Runall dvi
Trojans, Viruses, Worms and Rootkits
Download 499.36 Kb. Pdf ko'rish
|
1-m
|
21.3 Trojans, Viruses, Worms and Rootkits
649 writers is to recruit machines that can be sold on for cash to botnet herders and for other exploits. Most viruses in the 1980s and 1990s were very flaky; although tens of thousands of different viruses were reported, very few actually spread in the wild. It’s actually rather difficult to write a virus that spreads properly; if it’s not infectious enough it won’t spread, while if you make it too infectious then it gets noticed quickly and dealt with. However, those viruses that did spread often spread very widely and infected millions of machines. A widespread self-replicating worm may bring a huge ego boost to a teenage programmer, but for the Mafia it’s not optimal. Such a worm becomes headline news and within a few hours the world’s anti-virus vendors are upgrading their products to detect and remove it. Even the mass media get in on the act, telling the public not to click on any link in such-and-such an email. Now that the writers are focussed on money rather than bragging rights, they release more attacks but limited ones. Furthermore, rather than using self-replicating worms — which attract attention by clogging up the Internet — the modern trend is towards manually-controlled exploit campaigns. In September 2007 the largest botnet was perhaps the Storm network, with around a million machines. Its herders are constantly recruiting more machines to it, using one theme after another. For example, following the start of the National Football League season on September 6th, they sent out spam on September 9th saying simply ‘Football . . . Need we say more? Know all the games, what time, what channel and all the stats. Never be in the dark again with this online game tracker’, following by a link to a URL from which the gullible download a file called tracker.exe that installs a rootkit in their machine. Using techniques like this — essentially, professional online marketing — they constantly grow their network. And although the media refer to Storm as a ‘worm’, it isn’t really: it’s a Trojan and a rootkit. Victims have to click away several warnings before they install it; Windows warns them that it isn’t signed and asks them if they really want to install it. However, Windows pops up so many annoying dialog boxes that most people are well trained to click them away. In the case of Storm, it was targeted by Microsoft’s malicious software removal tool on September 11th, and Redmond reported that over a quarter of a million machines had been cleaned; they also estimated that Storm had half a million active machines, with perhaps a few hundred thousand that were not being actively used. The network — the most powerful supercomputer on the planet — earned its living by being rented out to pump-and-dump operators and pharmacy scammers [742]. Two other networks were also identified as having over half a million bots; Gozi and Nugache use the same peer-to-peer architecture as Storm, and by the end of 2007 these networks were getting increasingly sophisticated and exploring new criminal business models [1134]. |
