These Trojans are archived files coded to sabotage the de-compressor when it attempts to open the infected archived file. The victim machine will slow or crash when the Trojan bomb explodes, or the disk will be filled with nonsense data. ArcBombs are especially dangerous for servers, particularly when incoming data is initially processed automatically: in such cases, an ArcBomb can crash the server.
There are three types of ArcBombs: incorrect header in the archive, repeating data and a series of identical files in the archive.
An incorrect archive header or corrupted data can both cause the de-compressor to crash when opening and unpacking the infected archive.
A large file containing repeating data can be packed into a very small archive: 5 gigabytes will be 200 KB when packed using RAR and 480 KB in ZIP format.
Moreover, special technologies exist to pack an enormous number of identical files in one archive without significantly affecting the size of the archive itself: for instance, it is possible to pack 10100 identical files into a 30 KB RAR file or a 230 KB ZIP file.
Wednesday, February 14, 2007
Trojan Programs - Rootkits
A rootkit is a collection of programs used by a hacker to evade detection while trying to gain unauthorized access to a computer. This is done either by replacing system files or libraries, or by installing a kernel module. The hacker installs the rootkit after obtaining user-level access: typically this is done by cracking a password or by exploiting a vulnerability. This is then used to gather other user IDs until the hacker gains root, or administrator, access to the system.
The term originated in the Unix world, although it has since been applied to the techniques used by authors of Windows-based Trojans to conceal their actions. Rootkits have been used increasingly as a form of stealth to hide Trojan activity, something that is made easier because many Windows users log in with administrator rights.SERICOL, Лаки УФ-отверждения,SERICOL, Лаки УФ-отверждения,SERICOL, Лаки УФ-отверждения
The term originated in the Unix world, although it has since been applied to the techniques used by authors of Windows-based Trojans to conceal their actions. Rootkits have been used increasingly as a form of stealth to hide Trojan activity, something that is made easier because many Windows users log in with administrator rights.SERICOL, Лаки УФ-отверждения,SERICOL, Лаки УФ-отверждения,SERICOL, Лаки УФ-отверждения
Trojan Programs - Trojan Notifiers
These Trojans inform the 'master' about an infected machine. Notifiers confirm that a machine has been successfully infected, and send information about IP-address, open port numbers, the email address etc. of the victim machine. This information may be sent by email, to the master's website, or by ICQ.
Notifiers are usually included in a Trojan 'pack' and used only to inform the master that a Trojan has been successfully installed on the victim machine.ловля спиннингом с лодки
Notifiers are usually included in a Trojan 'pack' and used only to inform the master that a Trojan has been successfully installed on the victim machine.ловля спиннингом с лодки
Trojan Programs - Trojan Spies
This family includes a variety of spy programs and key loggers, all of which track and save user activity on the victim machine and then forward this information to the master. Trojan-spies collect a range of information including:
- Keystrokes
- Screenshots
- Logs of active applications
- Other user actions
These Trojans are most often used to steal banking and other financial information to support online fraud.
- Keystrokes
- Screenshots
- Logs of active applications
- Other user actions
These Trojans are most often used to steal banking and other financial information to support online fraud.
Trojan Programs - Trojan Proxies
Trojan Proxies
These Trojans function as a proxy server and provide anonymous access to the Internet from victim machines. Today these Trojans are very popular with spammers who always need additional machines for mass mailings. Virus coders will often include Trojan-proxies in Trojan packs and sell networks of infected machines to spammers.запасные части для струйных принтеров,
These Trojans function as a proxy server and provide anonymous access to the Internet from victim machines. Today these Trojans are very popular with spammers who always need additional machines for mass mailings. Virus coders will often include Trojan-proxies in Trojan packs and sell networks of infected machines to spammers.запасные части для струйных принтеров,
Trojan Programs - Trojan Droppers
These Trojans are used to install other malware on victim machines without the knowledge of the user. Droppers install their payload either without displaying any notification, or displaying a false message about an error in an archived file or in the operating system. The new malware is dropped to a specified location on a local disk and then launched.
Droppers are normally structured in the following way:
Main file
contains the dropper payload
File 1
first payload
File 2
second payload
...
as many files as the coder chooses to include
The dropper functionality contains code to install and execute all of the payload files.
In most cases, the payload contains other Trojans and at least one hoax: jokes, games, graphics and so forth. The hoax is meant to distract the user or to prove that the activity caused by the dropper is harmless, whereas it actually serves to mask the installation of the dangerous payload.
Hackers using such programs achieve two objectives:
- Hidden or masked installation of other Trojans or viruses
- Tricking antivirus solutions which are unable to analyse all components
Droppers are normally structured in the following way:
Main file
contains the dropper payload
File 1
first payload
File 2
second payload
...
as many files as the coder chooses to include
The dropper functionality contains code to install and execute all of the payload files.
In most cases, the payload contains other Trojans and at least one hoax: jokes, games, graphics and so forth. The hoax is meant to distract the user or to prove that the activity caused by the dropper is harmless, whereas it actually serves to mask the installation of the dangerous payload.
Hackers using such programs achieve two objectives:
- Hidden or masked installation of other Trojans or viruses
- Tricking antivirus solutions which are unable to analyse all components
Trojan Programs - Trojan Downloaders
This family of Trojans downloads and installs new malware or adware on the victim machine. The downloader then either launches the new malware or registers it to enable autorun according to the local operating system requirements. All of this is done without the knowledge or consent of the user.
The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website or other Internet location.
The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website or other Internet location.
Subscribe to:
Posts (Atom)
