Identify, Knew About Computer Literature

2008-08-26T19:54:00.000-07:00

sadsfsdfsddsdf

nahh

avoiding virus infections

2008-08-25T16:27:00.000-07:00

Install anti-virus software from a well-known, reputable company,UPDATE it regularly, and USE it regularly.

New viruses come out every single day; an a-v program that hasn't been updated for several months will not provide much protection against current
viruses.

In addition to scanning for viruses on a regular basis, install an 'on access' scanner (included in most good a-v software packages) and configure
it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an
executable file.

Virus scan any new programs or other files that may contain executable
code before you run or open them, no matter where they come from. There
have been cases of commercially distributed floppy disks and CD-ROMs
spreading virus infections.

4. Anti-virus programs aren't very good at detecting Trojan horse
programs, so be extremely careful about opening binary files and Word/Excel
documents from unknown or 'dubious' sources. This includes posts in binary
newsgroups, downloads from web/ftp sites that aren't well-known or don't
have a good reputation, and executable files unexpectedly received as
attachments to E-mail or during an on-line chat session.

5. If your E-mail or news software has the ability to automatically execute
JavaScript, Word macros, or other executable code contained in or attached
to a message, I strongly recommend that you disable this feature.

6. Be _extremely_ careful about accepting programs or other files during
on-line chat sessions: this seems to be one of the more common means that
people wind up with virus or Trojan horse problems. And if any other family
members (especially younger ones) use the computer, make sure they know not
to accept any files while using chat.

7. Do regular backups. Some viruses and Trojan horse programs will erase or
corrupt files on your hard drive, and a recent backup may be the only way to
recover your data.

Ideally, you should back up your entire system on a regular basis. If this
isn't practical, at least backup files that you can't afford to lose or that
would be difficult to replace: documents, bookmark files, address books,
important E-mail, etc.

Viruz Analysis

2008-08-25T16:15:00.000-07:00

What is a computer virus?

A computer virus is a program designed to spread itself by first infecting executable files or the system areas of hard and floppy disks and then making copies of itself. Viruses usually operate without the knowledge or desire of the computer user.

What kind of files can spread viruses?

Viruses have the potential to infect any type of executable code, not just the files that are commonly called 'program files'. For example, some viruses infect executable code in the boot sector of floppy disks or in system areas of hard drives. Another type of virus, known as a 'macro' virus, can infect word processing and spreadsheet documents that use macros. And it's possible for HTML documents containing JavaScript or other types of executable code to spread viruses or other malicious code.

Since virus code must be executed to have any effect, files that the computer treats as pure data are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, etc., as well as plain text in .txt files. For example, just viewing picture files won't infect your computer with a virus. The virus code has to be in a form, such as an .exe program file or a Word .doc file, that the computer will actually try to execute.

How do viruses spread?

When you execute program code that's infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network . And the newly infected programs will try to infect yet more programs.

When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers.

If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more
floppies.

Some viruses, known as 'multipartite' viruses, can spread both by infecting files and by infecting the boot areas of floppy disks.

What do viruses do to computers?

Viruses are software programs, and they can do the same things as any other programs running on a computer. The actual effect of any particular virus depends on how it was programmed by the person who wrote the virus.

Some viruses are deliberately designed to damage files or otherwise interfere with your computer's operation, while others don't do anything but try to spread themselves around. But even the ones that just spread themselves are harmful, since they damage files and may cause other problems in the process of spreading.

Note that viruses can't do any damage to hardware: they won't melt down your CPU, burn out your hard drive, cause your monitor to explode, etc. Warnings about viruses that will physically destroy your computer are usually hoaxes, not legitimate virus warnings.

What is a Trojan horse program?

A type of program that is often confused with viruses is a 'Trojan horse' program. This is not a virus, but simply a program (often harmful) that pretends to be something else.

For example, you might download what you think is a new game; but when you run it, it deletes files on your hard drive. Or the third time you start the game, the program E-mails your saved passwords to another person.

Note: simply downloading a file to your computer won't activate a virus or Trojan horse; you have to execute the code in the file to trigger it. This could mean running a program file, or opening a Word/Excel document in a program (such as Word or Excel) that can execute any macros in the document.

