W32.Sobig.F

It is a mass mailing worn that infects hosts computer with innocuously named e-mail attachments such as application.pif and thank_you.pif .When activated, this worm transmitted itself to e-mail addresses discovered on a host of local file types. The end result was massive amounts of Internet traffic. Upon execution, this worm drops a copy of itself in the Windows folder as WINPPR32.EXE. It also drops a non-malicious text file, WINSTT32.DAT, in the Windows folder. 

Read More

Most Dangerous Threats

These are some of the most dangerous threats:
 

NIMDA:

Shortly after the September 11 tragedy this computer virus infected hundreds of thousands of computers worldwide. Nimda was considered to be one of the most complicated viruses, having up to 5 different methods of infecting computers systems and duplicating itself. It was started in 2001.

SAPPHIRE:

SQL Slammer, also known as Sapphire, was launched on January 25, 2003. It was a doozy of a worm that had a noticeable negative impact upon global Internet traffic. Its target was servers. The virus was a single-packet, 376-byte worm that generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft’s SQL Server Desktop Engine, that computer would immediately begin firing the virus off to random IP addresses as well.

Slammer infected 75,000 computers in 10 minutes which is very remarkable. The outrageously high amounts of traffic overloaded routers across the globe, which created higher demands on other routers, which shut them down, and so on.

 BLASTER: 

The summer of 2003 was a rough time for businesses running PCs. In rapid succession, IT professionals witnessed the unleashing of both the Blaster and Sobig worms. Blaster, also known as Lovsan or MSBlast, was the first to hit. The virus was detected on August 11 and spread rapidly, peaking in just two days. Transmitted via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent.

Hidden in the code of MSBLAST.EXE — the virus’ executable ” were these messages: “I just want to say LOVE YOU SAN!!” and “billy gates why do you make this possible? Stop making money and fix your software!!”

SOBIG: 

The Sobig worm hit right at the end of Blaster, making August 2003 a miserable month for corporate and home PC users. The most destructive variant was Sobig.F, which spread so rapidly on August 19 that it set a record (which would later be broken by MyDoom), generating over 1 million copies of itself in its first 24 hours.

                   The virus infected host computers via innocuously named e-mail attachments such as application.pif and thank_you.pif. When activated, this worm transmitted itself to e-mail addresses discovered on a host of local file types. The end result was massive amounts of Internet traffic. On September 10, 2003, the virus deactivated itself and is no longer a threat. 

MyDoom : 

For a period of a few hours on January 26, 2004, the MyDoom shockwave could be felt around the world as this worm spread at an unprecedented rate across the Internet via e-mail. The worm, also known as Norvarg, spread itself in a particularly devious manner: It transmitted itself as an attachment in what appeared to be an e-mail error message containing the text “Mail Transaction Failed.” Clicking on the attachment spammed the worm to e-mail addresses found in address books. MyDoom also attempted to spread via the shared folders of users’ Kazaa peer-to-peer networking accounts.

The replication was so successful that computer security experts have speculated that one in every 10 e-mail messages sent during the first hours of infection contained the virus. MyDoom was programmed to stop spreading after February 12, 2004.

DOWNAD : 

The latest and most dangerous virus is the “downadup” worm, which was also called “Conficker”.  computer virus has infected 3.5 million computers worldwide. This malicious program was able to spread using a patched Windows flaw and Vulnerability. Downadup was successful in spreading across the Web due to the fact that it used a flaw that Microsoft patched in October in order to distantly compromise computers that ran unpatched versions of Microsoft’s operating system. But the greatest power of the worm is believed to be the ability of computers, infected with the worm, to download destructive code from a random drop point

Read More

Trojan Remover

Trojan or trojan horse is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system. Once a Trojan horse has been installed on a target computer system, a hacker may have access to the computer remotely and perform various operations, limited by user privileges on the target computer system and the design of the Trojan horse. 

Read More

Denial Of Service Attack

It is is an attempt to make a computer resource unavailable to its intended users by remote users. This is one of the Botnet Attacks. It generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Creators who use make or program this attack will target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.  

Read More

Types of Botnet Attacks

Bot net is a like a robot that sends some codes to remote user as requested by him. It first scans the computer or network for different vulnerabilities and it will use different types of attack . And we have seen what

• Denial-of-service attacks where multiple systems autonomously access a single Internet system or service in a way that appears legitimate, but much more frequently than normal use and cause the system to become busy.
• Adware exists to advertise some commercial entity actively and without the user's permission or awareness, for example by replacing banner ads on web pages with those of another content provider.
• Spyware is software which sends information to its creators about a user's activities – typically passwords, credit card numbers and other information that can be sold on the black market. Compromised machines that are located within a corporate network can be worth more to the bot herder, as they can often gain access to confidential information held within that company. There have been several targeted attacks on large corporations with the aim of stealing sensitive information, one such example is the Aurora botnet.
• E-mail spam are e-mail messages disguised as messages from people, but are either advertising, annoying, or malicious in nature.
• Click fraud is the user's computer visiting websites without the user's awareness to create false web traffic for the purpose of personal or commercial gain.
• Access number replacements are where the botnet operator replaces the access numbers of a group of dial-up bots to that of a victim's phone number. Given enough bots partake in this attack, the victim is consistently bombarded with phone calls attempting to connect to the internet. Having very little to defend against this attack, most are forced into changing their phone numbers.
• Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

Measures to prevent it:

• The most serious preventive measures utilize rate-based intrusion prevention systems implemented with specialized hardware.
• Removing services that provide reference points to botnets can cripple an entire botnet.
• Updating the Operating system that will avoid or fill all the vulnerabilities will also prevent botnets.
• You may go to opt for products like Norton Anti-Bot and other products given by different anti-virus companies will help in removing the botnets.

Read More