1.
Maintain at least two email addresses. You should use your private address only for personal correspondence. The public address should be the one you use to register on public forums, in chat rooms, to subscribe to mailing lists etc.
2.
Never publish your private address on publicly accessible resources.
3.
Your private address should be difficult to spoof. Spammers use combinations of obvious names, words and numbers to build possible addresses. Your private address should not simply be your first and last name. Be creative and personalize your email address.
4.
If you have to publish your private address electronically, mask it to avoid having it harvested by spammers. Joe.Smith@yahoo.com is easy to harvest, as is Joe.Smith at yahoo.com. Try writing Joe-dot-Smith-at-yahoo-dot-com instead. If you need to publish your private address on a web-site, do this as a graphics file rather than as a link.
5.
Treat your public address as a temporary one. Chances are high that spammers will harvest your public address fairly quickly. Don't be afraid to change it often.
6.
Always use your public address to register in forums, chat rooms and to subscribe to mailing lists and promotions. You might even consider using a number of public addresses in order to trace which services are selling addresses to spammers.
7.
Never respond to spam. Most spammers verify receipt and log responses. The more you respond, the more spam you will receive.
8.
Do not click on unsubscribe links from questionable sources. Spammers send fake unsubscribe letters in an attempt to collect active addresses. You certainly don't want to have your address tagged as active, do you? It will just increase the amount of spam you receive.
9.
If your private address is discovered by spammers - change it. This can be inconvenient, but changing your email address does help you avoid spam - at least for a while!
10.
Make sure that your mail is filtered by an antispam solution. Consider installing a personal antispam solution. Only open email accounts with providers who offer spam filtration prior to mail delivery.
Monday, July 28, 2008
Types of Spam
Today spam is a household word, since 70-80% of all email traffic is spam. Although spam written in English is the most common, it comes in all languages including Chinese, Korean and other Asian languages. In most cases spam is advertising, and experience shows that spammers have targeted specific goods and services to promote. Some goods are chosen because a computer user is likely to be interested, but most are grey or black market goods. In other words, spam is usually illegal not only because of the means used to advertise the goods, but also because the goods and services being offered are illegal in themselves.
Other mass mailings are outright fraud, such as the notorious 419 messages which offer the recipients a share of funds which allegedly cannot be accessed by the sender for political reasons, in return for the recipient's help in legalizing these funds. The recipient is asked to provide bank account details; of course, if the recipient provides these details, the bank account will be emptied without their consent. This type of spam is usually called a 'scam'.
The commonest types of spam
Spam worldwide tends to advertise a certain range of goods and services irrespective of language and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas items and car heaters being replaced by air conditioner advertising in summer.
However, when averaged out over the course of the year, 50% of spam falls into the following categories:
* Adult content
* Health
* IT
* Personal finance
* Education/training
Adult content
This category of spam includes offers for products designed to increase or exhance sexual potency, links to porn sites or advertisments for pornorgraphy etc. Examples (we include basic texts but no graphics for ethical reasons):
======================
Subject: very cheap erection tool :-)
Good day!
We would like to offer cheapest Viagra in the world!
You can get it at:
{LINK}
Sincerely,
Liza Stokes
Subject: i think you're gonna like watching me get off :-)
Hi...im Brooke..and I just got a webcam...lets have a little chat.. while you watch me get dirty .. haha;-)
{LINK}
==================
Home / Spam / About Spam / Types of Spam
Types of Spam
Today spam is a household word, since 70-80% of all email traffic is spam. Although spam written in English is the most common, it comes in all languages including Chinese, Korean and other Asian languages. In most cases spam is advertising, and experience shows that spammers have targeted specific goods and services to promote. Some goods are chosen because a computer user is likely to be interested, but most are grey or black market goods. In other words, spam is usually illegal not only because of the means used to advertise the goods, but also because the goods and services being offered are illegal in themselves.
Other mass mailings are outright fraud, such as the notorious 419 messages which offer the recipients a share of funds which allegedly cannot be accessed by the sender for political reasons, in return for the recipient's help in legalizing these funds. The recipient is asked to provide bank account details; of course, if the recipient provides these details, the bank account will be emptied without their consent. This type of spam is usually called a 'scam'.
The commonest types of spam
Spam worldwide tends to advertise a certain range of goods and services irrespective of language and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas items and car heaters being replaced by air conditioner advertising in summer.
However, when averaged out over the course of the year, 50% of spam falls into the following categories:
* Adult content
* Health
* IT
* Personal finance
* Education/training
Adult content
This category of spam includes offers for products designed to increase or exhance sexual potency, links to porn sites or advertisments for pornorgraphy etc. Examples (we include basic texts but no graphics for ethical reasons):
Subject: very cheap erection tool :-)
Good day!
We would like to offer cheapest Viagra in the world!
You can get it at:
{LINK}
Sincerely,
Liza Stokes
Subject: i think you're gonna like watching me get off :-)
Hi...im Brooke..and I just got a webcam...lets have a little chat.. while you watch me get dirty .. haha;-)
{LINK}
================
Health and Medicine
This category includes advertisements for weight loss, skin care, posture improvement, cures for baldness, dietary supplements, non-traditional medication etc. which can all be bought on-line.
Examples:
==
Subject: Lose up to 19% weight. A new weightloss is here.
Hello, I have a special offer for you...
WANT TO LOSE WEIGHT?
The most powerful weightloss is now available
without prescription. All natural Adipren720
100% Money Back Guarantée!
- Lose up to 19% Total Body Weight.
- Up to 300% more Weight Loss while dieting.
- Loss of 20-35% abdominal Fat.
- Reduction of 40-70% overall Fat under skin.
- Increase metabolic rate by 76.9% without Exercise.
- Burns calorized fat.
- Suppresses appetite for sugar.
- Boost your Confidence level and Self Esteem.
Get the facts about all-natural Adipren720: {LINK}
Subject: Legal Low prices for Valium (Diazepam) (Caffeine FREE)
Rx Shopping Service Brings You our Newest Product:
Your personal shopping service that legally provides
Over the Counter (OTC) approved drugs from Canada and
around the world.
Order Valium (Diazepam) and it will be
guaranteed Delivery within 7 DAYS!
Do not miss out *Limited Quantity!
Visit Here: {LINK}
==
Home / Spam / About Spam / Types of Spam
Types of Spam
Today spam is a household word, since 70-80% of all email traffic is spam. Although spam written in English is the most common, it comes in all languages including Chinese, Korean and other Asian languages. In most cases spam is advertising, and experience shows that spammers have targeted specific goods and services to promote. Some goods are chosen because a computer user is likely to be interested, but most are grey or black market goods. In other words, spam is usually illegal not only because of the means used to advertise the goods, but also because the goods and services being offered are illegal in themselves.
Other mass mailings are outright fraud, such as the notorious 419 messages which offer the recipients a share of funds which allegedly cannot be accessed by the sender for political reasons, in return for the recipient's help in legalizing these funds. The recipient is asked to provide bank account details; of course, if the recipient provides these details, the bank account will be emptied without their consent. This type of spam is usually called a 'scam'.
The commonest types of spam
Spam worldwide tends to advertise a certain range of goods and services irrespective of language and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas items and car heaters being replaced by air conditioner advertising in summer.
However, when averaged out over the course of the year, 50% of spam falls into the following categories:
* Adult content
* Health
* IT
* Personal finance
* Education/training
Adult content
This category of spam includes offers for products designed to increase or exhance sexual potency, links to porn sites or advertisments for pornorgraphy etc. Examples (we include basic texts but no graphics for ethical reasons):
Subject: very cheap erection tool :-)
Good day!
We would like to offer cheapest Viagra in the world!
You can get it at:
{LINK}
Sincerely,
Liza Stokes
Subject: i think you're gonna like watching me get off :-)
Hi...im Brooke..and I just got a webcam...lets have a little chat.. while you watch me get dirty .. haha;-)
{LINK}
Health and Medicine
This category includes advertisements for weight loss, skin care, posture improvement, cures for baldness, dietary supplements, non-traditional medication etc. which can all be bought on-line.
Examples:
Subject: Lose up to 19% weight. A new weightloss is here.
Hello, I have a special offer for you...
WANT TO LOSE WEIGHT?
The most powerful weightloss is now available
without prescription. All natural Adipren720
100% Money Back Guarantée!
- Lose up to 19% Total Body Weight.
- Up to 300% more Weight Loss while dieting.
- Loss of 20-35% abdominal Fat.
- Reduction of 40-70% overall Fat under skin.
- Increase metabolic rate by 76.9% without Exercise.
- Burns calorized fat.
- Suppresses appetite for sugar.
- Boost your Confidence level and Self Esteem.
Get the facts about all-natural Adipren720: {LINK}
Subject: Legal Low prices for Valium (Diazepam) (Caffeine FREE)
Rx Shopping Service Brings You our Newest Product:
Your personal shopping service that legally provides
Over the Counter (OTC) approved drugs from Canada and
around the world.
Order Valium (Diazepam) and it will be
guaranteed Delivery within 7 DAYS!
Do not miss out *Limited Quantity!
Visit Here: {LINK}
===============
IT
This category includes offers for low-priced hardware and software as well as services for web site owners such as hosting, domain registration, web site optimization and so forth.
Examples:
Subject: Huge savings on OEM Software. All brand names available now stewardess
Looking for not expensive high-quality software?
We might have just what you need.
Windows XP Professional 2002 ............. $50
Adobe Photoshop 7.0 ...................... $60
Microsoft Office XP Professional 2002 .... $60
Corel Draw Graphics Suite 11 ............. $60
and lots more...
===========================
Personal finance
Spam which falls into this category offers insurance, debt reduction services, loans with low interest rates etc.
Examples:
Subject: Lenders Compete--You Win
Reduce your mortgage payments
Interest Rates are Going Up!
Give Your Family The Financial Freedom They Deserve
Refinance Today & SAVE
*Quick & EASY
*CONFIDENTIAL
*100's Of Lenders
*100% FREE
*Get The Lowest Rate
Apply Today! {LINK}
All credit will be accepted
To clear your name from our database please {LINK}or use one of the optins below.
Thank You
Call 1-800-279-7310
Or please mail us at:
1700 E. Elliot Rd. STE3-C4
Tempe, AZ. 85283
=============
Education
This category includes offers for seminars, training, and on-line degrees.
Examples:
Subject: get a degree from home, Mas#ters, Bachelors or PHD
Call {Phone Num.} to inquire about our degree programs.
Whether you are seeking a Bachelors, Masters, Ph.D. or MBA
We can provide you with the fully verifiable credentials to get your career BACK ON TRACK!
No testing or coursework required Call: {Phone Num.}
we are sorry if you did not want to receive this mail.
To be removed from our list please call {Phone Num.}
=============
Some new trends in spam content
Spammers are constantly seeking to enter new markets and develop new techniques. Some areas are evolving rapidly and should be monitored closely.
Political spam
This category includes mudslinging or political threats from extremists and possible terrorists. Though these are merely nuisance messages to end users, security and law enforcement officials need to be aware of such mailings, since they can provide clues to genuine potential threats, or be actual communication between terrorists.
Antispam solutions
Spammers advertise supposed antispam solutions in an effort to cash in on the negative publicity generated by spam itself. However, such offers often lead the user to sites where a Trojan will be downloaded to the victim machine, which will then be used for future mass mailings.
Example:
Subject: Join the thousands who are now sp@m-free
FORGET SPAM BLOCKERS!
Get SMART Spam Control That Always Delivers The Email You Want!
Finally, we discovered the ultimate solution that is guaranteed to stop all spam
without losing any of your important email! This revolutionary advanced technology
also protects you 100% against ALL email-borne viruses - both known and unknown.
We didn't believe it either until we actually tried it. So you be the judge and see for yourself.
{LINK}
==============
Spam, viruses and junk email
Today, most people class all unsolicited email as spam, including automatic replies, emails containing viruses and unsolicited, but legitimate business propositions. Classifying all such emails as spam is broadly correct, but it must be highlighted that some categories of spam are more dangerous than others.
In particular, the alliance developing between virus writers and spammers is worrisome. The first half of 2004 brought several virus epidemics where viruses were circulated using spammer techniques. These outbreaks were classic examples of how botnets can be created by virus writers, and then sold to spammers for use in future mass mailings.
Other mass mailings are outright fraud, such as the notorious 419 messages which offer the recipients a share of funds which allegedly cannot be accessed by the sender for political reasons, in return for the recipient's help in legalizing these funds. The recipient is asked to provide bank account details; of course, if the recipient provides these details, the bank account will be emptied without their consent. This type of spam is usually called a 'scam'.
The commonest types of spam
Spam worldwide tends to advertise a certain range of goods and services irrespective of language and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas items and car heaters being replaced by air conditioner advertising in summer.
However, when averaged out over the course of the year, 50% of spam falls into the following categories:
* Adult content
* Health
* IT
* Personal finance
* Education/training
Adult content
This category of spam includes offers for products designed to increase or exhance sexual potency, links to porn sites or advertisments for pornorgraphy etc. Examples (we include basic texts but no graphics for ethical reasons):
======================
Subject: very cheap erection tool :-)
Good day!
We would like to offer cheapest Viagra in the world!
You can get it at:
{LINK}
Sincerely,
Liza Stokes
Subject: i think you're gonna like watching me get off :-)
Hi...im Brooke..and I just got a webcam...lets have a little chat.. while you watch me get dirty .. haha;-)
{LINK}
==================
Home / Spam / About Spam / Types of Spam
Types of Spam
Today spam is a household word, since 70-80% of all email traffic is spam. Although spam written in English is the most common, it comes in all languages including Chinese, Korean and other Asian languages. In most cases spam is advertising, and experience shows that spammers have targeted specific goods and services to promote. Some goods are chosen because a computer user is likely to be interested, but most are grey or black market goods. In other words, spam is usually illegal not only because of the means used to advertise the goods, but also because the goods and services being offered are illegal in themselves.
Other mass mailings are outright fraud, such as the notorious 419 messages which offer the recipients a share of funds which allegedly cannot be accessed by the sender for political reasons, in return for the recipient's help in legalizing these funds. The recipient is asked to provide bank account details; of course, if the recipient provides these details, the bank account will be emptied without their consent. This type of spam is usually called a 'scam'.
The commonest types of spam
Spam worldwide tends to advertise a certain range of goods and services irrespective of language and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas items and car heaters being replaced by air conditioner advertising in summer.
However, when averaged out over the course of the year, 50% of spam falls into the following categories:
* Adult content
* Health
* IT
* Personal finance
* Education/training
Adult content
This category of spam includes offers for products designed to increase or exhance sexual potency, links to porn sites or advertisments for pornorgraphy etc. Examples (we include basic texts but no graphics for ethical reasons):
Subject: very cheap erection tool :-)
Good day!
We would like to offer cheapest Viagra in the world!
You can get it at:
{LINK}
Sincerely,
Liza Stokes
Subject: i think you're gonna like watching me get off :-)
Hi...im Brooke..and I just got a webcam...lets have a little chat.. while you watch me get dirty .. haha;-)
{LINK}
================
Health and Medicine
This category includes advertisements for weight loss, skin care, posture improvement, cures for baldness, dietary supplements, non-traditional medication etc. which can all be bought on-line.
Examples:
==
Subject: Lose up to 19% weight. A new weightloss is here.
Hello, I have a special offer for you...
WANT TO LOSE WEIGHT?
The most powerful weightloss is now available
without prescription. All natural Adipren720
100% Money Back Guarantée!
- Lose up to 19% Total Body Weight.
- Up to 300% more Weight Loss while dieting.
- Loss of 20-35% abdominal Fat.
- Reduction of 40-70% overall Fat under skin.
- Increase metabolic rate by 76.9% without Exercise.
- Burns calorized fat.
- Suppresses appetite for sugar.
