Quick Search
Popups
- 2009-05-09
- Categorized in: VTutor Miscellaneous Pages
Popups are used throughout the CKnow Virus Tutorial. This page is a place for those to be recorded. They are listed here in alphabetical order.
| Anti-Virus Dependent Vulnerabilities in E-mail Infrastructure Security (A-D-V-E-I-S) |
A description of any technique that uses "unanticipated" file formats and/or E-mail headers to interfere with anti-virus software. The interference can be a simple nuisance or, worse, cause the anti-virus software to do something it isn't supposed to (e.g., shut down a server). Since the anti-virus software runs at a very low level in the system, any errors it may generate could propagate up through the system and maybe even shut it down. One simple example might be a zero-length .COM file. At one time such a file would have hung some anti-virus software and if that software were running on a server, would have hung the server as well and required a server restart. This is more than just a nuisance. This isn't new; it was highlighted in a ZDNet News article back in August 1999 and has been known for some time before that. Rob Rosenberg, editor at VMyths.com , has been discussing this topic for some time as well. |
| ANSI Bomb (rare) |
| Early text computer applications would sometimes make use of a DOS driver called ANSI.SYS to control display colors. ANSI.SYS also has the capability of remapping the keyboard. To do this a user had to load ANSI.SYS in the CONFIG.SYS file and then force a particular sequence of characters, starting with the Escape key, to the screen. These would be intercepted by ANSI.SYS and the particular key on the keyboard would then be remapped to perform some defined function. An ANSI Bomb simply forced showing of a keystroke remapping sequence that might, e.g., remap the F1 key to issue a command that might delete everything on the C: drive (or any other command). The solution, of course, was to not use ANSI.SYS in your CONFIG.SYS file (it was rarely needed then and never today) and make certain any ANSI simulators you might use as part of a communications program disable keyboard remapping. |
| Bluebugging |
Obtaining access to mobile phones using Bluetooth without alerting the phone's user to the intrusion. Bluebugging would allow someone to make calls, send and read SMS, change the phonebook contents, listen in on calls being made, and even connect to the Internet. Bluebugging typically affects different phone models than bluesnarfing but both require close proximity to the phone to work. |
| Bluesnarfing |
| A technique that allows someone to silently gain access to data stored on a Bluetooth enabled phone. Only specific, older Bluetooth-enabled phones are susceptible to bluesnarfing and if the device is set to be non-discoverable, it is much more difficult to do this. Information that can be accessed includes the phonebook and associated images, calendar, and IMEI (International Mobile Equipment Identity). |
| Cult of the Dead Cow |
| A "collection of the best computer hackers on the planet" and "the best and the brightest of the digiterati you're liable to find anywhere" (in their own words [which may be explicit]). The cDc has been around for a long time and produces both an electronic "zine" and various hacking programs. |
| Double File Extensions |
| By default Windows ships set so common file extensions do not show up in Windows Explorer. So, the executable file PROGRAM.EXE would show up as just PROGRAM in Explorer. So, if a virus wanted to try to trick you it might name it's file with a double ext VIRUS.TXT.EXE. In the Windows default, this file would show up as VIRUS.TXT and you might be confused and think it's a harmless text file instead of an executable program. You should change the Windows default so that common file extensions show up rather than remain hidden. |
| Windows Help Macros (rare) |
| Windows Help (HLP) file format allows macros to be attached to Help files. These macros can be set to run when the Help file first starts and there is no way to prevent this from happening. These macros can contain unwanted actions. The only common example of this made changes to your Windows INI files; but, other actions are possible. One researcher has postulated a possible Help file virus; CKnow feels the possibility of one in the wild is remote at best for various technical reasons. Also, Windows Vista does not directly support the HLP file format. You have to install the older help program yourself to allow them to open and that program for Vista disables the macro commands that could do damage. |
| IRC Chat |
| A system whereby individuals can band together in real time and conduct discussions via the Internet. The chat network is a client-server network with interconnected servers that accept client connections. Chat makes extensive use of shortcuts and emoticons. A number of computer worms make use of chat to propagate and chat channels have been used to control the actions of Trojans and other malware. |
| Physical Media |
| In the "old days" virus transmission via floppy disks was quite common. It's less common today simply because sharing via physical media is becoming rare. But, such transmission still exists and sometimes even comes via sources you might trust. Perhaps the best known media transmission was the AIDS Info Disk.
The AIDS Info Disk was a Trojan sent out via a mass mailing. If run, the Trojan replaced the AUTOEXEC.BAT file with one that would count the number of times the computer was booted and at 90 the Trojan would hide directories and encrypt the names of all files on the C: drive. This basically made the system unusable. After doing so, the Trojan would ask the user to "renew" their license by contacting the PC Cyborg Corporation and sending $378US to a Post Office box in Panama to get the decrypting information. (There were other versions of the Trojan that encrypted the disk on the first boot.) The Trojan then produced a EULA that had some interesting sections...
Dr. Joseph Popp was identified as the person who sent the disk and was arrested by Scotland Yard. Eventually, the filename encryption tables were determined and a restoration program was developed and widely spread. AIDSOUT removed the Trojan and CLEARAID recovered encrypted filenames. Fortunately, only the file names were encrypted; the data was left alone. |
| Road Apple |
| A Trojan variant that relies curiosity to spread. The attacker leaves a malware-infected floppy disc, CD ROM, USB flash drive, or interestingly named program in a location sure to be found. Physical media might have an official logo and name like "Employee Salaries Summary FY08" on it. An infected file in a public location might just have a similar name to entice people to take a look at it and become infected. |
| Script Kiddie |
| A term used for anyone who delights in changing existing scripts (usually some form of malware) in order to build a new piece of malware similar to but not the same as the original. The term, as developed, was meant to be a shameful description of a young person who had nothing better to do than create aggravation around the world but was not smart enough to build a full-blown set of malware from scratch -- they had to piggyback on someone else's work. |
| Zero Day Attack |
| Zero day basically means a product vulnerability is announced publicly without first notifying the concerned vendor who markets the product. This becomes an attack when that vulnerability is quickly exploited before a patch can be released or users notified. Zero day disclosure is seen by many as irresponsible. Responsible disclosure is the goal of the Zero Day Initiative. People who find a vulnerability should report it to Zero Day Initiative who will then verify it and inform the vendor. When a patch is available, the vulnerability will be made public. A reward may be paid to those who correctly identify and report a vulnerability. |
 Miscellaneous Pages |
|
 |
 |
| Virus Hoaxes | |
