written 8.5 years ago by |
Targeted malicious code
- Targeted malicious code is written for a particular system. To do so the attacker or the code writer studies the system carefully identifying its weaknesses. The different types are:
i. Brain:
The Brain virus placed itself in the boot sector and other places on the system. It then screened all disk access so as to avoid detection and to maintain its infection. Each time the disk was read, Brain would check the boot sector to see if it was infected. If not, it would reinstall itself in the boot sector and elsewhere. This made it difficult to completely remove the virus.
ii. Morris Worm:
The Morris worm obtains a remote access to machines on the network by guessing the user account passwords. If that failed, it tried to exploit a buffer overflow and also tried to exploit a trapdoor in send-mail. Once access had been obtained to a machine, the worm sent a bootstrap loader to the victim. The bootstrap loader then fetched the rest of the worm. In this process, the victim machine even authenticated the sender. The Morris worm went to great lengths to remain undetected. If the transmission of the worm was interrupted, all of the code that had been transmitted was deleted. The code was also encrypted when it was downloaded, and the downloaded source code was deleted after it was decrypted and compiled. When the worm was running on a system, it periodically changed its name and process identifier (PID), so that a system administrator would be less likely to notice anything unusual.
iii. Code Red:
To gain access to a system, the Code Red worm exploited a buffer overflow in Microsoft IIS server software. It then monitored traffic on port 80, looking for other potential targets. The action of Code Red depended on the day of the month. From day 1to 19, it tried to spread its infection, then from day 20 to 27 it attempted a distributed denial of service (DDoS) attack .
iv. SQL Slammer:
The Slammer infected sites by randomly generating IP addresses. A more efficient search strategy could have made it more effective use of the available bandwidth. Slammer spreads too fast and effectively burns out the available bandwidth on the Internet. If Slammer had been able to throttle itself slightly, it could have ultimately infected more systems and it might have caused significantly more damage.
v. Time Bomb:
This is a code that it will take effect at a particular time or date. The virus is stored in the memory till it is time to burst. Y2K is a good example of time bomb.
vi. Logic Bomb:
It is a malicious code initiated when a specific condition occurs. Logic can be with respect to some event. The logic can be a condition or a count which remains in the memory for the condition to occur and affect the system.