- Boost your Confidence level and Self Esteem.
Get the facts about all-natural Adipren720: {LINK}
Subject: Legal Low prices for Valium (Diazepam) (Caffeine FREE)
Rx Shopping Service Brings You our Newest Product:
Your personal shopping service that legally provides
Over the Counter (OTC) approved drugs from Canada and
around the world.
Order Valium (Diazepam) and it will be
guaranteed Delivery within 7 DAYS!
Do not miss out *Limited Quantity!
Visit Here: {LINK}
==
Home / Spam / About Spam / Types of Spam
Types of Spam
Today spam is a household word, since 70-80% of all email traffic is spam. Although spam written in English is the most common, it comes in all languages including Chinese, Korean and other Asian languages. In most cases spam is advertising, and experience shows that spammers have targeted specific goods and services to promote. Some goods are chosen because a computer user is likely to be interested, but most are grey or black market goods. In other words, spam is usually illegal not only because of the means used to advertise the goods, but also because the goods and services being offered are illegal in themselves.
Other mass mailings are outright fraud, such as the notorious 419 messages which offer the recipients a share of funds which allegedly cannot be accessed by the sender for political reasons, in return for the recipient's help in legalizing these funds. The recipient is asked to provide bank account details; of course, if the recipient provides these details, the bank account will be emptied without their consent. This type of spam is usually called a 'scam'.
The commonest types of spam
Spam worldwide tends to advertise a certain range of goods and services irrespective of language and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas items and car heaters being replaced by air conditioner advertising in summer.
However, when averaged out over the course of the year, 50% of spam falls into the following categories:
* Adult content
* Health
* IT
* Personal finance
* Education/training
Adult content
This category of spam includes offers for products designed to increase or exhance sexual potency, links to porn sites or advertisments for pornorgraphy etc. Examples (we include basic texts but no graphics for ethical reasons):
Subject: very cheap erection tool :-)
Good day!
We would like to offer cheapest Viagra in the world!
You can get it at:
{LINK}
Sincerely,
Liza Stokes
Subject: i think you're gonna like watching me get off :-)
Hi...im Brooke..and I just got a webcam...lets have a little chat.. while you watch me get dirty .. haha;-)
{LINK}
Health and Medicine
This category includes advertisements for weight loss, skin care, posture improvement, cures for baldness, dietary supplements, non-traditional medication etc. which can all be bought on-line.
Examples:
Subject: Lose up to 19% weight. A new weightloss is here.
Hello, I have a special offer for you...
WANT TO LOSE WEIGHT?
The most powerful weightloss is now available
without prescription. All natural Adipren720
100% Money Back Guarantée!
- Lose up to 19% Total Body Weight.
- Up to 300% more Weight Loss while dieting.
- Loss of 20-35% abdominal Fat.
- Reduction of 40-70% overall Fat under skin.
- Increase metabolic rate by 76.9% without Exercise.
- Burns calorized fat.
- Suppresses appetite for sugar.
- Boost your Confidence level and Self Esteem.
Get the facts about all-natural Adipren720: {LINK}
Subject: Legal Low prices for Valium (Diazepam) (Caffeine FREE)
Rx Shopping Service Brings You our Newest Product:
Your personal shopping service that legally provides
Over the Counter (OTC) approved drugs from Canada and
around the world.
Order Valium (Diazepam) and it will be
guaranteed Delivery within 7 DAYS!
Do not miss out *Limited Quantity!
Visit Here: {LINK}
===============
IT
This category includes offers for low-priced hardware and software as well as services for web site owners such as hosting, domain registration, web site optimization and so forth.
Examples:
Subject: Huge savings on OEM Software. All brand names available now stewardess
Looking for not expensive high-quality software?
We might have just what you need.
Windows XP Professional 2002 ............. $50
Adobe Photoshop 7.0 ...................... $60
Microsoft Office XP Professional 2002 .... $60
Corel Draw Graphics Suite 11 ............. $60
and lots more...
===========================
Personal finance
Spam which falls into this category offers insurance, debt reduction services, loans with low interest rates etc.
Examples:
Subject: Lenders Compete--You Win
Reduce your mortgage payments
Interest Rates are Going Up!
Give Your Family The Financial Freedom They Deserve
Refinance Today & SAVE
*Quick & EASY
*CONFIDENTIAL
*100's Of Lenders
*100% FREE
*Get The Lowest Rate
Apply Today! {LINK}
All credit will be accepted
To clear your name from our database please {LINK}or use one of the optins below.
Thank You
Call 1-800-279-7310
Or please mail us at:
1700 E. Elliot Rd. STE3-C4
Tempe, AZ. 85283
=============
Education
This category includes offers for seminars, training, and on-line degrees.
Examples:
Subject: get a degree from home, Mas#ters, Bachelors or PHD
Call {Phone Num.} to inquire about our degree programs.
Whether you are seeking a Bachelors, Masters, Ph.D. or MBA
We can provide you with the fully verifiable credentials to get your career BACK ON TRACK!
No testing or coursework required Call: {Phone Num.}
we are sorry if you did not want to receive this mail.
To be removed from our list please call {Phone Num.}
=============
Some new trends in spam content
Spammers are constantly seeking to enter new markets and develop new techniques. Some areas are evolving rapidly and should be monitored closely.
Political spam
This category includes mudslinging or political threats from extremists and possible terrorists. Though these are merely nuisance messages to end users, security and law enforcement officials need to be aware of such mailings, since they can provide clues to genuine potential threats, or be actual communication between terrorists.
Antispam solutions
Spammers advertise supposed antispam solutions in an effort to cash in on the negative publicity generated by spam itself. However, such offers often lead the user to sites where a Trojan will be downloaded to the victim machine, which will then be used for future mass mailings.
Example:
Subject: Join the thousands who are now sp@m-free
FORGET SPAM BLOCKERS!
Get SMART Spam Control That Always Delivers The Email You Want!
Finally, we discovered the ultimate solution that is guaranteed to stop all spam
without losing any of your important email! This revolutionary advanced technology
also protects you 100% against ALL email-borne viruses - both known and unknown.
We didn't believe it either until we actually tried it. So you be the judge and see for yourself.
{LINK}
==============
Spam, viruses and junk email
Today, most people class all unsolicited email as spam, including automatic replies, emails containing viruses and unsolicited, but legitimate business propositions. Classifying all such emails as spam is broadly correct, but it must be highlighted that some categories of spam are more dangerous than others.
In particular, the alliance developing between virus writers and spammers is worrisome. The first half of 2004 brought several virus epidemics where viruses were circulated using spammer techniques. These outbreaks were classic examples of how botnets can be created by virus writers, and then sold to spammers for use in future mass mailings.
Evolution of Spam
In the beginning
Spam (unsolicited bulk advertising via email) made its first appearance in the mid 1990s, i.e. as soon as enough people were using email to make this a cost-effective form of advertising. By 1997, spam was regarded as being a problem, and the first Real-Time Black List (RBL) appeared in the same year.
Spammer techniques have evolved in response to the appearance of more and better filters. As soon as security firms develop effective filters, spammers change their tactics to avoid the new spam blockers. And this leads to a vicious circle, with spammers re-investing profits into developing new techniques to evade new spam filters. The situation is spiralling out of control.
The development of spammer techniques
Direct mailing
Initially, spam was sent directly to users. In fact, spammers didn't even need to disguise the sender information. This early spam was easy enough to block: if you black listed specific sender or IP addresses, you were safe. In response, spammers began spoofing sender addresses and forging other technical information.
Open Relay
In the mid-1990s all email servers were open relay - any sender could send an email to any recipient. Spam and other security issues led administrators to start reconfiguring mail servers worldwide. However, the process was relatively slow, and not all mail server owners and administrators were willing to cooperate. Once the process was well underway, security analysts began scanning for the remaining open relay mail servers. These DNS RBLs were made available, making it possible for,security conscious administrators to block incoming mail from listed servers. However, open relay servers are still used for mass mailing.
Modem Pool
As soon as sending spam via open relay became less efficient, spammers began to use dial up connections. They exploited the way in which ISP providers structured dial up services and utilized weaknesses in the system:
* As a rule, ISP mail servers forward incoming mail from clients.
* Dial-up connections are supported by dynamic IP addresses. Spammers can therefore use a new IP address for every mailing session.
In answer to spammer exploitation, ISP providers began to limit the number of emails a user could send in any one session. Lists of suspect dial-up addresses and filters which blocked mail from these addresses appeared on the Internet.
Proxy servers
The new century saw spammers switching to high-speed Internet connections and exploiting hardware vulnerabilities. Cable and ADSL connections allowed spammers to send mass mailing cheaply and quickly. In addition, spammers rapidly discovered that many ADSL modems had built-in socks servers or http proxy servers. Both are simply utilites that divide an Internet channel between multiple computers. The important feature was that anybody from anywhere in the world could access these servers since they had no protection at all. In other words, malicious users could use other people's ADSL connections to do whatever they pleased, including, naturally, sending spam. Moreover, the spam would look as if it had been sent from the victim's IP address. Since millions of people worldwide had these connections, spammers had a field day until hardware manufacturers began securing their equipment.
Zombie or bot networks
In 2003 and 2004 spammers sent the majority of mailing from machines belonging to unsuspecting users. Spammers use malware to install Trojans on users' machines, leaving them open to remote use. Methods used to penetrate victim machines include:
* Trojan droppers and downloaders injected into pirate software which is distributed via file sharing P2P networks (Kazaa, eDonkey etc.).
* Exploiting vulnerabilities in MS Windows and popular applications such as IE & Outlook.
* Email worms
Anyone who has the client part of a program which controls the Trojan that has infected a victim machine controls the machine or network of victim machines. The resulting networks are called bot networks, and are sold and traded among spammers.
Analysts estimate that Trojans are installed on millions of machines worldwide. Modern Trojans are sophisticated enough to download new versions of themselves, download and execute commands from specified websites or IRC channels, send out spam, conduct DDoS attack and much more.
The development of spam content
Content Analysis
Many spam filters work by analysing the content of a message: the message subject, body, and attachments. Spammers today expend significant resources on developing content which will evade content filters.
Simple text and HTML
Originally, spam was simple: identical messages were sent to everyone on a mailing list. These emails were laughably easy to filter out due to the quantity of identical texts.
Personalised mail
Spammers then began to include a greeting based on the recipient's address. Since every message now contained a personalised greeting, filters which blocked identical messages did not detect this type of spam. Security experts developed filters that identified unchanging lines, which would then be added to filtration rules. They also developed fuzzy signature matching, which would detect text which only had minor changes, and statistic based self-modifying filtration technologies such as Bayesian filters.
Random text strings and invisible text
Spammers now often place either text strings from legitimate business emails, or random text strings at the beginning or end of emails in order to evade content filters. Another method used to evade filters is to include invisible text in HTML-format emails: the text is either too tiny to see or the font color matches the background.
Both methods are fairly successful against content and statistical filters. Analysts responded by developing search engines that scanned emails for such typical texts, which also conducted detailed HTML analysis and sophisticated content analysis. Many antispam solutions were able to detect such tricks without even analysing the content of individual emails in detail.
Graphics
Sending spam in graphics format makes it very hard to detect. Analysts are developing methods for extracting and analyzing text contained in graphics files.
Paraphrasing texts
A single advertisement can be endlessly rephrased, making each individual message appear to be a legitimate email. As a result, antispam filters have to be configured using a large number of samples before such messages can be detected as spam.
Summary
Currently, spammers usually use the last three methods in a variety of combinations. Many antispam solutions are incapable of detecting all three. As long as spamming remains profitable, users with poor-quality antispam software will continue to find their mailboxes clogged with advertising.
Spam (unsolicited bulk advertising via email) made its first appearance in the mid 1990s, i.e. as soon as enough people were using email to make this a cost-effective form of advertising. By 1997, spam was regarded as being a problem, and the first Real-Time Black List (RBL) appeared in the same year.
Spammer techniques have evolved in response to the appearance of more and better filters. As soon as security firms develop effective filters, spammers change their tactics to avoid the new spam blockers. And this leads to a vicious circle, with spammers re-investing profits into developing new techniques to evade new spam filters. The situation is spiralling out of control.
The development of spammer techniques
Direct mailing
Initially, spam was sent directly to users. In fact, spammers didn't even need to disguise the sender information. This early spam was easy enough to block: if you black listed specific sender or IP addresses, you were safe. In response, spammers began spoofing sender addresses and forging other technical information.
Open Relay
In the mid-1990s all email servers were open relay - any sender could send an email to any recipient. Spam and other security issues led administrators to start reconfiguring mail servers worldwide. However, the process was relatively slow, and not all mail server owners and administrators were willing to cooperate. Once the process was well underway, security analysts began scanning for the remaining open relay mail servers. These DNS RBLs were made available, making it possible for,security conscious administrators to block incoming mail from listed servers. However, open relay servers are still used for mass mailing.
Modem Pool
As soon as sending spam via open relay became less efficient, spammers began to use dial up connections. They exploited the way in which ISP providers structured dial up services and utilized weaknesses in the system:
* As a rule, ISP mail servers forward incoming mail from clients.
* Dial-up connections are supported by dynamic IP addresses. Spammers can therefore use a new IP address for every mailing session.
In answer to spammer exploitation, ISP providers began to limit the number of emails a user could send in any one session. Lists of suspect dial-up addresses and filters which blocked mail from these addresses appeared on the Internet.
Proxy servers
The new century saw spammers switching to high-speed Internet connections and exploiting hardware vulnerabilities. Cable and ADSL connections allowed spammers to send mass mailing cheaply and quickly. In addition, spammers rapidly discovered that many ADSL modems had built-in socks servers or http proxy servers. Both are simply utilites that divide an Internet channel between multiple computers. The important feature was that anybody from anywhere in the world could access these servers since they had no protection at all. In other words, malicious users could use other people's ADSL connections to do whatever they pleased, including, naturally, sending spam. Moreover, the spam would look as if it had been sent from the victim's IP address. Since millions of people worldwide had these connections, spammers had a field day until hardware manufacturers began securing their equipment.
Zombie or bot networks
In 2003 and 2004 spammers sent the majority of mailing from machines belonging to unsuspecting users. Spammers use malware to install Trojans on users' machines, leaving them open to remote use. Methods used to penetrate victim machines include:
* Trojan droppers and downloaders injected into pirate software which is distributed via file sharing P2P networks (Kazaa, eDonkey etc.).
* Exploiting vulnerabilities in MS Windows and popular applications such as IE & Outlook.
* Email worms
Anyone who has the client part of a program which controls the Trojan that has infected a victim machine controls the machine or network of victim machines. The resulting networks are called bot networks, and are sold and traded among spammers.
Analysts estimate that Trojans are installed on millions of machines worldwide. Modern Trojans are sophisticated enough to download new versions of themselves, download and execute commands from specified websites or IRC channels, send out spam, conduct DDoS attack and much more.
The development of spam content
Content Analysis
Many spam filters work by analysing the content of a message: the message subject, body, and attachments. Spammers today expend significant resources on developing content which will evade content filters.
Simple text and HTML
Originally, spam was simple: identical messages were sent to everyone on a mailing list. These emails were laughably easy to filter out due to the quantity of identical texts.
Personalised mail
Spammers then began to include a greeting based on the recipient's address. Since every message now contained a personalised greeting, filters which blocked identical messages did not detect this type of spam. Security experts developed filters that identified unchanging lines, which would then be added to filtration rules. They also developed fuzzy signature matching, which would detect text which only had minor changes, and statistic based self-modifying filtration technologies such as Bayesian filters.
Random text strings and invisible text
Spammers now often place either text strings from legitimate business emails, or random text strings at the beginning or end of emails in order to evade content filters. Another method used to evade filters is to include invisible text in HTML-format emails: the text is either too tiny to see or the font color matches the background.
