» » » » » » Cyber attacks

Cyber attacks

ball-216837TROJAN

Remember the Trojan Horse? Bad guys hid inside it until they could get into the city to do their evil deed. A trojan computer program is similar. It is a program which does an unauthorized function, hidden inside an authorized program. It does something other than what it claims to do, usually something malicious (although not necessarily!), and it is intended by the author to do whatever it does. .

A Trojan horse is a program that does something that the programmer intended, but the user would not approve of if he knew about it in advance. Because most current security systems are based primarily on user-level privilege rather than program-level privilege, any program that you run can read any object you have read-access to, write to any object that you have write-access to, and execute any program or command that you are authorized to execute. A Trojan horse concealed in a random game program downloaded from your favorite newsgroup can read any file you have read access to, and mail it anywhere in the world. It can erase, or just shuffle around a few bytes in, any file you can write to. It can send obscene messages, or post embarassing things to random newsgroups. And it can copy itself into any program that you have write access to. In a mobile-agent system, it is critical to ensure that arriving agents execute in a controlled environment, and are able to do only those things that they are authorized to do. Agents should be trusted only as far as the least-trusted entity that may have been able to alter the program or internal state of the agent; secure authentication methods (such as digital signatures) must be used carefully when it is necessary to establish the real author or sender of an agent.

If it’s not intentional, its called a ‘bug’ or, in some cases, a feature 🙂 Some virus scanning programs detect some trojans. Some virus scanning programs don’t detect any trojans. No virus scanners detect all trojans

VIRUS

A virus is an independent program which reproduces itself. It may attach to other programs, it may create copies of itself (as in companion viruses). It may damage or corrupt data, change data, or degrade the performance of your system by utilizing resources such as memory or disk space.

A virus is a program (generally a Trojan horse) that spreads, by making copies of iteslf in one way or another. In the microcomputer environment, viruses generally spread by writing copies of themselves into other programs, or into boot records of disks and diskettes.

Some virus scanners detect some viruses. No virus scanners detect all viruses. No virus scanner can protect against “any and all viruses, known and unknown, now and forevermore”.

VIRUS PROTECTION

The most common viruses are boot sector infectors. You can help protect yourself against those by write protecting all disks which you do not need write access to. Definitely keep a set of write protected floppy system disks. If you get a virus, it will make things much simpler. Scan all incoming files with a recent copy of a good virus scanner. Among the best are F-Prot, Dr. Solomon’s Anti-virus Toolkit, and Thunderbyte Anti-Virus. AVP is also a good program. Using more than one scanner could be helpful. You may get those one or two viruses that the other guy happened to miss this month. New viruses come out at the rate of about 8 per day now. NO scanner can keep up with them all, but the four mentioned here do the best job of keeping current. Any _good_ scanner will detect the majority of common viruses. No virus scanner will detect all viruses. Right now there are about 5600 known viruses. New ones are written all the time. If you use a scanner for virus detection, you need to make sure you get frequent updates. If you rely on behavior blockers, you should know that such programs can be bypassed easily by a technique known as tunnelling.

You may want to use integrity checkers as well as scanners. Keep in mind that while these can supply added protection, they are not foolproof.

You may want to use a particular kind of scanner, called resident scanners. Those are programs which stay resident in the computer memory and constantly monitor program execution (and sometimes even access to the files containing programs). If you try to execute a program, the resident scanner receives control and scans it first for known viruses. Only if no such viruses are found, the program is allowed to execute. Most virus scanners will not protect you against many kinds of trojans, any sort of logic bombs, or worms. Theoretically, they _could_ protect you against logic bombs and/or worms, by addition of scanning strings; however, this is rarely done.

The best, actually only way, to protect yourself is to know what you have on your system and make sure what you have there is authorized by you. Make frequent backups of all important files. Keep your DOS system files write protected. Write protect all disks that you do not need to write to. If you do get a virus, don’t panic. Call the support department of the company who supplies your anti-virus product if you aren’t sure of what you are doing. If the company you got your anti-virus software from does not have a good technical support department, change companies.

The best way to make sure viruses are not spread is not to spread them. Some people do this intentionally. We discourage this. Viruses aren’t cool.

(THEORA)

WORM

Made famous by Robert Morris, Jr. , worms are programs which reproduce by copying themselves over and over, system to system, using up resources and sometimes slowing down the systems.

A worm in a networked environment is generally a self-sufficient program that spreads by spawning copies of itself on other hosts in the network. One famous worm caused great disruption on the Internet in 1988. There is no hard line between viruses and worms; in general, if the spreading entity is a self-sufficient program, it will be called a worm, whereas if it embeds itself inside other programs or boot code, it will be called a virus.

Some people say the solution to viruses and worms is to just not have any files or networks. They are probably correct. We would include computers.

LOGIC BOMB

Code which will trigger a particular form of ‘attack’ when a designated condition is met. For instance, a logic bomb could delete all files on Dec. 5th. Unlike a virus, a logic bomb does not make copies of itself.

FLASH CROWDS

The term Flash Crowd was first used by Larry Niven, in a science fiction short story. In the story, cheap local teleportation has become possible; now, the sites of attractive news stories are instantly innundated with rubberneckers teleporting in to watch.

As systems become more interconnected and more powerful, we have the equivalent of cheap teleportation; if a Web site becomes known as particularly interesting, its usage curve can go exponential, causing network bottlenecks and server crashes. In networks of agents, a vast number of similarly-programmed agents, like a horde of similarly-programmed trading programs causing a market crash, can cause network congestion and server overload. And if the agents all adopt similar fallback strategies in response to overload, the flash crowd can migrate from server to server on the net, leading to surging hard-to-remedy travelling overloads.

WEEDS

A weed is a program (or anything else in a system) that does no one any good, but that uses such a small amount of resources that it’s often not cost-effective to do anything about it. Eventually, weeds start to accumulate, and it’s time to get out the clippers. Or the herbicide.

Uncontrolled, a large number of weeds can waste significant amounts of system resources; distributed systems will need the ability to monitor this sort of activity, and impose controls if it gets out of hand

FREELOADER

A freeloader is a program that uses some system or server resources to survive and possibly benefit its creator, without paying for them. Servers may provide some minimal service for free, in order to attract paying customers, or unintentionally, as an unintended effect of complex cost structures; there may be ways to arrange for some transaction charges, especially small ones, to be lost in the shuffle. A freeloader exploits these sorts of things to operate free of charge.

Requests from known freeloaders may be charged for, even in cases that are normally free.

FLYING DUTCHMAN

Named for the legendary ghost-ship, a Flying Dutchman is a freeloader that manages to become effectively immortal, without paying for the resources that it uses to survive. A Flying Dutchman may move from host to host, never quite using enough resources to be killed; it may spawn a copy of itself on another host just before it is terminated, ensuring an unending gene-line.

ZOMBIE

A Zombie is similar to a Flying Dutchman; it is a program that has been terminated, but continues to consume some resources anyway, due to (sometimes infinite) delays in cleaning up all the resources associated with it. Zombies can sometimes get enough resources to do actual processing; more often, they exist only as the undead owners of various kinds of space.

A single freeloading or immortal program will not in itself damage a distributed system, and we anticipate that a typical agent-based system will tolerate a low level of freeloading. An analogy is to physical stores, which will tolerate a certain number of people coming in to get out of the rain and using the restrooms, on the chance that they may eventually buy something.

Intelligent monitoring processes may be needed to identify and terminate intentionally or accidentally immortal programs that are serving no useful purpose. 

Leave a Reply

Your email address will not be published. Required fields are marked *