»
S
I
D
E
B
A
R
«
http proxy list txt
Jul 28th, 2010 by admin

A simple way to protect against malware – Part 1

Ok let's start with some definitions, all you need is to read carefully and do not hesitate to contact me for any assistant, the last days I have received a great deal of research on viruses, worms and bacteria, etc and I realized that many people are confused about some terms, let's see

Viruses

A computer virus is a computer program or script that can copy itself and contaminate a computer without permission or knowledge of the user. The name "virus" also is commonly used to refer to many different types of malware and adware programs. The original virus may modify the copies, or copies may modify themselves. A virus can only spread from one computer to another when its host is taken to the infected computer, for example, a user sending it over a network or Internet, or through the realization that in a removable media such as a diskette, CD or USB drive. Meanwhile viruses can spread to other computers by infecting files a shared network file system.

Recent viruses can also take advantage of network services such as the World Wide Web, email, instant messaging and file sharing systems to spread.

Virus Phases:

Virus phases can be grouped into four categories listed below:

  1. Latent phase: The virus is inactivated.
  2. Propagation phase: the virus is an identical copy of itself into other programs.
  3. Triggering phase: virus is activated to perform the function for it was conceived.
  4. Implementation phase: The function is performed.

Types of viruses:

Parasites Viruses

A parasitic virus attaches to a file in order to spread. In general, most intact file and either adds to the beginning or end of file, EXE and COM files are the easiest to infect, because they are simply loaded directly into memory and execution always starts at the first statement.

The memory resident virus

A virus that remains in memory after it executes and after its host program is terminated. In contrast, memory-resident virus only becomes active when you run an application infected.

Resident viruses contain a replication module that is similar to that which is employed by nonresident viruses. However, this module not called for a form module. Instead, the burdens of virus replication module into memory when running and ensures that this module is executed each time is called the operating system to perform a given operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects all appropriate programs running on the computer.

Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For example, a fast infector can infect every potential host file that is accessed. This poses a special problem for the anti-virus software as a virus scanner will have access to all files could host on a computer when you perform an analysis of the entire system. If the virus does not realize that this virus is present in memory, the virus can use the scanner virus and thus infect all files that are scanned. Fast infectors rely on their fast rate of spread of infection. The disadvantage of this method is that many infect files may make detection more likely, because the virus can slow a computer or perform many suspicious actions that can be noticed by the anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For example, some slow infectors only infect files when copied. Slow infectors are designed to avoid detection by limiting their actions, they are less likely to hold a remarkable team, and very few activation times in the antivirus software that detects suspicious behavior of programs.

The boot sector virus

A boot sector virus is a computer virus that infects the boot sector of hard disks, floppies, bootable and theoretically also others, as such, CD's and DVD's.

A boot sector virus infects or substitutes its own code, either for the DOS boot sector or Master Boot Record (MBR). The MBR is a small program that runs whenever the computer starts. Controls the boot sequence and determines which partition the computer boots. The MBR generally resides the first sector of your hard disk.

Since the MBR executes every time a computer starts, a boot sector virus is extremely dangerous. Once the code boot disk is infected, the virus is loaded into memory on every startup. From memory the boot virus can spread to every disk read by the system.

Some CMOS settings can be configured to prevent write on the boot sector of hard disk. This may be of some use against the boot sector virus. However, if need to reinstall or upgrade the operating system, you must change the setting to make the MBR can write again.

Stealth Viruses

A stealth virus is a virus file that uses special techniques to hide their presence from users and antivirus systems. This is accomplished by intercepting of the read request to the file and return the contents of the original application to the infected file reading. Once the computer has been infected, the virus can make modifications to allow the team seems not to have lost his memory and / or the file size has not changed.

When a program antivirus tries to detect the virus, the stealth virus feeds the antivirus program a clean image file or boot sector.

Polymorphic viruses

A virus that changes each time it is signed by replica and infects a new file in order to fool the antivirus program. But what is the virus signature? The virus signature is like a fingerprint that can be used to detect and identify specific viruses. It could also refer to a hash algorithm that identifies a virus or specific. It can be a static hash calculated numerical value of a single piece of code to the virus. Furthermore, the algorithm can be based on behavior href = "http://online_consult.webs.com/productpage.htm"> anti-virus software uses the virus signatures for the presence of malicious code.