Both methods are fairly successful against content and statistical filters. Analysts responded by developing search engines that scanned emails for such typical texts, which also conducted detailed HTML analysis and sophisticated content analysis. Many antispam solutions were able to detect such tricks without even analysing the content of individual emails in detail.
Graphics
Sending spam in graphics format makes it very hard to detect. Analysts are developing methods for extracting and analyzing text contained in graphics files.
Paraphrasing texts
A single advertisement can be endlessly rephrased, making each individual message appear to be a legitimate email. As a result, antispam filters have to be configured using a large number of samples before such messages can be detected as spam.
Summary
Currently, spammers usually use the last three methods in a variety of combinations. Many antispam solutions are incapable of detecting all three. As long as spamming remains profitable, users with poor-quality antispam software will continue to find their mailboxes clogged with advertising.
Spammer Technologies
Spammers use dedicated programs and technologies to generate and transmit the billions of spam emails which are sent every day. This requires significant investment of both time and money.
Spammer activity can be broken down into the following steps:
1. Collecting and verifying recipient addresses; sorting the addresses into target groups
2. Creating platforms for mass mailing (servers and/or individual computers)
3. Writing mass mailing programs
4. Marketing spammer services
5. Developing texts for specific campaigns
6. Sending spam
Each step in the process is carried out independently of the others.
Creating address databases
Collecting and verifying addresses; creating address lists
The first step in running a spammer business is creating an email database. Entries do not only consist of email addresses; each entry may contain additional information such as geographical location, sphere of activity (for corporate entries) or interests (for personal entries). A database may contain addresses from specific mail providers, such as Yandex, Hotmail, AOL etc. or from on-line services such as PayPal or eBay.
There are a number of methods spammers typically use to collecting addresses:
* Spoofing addresses using common combinations of words and numbers - john@, destroyer@, alex-2@
* Spoofing addresses by analogy - if there is a verified joe.user@yahoo.com , then it's reasonable to search for a joe.user@hotmail.com, @aol.com etc.
* Scanning public resources including web sites, forums, chat rooms, Whois databases, Usenet News and so forth for word combinations (i.e. word1@word2.word.3, with word3 being a top-level domain such as .com or .info)
* Stealing databases from web services, ISPs etc.
* Stealing users' personal data using Trojans
Topical databases are usually created using the third method, since public resources often contain information about user preferences along with personal information such as gender, age etc. Stolen databases from web services and ISPs may also include such information, enabling spammers to further personalize and target their mailings.
Stealing personal data such as mail client address books is a recent innovation, but is proving to be highly effective, as the majority of addresses will be active. Unfortunately, recent virus epidemics have demonstrated that there are still a great many systems without adequate antivirus protection; this method will continue to be successfully used until the vast majority of systems have been adequately secured.
Address verification
Once email databases have been created, the addresses need to be verified before they can be sold or used for mass mailing. Spammers send a variety of trial messages to check that addresses are active and that email messages are being read.
1. Initial test mailing. A test message with a random text which is designed to evade spam filters is sent to the entire address list. The mail server logs are analysed for active and defunct addresses and the database is cleaned accordingly.
2. Once addresses have been verified, a second message is often sent to check whether recipients are reading messages. For instance, the message may contain a link to a picture on a designated web server. Once the message is opened, the picture is downloaded automatically and the web site will log the address as active. Most email clients no longer download pictures automatically, so this method is on the wane.
3. A more successful method of verifying if an address is active is a social engineering technique. Most end users know that they have the right to unsubscribe from unsolicited and/or unwanted mailings. Spammers take advantage of this by sending messages with an 'unsubscribe' button. Users click on the unsubscribe link and a message purportedly unsubscribing the user is sent. Instead, the spammer receives confirmation that the address in question is not only valid but that the user is active.
However, none of these methods are foolproof and any spammer database will always contain a large number of inactive addresses.
Creating platforms for mass mailing
Today's spammers use one of these three mass mailing methods:
1. Direct mailing from rented servers
2. Using open relays and open proxies - servers which have been poorly configured, and are therefore freely accessible
3. Bot networks - networks of zombie machines infected with malware, usually a Trojan, which allow spammers to use the infected machines as platforms for mass mailings without the knowledge or consent of the owner..
Renting servers is problematic, since antispam organizations monitor mass mailings and are quick to add servers to black lists. Most ISPs and antispam solutions use black lists as one method to identify spam: this means that once a server has been blacklisted, it can no longer be used by spammers.
Using open relay and open proxy servers is also time consuming and costly. First spammers need to write and maintain robots that search the Internet for vulnerable servers. Then the servers need to be penetrated. However, very often, after a few successful mailings, these servers will also be detected and blacklisted.
As a result, today most spammers prefer to create or purchase bot networks. Professional virus writers use a variety of methods to create and maintain these networks:
1. Exploiting vulnerabilities in Internet browsers, primarily MS Internet Explorer. There are number of browser vulnerabilities in browsers which make it possible to penetrate a computer from a site being viewed by the machine's user. Virus writers exploit such holes and write Trojans and other malware to penetrate victim machines, giving malware owners full access to, and control over, these infected machines.
For instance, porn sites and other frequently visited semi-legal sites are often infested with such malicious programs. In 2004 a large number of sites running under MS IIS were penetrated and infected with Trojans. These Trojans then attacked the machines of users who believed that these sites were safe.
2. Using email worms and exploiting vulnerabilities in MS Windows services to distribute and install Trojans:
1. Most recent virus outbreaks have been caused by blended threats, which included installation of a backdoor on infected machines. In fact, nearly all email worms have a Trojan payload.
2. MS Windows systems are inherently vulnerable, and hackers and virus writers are always ready to exploit this. Independent tests have demonstrated that a Windows XP system without either a firewall and antivirus software attacked within approximately 20 minutes of being connected to the Internet.
3. Pirate software is also a favorite vehicle for spreading malicious code. Since these programs are often spread via file-sharing networks, such as Kazaa, eDonkey and others, the networks themselves are penetrated and even users who do not use pirate software will be at risk.
Spammer Software
An average mass mailing contains about a million messages. The objective is to send the maximum number of messages in the minimum possible time: there is a limited window of opportunity before antispam vendors update signature databases to deflect the latest types of spam.
Sending a large number of messages within a limited timeframe requires appropriate technology. There are a number of resources developed and used by professional spammers available. These programs need to be able to:
1. Send mail via a variety of channels including open relays and individual infected machines.
2. Create dynamic texts.
3. Spoof legitimate message headers
4. Track the validity of an email address database.
5. Detect whether individual messages are delivered or not and to resend them from alternate platforms if the original platform has been blacklisted.
These spammer applications are available as subscription services or as a stand alone application for a one-off fee.
Creating the message body
Today, antispam filters are sophisticated enough to instantly detect and block a large number of identical messages. Spammers therefore now make sure that mass mailings contain emails with almost identical content, with the texts being very slightly altered. They have developed a range of methods to mask the similiarity between messages in each mailing:
* Inclusion of random text strings, words or invisible text. This may be as simple as including a random string of words and/or characters or a real text from a real source at either the beginning or the end of the message body. An HTML message may contain invisible text - tiny fonts or text which is colored to match the background.
All of these tricks interfere with the fuzzy matching and Bayesian filtering methods used by antispam solutions. However, antispam developers have responded by developing quotation scanners, detailed analysis of HTML encoding and other techniques. In many cases spam filters simply detect that such tricks have been used in a message and automatically flag it as spam.
* Graphical spam. Sending text in graphics format hindered automatic text analysis for a period of time, though today a good antispam solution is able to detect and analyze incoming graphics
* Dynamic graphics. Spammers are now utilizing complicated graphics with extra information to evade antispam filters.
* Dynamic texts. The same text is rewritten in numerous ways so that it is necessary to compare a large number of samples before it will be possible to identify a group of messages as spam. This means that antispam filters can only be updated once most of the mailing has already reached its target.
A good spammer application will utilize all of the above methods, since different potential victims use different antispam filters. Using a variety of techniques ensures that a commercially viable number of messages will escape filtration and reach the intended recipients.
Marketing spammer services
Strangely enough, spammers advertise their services using spam. In fact, the advertising which spammers use to promote their services are a separate category of spam. Spammer-related spam also includes advertisements for spammer applications, bot networks and email address databases.
The structure of a spammer business
The steps listed above require a team of different specialists or outsourcing certain tasks. The spammers themselves, i.e. the people who run the business and collect money from clients, usually purchase or rent the applications and services they need to conduct mass mailings.
Spammers are divided into professional programmers and virus writers who develop and implement the software needed to send spam, and amateurs who may not be programmers or IT people, but simply want to make some easy money.
Future Trends
The spam market today is valued at approximately several hundred million dollars annually. How is this figure reached? Divide the number of messages detected every day by the number of messages in a standard mailing. Multiply the result by the average cost of a standard mailing: 30 billion (messages) divided by 1 million (messages) multiplied US $100 multiplied by 365 (days) gives us an estimated annual turnover of $1095 million.
Such a lucrative market encourages full-scale companies which run the entire business cycle in-house in a professional and cost-effective manner. There are also legal issues: collecting personal data and sending unsolicited correspondence is currently illegal in most countries of the world. However, the money is good enough to attract the interest of people who willing to take risks and potentially make a fat profit.
The spam industry is therefore likely to follow in the footsteps of other illegal activities: go underground and engage in a prolonged cyclic battle with law enforcement agencies.
Spammer activity can be broken down into the following steps:
1. Collecting and verifying recipient addresses; sorting the addresses into target groups
2. Creating platforms for mass mailing (servers and/or individual computers)
3. Writing mass mailing programs
4. Marketing spammer services
5. Developing texts for specific campaigns
6. Sending spam
Each step in the process is carried out independently of the others.
Creating address databases
Collecting and verifying addresses; creating address lists
The first step in running a spammer business is creating an email database. Entries do not only consist of email addresses; each entry may contain additional information such as geographical location, sphere of activity (for corporate entries) or interests (for personal entries). A database may contain addresses from specific mail providers, such as Yandex, Hotmail, AOL etc. or from on-line services such as PayPal or eBay.
There are a number of methods spammers typically use to collecting addresses:
* Spoofing addresses using common combinations of words and numbers - john@, destroyer@, alex-2@
* Spoofing addresses by analogy - if there is a verified joe.user@yahoo.com , then it's reasonable to search for a joe.user@hotmail.com, @aol.com etc.
* Scanning public resources including web sites, forums, chat rooms, Whois databases, Usenet News and so forth for word combinations (i.e. word1@word2.word.3, with word3 being a top-level domain such as .com or .info)
* Stealing databases from web services, ISPs etc.
* Stealing users' personal data using Trojans
Topical databases are usually created using the third method, since public resources often contain information about user preferences along with personal information such as gender, age etc. Stolen databases from web services and ISPs may also include such information, enabling spammers to further personalize and target their mailings.
Stealing personal data such as mail client address books is a recent innovation, but is proving to be highly effective, as the majority of addresses will be active. Unfortunately, recent virus epidemics have demonstrated that there are still a great many systems without adequate antivirus protection; this method will continue to be successfully used until the vast majority of systems have been adequately secured.
Address verification
Once email databases have been created, the addresses need to be verified before they can be sold or used for mass mailing. Spammers send a variety of trial messages to check that addresses are active and that email messages are being read.
1. Initial test mailing. A test message with a random text which is designed to evade spam filters is sent to the entire address list. The mail server logs are analysed for active and defunct addresses and the database is cleaned accordingly.
2. Once addresses have been verified, a second message is often sent to check whether recipients are reading messages. For instance, the message may contain a link to a picture on a designated web server. Once the message is opened, the picture is downloaded automatically and the web site will log the address as active. Most email clients no longer download pictures automatically, so this method is on the wane.
3. A more successful method of verifying if an address is active is a social engineering technique. Most end users know that they have the right to unsubscribe from unsolicited and/or unwanted mailings. Spammers take advantage of this by sending messages with an 'unsubscribe' button. Users click on the unsubscribe link and a message purportedly unsubscribing the user is sent. Instead, the spammer receives confirmation that the address in question is not only valid but that the user is active.
However, none of these methods are foolproof and any spammer database will always contain a large number of inactive addresses.
Creating platforms for mass mailing
Today's spammers use one of these three mass mailing methods:
1. Direct mailing from rented servers
2. Using open relays and open proxies - servers which have been poorly configured, and are therefore freely accessible
3. Bot networks - networks of zombie machines infected with malware, usually a Trojan, which allow spammers to use the infected machines as platforms for mass mailings without the knowledge or consent of the owner..
Renting servers is problematic, since antispam organizations monitor mass mailings and are quick to add servers to black lists. Most ISPs and antispam solutions use black lists as one method to identify spam: this means that once a server has been blacklisted, it can no longer be used by spammers.
Using open relay and open proxy servers is also time consuming and costly. First spammers need to write and maintain robots that search the Internet for vulnerable servers. Then the servers need to be penetrated. However, very often, after a few successful mailings, these servers will also be detected and blacklisted.
As a result, today most spammers prefer to create or purchase bot networks. Professional virus writers use a variety of methods to create and maintain these networks:
1. Exploiting vulnerabilities in Internet browsers, primarily MS Internet Explorer. There are number of browser vulnerabilities in browsers which make it possible to penetrate a computer from a site being viewed by the machine's user. Virus writers exploit such holes and write Trojans and other malware to penetrate victim machines, giving malware owners full access to, and control over, these infected machines.
For instance, porn sites and other frequently visited semi-legal sites are often infested with such malicious programs. In 2004 a large number of sites running under MS IIS were penetrated and infected with Trojans. These Trojans then attacked the machines of users who believed that these sites were safe.
2. Using email worms and exploiting vulnerabilities in MS Windows services to distribute and install Trojans:
1. Most recent virus outbreaks have been caused by blended threats, which included installation of a backdoor on infected machines. In fact, nearly all email worms have a Trojan payload.
2. MS Windows systems are inherently vulnerable, and hackers and virus writers are always ready to exploit this. Independent tests have demonstrated that a Windows XP system without either a firewall and antivirus software attacked within approximately 20 minutes of being connected to the Internet.
3. Pirate software is also a favorite vehicle for spreading malicious code. Since these programs are often spread via file-sharing networks, such as Kazaa, eDonkey and others, the networks themselves are penetrated and even users who do not use pirate software will be at risk.
Spammer Software
An average mass mailing contains about a million messages. The objective is to send the maximum number of messages in the minimum possible time: there is a limited window of opportunity before antispam vendors update signature databases to deflect the latest types of spam.
Sending a large number of messages within a limited timeframe requires appropriate technology. There are a number of resources developed and used by professional spammers available. These programs need to be able to:
1. Send mail via a variety of channels including open relays and individual infected machines.
2. Create dynamic texts.
3. Spoof legitimate message headers
4. Track the validity of an email address database.
5. Detect whether individual messages are delivered or not and to resend them from alternate platforms if the original platform has been blacklisted.
These spammer applications are available as subscription services or as a stand alone application for a one-off fee.
Creating the message body
Today, antispam filters are sophisticated enough to instantly detect and block a large number of identical messages. Spammers therefore now make sure that mass mailings contain emails with almost identical content, with the texts being very slightly altered. They have developed a range of methods to mask the similiarity between messages in each mailing:
* Inclusion of random text strings, words or invisible text. This may be as simple as including a random string of words and/or characters or a real text from a real source at either the beginning or the end of the message body. An HTML message may contain invisible text - tiny fonts or text which is colored to match the background.
All of these tricks interfere with the fuzzy matching and Bayesian filtering methods used by antispam solutions. However, antispam developers have responded by developing quotation scanners, detailed analysis of HTML encoding and other techniques. In many cases spam filters simply detect that such tricks have been used in a message and automatically flag it as spam.
