Runall dvi
How Viruses and Worms Work
Download 499.36 Kb. Pdf ko'rish
|
1-m
- Bu sahifa navigatsiya:
- 21.3 Trojans, Viruses, Worms and Rootkits 647
|
21.3.3 How Viruses and Worms Work
A virus or worm typically has two components — a replication mechanism and a payload. A worm simply makes a copy of itself somewhere else when it’s run, perhaps by breaking into another system (as the Internet worm did) or mailing itself as an attachment to the addresses on the infected system’s address list (as many recent worms have done). In the days of DOS viruses, the commonest way for a virus to replicate was to append itself to an executable file and patch itself in, so that the execution path jumps to the virus code and then back to the original program. Given a specific platform, there are usually additional tricks available to the virus writer. For example, if the target system was a DOS PC with a file called ACCOUNTS.EXE, one could introduce a file called ACCOUNTS.COM, which DOS will execute in preference. DOS viruses could also attack the boot sector or the partition table, and there are even printable viruses — viruses all of whose opcodes are printable ASCII characters, so that they can even propagate on paper. A number of DOS viruses are examined in detail in [817]. The second component of a virus is the payload. This will usually be activated by a trigger, such as a date, and may then do one or more of a number of bad things: make selective or random changes to the machine’s protection state (this is what we worried about with multilevel secure systems); 21.3 Trojans, Viruses, Worms and Rootkits 647 make changes to user data (some early viruses would trash your hard disk while some recent ones encrypt your disk and ask you to pay a ran- som for the decryption key); lock the network (e.g., start replicating at maximum speed); perform some nefarious task (e.g. use the CPU for DES keysearch); get your modem to phone a premium-rate number in order to transfer money from you to a telephone scamster; install spyware or adware in your machine. This might just tell mar- keters what you do online — but it might steal your bank passwords and extract money from your account; install a rootkit — software that hides in your machine having taken it over. This is typically used to recruit your machine into a botnet, so that it can be used later for spam, phishing and distributed denial of service attacks at the botnet herder’s pleasure. The history of malware, and of countermeasures, has some interesting twists and turns. Download 499.36 Kb. Do'stlaringiz bilan baham: 
|