The bacteria

The bacteria are programs that do not explicitly include all files damage. Its sole purpose is to replicate themselves. Bacteria they reproduce exponentially, the time to assume full capacity of the processor, memory or disk space.

Worms

A worm is a program of self-replicating computer. It uses a network to send copies of itself to other nodes (computer terminals on the network) and can do without any user intervention. Unlike a virus, does not need to join an existing program. Worms almost always cause harm to the network, if only for the bandwidth consumption bandwidth, whereas viruses almost always corrupt or modify files on a target computer.

Many worms are in the form of email attachments, hidden or as supplements to actual email messages that trigger infectious code execution, also e-mail worms also can infect computers through web sites, file sharing systems, instant messaging and more. Therefore, any computer connected to Internet runs the risk of being infected with a malicious worm.

Once installed on a PC, worms spontaneously generate additional emails containing copies of the worm. You can also open TCP port holes to create safety nets for other applications.

Trojan Horse

The phrase derives from the classic story of the Trojan horse. Computer security trojan is a program or command procedure containing hidden code that, when invoked, it performs some unwanted or harmful role. Trojans can be used to perform functions indirectly that an unauthorized user can not perform directly. For example, to access files of another user in a shared system, a user could create a Trojan horse program that, when executed, changed permission caller's file so that files can be read by any user.

Trojan horse is almost designed to cause damage, but can also be harmless. They are classified based on how they violate and damage the systems. The six main areas where they have used Trojan horse

  • · Remote Access
  • Data Destruction
  • · Downloader
  • · Servers (Proxy, FTP, IRC, email, HTTP / HTTPS, etc)
  • Security · Set disabler
  • Denial-of-service attack (DoS)

Logic Pump

A logic bomb is a piece of code intentionally inserted into a software system that will launch a malicious function when certain conditions. For example, a programmer can hide a piece of code that starts deleting some important files.

Some use for a bomb logic is to ensure payment for the software. If payment is not made by a specified date, the logic bomb is activated and the software automatically deletes. One way more malicious logic bomb that also delete other data on the system.

Trap Door

undocumented entry point written in code for debugging that can allow unwanted users to access the system.

Trap Door may be a hardware or software based and always hidden input as a computer system that can be used to circumvent the system security policy.

Dear reader, now is the time to learn how to distinguish between malicious programs just mentioned, one might wonder why I have to distinguish between those programs. OK, to protect your system you need to know first what they are protecting against. Because each malicious program has its own technique to defend.

Let us be practical and learn more malicious programs can affect our files, we mainly talk about the Windows operating system.

The operation Windows system recognizes the file types and associate them with programs based on their file extension. This means that Windows can recognize as being associated with filename.htm Internet Explorer. So when a user opens htm file extension, Windows first opens Internet Explorer that will open the file. When Windows is installed first time, some file type associations are automatically assigned as an example, the default handler for. TXT is the Notepad program.

When new programs are installed on the system, often adding new types of files associated with this program or even change the file type associations above, for handled by the new program. Consider Windows Media Player (WMP) is the default handler for. MP3, if the program is similar installed, you will be asked during installation to change the default driver for WMP that a similar new (since the two applications has the ability to open the same data files). And if is allowed, this will cause an MP3 (or any other material that may be re-registered) to be opened by the new program installed in the future, instead of WMP.

The virus files can explode and their associations, as well the virus can change to some extent or redirect to another hidden agenda. It is important to see the file extension is selected and that you are aware of which extensions are associated with the programs. Before proceeding, ensure file extension viewing is enabled on your system.

Most common malicious code pollutants is through collection of some scripts. When you have. Vbs (VBScript these files and is written with a scripting language) is executed by wscript.exe as its associated program.

The main objective of this program is to enable developers to build their own instructions to notepad or any editor free to write the code and save it with extension. vbs (or any stream format other command), clicking on the file some function or functions performed by its associated program primarily for Windows script host based (Wscript.exe) for specific tasks, if the code was written by a hacker or cracker this task can damage your computer.