* Graphical spam. Sending text in graphics format hindered automatic text analysis for a period of time, though today a good antispam solution is able to detect and analyze incoming graphics
* Dynamic graphics. Spammers are now utilizing complicated graphics with extra information to evade antispam filters.
* Dynamic texts. The same text is rewritten in numerous ways so that it is necessary to compare a large number of samples before it will be possible to identify a group of messages as spam. This means that antispam filters can only be updated once most of the mailing has already reached its target.
A good spammer application will utilize all of the above methods, since different potential victims use different antispam filters. Using a variety of techniques ensures that a commercially viable number of messages will escape filtration and reach the intended recipients.
Marketing spammer services
Strangely enough, spammers advertise their services using spam. In fact, the advertising which spammers use to promote their services are a separate category of spam. Spammer-related spam also includes advertisements for spammer applications, bot networks and email address databases.
The structure of a spammer business
The steps listed above require a team of different specialists or outsourcing certain tasks. The spammers themselves, i.e. the people who run the business and collect money from clients, usually purchase or rent the applications and services they need to conduct mass mailings.
Spammers are divided into professional programmers and virus writers who develop and implement the software needed to send spam, and amateurs who may not be programmers or IT people, but simply want to make some easy money.
Future Trends
The spam market today is valued at approximately several hundred million dollars annually. How is this figure reached? Divide the number of messages detected every day by the number of messages in a standard mailing. Multiply the result by the average cost of a standard mailing: 30 billion (messages) divided by 1 million (messages) multiplied US $100 multiplied by 365 (days) gives us an estimated annual turnover of $1095 million.
Such a lucrative market encourages full-scale companies which run the entire business cycle in-house in a professional and cost-effective manner. There are also legal issues: collecting personal data and sending unsolicited correspondence is currently illegal in most countries of the world. However, the money is good enough to attract the interest of people who willing to take risks and potentially make a fat profit.
The spam industry is therefore likely to follow in the footsteps of other illegal activities: go underground and engage in a prolonged cyclic battle with law enforcement agencies.
Spam - What exactly is it?
In order to combat spam effectively it is necessary to define exactly what spam is.
Most people believe that spam is unsolicitied email. However, this definition is not entirely correct and confuses some types of legitimate business correspondence with true spam.
Spam is anonymous, unsolicited bulk email.
This is the description that is being used today in the USA and Europe as a basis for the creation of anti-spam legislation. Let's take a closer look at each component of the definition:
* Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual sender.
* Mass mailing: real spam is sent in mass quantities. Spammers make money from the small percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails have to be high-volume.
* Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to receive may resemble spam but are actually legitimate mail. In other words, the same piece of mail can be classed as both spam and legitimate mail depending on whether or not the user elected to receive it.
It should be highlighted that the words 'advertising' and 'commercial' are not used to define spam.
Many spam messages are neither advertising nor any type of commercial proposition. In additon to offering goods and services, spam mailings can fall into the following categories:
* Political messages
* Quasi-charity appeals
* Financial scams
* Chain letters
* Fake spam being used to spread malware
Unsoliticited but legitimate messages
A legitimate commercial proposition, a charity appeal, an invitation addressed personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail, but not as spam. Legitimate messages may also include delivery failure messages, misdirected messages, messages from system administrators or even messages from old friends who have previously not corresponded with the recipient by email. Unsolicited - yes. Unwanted - not necessarily.
How to deal with spam
Because unsolicited correspondence may be of interest to the recipient, a quality antispam solution should be able to distinguish between true spam (unsolicited, bulk mailing) and unsolicited correspondence. This kind of mail should be flagged as 'possible spam' so it can be reviewed or deleted at the recipient's convenience.
Companies should have a spam policy, with system administrators assessing the needs of different departments. Access to different unsolicited mail folders should be given to different user groups based on this assessment. For instance, the travel manager may well want to read travel ads, whereas the HR department may wish to see all invitations to seminars and training sessions.
Most people believe that spam is unsolicitied email. However, this definition is not entirely correct and confuses some types of legitimate business correspondence with true spam.
Spam is anonymous, unsolicited bulk email.
This is the description that is being used today in the USA and Europe as a basis for the creation of anti-spam legislation. Let's take a closer look at each component of the definition:
* Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual sender.
* Mass mailing: real spam is sent in mass quantities. Spammers make money from the small percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails have to be high-volume.
* Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to receive may resemble spam but are actually legitimate mail. In other words, the same piece of mail can be classed as both spam and legitimate mail depending on whether or not the user elected to receive it.
It should be highlighted that the words 'advertising' and 'commercial' are not used to define spam.
Many spam messages are neither advertising nor any type of commercial proposition. In additon to offering goods and services, spam mailings can fall into the following categories:
* Political messages
* Quasi-charity appeals
* Financial scams
* Chain letters
* Fake spam being used to spread malware
Unsoliticited but legitimate messages
A legitimate commercial proposition, a charity appeal, an invitation addressed personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail, but not as spam. Legitimate messages may also include delivery failure messages, misdirected messages, messages from system administrators or even messages from old friends who have previously not corresponded with the recipient by email. Unsolicited - yes. Unwanted - not necessarily.
How to deal with spam
Because unsolicited correspondence may be of interest to the recipient, a quality antispam solution should be able to distinguish between true spam (unsolicited, bulk mailing) and unsolicited correspondence. This kind of mail should be flagged as 'possible spam' so it can be reviewed or deleted at the recipient's convenience.
Companies should have a spam policy, with system administrators assessing the needs of different departments. Access to different unsolicited mail folders should be given to different user groups based on this assessment. For instance, the travel manager may well want to read travel ads, whereas the HR department may wish to see all invitations to seminars and training sessions.
Software Vulnerabilities
'Errare humanum est' (' To err is human.')
Marcus Tullius Cicero, Roman statesman, philosopher and author
'To err is human, but to really foul things up you need a computer'
Paul Ehrlich
The term 'vulnerability' is often mentioned in connection with computer security, in many different contexts.
In its broadest sense, the term 'vulnerability' is associated with some violation of a security policy. This may be due to weak security rules, or it may be that there is a problem within the software itself. In theory, all computer systems have vulnerabilities; whether or not they are serious depends on whether or not they are used to cause damage to the system.
There have been many attempts to clearly define the term 'vulnerability' and to separate the two meanings. MITRE, a US federally funded research and development group, focuses on analysing and solving critical security issues. The group has produced the following definitions:
According to MITRE's CVE Terminology:
[...] A universal vulnerability is a state in a computing system (or set of systems) which either:
* allows an attacker to execute commands as another user
* allows an attacker to access data that is contrary to the specified access restrictions for that data
* allows an attacker to pose as another entity
* allows an attacker to conduct a denial of service
MITRE believes that when an attack is made possible by a weak or inappropriate security policy, this is better described as 'exposure':
An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:
* allows an attacker to conduct information gathering activities
* allows an attacker to hide activities
* includes a capability that behaves as expected, but can be easily compromised
* is a primary point of entry that an attacker may attempt to use to gain access to the system or data is considered a problem according to some reasonable security policy
When trying to gain unauthorized access to a system, an intruder usually first conducts a routine scan (or investigation) of the target, collects any 'exposed' data, and then exploits security policy weaknesses or vulnerabilities. Vulnerabilities and exposures are therefore both important points to check when securing a system against unauthorized access.
Marcus Tullius Cicero, Roman statesman, philosopher and author
'To err is human, but to really foul things up you need a computer'
Paul Ehrlich
The term 'vulnerability' is often mentioned in connection with computer security, in many different contexts.
In its broadest sense, the term 'vulnerability' is associated with some violation of a security policy. This may be due to weak security rules, or it may be that there is a problem within the software itself. In theory, all computer systems have vulnerabilities; whether or not they are serious depends on whether or not they are used to cause damage to the system.
There have been many attempts to clearly define the term 'vulnerability' and to separate the two meanings. MITRE, a US federally funded research and development group, focuses on analysing and solving critical security issues. The group has produced the following definitions:
According to MITRE's CVE Terminology:
[...] A universal vulnerability is a state in a computing system (or set of systems) which either:
* allows an attacker to execute commands as another user
* allows an attacker to access data that is contrary to the specified access restrictions for that data
* allows an attacker to pose as another entity
* allows an attacker to conduct a denial of service
MITRE believes that when an attack is made possible by a weak or inappropriate security policy, this is better described as 'exposure':
An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:
* allows an attacker to conduct information gathering activities
* allows an attacker to hide activities
* includes a capability that behaves as expected, but can be easily compromised
* is a primary point of entry that an attacker may attempt to use to gain access to the system or data is considered a problem according to some reasonable security policy
When trying to gain unauthorized access to a system, an intruder usually first conducts a routine scan (or investigation) of the target, collects any 'exposed' data, and then exploits security policy weaknesses or vulnerabilities. Vulnerabilities and exposures are therefore both important points to check when securing a system against unauthorized access.
How to Detect a Hacker Attack
Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.
Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.
Windows machines:
* Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.
* Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.
* Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.
* Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.
Unix machines:
* Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.
* Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.
* Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.
* Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.
Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.
Windows machines:
* Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.
* Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.
* Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.
* Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.
Unix machines:
* Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.
* Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.
* Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.
* Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.
An Analysis of Hacker Mentality
Why people hack is a subject which is often discussed. Some say the explanation is the same as the one given by people who climb mountains: 'because they [computers] are out there'. Others claim that by highlighting vulnerabilities, hacking helps increase computer security. And finally, there is the explanation most often put forward: criminal intent.
Whatever the reason, as long as computers exists there will be hackers - white hats, black hats and grey hats. And because there is no way of predicting which kind of attack ('curiosity' versus 'malicious') will hit your computer first, it is always best to be prepared for the worst.
The truth is that in hours of a machine being connected to the Internet, somebody will scan it with an automated vulnerability probing tool, looking for ways to get in. It may be somebody who is just curious to see what is on the machine, or a white hat from the other side of the world checking to see if the computer is secure. Of course, in real life you wouldn't want passing strangers stopping to check if your house or car were locked, and, if not, to go inside, look around, go through your possessions and leave a note saying 'Hi, I was here, your door was open, but don't mind me and BTW, fix your lock'. If you wouldn't want someone to do this to your house, you wouldn't want someone doing it to your computer. And there is no excuse for doing it to someone else's computer either.
Premeditated, criminal, hacking is obviously even worse. In the real world, somebody walks by, breaks your lock, gets inside, disables your alarm system, steals something or plants listening devices in your phone or surveillance equipment in your living room. If this happens you call the police, they look around, write a report, and you wait for the thieves to be caught. Unfortunately, this is a rare luxury in the computer world; the culprit may be far, far way, downloading your confidential files while sitting in his personal villa or sunbathing by his huge pool, nicely built with stolen money. Or, in a business environment, many large corporations prefer not to report hacking incidents at all, in order to protect their company image. This means that the criminals remain unpunished.
Another hacker motivation may be hooliganism, or digital graffiti, which can be summed up as hacking into systems to cause damage. Web site defacement is a very popular form of digital graffiti and there are some hacking groups which focus on this task alone. Just as in the physical, non-cyber world, catching the hooligans is a tedious task which usually doesn't repay the effort or resources expended.
Whatever the reasoning, be it 'to help others', 'security heads-up!', 'hooliganism' or 'criminal intent', hacking is a phenomenon which is deeply rooted in the world of computing and will probably never die. There will always be people immature enough to abuse public resources, self-proclaimed 'Robin Hoods' and criminals hiding in the dark alleys of cyberspace.
Whatever the reason, as long as computers exists there will be hackers - white hats, black hats and grey hats. And because there is no way of predicting which kind of attack ('curiosity' versus 'malicious') will hit your computer first, it is always best to be prepared for the worst.
The truth is that in hours of a machine being connected to the Internet, somebody will scan it with an automated vulnerability probing tool, looking for ways to get in. It may be somebody who is just curious to see what is on the machine, or a white hat from the other side of the world checking to see if the computer is secure. Of course, in real life you wouldn't want passing strangers stopping to check if your house or car were locked, and, if not, to go inside, look around, go through your possessions and leave a note saying 'Hi, I was here, your door was open, but don't mind me and BTW, fix your lock'. If you wouldn't want someone to do this to your house, you wouldn't want someone doing it to your computer. And there is no excuse for doing it to someone else's computer either.
Premeditated, criminal, hacking is obviously even worse. In the real world, somebody walks by, breaks your lock, gets inside, disables your alarm system, steals something or plants listening devices in your phone or surveillance equipment in your living room. If this happens you call the police, they look around, write a report, and you wait for the thieves to be caught. Unfortunately, this is a rare luxury in the computer world; the culprit may be far, far way, downloading your confidential files while sitting in his personal villa or sunbathing by his huge pool, nicely built with stolen money. Or, in a business environment, many large corporations prefer not to report hacking incidents at all, in order to protect their company image. This means that the criminals remain unpunished.
Another hacker motivation may be hooliganism, or digital graffiti, which can be summed up as hacking into systems to cause damage. Web site defacement is a very popular form of digital graffiti and there are some hacking groups which focus on this task alone. Just as in the physical, non-cyber world, catching the hooligans is a tedious task which usually doesn't repay the effort or resources expended.
Whatever the reasoning, be it 'to help others', 'security heads-up!', 'hooliganism' or 'criminal intent', hacking is a phenomenon which is deeply rooted in the world of computing and will probably never die. There will always be people immature enough to abuse public resources, self-proclaimed 'Robin Hoods' and criminals hiding in the dark alleys of cyberspace.
History of Hacking-related Events
* December 1947 - William Shockley invents the transistor and demonstrates its use for the first time. The first transistor consisted of a messy collection of wires, insulators and germanium. According to a recent poll on CNN's website, the transistor is believed to be the most important discovery in the past 100 years.
* 1964 - Thomas Kurtz and John Kemeny create BASIC, one of the most popular programming languages even nowadays.
* 1965 -it's estimated that approximately 20,000 computer systems are in use in the United States. Most of these are manufactured by International Business Machines (IBM).
* 1968 - Intel is founded.
* 1969 - AMD is founded.
* 1969 - The Advanced Research Projects Agency (ARPA) create the ARPANET, the forerunner of the Internet. The first four nodes (networks) of ARPANET consisted of the University of California Los Angeles, University of California Santa Barbara, University of Utah and the Stanford Research Institute.
* 1969 - Intel announces 1K (1024 bytes) RAM modules.
* 1969 - Ken Thompson and Dennis Ritchies begin work on UNICS. Thompson writes the first version of UNICS in one month on a machine with 4KB of 18 bit words. UNICS is later renamed 'UNIX'.
* 1969 - MIT becomes home to the first computer hackers, who begin altering software and hardware to make it work better and/or faster.
* 1969 - Linus Torvalds born in Helsinki.
* 1970 - DEC introduces the PDP-11, one of the most popular computer designs ever. Some are still in use as today.
* 1971 - John Draper, aka as 'Cap'n Crunch' hacks phone systems using a toy whistle from a cereal box.
* 1971 - The first email program is released for the Arpanet. The author is Ray Tomlinson, who decides to use the '@' character to separate the user name from the domain address.
* 1972 - Ritchie and Kerningham rewrite UNIX in C, a programming language designed with portability in mind.
* 1972 - NCSA develops the 'telnet' tool.
* 1973 - Gordon Moore, Intel's chairman postulates the famous 'Moore Law', which states the number of transistors in CPUs will double every 18 months, a law which will stay true for more than 20 years.
* 1973 - FTP is introduced.
* 1974 - Stephen Bourne develops the first major UNIX shell, the 'bourne' shell.
* 1975 - Bill Gates and Paul Allen found Microsoft.
* 1976 - A 21-year old Bill Gates writes 'An Open Letter to Hobbyists', a document in which he condemns open source and software piracy.
* April 1st, 1976 - Apple Computers is founded.
* 1977 - Billy Joy authors BSD, another UNIX-like operating system.
