| Blended
threat
A blended threat is an attack which combines different characteristics
specific to viruses, worms, Trojan Horses and other malicious code (malware).
It exploits Internet or server vulnerabilities in order to transmit
and spread itself. A ‘blended threat’ attacks using multiple
methods and techniques.
Blended threats are initiated with the intent to cause real harm, for
example launching a Denial of Service (DoS) on a target computer, defacing
Web servers or planting a Trojan Horse program for later execution.
A blended threat spreads using multiple methods. It scans for vulnerabilities
to compromise a system, such as embedding code in HTML files on a server,
infecting visitors through a compromised Web site or sending unauthorized
e-mail with worm attachments from compromised servers. Blended threats
attack from multiple points. They inject malicious code into the .exe
files on a system, raise the privilege level of the guest account, make
numerous registry changes and can even spread without human intervention.
Blended threats also take advantage of known vulnerabilities producing
buffer overflows, HTTP input validation vulnerabilities and known default
passwords to gain unauthorized administrative access.
Effective protection from blended threats requires the use of a firewall,
regular patch updating and the running of software specially designed
to detect malware.
Computer Virus
The term computer virus derives from its biological counterpart. Both
share the same main characteristics. Computer viruses were first investigated
as part of academic research on artificial intelligence. Computer networks
are mainly rendered susceptible to virus infections by the monoculture
of the software environments being used.
As in the biological context, where the genetic diversity of a population
decreases the chances of total destruction by viral infection or diseases,
the diversity of software systems in a network environment limits the
destructive potential of computer viruses. In computer science, a virus
is a (usually malicious) program able to add or send a replica of itself
to infect other programs or operating systems. The infection can spread
itself to other computers through storage devices or computer networks.
Most viruses consist of a finder (identifying new and uninfected files)
and a replicator (which opens the file identified by the finder, performs
the “infection” and then returns to the finder so that it
can find new files for the replicator to infect). Some viruses can cause
global havoc within minutes or hours, but many are benign or just annoying.
There are several types of computer
viruses:
- Traditional viruses (pieces of code self-replicating on other programs
and documents),
- E-mail viruses (programs or documents attached to an e-mail message
which, when opened, spreads and generates e-mail messages containing
themselves as an attachment)
- Worms
- Polymorphic viruses (combination of encryption and self-modifying
code created to hide the virus and avoid pattern recognition from antivirus
software). Polymorphic viruses imitate pseudo-Darwinian evolution; the
virus mutates, creating endless variations of itself, and “survival
of the fittest” allows only the stealthiest to reproduce and mutate
further.
Worm
A worm is a computer program capable of self-replicating across network
connections using available resources of a system or a network. In contrast
to a virus, a worm is self-contained and does not need to attach itself
to another program in order to propagate. A worm can be designed to
perform a range of different tasks or even carry other executable tasks
as payloads (e.g. backdoors or viruses).
Trojan Horse
A Trojan Horse is a piece of software disguised as a useful task or
utility. It contains hidden malicious code programmed to get control
over the system and to allow the unauthorized collection, falsification
or destruction of data. Trojan Horses are similar to backdoors, but
unlike viruses and worms Trojan Horses do not replicate themselves.
Distributed Attack
A hacker/cracker begins a distributed Denial of Service attack (DDoS)
by taking control of one computer system. This system becomes a “DDoS
master”. From this master system the intruder takes control of
a multitude of other systems, loading specific cracking tools on to
them. A single command can cause all controlled machines to launch a
flood attack against a specified target causing a DoS and eventually
forcing the targeted system to shut down.
Denial of Service
An incident in which a single user or a network loses access to resources,
network services or all network connectivity that is normally granted
is called Denial of Service (DoS). A Denial of Service attack can cause
a website to cease operating and can destroy programs and files in a
computer system.
The most common forms of Denial of Service are:
- Buffer Overflow Attacks - sending more information to a program or
a system than its data buffer can handle
- Teardrop Attack - exploits the way Internet Protocol (IP) divides
over-large packets by placing confusing offset values in the second
or subsequent fragments so that the whole packet cannot be reassembled.
This causes the entire system to crash
- Smurf Attack - an “echo my message back to me” a.k.a.
Ping message is broadcast to a number of hosts within a local network,
replacing the sender's address with the address of the site to receive
the DoS. This action is also called Spoofing
- Viruses - viruses self-reproduce across the network causing DoS attacks
on victims not specifically targeted.
Backdoor
A piece of code attached to a program (often known only to the programmer)
allowing secret and illegal access to a program, a service or to entire
computer systems. A backdoor, also called trapdoor, is a potential security
risk.
Payload
A payload is an action carried out by certain viruses in an infected
computer system in addition to spreading and reproducing themselves.
Not all viruses carry payloads. Payloads range from harmless text, image
or sound messages displayed on the monitor right through to the extremely
destructive kind of actions that delete the entire hard disk. This terminal
shows a selection of visual payloads taken directly from infected computers.
Source code / programming
language / virus
Source code is a communication level between a user and a computer,
between human and machine. The computer only understands instructions
in form of binary code. In order to write a program without having to
use binary code (series of 0 and 1) the coder uses a text, a sort of
algebra, which gives the machine instructions in a specific computer
language such as Java, C, C++, Visual Basics or Assembler. To be computer
executable, this source code finally has to be translated back into
binary code, a task executed by a specific program, a compiler.
The comprehensibility of source codes
is enhanced by the addition of useful comments and explanations. In
this way, programmers enable other users working with software to understand
how a specific program functions. If a user only receives the executable
code he cannot modify it, even if that were permitted. Therefore in
order to increase the quality or the usefulness of specific software
a user needs the source code.
Source code is a product of human intellect,
answering the needs of contemporary culture for many different software
applications. Source code does not only fulfil a distinct function but
also has its own aesthetic and follows its own method. Therefore source
code is a new form of language - programming “language”
has its own formal logic and form, just like spoken and written human
language.
Computer program
Computers have two main components: the hardware (physical parts and
components) and the software (a set of programs that tell the hardware
what to do). A program is a detailed plan or procedure meant to perform
a specific task when executed; it contains a list of variables (numerical
data, text, graphic images) and a list of instructions or statements
which tell the computer what to do with the variables. Every computer
program is written in a specific programming language.
Operating system
Every computer has a software platform called an operating system, on
which all the other programs, called application programs, can run.
An operating system performs basic tasks like receiving input from the
keyboard, sending output to the monitor, controlling peripheral devices
and managing information storage on the hard disk. The operating system
coordinates the execution of different simultaneous tasks and manages
hardware resource-sharing in such a way that all the tasks are completed
without interfering with each another.
Binary code
The base 2 (binary) number system requires only two symbols - “0"
and "1”. In computer technology, this system represents data
with two states - “on-off”, “open-closed”, “go-no
go”. Binary code is a compact and reliable coding system which
is used by computers to convert all information like letters, numbers,
punctuation marks and control characters into standardized digital format.
Binary code allows a computer to efficiently process and store data
and communicate with other computers or entire networks. Computers use
a binary code that is arranged in groups of eight digits, or bits; each
such group forms a byte. |