The question is do we really need the wscript.exe? Ok, this depends on many items such as whether you are using special equipment or not? What if you or you can share the computer you are interesting in the development of code? Number of useful programs that have been installed and that require the use of or access to some script files.

If you is confused about your answer or not sure do not worry we'll show you an easy way to get a tour of unwanted script debugging without need to remove the wscript.exe simply going to change the association of the script file with the extension. Vbs to be established from unrelated Notepad program example.

Let's start step by step, first in Windows Explorer select Tools,

Second on the Tools menu and select Folder Options, then click the File Types tab and browse until you find your desired extension, here we must mention that the danger of completely random change the file association of any length unless you know what you are doing otherwise if a serious problem for the system fully operational and can be damaged. So please try to be careful when selecting the file extension.

Third, click on the Change button and from the Open With window select Notepad.

Make sure the option Always use the selected program to open this file type, is checked then click OK and Close.

At this point you should know how to disable the ability of Windows to the execution of some sequences command file data based on their extensions. without deleting the wscript.exe program, to re-enable script debugging to some extent make same procedure and select wscript rather than notepad or simply press the reset button.

Beside script debugging some large packages are often included their own set of programming languages. In this case, the malicious code may be written as macros. Before proceeding further we agree in this case, macro is an instruction that carries out a list of program commands automatically. Some applications (Example: Word Processor, spreadsheets, presentation slides and some more.) allow macro programs to be embedded in documents so that macros can be executed automatically when opens the document, this provides a convenient way why malware can spread.

When accessing a document with a macro embedded code copy of the macro resides on the computer, and then any document on the same computer that uses the same application can be infected. If a copy of an infected file is passed another person via email or any removable media, the malware can spread to the target computer. This infection process will end only when the malware is detected and disabled or deleted. But the main difficulty is that many popular modern applications allow macros, macro codes also can be write with very little expertise. You can create your own trusted certificate (Certificate itself is a unique identifier such as fingerprints) to enable digital authority to debug macros and this certificate must be assigned to specific document, as an example Microsoft Office support this type of certificates and everything you need SelfCert.exe do is run from My Computer or Windows Explorer (you can find in Microsoft Office tools in digital certificates VBA project names). Then in the Your Name box, type the name you want associated with this certificate, and then click OK, SelfCert.exe create and install a self-signed certificate that can be used to signed VBA projects on the current computer. More options are needed to make the system of trust certificate and this can be done using certmgr.msc. To open this program from the Start menu select Run and type certmgr.msc. Then move your personal certificate to the trusted certificates folder.

Do not forget associate the new certificate with the existing documents, which can be obtained by pressing ALT + F11 to open VB editor for the document then choose from the tools bar, select Tools menu Digital Signature from the Opening new window select your certificate note that a certificate can be attributed to several documents.

Malicious Code Execution Prevention

Another technique you can use to prevent malicious programs from running from the memory state is to use well known that the safety function Data Execution Prevention (DEP). DEP can be defined as a set of hardware and software technologies that perform additional checks on memory to prevent malicious code from running in a system and is available in Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005 and Windows Vista (also included in Windows Server 2003 2008, but this article I will cover only the operating system for personal computers), these technologies can be enabled for hardware and software. However, you need know about the compatibility of your processor (some processors not compatible with DEP) if hardware-enforced DEP and the compatibility of their applications and services in case DEP software.

Hardware-enforced DEP

Hardware-enforced DEP flags all memory locations in a process as non-executable unless the location trustily contains executable code. When a malicious program tries to insert and execute code from non-executable memory locations DEP then act to prevent these attacks by intercepting immediately.

Software-enforced DEP

With enforced Data Execution Prevention software, controls security will be activated in order to block malicious code that takes advantage of exception handling mechanisms in Windows. Software-enforced DEP runs on any processor that can run Windows XP SP2. By default, software-enforced DEP helps protect only limited system binaries, regardless of hardware-enforced DEP by the capabilities of the processor.

Finally Wait for Part 2 ……….

 

About the Author

Sharecash Working Bot UPDATED WORKING MAY 01 PROXY INCLUDED FREE


No Comments »
Newer Entries » « Older Entries
»  Substance: Play Roulette   »  Style: Ahren Ahimsa