* 1979 - Microsoft licenses the UNIX source code from AT&T and creates their own implementation, 'Xenix'.
* 1981 - The Domain Name System (DNS) is created.
* 1981 - Microsoft acquires the intellectual property rights for DOS and renames it MS-DOS.
* 1982 - Sun Microsystems is founded. Sun will become famous for its SPARC microprocessors, Solaris, the Network File System (NFS) and Java.
* 1982 - Richard Stallman begins to develop a free version of UNIX which he calls 'GNU', a recursive definition meaning 'GNU's Not UNIX'.
* 1982 - William Gibson invents the term 'cyberspace'.
* 1982 - SMTP, the 'simple mail transfer protocol' is published. SMTP is currently the most widespread method for exchanging messages on the Internet.
* 1982 - Scott Fahlman invents the first emoticon, ':)'.
* 1983 - The Internet is founded by splitting the Arpanet into separate military and civilian networks.
* 1983 - FidoNet is developed by Tom Jennings. FidoNet will become the most widespread information exchange network in the world for the next 10 years, until the Internet takes over.
* 1983 - Kevin Poulsen, aka 'Dark Dante' is arrested for breaking into the Arpanet.
* 1984 - CISCO Systems is founded.
* 1984 - Fred Cohen develops the first PC viruses and comes up with the now-standard term 'computer virus'.
* 1984 - Andrew Tannenbaum creates Minix, a free UNIX clone based on a modular microkernel architecture.
* 1984 - Bill Landreth, aka 'The Cracker', is convicted of hacking computer systems and accessing NASA and Department of Defense computer data.
* 1984 - Apple introduces Macintosh System 1.0.
* 1985 - Richard Stallman founds the Free Software Foundation.
* March 15, 1985 - 'Symbolics.com' is registered as the first Internet domain name.
* November 1985 - Microsoft releases 'Windows 1.0', which sells for $100.
* 1986 - The Computer Fraud and Abuse Act in US adopted.
* 1986 - 'Legion of Doom' member Loyd Blankenship, aka 'The Mentor', is arrested and publishes the now famous 'Hacker's Manifesto'.
* 1988 - The CD-ROM is invented.
* 1988 - IRC is established.
* November 1988 - Robert Morris launches an Internet worm which infects several thousand systems and clogs computers around the country due to a programming error. This worm is now knows as the Morris worm.
* 1989 - the WWW is developed at CERN labs, in Switzerland.
* 1990 - The Arpanet is dismantled.
* 1990 - Kevin Poulsen hacks a phone system in LA making himself the winner of a Porsche 944 in a radio phone-in.
* 1991 - PGP (Pretty Good Privacy), a powerful, free encryption tool is released by Philip Zimmerman. The software quickly becomes the most popular encryption package in the world.
* 1991 - Rumours appear regarding the computer virus 'Michaelangelo', coded to launch its destructive payload on March 6th.
* September 17, 1991 - Linus Torvalds releases the first version of Linux.
* 1992 - The 'Masters of Deception' phone phreaking group is arrested due to evidence obtained via wiretaps.
* 1993 - The Mosaic web browser is released.
* 1993 - Microsoft releases Windows NT.
* 1993 - First version of FreeBSD is released.
* March 23, 1994 - 16-year-old Richard Pryce, aka 'Datastream Cowboy', is arrested and charged with unauthorized computer access.
* 1994 - Vladimir Levin, a Russian mathematician, hacks into Citibank and steals $10 million.
* 1995 - Dan Farmer and Wietse Venema release SATAN, an automated vulnerability scanner, which becomes a popular hacking tool.
* 1995 - Chris Lamprecht, aka 'Minor Threat', is the first person to be ever banned from the Internet.
* 1995 - Sun launches Java, a computer programming language designed to be portable across different platforms in compiled form.
* August 1995 - Microsoft Internet Explorer (IE) released. IE will become the most exploited web browser in history and a favourite target for virus writers and hackers.
* August 1995 - Windows 95 is launched.
* 1996 - IBM releases OS/2 Warp version 4, a powerful multi-tasking operating system with a new user interface, as a counter to Microsoft's recently released Windows 95. Despite being more reliable and stable, OS/2 will slowly lose ground and be discontinued a few years later.
* 1996 - ICQ, the first IM, is released.
* 1996 - Tim Lloyd plants a software time bomb at Omega Engineering, a company in New Jersey. The results of the attack are devastating: losses of USD $12 million and more than 80 employees lose their jobs. Lloyd is sentenced to 41 months in jail.
* 1997 - DVD format specifications published.
* 1998 -Two Chinese hackers, Hao Jinglong and Hao Jingwen (twin brothers), are sentenced to death by a court in China for breaking into a bank's computer network and stealing 720'000 yuan ($87'000).
* March 18, 1998 - Ehud Tenebaum, a prolific hacker aka 'The Analyzer', is arrested in Israel for hacking into many high profile computer networks in US.
* 1998 - CIH virus released. CIH was the first virus to include a payload which wipes the FLASH BIOS memory, rendering computer systems unbootable and invalidating the myth that 'viruses cannot damage hardware'.
* March 26, 1999 - Melissa virus released.
* 2000 - A Canadian teenage hacker known as 'Mafiaboy' conducts a DoS attack and renders Yahoo, eBay, Amazon.com, CNN and a few other web sites inaccessible. He is later sentenced to eight months in a youth detention center.
* 2000 - Microsoft Corporation admits its computer network was breached and the code for several upcoming versions of Windows were stolen.
* 2000 - FBI arrests two Russian hackers, Alexei V. Ivanov and Vasiliy Gorshkov. The arrests took place after a long and complex operation which involved bringing the hackers to the US for a 'hacking skills demonstration'.
* July 2001 - CodeRed worm released. It spreads quickly around the world, infecting a hundred thousand computers in a matter of hours.
* 2001 - Microsoft releases Windows XP.
* July 18th, 2002 - Bill Gates announces the 'Trustworthy Computing' initiative, a new direction in Microsoft's software development strategy aimed at increasing security.
* October 2002 - A massive attack against 13 root domain servers of the Internet is launched by unidentified hackers. The aim: to stop the domain name resolution service around the net.
* 2003 - Microsoft releases Windows Server 2003.
* April 29th, 2003 - New Scotland Yard arrest Lynn Htun at a London's InfoSecurity Europe 2003 computer fair. Lynn Htun is believed to have gained unauthorized access to many major computer systems such as Symantec and SecurityFocus.
* November 6th, 2003 - Microsoft announces a USD 5 million reward fund. The money will be given to those who help track down hackers targeting the software giant's applications.
* May 7th, 2004 - Sven Jaschan, the author of the Netsky and Sasser Internet worms, is arrested in northern Germany.
* September 2004 - IBM presents a supercomputer which is the fastest machine in the world. Its sustained speed is 36 trillion operations per second.
* 1964 - Thomas Kurtz and John Kemeny create BASIC, one of the most popular programming languages even nowadays.
* 1965 -it's estimated that approximately 20,000 computer systems are in use in the United States. Most of these are manufactured by International Business Machines (IBM).
* 1968 - Intel is founded.
* 1969 - AMD is founded.
* 1969 - The Advanced Research Projects Agency (ARPA) create the ARPANET, the forerunner of the Internet. The first four nodes (networks) of ARPANET consisted of the University of California Los Angeles, University of California Santa Barbara, University of Utah and the Stanford Research Institute.
* 1969 - Intel announces 1K (1024 bytes) RAM modules.
* 1969 - Ken Thompson and Dennis Ritchies begin work on UNICS. Thompson writes the first version of UNICS in one month on a machine with 4KB of 18 bit words. UNICS is later renamed 'UNIX'.
* 1969 - MIT becomes home to the first computer hackers, who begin altering software and hardware to make it work better and/or faster.
* 1969 - Linus Torvalds born in Helsinki.
* 1970 - DEC introduces the PDP-11, one of the most popular computer designs ever. Some are still in use as today.
* 1971 - John Draper, aka as 'Cap'n Crunch' hacks phone systems using a toy whistle from a cereal box.
* 1971 - The first email program is released for the Arpanet. The author is Ray Tomlinson, who decides to use the '@' character to separate the user name from the domain address.
* 1972 - Ritchie and Kerningham rewrite UNIX in C, a programming language designed with portability in mind.
* 1972 - NCSA develops the 'telnet' tool.
* 1973 - Gordon Moore, Intel's chairman postulates the famous 'Moore Law', which states the number of transistors in CPUs will double every 18 months, a law which will stay true for more than 20 years.
* 1973 - FTP is introduced.
* 1974 - Stephen Bourne develops the first major UNIX shell, the 'bourne' shell.
* 1975 - Bill Gates and Paul Allen found Microsoft.
* 1976 - A 21-year old Bill Gates writes 'An Open Letter to Hobbyists', a document in which he condemns open source and software piracy.
* April 1st, 1976 - Apple Computers is founded.
* 1977 - Billy Joy authors BSD, another UNIX-like operating system.
* 1979 - Microsoft licenses the UNIX source code from AT&T and creates their own implementation, 'Xenix'.
* 1981 - The Domain Name System (DNS) is created.
* 1981 - Microsoft acquires the intellectual property rights for DOS and renames it MS-DOS.
* 1982 - Sun Microsystems is founded. Sun will become famous for its SPARC microprocessors, Solaris, the Network File System (NFS) and Java.
* 1982 - Richard Stallman begins to develop a free version of UNIX which he calls 'GNU', a recursive definition meaning 'GNU's Not UNIX'.
* 1982 - William Gibson invents the term 'cyberspace'.
* 1982 - SMTP, the 'simple mail transfer protocol' is published. SMTP is currently the most widespread method for exchanging messages on the Internet.
* 1982 - Scott Fahlman invents the first emoticon, ':)'.
* 1983 - The Internet is founded by splitting the Arpanet into separate military and civilian networks.
* 1983 - FidoNet is developed by Tom Jennings. FidoNet will become the most widespread information exchange network in the world for the next 10 years, until the Internet takes over.
* 1983 - Kevin Poulsen, aka 'Dark Dante' is arrested for breaking into the Arpanet.
* 1984 - CISCO Systems is founded.
* 1984 - Fred Cohen develops the first PC viruses and comes up with the now-standard term 'computer virus'.
* 1984 - Andrew Tannenbaum creates Minix, a free UNIX clone based on a modular microkernel architecture.
* 1984 - Bill Landreth, aka 'The Cracker', is convicted of hacking computer systems and accessing NASA and Department of Defense computer data.
* 1984 - Apple introduces Macintosh System 1.0.
* 1985 - Richard Stallman founds the Free Software Foundation.
* March 15, 1985 - 'Symbolics.com' is registered as the first Internet domain name.
* November 1985 - Microsoft releases 'Windows 1.0', which sells for $100.
* 1986 - The Computer Fraud and Abuse Act in US adopted.
* 1986 - 'Legion of Doom' member Loyd Blankenship, aka 'The Mentor', is arrested and publishes the now famous 'Hacker's Manifesto'.
* 1988 - The CD-ROM is invented.
* 1988 - IRC is established.
* November 1988 - Robert Morris launches an Internet worm which infects several thousand systems and clogs computers around the country due to a programming error. This worm is now knows as the Morris worm.
* 1989 - the WWW is developed at CERN labs, in Switzerland.
* 1990 - The Arpanet is dismantled.
* 1990 - Kevin Poulsen hacks a phone system in LA making himself the winner of a Porsche 944 in a radio phone-in.
* 1991 - PGP (Pretty Good Privacy), a powerful, free encryption tool is released by Philip Zimmerman. The software quickly becomes the most popular encryption package in the world.
* 1991 - Rumours appear regarding the computer virus 'Michaelangelo', coded to launch its destructive payload on March 6th.
* September 17, 1991 - Linus Torvalds releases the first version of Linux.
* 1992 - The 'Masters of Deception' phone phreaking group is arrested due to evidence obtained via wiretaps.
* 1993 - The Mosaic web browser is released.
* 1993 - Microsoft releases Windows NT.
* 1993 - First version of FreeBSD is released.
* March 23, 1994 - 16-year-old Richard Pryce, aka 'Datastream Cowboy', is arrested and charged with unauthorized computer access.
* 1994 - Vladimir Levin, a Russian mathematician, hacks into Citibank and steals $10 million.
* 1995 - Dan Farmer and Wietse Venema release SATAN, an automated vulnerability scanner, which becomes a popular hacking tool.
* 1995 - Chris Lamprecht, aka 'Minor Threat', is the first person to be ever banned from the Internet.
* 1995 - Sun launches Java, a computer programming language designed to be portable across different platforms in compiled form.
* August 1995 - Microsoft Internet Explorer (IE) released. IE will become the most exploited web browser in history and a favourite target for virus writers and hackers.
* August 1995 - Windows 95 is launched.
* 1996 - IBM releases OS/2 Warp version 4, a powerful multi-tasking operating system with a new user interface, as a counter to Microsoft's recently released Windows 95. Despite being more reliable and stable, OS/2 will slowly lose ground and be discontinued a few years later.
* 1996 - ICQ, the first IM, is released.
* 1996 - Tim Lloyd plants a software time bomb at Omega Engineering, a company in New Jersey. The results of the attack are devastating: losses of USD $12 million and more than 80 employees lose their jobs. Lloyd is sentenced to 41 months in jail.
* 1997 - DVD format specifications published.
* 1998 -Two Chinese hackers, Hao Jinglong and Hao Jingwen (twin brothers), are sentenced to death by a court in China for breaking into a bank's computer network and stealing 720'000 yuan ($87'000).
* March 18, 1998 - Ehud Tenebaum, a prolific hacker aka 'The Analyzer', is arrested in Israel for hacking into many high profile computer networks in US.
* 1998 - CIH virus released. CIH was the first virus to include a payload which wipes the FLASH BIOS memory, rendering computer systems unbootable and invalidating the myth that 'viruses cannot damage hardware'.
* March 26, 1999 - Melissa virus released.
* 2000 - A Canadian teenage hacker known as 'Mafiaboy' conducts a DoS attack and renders Yahoo, eBay, Amazon.com, CNN and a few other web sites inaccessible. He is later sentenced to eight months in a youth detention center.
* 2000 - Microsoft Corporation admits its computer network was breached and the code for several upcoming versions of Windows were stolen.
* 2000 - FBI arrests two Russian hackers, Alexei V. Ivanov and Vasiliy Gorshkov. The arrests took place after a long and complex operation which involved bringing the hackers to the US for a 'hacking skills demonstration'.
* July 2001 - CodeRed worm released. It spreads quickly around the world, infecting a hundred thousand computers in a matter of hours.
* 2001 - Microsoft releases Windows XP.
* July 18th, 2002 - Bill Gates announces the 'Trustworthy Computing' initiative, a new direction in Microsoft's software development strategy aimed at increasing security.
* October 2002 - A massive attack against 13 root domain servers of the Internet is launched by unidentified hackers. The aim: to stop the domain name resolution service around the net.
* 2003 - Microsoft releases Windows Server 2003.
* April 29th, 2003 - New Scotland Yard arrest Lynn Htun at a London's InfoSecurity Europe 2003 computer fair. Lynn Htun is believed to have gained unauthorized access to many major computer systems such as Symantec and SecurityFocus.
* November 6th, 2003 - Microsoft announces a USD 5 million reward fund. The money will be given to those who help track down hackers targeting the software giant's applications.
* May 7th, 2004 - Sven Jaschan, the author of the Netsky and Sasser Internet worms, is arrested in northern Germany.
* September 2004 - IBM presents a supercomputer which is the fastest machine in the world. Its sustained speed is 36 trillion operations per second.
Major Hackers Personalities
This section contains brief information on some of the most famous hackers, both black and white hats. The individuals below are well known for a variety of reasons: their actions, whether good or bad, their contributions to software and technology development, or their innovative approach, skills and ability to think out of the box.
