following these simple steps, you can remain virus-free.

Source: http://computer.howstuffworks.com/virus7.htm


Posted in Uncategorized
Views 4349 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

All times are GMT -5. The time now is 10:06 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Ad Management by RedTyger