What's the story on viruses and E-mail?

You can't get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded messages containing embedded executable code (i.e., JavaScript in an HTML message) or messages that include an executable file attachment (i.e., an encoded program file or a Word document containing macros).

In order to activate a virus or Trojan horse program, your computer has to execute some type of code. This could be a program attached to an E-mail, a Word document you downloaded from the Internet, or something received on a floppy disk. There's no special hazard in files attached to Usenet posts or E-mail messages: they're no more dangerous than any other file.

What can I do to reduce the chance of getting viruses from E-mail?

Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file.

If your E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature.

My personal feeling is that if an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, who it came from, and why it was sent to you.

The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive E-mail with attached files or documents. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it.

2008-08-19T16:51:00.001-07:00

super

man

MALWARE eksploiting Messenger & social network

2008-08-19T16:15:00.000-07:00

one of the most interesting developments in 2007 was the appearance of worms for instant messenger applications. Instant messenger applications have become very popular, but users rarely perceive them as potential infection vectors. Although IM-worms were detected prior to 2007, the start of the year brought a noticeable increase in this type of malware.
An analysis of the IM-worms detected so far this year provides some data on possible future trends.
As Table 1 shows, most new IM-worms target MSN Messenger, which is extremely popular in the United States, but almost never used in Russia. All the worms except for Atlex are written in Visual Basic.

These two facts taken together seem to indicate that IM-worms are at the initial stage of evolution. And the fact that the vast majority of the worms are written in Visual Basic demonstrates that most of the authors are fairly new to the virus writing scene and are relatively inexperienced programmers. VB is one of the easiest programming languages to master, but it's unsuitable for serious projects due to the large files and the relatively slow speed that results from this.

The obvious preference for MSN suggests that new worms were based on earlier samples. A detailed analysis of the worms' code by Kaspersky Lab virus analysts confirms this hypothesis. The source code for some early IM-worms was also published on a number of virus writers' sites, and most of the new worms are clearly based on this code. The evidence currently points to IM-worms being the domain of script-kiddies.

This situation is effectively a repeat of the evolution of P2P-worms between 2002 and 2004. When P2P worms first appeared, they were also mostly written in Visual Basic and also targeted one P2P client, Kazaa, the most popular client at the time. As P2P-worms were simple to create, and spread rapidly, several hundred families appeared, with numerous versions in each. The increase in this type of malware reached its peak in 2003, with more than 10 new versions being detected every week.

Kaspersky Lab monitored P2P networks closely during the upsurge in P2P-worms and analysis showed that almost every second file in the Kazaa file-sharing network was a P2P-worm. During that period most email-worms used file-sharing networks as a secondary channel for propagation. However, the rapid evolution of P2P-worms slowed dramatically in 2004 and they currently comprise an insignificant percentage of contemporary malware. It seems likely that IM-worms will have the same life cycle.

One of the most interesting aspects of IM-worms is the way in which the worm files are delivered to the victim machine. Despite the fact that Internet messaging services allow file transfer, for some reason virus writers are not utilizing it as a method of infection, possibly because they find overly complex. Instead, they all (with the exception of Aimes) use a technique pioneered by email-worms in 2004: a link to an infected website containing the body of the worm is sent to the recipient, instead of a message with an attached file containing the worm's body. The user believes that the link is from a trusted source, as the worms send their links to contacts harvested from the local contact list. This makes the user more likely to visit the site in question. The worm penetrates victim systems either by exploiting Internet Explorer vulnerabilities or simply by downloading and installing the malicious code.

Given the fact that IM-worms have demonstrated their ability to propagate and spread, it seems self-evident that system administrators and security managers should be focusing their attention on the potential threat which IM applications represent. One option would be to forbid the use of IM applications in enterprise settings until security improves. Monitoring incoming http traffic for malicious code (which should be part of any responsible security policy) will block those worms which penetrate via browser vulnerabilities.

The majority of IM-worms also install other malware on the victim machine. IM-worm.Bropia, the family with the most versions at the time of writing, installs Backdoor.Win32.Rbot on the infected machine, turning it into a zombie machine in a bot network.

coba posting

2008-08-19T15:48:00.001-07:00

test