Richard Stallman is known as the father of free software. When Stallman started working at MIT's Artificial Intelligence Lab in 1971 he was confronted with 'non disclosure agreements' and closed program sources while he was hacking and improving system drivers the 'traditional way'. After an interesting battle to obtain the source code of a faulty printer utility, Stallman gave up his job and became the loudest advocate for free computer software, creating GNU and the Free Software Foundation in the process.
Dennis Ritchie and Ken Thompson are famous for two major software developments of the 20th century: the UNIX operating system and the C programming language. These two began their carriers at Bell Labs in 1960's, revolutionising the computer world forever with their ideas. While Ken Thompson has retired from the computer world, Dennis Ritchie is still employed at Lucent Technology, working on a new operating system derived from Unix, called 'Plan9'.
John Draper, aka 'Cap'n Crunch' is famous for his ability to hack phone systems using nothing but a whistle from the 'Cap'n Crunch' cereal boxes (hence the nickname). Besides being the father of 'phone phreaking', John Draper is also famous for writing what was perhaps the first IBM PC word processor. He now heads his own security venture, developing antispam solutions, thwarting hacker attacks and securing PCs.
Robert Morris is famous for creating the first Internet worm in 1988. It infected thousand of systems, and practically brought the Internet to a halt for nearly a day. The 'Morris Worm' was perhaps the first fully automated hacking tool, exploiting a couple of unpatched vulnerabilities on Vax and Sun computers.
Kevin Mitnick, possibly the best known case of a 'black hat', was caught by the computer expert Tsutomu Shimomura back in 1995.
Kevin Poulsen remains famous for his 1990 hack of the phone system in Los Angeles. This enabled him to become the 102nd caller in a radio-phone and win a Porsche 944. Kevin Poulsen was eventually caught and imprisoned for three years. He now works as a columnist for the online security magazine 'SecurityFocus'.
Vladimir Levin, a Russian computer expert, hacked into Citibank and extracted USD $10 million. He was arrested by Interpol in UK, back in 1995 and sentenced to three years in prison, as well as being required to pay USD $240,015 in restitution.
Tsutomu Shimomura is a good example of a 'white hat'. He was working for the San Diego Supercomputing Center when Kevin Mitnick broke into his network and stole information on cellular technology and other classified data. Tsutomu started the pursuit for Mitnick which eventually led to his arrest.
Linus Torvalds is known as the father of Linux, the most popular Unix-based operating system in use nowadays. Linus started his work on a new operating system in 1991, adopting several controversial technologies for his project, namely the concept of Free Software and GNU's Public License system. He is also known for his early disputes with Andrew Tannenbaum, the author of Minix, which was the inspirational source for Linus' OS project.
Richard Stallman is known as the father of free software. When Stallman started working at MIT's Artificial Intelligence Lab in 1971 he was confronted with 'non disclosure agreements' and closed program sources while he was hacking and improving system drivers the 'traditional way'. After an interesting battle to obtain the source code of a faulty printer utility, Stallman gave up his job and became the loudest advocate for free computer software, creating GNU and the Free Software Foundation in the process.
Dennis Ritchie and Ken Thompson are famous for two major software developments of the 20th century: the UNIX operating system and the C programming language. These two began their carriers at Bell Labs in 1960's, revolutionising the computer world forever with their ideas. While Ken Thompson has retired from the computer world, Dennis Ritchie is still employed at Lucent Technology, working on a new operating system derived from Unix, called 'Plan9'.
John Draper, aka 'Cap'n Crunch' is famous for his ability to hack phone systems using nothing but a whistle from the 'Cap'n Crunch' cereal boxes (hence the nickname). Besides being the father of 'phone phreaking', John Draper is also famous for writing what was perhaps the first IBM PC word processor. He now heads his own security venture, developing antispam solutions, thwarting hacker attacks and securing PCs.
Robert Morris is famous for creating the first Internet worm in 1988. It infected thousand of systems, and practically brought the Internet to a halt for nearly a day. The 'Morris Worm' was perhaps the first fully automated hacking tool, exploiting a couple of unpatched vulnerabilities on Vax and Sun computers.
Kevin Mitnick, possibly the best known case of a 'black hat', was caught by the computer expert Tsutomu Shimomura back in 1995.
Kevin Poulsen remains famous for his 1990 hack of the phone system in Los Angeles. This enabled him to become the 102nd caller in a radio-phone and win a Porsche 944. Kevin Poulsen was eventually caught and imprisoned for three years. He now works as a columnist for the online security magazine 'SecurityFocus'.
Vladimir Levin, a Russian computer expert, hacked into Citibank and extracted USD $10 million. He was arrested by Interpol in UK, back in 1995 and sentenced to three years in prison, as well as being required to pay USD $240,015 in restitution.
Tsutomu Shimomura is a good example of a 'white hat'. He was working for the San Diego Supercomputing Center when Kevin Mitnick broke into his network and stole information on cellular technology and other classified data. Tsutomu started the pursuit for Mitnick which eventually led to his arrest.
Linus Torvalds is known as the father of Linux, the most popular Unix-based operating system in use nowadays. Linus started his work on a new operating system in 1991, adopting several controversial technologies for his project, namely the concept of Free Software and GNU's Public License system. He is also known for his early disputes with Andrew Tannenbaum, the author of Minix, which was the inspirational source for Linus' OS project.
Hackers and Law
Given that computer hacking is at least three decades old, there has been plenty of time for governments to develop and approve cybercrime laws. At the moment, almost all developed countries have some form of anti-hacking law or legislation on data theft or corruption which can be used to prosecute cyber criminals. There are efforts to make these laws even more stringent, which sometimes raise protests from groups which support the right to freedom of information.
Over the past few years, there have been lots of convictions for hacking and unauthorized data access. Here are a few of them:
* Kevin Mitnick is probably the one of the most famous hacker takedown cases. Mitnick was arrested by the FBI in Raleigh, North Carolina, on February 15th, 1995, after the computer expert Tsutomu Shimomura managed to track him to his hideout. After pleading guilty to most of the charges brought against him, Mitnick was sentenced to 46 months in prison and three years probation. He was additionally sentenced to another twenty-two months for probation violation and additional charges. He was eventually released from prison on January 21, 2000.
* Pierre-Guy Lavoie, a 22-year-old Canadian hacker, was sentenced to 12 months of community service and placed on probation for 12 months for fraudulently using computer passwords to perpetrate computer crimes. He was sentenced under Canadian law.
* Thomas Michael Whitehead, 38, of Boca Raton, Florida, was the first person to be found guilty under the Digital Millennium Copyright Act (DMCA). He was prosecuted as part of the Attorney General's Computer Hacking and Intellectual Property program and charged with selling hardware which could be used to illegally receive DirecTV satellite broadcasts.
* Serge Humpich, a 36 year-old engineer, was sentenced to a suspended prison sentence of 10 months by a ruling issued by the 13th correctional chamber. He also had to pay 12,000 francs (approx. €1,200) in fines, and symbolic damages of one franc to the 'Groupement des Cartes Bancaires'.
* On October 10, 2001, Vasiliy Gorshkov, age 26, of Chelyabinsk, Russia, was found guilty of 20 counts of conspiracy, computer crime, and fraud committed against the Speakeasy Network of Seattle, Washington, Nara Bank of Los Angeles, California, Central National Bank of Waco, Texas; and the online payment company PayPal of Palo Alto, California.
* On July 1, 2003, Oleg Zezev, aka "Alex," a Kazakhstan citizen, was sentenced in a Manhattan federal court to over four years (51 months) in prison following his conviction on extortion and computer hacking charges.
* Mateias Calin, a Romanian hacker, along with five American citizens, was indicted by a federal grand jury on charges that they conspired to steal more than $10 million in computer equipment from Ingram Micro in Santa Ana, California, the largest technology distributor in the world. Mateias and his network are yet to be convicted for these crimes and face up to 90 years in prison.
The list above is simply a brief digest which illustrates how cybercrime legislation has been used across the world against hackers or to convict cybercriminals in general. There are also some cases where people have been wrongly convicted of cybercrime. There are also numerous cases where hackers are still at liberty despite their names and identities being known. However, the number of such cases is being reduced day by day.
Cybercrime is here to stay. It is a reality of the 21st century, and the wide availability of the Internet and the insecure systems which come with it have increased the reach of cybercrime. With sufficiently sophisticated legislation, and more international cybercrime treaties such as being adopted, the world is hopefully heading in the right direction, with the long term aim being a safer, more law-abiding cyberspace.
Over the past few years, there have been lots of convictions for hacking and unauthorized data access. Here are a few of them:
* Kevin Mitnick is probably the one of the most famous hacker takedown cases. Mitnick was arrested by the FBI in Raleigh, North Carolina, on February 15th, 1995, after the computer expert Tsutomu Shimomura managed to track him to his hideout. After pleading guilty to most of the charges brought against him, Mitnick was sentenced to 46 months in prison and three years probation. He was additionally sentenced to another twenty-two months for probation violation and additional charges. He was eventually released from prison on January 21, 2000.
* Pierre-Guy Lavoie, a 22-year-old Canadian hacker, was sentenced to 12 months of community service and placed on probation for 12 months for fraudulently using computer passwords to perpetrate computer crimes. He was sentenced under Canadian law.
* Thomas Michael Whitehead, 38, of Boca Raton, Florida, was the first person to be found guilty under the Digital Millennium Copyright Act (DMCA). He was prosecuted as part of the Attorney General's Computer Hacking and Intellectual Property program and charged with selling hardware which could be used to illegally receive DirecTV satellite broadcasts.
* Serge Humpich, a 36 year-old engineer, was sentenced to a suspended prison sentence of 10 months by a ruling issued by the 13th correctional chamber. He also had to pay 12,000 francs (approx. €1,200) in fines, and symbolic damages of one franc to the 'Groupement des Cartes Bancaires'.
* On October 10, 2001, Vasiliy Gorshkov, age 26, of Chelyabinsk, Russia, was found guilty of 20 counts of conspiracy, computer crime, and fraud committed against the Speakeasy Network of Seattle, Washington, Nara Bank of Los Angeles, California, Central National Bank of Waco, Texas; and the online payment company PayPal of Palo Alto, California.
* On July 1, 2003, Oleg Zezev, aka "Alex," a Kazakhstan citizen, was sentenced in a Manhattan federal court to over four years (51 months) in prison following his conviction on extortion and computer hacking charges.
* Mateias Calin, a Romanian hacker, along with five American citizens, was indicted by a federal grand jury on charges that they conspired to steal more than $10 million in computer equipment from Ingram Micro in Santa Ana, California, the largest technology distributor in the world. Mateias and his network are yet to be convicted for these crimes and face up to 90 years in prison.
The list above is simply a brief digest which illustrates how cybercrime legislation has been used across the world against hackers or to convict cybercriminals in general. There are also some cases where people have been wrongly convicted of cybercrime. There are also numerous cases where hackers are still at liberty despite their names and identities being known. However, the number of such cases is being reduced day by day.
Cybercrime is here to stay. It is a reality of the 21st century, and the wide availability of the Internet and the insecure systems which come with it have increased the reach of cybercrime. With sufficiently sophisticated legislation, and more international cybercrime treaties such as being adopted, the world is hopefully heading in the right direction, with the long term aim being a safer, more law-abiding cyberspace.
DoS.Linux.Chass
Aliases
DoS.Linux.Chass (Kaspersky Lab) is also known as: Linux/DoS-Chass (McAfee), Hacktool.DoS (Symantec), DDoS.Chass (Doctor Web), Troj/DoSArang-A (Sophos), DoS:Linux/Arang.A (RAV), ELF:Malware (ALWIL), DoS.Linux.Chass (ClamAV), DDos Program (Panda)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 4 240 bytes in size. It is written in C++.
Payload
This script will conduct a DoS attack on a designated server. The remote malicious user provides the address of the server which is used as an input parameter when launching. The program also has the option to indicate the number of packets which should be sent to the remote machine.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.Chass (Kaspersky Lab) is also known as: Linux/DoS-Chass (McAfee), Hacktool.DoS (Symantec), DDoS.Chass (Doctor Web), Troj/DoSArang-A (Sophos), DoS:Linux/Arang.A (RAV), ELF:Malware (ALWIL), DoS.Linux.Chass (ClamAV), DDos Program (Panda)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 4 240 bytes in size. It is written in C++.
Payload
This script will conduct a DoS attack on a designated server. The remote malicious user provides the address of the server which is used as an input parameter when launching. The program also has the option to indicate the number of packets which should be sent to the remote machine.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.Front
Aliases
DoS.Linux.Front (Kaspersky Lab) is also known as: Perl/Front (McAfee), Perl.Frontp (Symantec), Troj/Front (Sophos), PERL/Front* (RAV), PERL_LFRONT.A (Trend Micro), Unix/Front.A (FRISK), UNIX:Malware (ALWIL), PERL.Front.A (SOFTWIN), DoS Program (Panda), Linux/DoS.Front.A (Eset)
Technical details
This malicious program is designed to conduct a Denial of Service attack on a remote server. The program itself is a malicious script written in Perl. It is 988 bytes in size.
Payload
This script will conduct a DoS attack on a designated server. The remote malicious user provides the address of the server which is used as an input parameter when launching.
The malicious script may cause the server under attack to suffer a loss of performance.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.Front (Kaspersky Lab) is also known as: Perl/Front (McAfee), Perl.Frontp (Symantec), Troj/Front (Sophos), PERL/Front* (RAV), PERL_LFRONT.A (Trend Micro), Unix/Front.A (FRISK), UNIX:Malware (ALWIL), PERL.Front.A (SOFTWIN), DoS Program (Panda), Linux/DoS.Front.A (Eset)
Technical details
This malicious program is designed to conduct a Denial of Service attack on a remote server. The program itself is a malicious script written in Perl. It is 988 bytes in size.
Payload
This script will conduct a DoS attack on a designated server. The remote malicious user provides the address of the server which is used as an input parameter when launching.
The malicious script may cause the server under attack to suffer a loss of performance.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.IISuxor
Aliases
DoS.Linux.IISuxor (Kaspersky Lab) is also known as: Linux/Iisuxor (McAfee), Trojan Horse (Symantec), DDoS.IISAttack.15048 (Doctor Web), Linux/IISuxor (Sophos), DoS:Linux/IISuxor (RAV), ELF:IISuxor (ALWIL), DoS Program (Panda), Linux/DoS.IISuxor (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. It is 15 048 bytes in size. It is written in C++.
Payload
The program exploits a buffer overflow vulnerability when incoming data is processed by Microsoft IIS HTTP server in order to conduct a DoS attack on the remote machine. The address of the computer and the server's working directory are designated by the remote malicious user as a inbound parameter when launching the malicious program.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.IISuxor (Kaspersky Lab) is also known as: Linux/Iisuxor (McAfee), Trojan Horse (Symantec), DDoS.IISAttack.15048 (Doctor Web), Linux/IISuxor (Sophos), DoS:Linux/IISuxor (RAV), ELF:IISuxor (ALWIL), DoS Program (Panda), Linux/DoS.IISuxor (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. It is 15 048 bytes in size. It is written in C++.
Payload
The program exploits a buffer overflow vulnerability when incoming data is processed by Microsoft IIS HTTP server in order to conduct a DoS attack on the remote machine. The address of the computer and the server's working directory are designated by the remote malicious user as a inbound parameter when launching the malicious program.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.Octopus
Aliases
DoS.Linux.Octopus (Kaspersky Lab) is also known as: DDoS-Octopus (McAfee), Trojan Horse (Symantec), Troj/OctoDos-A (Sophos), DoS:Linux/Octopus (RAV), ELF_OCTOPUS.A (Trend Micro), Linux/Octopus.DoS (H+BEDV), ELF:Malware (ALWIL), DOS.Linux.Octopus (SOFTWIN), DoS.Linux.Octopus (ClamAV), Linux/Octopus.DoS (Panda), Linux/DoS.Octopus.A (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 14 291 bytes in size. It is written in C++.
