Sub Product

Malware

Malware   Probably the largest threat to any business that rely on their ICT systems is the ever increasing levels of system infection due to illicitly engineered programs that are design to cause destruction and inconvenience to the World community . These can take many different forms but generally can be classified as follows;   Viruses A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc. Viruses are actually now one of the least worries of the IT Manager as there are a number of excellent pro-active anti-viral packages such as McAfee and Sophos that if installed and configured correctly usually stop their infection and spread.   E-mail viruses An e-mail virus moves spreads within e-mail messages, and usually replicates itself by automatically mailing itself to contacts within the victim's e-mail address book. Two well known example of this kind of infection are Mellissa (1999) and ILOVEYOU (2000). Both however had different infection methods.   Melissa was contained within an Office Word Document attachment, when the attachment was opened it ran and replicated itself to the first 50 people in that users address book. In itself it was not that dangerous however it created havoc amongst email servers as they suddenly found themselves being hit with overwhelming incoming emails. It then changed the normal.dot template so it continued to be added to every document the user created. If people had turned on the Macro protection within Office Melissa would not have been able to infect.   ILOVEYOU was more malevolent it was contained within an attachment that was delivered in a ‘friendly’ sounding email. It was testimony to human nature that even though recipients had no idea who the sender was they went ahead and opened the attachment anyway. Once opened sent itself to everyone in the users address book and then began to corrupt all files on the user’s computer and network shares.   Worms A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating itself from this new additional source.  This then grows at an exponential rate, for example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001.   The U.S. government even changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they have installed the security patch.  Had they already been patching their servers they would have not faced the risk of being infected.     Trojan horses A Trojan horse is simply a computer program that claims to do one thing (it may claim to be a game) but instead does damage when you run it. Recently the typical payload for these results in the program turning off system protect and then broadcasting the fact that the system is open to the wider illicit community. A typical signature is the sudden change of your home page followed by dozens of unwanted Pop-Up pages offering all sorts of undesirable products. Trojan horses currently do not self-replicate but rely on a user inadvertently downloading it.  The most effective way to stop Trojans is to install and manage an effective Firewall and Internet management system.     Adware and Spyware   These are programs that infect your system and make changes to your Internet experience. Adware generally uses its programming to ensure that when you are using the Internet you are delivered unwanted advertisements by using Pop-ups and Pop-unders. Often your default home page is also changed to a site of the applications choice, usually a site ‘advertising’ their sponsors wares.   Spyware is often intertwined with Adware and generally tracks or logs your internet browsing habits. Your movements are then sent to sites who bombard you with targeted advertising (using the Adware component) that are aligned to your browsing habits. The simplest type of Spyware is the ‘tracking cookies’     Malware Solution   MCTS would deploy solutions from McAfee, SpamFighter and Computer Associates. These applications would be based on either a server or a suitable workstation which would automatically and deploy directly to all protected computers. Details coming soon... Malware   Probably the largest threat to any business that rely on their ICT systems is the ever increasing levels of system infection due to illicitly engineered programs that are design to cause destruction and inconvenience to the World community . These can take many different forms but generally can be classified as follows;   Viruses A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc. Viruses are actually now one of the least worries of the IT Manager as there are a number of excellent pro-active anti-viral packages such as McAfee and Sophos that if installed and configured correctly usually stop their infection and spread.   E-mail viruses An e-mail virus moves spreads within e-mail messages, and usually replicates itself by automatically mailing itself to contacts within the victim's e-mail address book. Two well known example of this kind of infection are Mellissa (1999) and ILOVEYOU (2000). Both however had different infection methods.   Melissa was contained within an Office Word Document attachment, when the attachment was opened it ran and replicated itself to the first 50 people in that users address book. In itself it was not that dangerous however it created havoc amongst email servers as they suddenly found themselves being hit with overwhelming incoming emails. It then changed the normal.dot template so it continued to be added to every document the user created. If people had turned on the Macro protection within Office Melissa would not have been able to infect.   ILOVEYOU was more malevolent it was contained within an attachment that was delivered in a ‘friendly’ sounding email. It was testimony to human nature that even though recipients had no idea who the sender was they went ahead and opened the attachment anyway. Once opened sent itself to everyone in the users address book and then began to corrupt all files on the user’s computer and network shares.   Worms A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating itself from this new additional source.  This then grows at an exponential rate, for example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001.   The U.S. government even changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they have installed the security patch.  Had they already been patching their servers they would have not faced the risk of being infected.     Trojan horses A Trojan horse is simply a computer program that claims to do one thing (it may claim to be a game) but instead does damage when you run it. Recently the typical payload for these results in the program turning off system protect and then broadcasting the fact that the system is open to the wider illicit community. A typical signature is the sudden change of your home page followed by dozens of unwanted Pop-Up pages offering all sorts of undesirable products. Trojan horses currently do not self-replicate but rely on a user inadvertently downloading it.  The most effective way to stop Trojans is to install and manage an effective Firewall and Internet management system.     Adware and Spyware   These are programs that infect your system and make changes to your Internet experience. Adware generally uses its programming to ensure that when you are using the Internet you are delivered unwanted advertisements by using Pop-ups and Pop-unders. Often your default home page is also changed to a site of the applications choice, usually a site ‘advertising’ their sponsors wares.   Spyware is often intertwined with Adware and generally tracks or logs your internet browsing habits. Your movements are then sent to sites who bombard you with targeted advertising (using the Adware component) that are aligned to your browsing habits. The simplest type of Spyware is the ‘tracking cookies’     Malware Solution   MCTS would deploy solutions from McAfee, SpamFighter and Computer Associates. These applications would be based on either a server or a suitable workstation which would automatically and deploy directly to all protected computers.
© 2006 Milne Craig Technology Solutions