Payload
This program is designed to create multiple connections to the email server on a remote machine. The remote computer's address and the port to be attacked are specified by the malicious user when the program is launched.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.Octopus (Kaspersky Lab) is also known as: DDoS-Octopus (McAfee), Trojan Horse (Symantec), Troj/OctoDos-A (Sophos), DoS:Linux/Octopus (RAV), ELF_OCTOPUS.A (Trend Micro), Linux/Octopus.DoS (H+BEDV), ELF:Malware (ALWIL), DOS.Linux.Octopus (SOFTWIN), DoS.Linux.Octopus (ClamAV), Linux/Octopus.DoS (Panda), Linux/DoS.Octopus.A (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 14 291 bytes in size. It is written in C++.
Payload
This program is designed to create multiple connections to the email server on a remote machine. The remote computer's address and the port to be attacked are specified by the malicious user when the program is launched.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.SinkSlice
Aliases
DoS.Linux.SinkSlice (Kaspersky Lab) is also known as: Linux/Slice (McAfee), Hacktool.DoS (Symantec), Linux.Trojan.Slice (Doctor Web), Troj/Slice-A (Sophos), DoS:Linux/Slice (RAV), ELF_SINKSLICE.A (Trend Micro), Linux/Octopus.DoS (H+BEDV), ELF:Malware (ALWIL), DOS.Linux.Octopus (SOFTWIN), DDos Program (Panda), Linux/DoS.Sinkslice (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 8,368 bytes in size. It is written in C++.
Payload
This program is designed to send numerous network packets to the remote computer. When launched, the address of the computer to be attacked, the port range to be attacked, the type of packets to be sent, and the fake 'sender' address should be given.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Linux.SinkSlice (Kaspersky Lab) is also known as: Linux/Slice (McAfee), Hacktool.DoS (Symantec), Linux.Trojan.Slice (Doctor Web), Troj/Slice-A (Sophos), DoS:Linux/Slice (RAV), ELF_SINKSLICE.A (Trend Micro), Linux/Octopus.DoS (H+BEDV), ELF:Malware (ALWIL), DOS.Linux.Octopus (SOFTWIN), DDos Program (Panda), Linux/DoS.Sinkslice (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 8,368 bytes in size. It is written in C++.
Payload
This program is designed to send numerous network packets to the remote computer. When launched, the address of the computer to be attacked, the port range to be attacked, the type of packets to be sent, and the fake 'sender' address should be given.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Avirt
Aliases
DoS.Perl.Avirt (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/AvirtDoS-A (Sophos), DoS:PERL/Avirt.A* (RAV), Unix/DoS.Avirt (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Avirt (ClamAV), DoS Program (Panda), Perl/DoS.Avirt (Eset)
Technical details
This malicious program can be used to conduct DoS attacks on a remote server. The program itself is a script file written in Perl. The file is approximately 1400 bytes in size.
Payload
This script will conduct a DoS attack on Avirt Mail Server ver3.5. The remote malicious user gives the name of the host to be attacked and a user name. The access password is a string composed of 856 letter 'A's.
Processing such a connection will cause a buffer overrun, resulting in an attacker being able to execute random code on the victim system.
Removal instructions
1. Delete the infected script file.
2. Perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Avirt (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/AvirtDoS-A (Sophos), DoS:PERL/Avirt.A* (RAV), Unix/DoS.Avirt (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Avirt (ClamAV), DoS Program (Panda), Perl/DoS.Avirt (Eset)
Technical details
This malicious program can be used to conduct DoS attacks on a remote server. The program itself is a script file written in Perl. The file is approximately 1400 bytes in size.
Payload
This script will conduct a DoS attack on Avirt Mail Server ver3.5. The remote malicious user gives the name of the host to be attacked and a user name. The access password is a string composed of 856 letter 'A's.
Processing such a connection will cause a buffer overrun, resulting in an attacker being able to execute random code on the victim system.
Removal instructions
1. Delete the infected script file.
2. Perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Chopsui
Aliases
DoS.Perl.Chopsui (Kaspersky Lab) is also known as: DoS.Chopsui (Kaspersky Lab), UNIX/Exploit-Argosoft (McAfee), Hacktool.DoS (Symantec), Troj/Chopsui-A (Sophos), PERL/Chopsui* (RAV), DOSCHOPSUI.A (Trend Micro), Unix/Chopsui.A (FRISK), UNIX:Malware (ALWIL), Perl.DoS.Chopsui.A (SOFTWIN), DoS Program (Panda), Linux/DoS.Chopsui (Eset)
Technical details
This malicious program can be used to conduct a DoS attack on a remote server. The program itself is a script file written in Perl. The infected file is 913 bytes in size.
Payload
This script conducts a DoS attack on Argosoft Mail Server 1.0.0.2. In order to do this, it forms a string composed of 3000 letter 'X's.
This string will then be sent to port 79 of the remote server, resulting in it crashing.
Removal instructions
1. Delete the infected script file.
2. Perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Chopsui (Kaspersky Lab) is also known as: DoS.Chopsui (Kaspersky Lab), UNIX/Exploit-Argosoft (McAfee), Hacktool.DoS (Symantec), Troj/Chopsui-A (Sophos), PERL/Chopsui* (RAV), DOSCHOPSUI.A (Trend Micro), Unix/Chopsui.A (FRISK), UNIX:Malware (ALWIL), Perl.DoS.Chopsui.A (SOFTWIN), DoS Program (Panda), Linux/DoS.Chopsui (Eset)
Technical details
This malicious program can be used to conduct a DoS attack on a remote server. The program itself is a script file written in Perl. The infected file is 913 bytes in size.
Payload
This script conducts a DoS attack on Argosoft Mail Server 1.0.0.2. In order to do this, it forms a string composed of 3000 letter 'X's.
This string will then be sent to port 79 of the remote server, resulting in it crashing.
Removal instructions
1. Delete the infected script file.
2. Perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Fusion
Aliases
DoS.Perl.Fusion (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/ByteFus-A (Sophos), DoS:PERL/Fusion.A* (RAV), Unix/Bytefus@expl (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Fusion (ClamAV), DoS Program (Panda), Perl/DoS.Fusion (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 1277 bytes in size.
Payload
The program exploits a buffer overflow vulnerability when Byte Fusion Telnet servers process incoming authorization data in order to conduct a DoS attack on the remote machine. The address of the machine to be attacked is specified by the malicious user on program launch.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Fusion (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/ByteFus-A (Sophos), DoS:PERL/Fusion.A* (RAV), Unix/Bytefus@expl (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Fusion (ClamAV), DoS Program (Panda), Perl/DoS.Fusion (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 1277 bytes in size.
Payload
The program exploits a buffer overflow vulnerability when Byte Fusion Telnet servers process incoming authorization data in order to conduct a DoS attack on the remote machine. The address of the machine to be attacked is specified by the malicious user on program launch.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Httux
Aliases
DoS.Perl.Httux (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/ByteFus-A (Sophos), DoS:PERL/Httux.A* (RAV), Unix/Tuxhttpd@expl (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Httux (ClamAV), DoS Program (Panda), Perl/DoS.Httux (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 928 bytes in size.
Payload
The program exploits a buffer overflow vulnerability when processing a malformed request by a TUX web server in order to conduct a DoS attack on the remote machine. The remote malicious user is required to provide the parameters of the server to be attacked on program launch.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Httux (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/ByteFus-A (Sophos), DoS:PERL/Httux.A* (RAV), Unix/Tuxhttpd@expl (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Httux (ClamAV), DoS Program (Panda), Perl/DoS.Httux (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 928 bytes in size.
Payload
The program exploits a buffer overflow vulnerability when processing a malformed request by a TUX web server in order to conduct a DoS attack on the remote machine. The remote malicious user is required to provide the parameters of the server to be attacked on program launch.
This malicious program may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Imesh.102
Aliases
DoS.Perl.Imesh.102 (Kaspersky Lab) is also known as: DoS.Imesh.102 (Kaspersky Lab), UNIX/Exploit-Imesh (McAfee), Hacktool.DoS (Symantec), Troj/Imesh-A (Sophos), PERL/Imesh.102* (RAV), DOSIMESH.A (Trend Micro), Unix/Imesh.A (FRISK), UNIX:Malware (ALWIL), PERL.Imesh.102 (SOFTWIN), DoS Program (Panda), Linux/DoS.Imesh.102 (Eset)
Technical details
This malicious program can be used to conduct a DoS attack. It is a script file written in Perl. The infected file is 1350 bytes in size.
Payload
The script conducts a DoS attack on the iMesh 1.02 client. In order to do this, it listens on port 5000. If a connection is detected, a specially crafted request will be sent, which will lead to a buffer overrung.
As a result, a remote malicious user will be able to execute random code on the system under attack.
Removal instructions
1. Delete the infected script file.
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Imesh.102 (Kaspersky Lab) is also known as: DoS.Imesh.102 (Kaspersky Lab), UNIX/Exploit-Imesh (McAfee), Hacktool.DoS (Symantec), Troj/Imesh-A (Sophos), PERL/Imesh.102* (RAV), DOSIMESH.A (Trend Micro), Unix/Imesh.A (FRISK), UNIX:Malware (ALWIL), PERL.Imesh.102 (SOFTWIN), DoS Program (Panda), Linux/DoS.Imesh.102 (Eset)
Technical details
This malicious program can be used to conduct a DoS attack. It is a script file written in Perl. The infected file is 1350 bytes in size.
Payload
The script conducts a DoS attack on the iMesh 1.02 client. In order to do this, it listens on port 5000. If a connection is detected, a specially crafted request will be sent, which will lead to a buffer overrung.
As a result, a remote malicious user will be able to execute random code on the system under attack.
Removal instructions
1. Delete the infected script file.
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Nertt
Aliases
DoS.Perl.Nertt (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/MDex-A (Sophos), DoS:PERL/Nertt.A* (RAV), Unix/Omnint@expl (FRISK), UNIX:Malware (ALWIL), DoS Program (Panda)
Technical details
This malicious program can be used to conduct a DoS attack on a remote server. It is a script file written in Perl. The infected file is 1803 bytes in size.
Payload
This script conducts DoS attacks on remote servers where HP Openview Omniback is installed. A remote malicious user gives the name of the host to be attacked, and the port to connect to. The default port used is 5555.
The script will attempt to connect to the server 2499999 times. This results in the attacked system crashing due to a lack of RAM, as each time the script connects to the client, a new block of memory is allocated.
Removal instructions
1. Delete the infected script file.
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Nertt (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), Troj/MDex-A (Sophos), DoS:PERL/Nertt.A* (RAV), Unix/Omnint@expl (FRISK), UNIX:Malware (ALWIL), DoS Program (Panda)
Technical details
This malicious program can be used to conduct a DoS attack on a remote server. It is a script file written in Perl. The infected file is 1803 bytes in size.
Payload
This script conducts DoS attacks on remote servers where HP Openview Omniback is installed. A remote malicious user gives the name of the host to be attacked, and the port to connect to. The default port used is 5555.
The script will attempt to connect to the server 2499999 times. This results in the attacked system crashing due to a lack of RAM, as each time the script connects to the client, a new block of memory is allocated.
Removal instructions
1. Delete the infected script file.
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Raden
Aliases
DoS.Perl.Raden (Kaspersky Lab) is also known as: Hacktool.DoS (Symantec), DoS:PERL/Raden.A* (RAV), Unix/Ftpdos@expl (FRISK), DoS Program (Panda)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is approximately 2300 bytes in size.
Payload
This malicious program exploits an error in the processing of multiple connections to FTP servers in order to conduct a DoS attack on the remote machine.
This malicious program may cause applications running on the node under attack to suffer reduced performance in supporting network connections and a lack of system resources.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Raden (Kaspersky Lab) is also known as: Hacktool.DoS (Symantec), DoS:PERL/Raden.A* (RAV), Unix/Ftpdos@expl (FRISK), DoS Program (Panda)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is approximately 2300 bytes in size.
Payload
This malicious program exploits an error in the processing of multiple connections to FTP servers in order to conduct a DoS attack on the remote machine.
This malicious program may cause applications running on the node under attack to suffer reduced performance in supporting network connections and a lack of system resources.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Shafolder
Aliases
DoS.Perl.Shafolder (Kaspersky Lab) is also known as: DoS.P2P.Shafolder (Kaspersky Lab), FDoS-Shafolder (McAfee), Hacktool.DoS (Symantec), Troj/ShaFolderA (Sophos), PERL/Shafolder* (RAV), PERL_SHAFOLDER.A (Trend Micro), Unix/Shafolder.A (FRISK), UNIX:Malware (ALWIL), Perl.Shafolder.A (SOFTWIN), DoS Program (Panda), Perl/DoS.P2P.Shafolder (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 1649 bytes in size.
Payload
The program exploits a buffer overflow vulnerability in processing incoming data from Kazaa and Morpheus clients in order to conduct a DoS attack on the remote machine. The address of the machine to be attacked is specified by the malicious user on program launch.
This malicious program may cause applications on the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Shafolder (Kaspersky Lab) is also known as: DoS.P2P.Shafolder (Kaspersky Lab), FDoS-Shafolder (McAfee), Hacktool.DoS (Symantec), Troj/ShaFolderA (Sophos), PERL/Shafolder* (RAV), PERL_SHAFOLDER.A (Trend Micro), Unix/Shafolder.A (FRISK), UNIX:Malware (ALWIL), Perl.Shafolder.A (SOFTWIN), DoS Program (Panda), Perl/DoS.P2P.Shafolder (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 1649 bytes in size.
Payload
The program exploits a buffer overflow vulnerability in processing incoming data from Kazaa and Morpheus clients in order to conduct a DoS attack on the remote machine. The address of the machine to be attacked is specified by the malicious user on program launch.
This malicious program may cause applications on the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Tedla
Aliases
DoS.Perl.Tedla (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), DoS:PERL/Tedla.A* (RAV), Unix/Servdos@expl (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Tedla (ClamAV), DoS Program (Panda), Perl/DoS.Tedla (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 7747 bytes in size.
Payload
The program exploits a buffer overflow vulnerability in processing incoming data in order to conduct a DoS attack on the remote machine.
Its functionality makes it possible to attack the following servers:
* Avirt Mail Server v3.5
* BFTelnet Server v1.1
* BisonWare FTP Server v3.5
* Broker FTP Server v3.5
* Cmail SMTP Server v2.4
* ExpressFS FTP server v2.x
* G6 FTP Server v2.0 beta4/5
* MDaemon httpd Server v2.8.5.0
* PakMail SMTP/POP3 v1.25
* Vermillion FTP Server v1.23
* WFTPD FTP Server 2.40
* XtraMail POP3 Server v1.11
* ZetaMail POP3 Server v2.1
The remote malicious user is required to provide the address, type of server to be attacked and authorization parameters on program launch.
The malicious script may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Tedla (Kaspersky Lab) is also known as: Perl/Exploit.gen (McAfee), Hacktool.DoS (Symantec), DoS:PERL/Tedla.A* (RAV), Unix/Servdos@expl (FRISK), UNIX:Malware (ALWIL), DoS.Perl.Tedla (ClamAV), DoS Program (Panda), Perl/DoS.Tedla (Eset)
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 7747 bytes in size.
Payload
The program exploits a buffer overflow vulnerability in processing incoming data in order to conduct a DoS attack on the remote machine.
Its functionality makes it possible to attack the following servers:
* Avirt Mail Server v3.5
* BFTelnet Server v1.1
* BisonWare FTP Server v3.5
* Broker FTP Server v3.5
* Cmail SMTP Server v2.4
* ExpressFS FTP server v2.x
* G6 FTP Server v2.0 beta4/5
* MDaemon httpd Server v2.8.5.0
* PakMail SMTP/POP3 v1.25
* Vermillion FTP Server v1.23
* WFTPD FTP Server 2.40
* XtraMail POP3 Server v1.11
* ZetaMail POP3 Server v2.1
The remote malicious user is required to provide the address, type of server to be attacked and authorization parameters on program launch.
The malicious script may cause the server under attack to suffer reduced performance in supporting network connections.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Perl.Vqserver
Aliases
DoS.Perl.Vqserver (Kaspersky Lab) is also known as: UNIX (McAfee), Hacktool.DoS (Symantec), Troj/VFtp-A (Sophos), DoS:PERL/Vqserver.A* (RAV), Unix/Vqserv@expl (FRISK), UNIX:Malware (ALWIL)
Technical details
This malicious program can be used to conduct a DoS attack on a remote server. It is a script file, written in Perl. The infected file is 744 bytes in size.
Payload
This script establishes a connection to port 80 on the HTTP vqServer 1.4.49. The remote malicious user gives the name of the server to be attacked.
A specially crafted HTTP GET command containing a string of 65000 'A's is then sent to the server. As a result of processing this command, the system under attack will crash.
Removal instructions
1. Delete the infected script file.
2. Update your antivirus databases and perform a full scan of the computer (download a trial version).
DoS.Perl.Vqserver (Kaspersky Lab) is also known as: UNIX (McAfee), Hacktool.DoS (Symantec), Troj/VFtp-A (Sophos), DoS:PERL/Vqserver.A* (RAV), Unix/Vqserv@expl (FRISK), UNIX:Malware (ALWIL)
Technical details
This malicious program can be used to conduct a DoS attack on a remote server. It is a script file, written in Perl. The infected file is 744 bytes in size.
Payload
This script establishes a connection to port 80 on the HTTP vqServer 1.4.49. The remote malicious user gives the name of the server to be attacked.
A specially crafted HTTP GET command containing a string of 65000 'A's is then sent to the server. As a result of processing this command, the system under attack will crash.
Removal instructions
1. Delete the infected script file.
2. Update your antivirus databases and perform a full scan of the computer (download a trial version).
DoS.Win32.DieWar
Aliases
DoS.Win32.DieWar (Kaspersky Lab) is also known as: DDoS-Diewa (McAfee), Hacktool (Symantec), Troj/Ussr-War (Sophos), DDoS:DieWA170 (RAV), TROJ_DDOS_DIEWAR (Trend Micro), Trojan.DDOS.Diewa.1.7.0 (SOFTWIN), Flooder.Diewa (ClamAV), Trj/DoS.DieWar (Panda), Win32/DDoS.DieWar (Eset)
Technical details
This program is a realized DoS attack on one of the more popular ftp-servers for Windows 95/98/NT - War-FTPD v1.70. It makes many connections to an ftp-server resulting in a denial of service. This program also can disturb the operation of other ftp's in a Unix system - wu-ftpd, proftpd, ftpd-BSD.
DoS.Win32.DieWar (Kaspersky Lab) is also known as: DDoS-Diewa (McAfee), Hacktool (Symantec), Troj/Ussr-War (Sophos), DDoS:DieWA170 (RAV), TROJ_DDOS_DIEWAR (Trend Micro), Trojan.DDOS.Diewa.1.7.0 (SOFTWIN), Flooder.Diewa (ClamAV), Trj/DoS.DieWar (Panda), Win32/DDoS.DieWar (Eset)
Technical details
This program is a realized DoS attack on one of the more popular ftp-servers for Windows 95/98/NT - War-FTPD v1.70. It makes many connections to an ftp-server resulting in a denial of service. This program also can disturb the operation of other ftp's in a Unix system - wu-ftpd, proftpd, ftpd-BSD.
DoS.Win32.VB.y
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 20480 bytes in size. It is written in Visual Basic.
Payload
Once launched, the program displays its main window:
The malicious user then enters the victim’s IP address. Once the “DoS it!” button has been pressed, a large number of small TCP packets will be sent to the address indicated.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the malicious program’s process.
2. Delete the original program file (the location will depend on how the program originally penetrated the victim machine).
3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 20480 bytes in size. It is written in Visual Basic.
Payload
Once launched, the program displays its main window:
The malicious user then enters the victim’s IP address. Once the “DoS it!” button has been pressed, a large number of small TCP packets will be sent to the address indicated.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Use Task Manager to terminate the malicious program’s process.
2. Delete the original program file (the location will depend on how the program originally penetrated the victim machine).
3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Win32.VB.z
echnical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 40960 bytes in size. It is written in Visual Basic.
Payload
Once launched, the program displays its main window:
The malicious user then enters the victim’s IP address. Once the “Attack!” button has been pressed, a large number of ping requests or finger requests will be sent to the victim machine.
Once the attack is underway, the Trojan causes the following message to be displayed:
Removal instructions
1. Use Task Manager to terminate the malicious program’s process.
2. Delete the original program file (the location will depend on how the program originally penetrated the victim machine).
3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 40960 bytes in size. It is written in Visual Basic.
Payload
Once launched, the program displays its main window:
The malicious user then enters the victim’s IP address. Once the “Attack!” button has been pressed, a large number of ping requests or finger requests will be sent to the victim machine.
Once the attack is underway, the Trojan causes the following message to be displayed:
Removal instructions
1. Use Task Manager to terminate the malicious program’s process.
2. Delete the original program file (the location will depend on how the program originally penetrated the victim machine).
3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
DoS.Win32.VB.aa
Technical details
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 14336 bytes in size. It is written in Visual Basic.
Payload
Once launched the Trojan displays the program window shown below:
The remote malicious user then enters the relevant data and launches a DoS attack on the designated server.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 14336 bytes in size. It is written in Visual Basic.
Payload
Once launched the Trojan displays the program window shown below:
The remote malicious user then enters the relevant data and launches a DoS attack on the designated server.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
1. Delete the original malicious program file (the location will depend on how the program originally penetrated the victim machine).
2. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Denial-of-Service Attack Tools
1. DoS.Linux.Chass
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 4 240 bytes in size. It is written in C++.
2. DoS.Linux.Front
This malicious program is designed to conduct a Denial of Service attack on a remote server. The program itself is a malicious script written in Perl. It is 988 bytes in size.
3. DoS.Linux.IISuxor
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. It is 15 048 bytes in size. It is written in C++.
4. DoS.Linux.Octopus
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 14 291 bytes in size. It is written in C++.
5. DoS.Linux.SinkSlice
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 8,368 bytes in size. It is written in C++.
6. DoS.Perl.Avirt
This malicious program can be used to conduct DoS attacks on a remote server. The program itself is a script file written in Perl. The file is approximately 1400 bytes in size.
7. DoS.Perl.Chopsui
This malicious program can be used to conduct a DoS attack on a remote server. The program itself is a script file written in Perl. The infected file is 913 bytes in size.
8. DoS.Perl.Fusion
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 1277 bytes in size.
9. DoS.Perl.Httux
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 928 bytes in size.
10. DoS.Perl.Imesh.102
This malicious program can be used to conduct a DoS attack. It is a script file written in Perl. The infected file is 1350 bytes in size.
11. DoS.Perl.Nertt
This malicious program can be used to conduct a DoS attack on a remote server. It is a script file written in Perl. The infected file is 1803 bytes in size.
12. DoS.Perl.Raden
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is approximately 2300 bytes in size.
13. DoS.Perl.Shafolder
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 1649 bytes in size.
14. DoS.Perl.Tedla
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 7747 bytes in size.
15. DoS.Perl.Vqserver
This malicious program can be used to conduct a DoS attack on a remote server. It is a script file, written in Perl. The infected file is 744 bytes in size.
16. DoS.Win32.DieWar
This program is a realized DoS attack on one of the more popular ftp-servers for Windows 95/98/NT - War-FTPD v1.70. It makes many connections to an ftp-server resulting in a denial of service. This program also can disturb the operation of other ftp's in a Unix system - wu-ftpd, proftpd,...
17. DoS.Win32.VB.y
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 20480 bytes in size. It is written in Visual Basic.
18. DoS.Win32.VB.z
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 40960 bytes in size. It is written in Visual Basic.
19. DoS.Win32.VB.aa
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 14336 bytes in size. It is written in Visual Basic.
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 4 240 bytes in size. It is written in C++.
2. DoS.Linux.Front
This malicious program is designed to conduct a Denial of Service attack on a remote server. The program itself is a malicious script written in Perl. It is 988 bytes in size.
3. DoS.Linux.IISuxor
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. It is 15 048 bytes in size. It is written in C++.
4. DoS.Linux.Octopus
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 14 291 bytes in size. It is written in C++.
5. DoS.Linux.SinkSlice
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Linux ELF file. The file is 8,368 bytes in size. It is written in C++.
6. DoS.Perl.Avirt
This malicious program can be used to conduct DoS attacks on a remote server. The program itself is a script file written in Perl. The file is approximately 1400 bytes in size.
7. DoS.Perl.Chopsui
This malicious program can be used to conduct a DoS attack on a remote server. The program itself is a script file written in Perl. The infected file is 913 bytes in size.
8. DoS.Perl.Fusion
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 1277 bytes in size.
9. DoS.Perl.Httux
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 928 bytes in size.
10. DoS.Perl.Imesh.102
This malicious program can be used to conduct a DoS attack. It is a script file written in Perl. The infected file is 1350 bytes in size.
11. DoS.Perl.Nertt
This malicious program can be used to conduct a DoS attack on a remote server. It is a script file written in Perl. The infected file is 1803 bytes in size.
12. DoS.Perl.Raden
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is approximately 2300 bytes in size.
13. DoS.Perl.Shafolder
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 1649 bytes in size.
14. DoS.Perl.Tedla
This malicious program is designed to conduct Denial of Service attacks on a remote server. The program itself is a malicious script written in Perl. It is 7747 bytes in size.
15. DoS.Perl.Vqserver
This malicious program can be used to conduct a DoS attack on a remote server. It is a script file, written in Perl. The infected file is 744 bytes in size.
16. DoS.Win32.DieWar
This program is a realized DoS attack on one of the more popular ftp-servers for Windows 95/98/NT - War-FTPD v1.70. It makes many connections to an ftp-server resulting in a denial of service. This program also can disturb the operation of other ftp's in a Unix system - wu-ftpd, proftpd,...
17. DoS.Win32.VB.y
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 20480 bytes in size. It is written in Visual Basic.
18. DoS.Win32.VB.z
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 40960 bytes in size. It is written in Visual Basic.
19. DoS.Win32.VB.aa
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 14336 bytes in size. It is written in Visual Basic.
Other Malware
Other malware includes a range of programs that do not threaten computers directly, but are used to create viruses or Trojans, or used to carry out illegal activities such as DoS attacks and breaking into other computers.
* DoS and DDoS Tools
* Hacker Tools and Exploits
* Flooders
* Constructors and VirTools
* Nukers
* FileCryptors and PolyCryptors
* PolyEngines
DoS and DDoS Tools
These programs attack web servers by sending numerous requests to the specified server, often causing it to crash under an excessive volume of requests. If the server is not backed by additional resources, it will signal the failure to process requests by denying service. This is why such attacks are called Denial of Service attacks.
DoS programs conduct such attacks from a single computer with the consent of the user. Distributed Denial of Service (DDoS) attacks use a large number of infected machines without the knowledge or consent of their owners. DDoS programs can be downloaded onto victim machines by various methods. They then launch an attack either based on a date included in the code or when the 'owner' issues a command to launch the attack.
Worms can carry a DoS procedure as part of their payload. For instance, on August 20, 2001, the CodeRed worm launched a successful attack on the official web site of the President of the USA (www.whitehouse.gov). Mydoom.a contained DDoS code directed against SCO's corporate site. The company, a Unix developer, closed the site on February 1, 2004, shortly after the beginning of the DdoS attack and moved it to a different URL.
Hacker Tools and Exploits
These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to victim machines.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Flooders
These utilities are used to flood data channels with useless packets and emails.
Constructors and VirTools
Virus writers use constructor utilities to create new malicious programs and Trojans. It is known that constructors to create macro-viruses and viruses for Windows are in existence. Constructors can be used to generate virus source code, object modules and infected files.
Some constructors come with a user interface where the virus type, objects to attack, encryption options, protection against debuggers and dissasemblers, text strings, multimedia effects etc. can be chosen from a menu. Less complex constructors have no interface, and read information about the type of virus to be built from the configuration file.
VirTools are all utilites created to simplify virus writing. They can also be used to analyze viruses to see how they can be used in hacking attacks.
Nukers
Hackers use these utilities to crash attacked machines by sending specially coded/phrased requests. These requests exploit vulnerabilities in applications and operating systems to cause fatal errors.
FileCryptors and PolyCryptors
These are hacker utilities used by virus writers use to encrypt malicious programs to prevent them being detected by antivirus software.
PolyEngines
Polymorphic generators are not viruses in the true sense of the word. They do not propagate by opening, closing or writing code into files or reading and writing sectors. These programs encrypt the body of the virus and generate a de-encryption routine.
Virus writers usually spread polymorphic generators as archived files. The main file in a generator archive is the object module which contains the actual generator. This module always contains an external function that calls the generator.
* DoS and DDoS Tools
* Hacker Tools and Exploits
* Flooders
* Constructors and VirTools
* Nukers
* FileCryptors and PolyCryptors
* PolyEngines
DoS and DDoS Tools
These programs attack web servers by sending numerous requests to the specified server, often causing it to crash under an excessive volume of requests. If the server is not backed by additional resources, it will signal the failure to process requests by denying service. This is why such attacks are called Denial of Service attacks.
DoS programs conduct such attacks from a single computer with the consent of the user. Distributed Denial of Service (DDoS) attacks use a large number of infected machines without the knowledge or consent of their owners. DDoS programs can be downloaded onto victim machines by various methods. They then launch an attack either based on a date included in the code or when the 'owner' issues a command to launch the attack.
Worms can carry a DoS procedure as part of their payload. For instance, on August 20, 2001, the CodeRed worm launched a successful attack on the official web site of the President of the USA (www.whitehouse.gov). Mydoom.a contained DDoS code directed against SCO's corporate site. The company, a Unix developer, closed the site on February 1, 2004, shortly after the beginning of the DdoS attack and moved it to a different URL.
Hacker Tools and Exploits
These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to victim machines.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Flooders
These utilities are used to flood data channels with useless packets and emails.
Constructors and VirTools
Virus writers use constructor utilities to create new malicious programs and Trojans. It is known that constructors to create macro-viruses and viruses for Windows are in existence. Constructors can be used to generate virus source code, object modules and infected files.
Some constructors come with a user interface where the virus type, objects to attack, encryption options, protection against debuggers and dissasemblers, text strings, multimedia effects etc. can be chosen from a menu. Less complex constructors have no interface, and read information about the type of virus to be built from the configuration file.
VirTools are all utilites created to simplify virus writing. They can also be used to analyze viruses to see how they can be used in hacking attacks.
Nukers
Hackers use these utilities to crash attacked machines by sending specially coded/phrased requests. These requests exploit vulnerabilities in applications and operating systems to cause fatal errors.
FileCryptors and PolyCryptors
These are hacker utilities used by virus writers use to encrypt malicious programs to prevent them being detected by antivirus software.
PolyEngines
Polymorphic generators are not viruses in the true sense of the word. They do not propagate by opening, closing or writing code into files or reading and writing sectors. These programs encrypt the body of the virus and generate a de-encryption routine.
Virus writers usually spread polymorphic generators as archived files. The main file in a generator archive is the object module which contains the actual generator. This module always contains an external function that calls the generator.
Subscribe to:
Posts (Atom)
