The big Aspects of Hacking and Viruses
Written by IT News on 3:36 AMI wanted to write about this for a long time, since it is pretty important, but I never got the chance to do it; plus, there wasn’t enough material to back up my statements… until now. Sophos expert Fraser Howard wrote a great technical paper on "Modern web attacks" that is very inspiring and also explains things really well. In any case, in this article, I’m going to
concentrate on explaining the way e-mail borne viruses function.
Perhaps you’ve read a lot of news either written by myself or by my peers in which they would explain how e-mail borne threats work. Most of the times, nobody bothered to detail this too much, journalists limiting themselves to "when you click on a link you get a virus", but there’s much more to it than that. Sure, in some cases, you get the powerful virus on your machine directly after clicking on a link. That would be the work of a lazy/sloppy hacker. But pros have other ways of doing things. It’s all about multi-stage attacks!
So, how do these work? Well, after the victim gets the message (probably part of a torrent of spam) and clicks on a link, a download function is activated. As Fraser Howard puts it, this can be written within a very small binary and in a myriad of ways. Some of these will pass through the e-mail gateway without being noticed. And here comes the part where the hackers get clever – the download does not always start immediately, as this could be dubbed malicious script by heuristic based software. Instead, the download will start at a later time, as there is no rush.
Furthermore, using the same primary payload would be dumb, as it could be instantly detected and blocked, that’s why the ones in charge of the attacks are always updating the remote content (primary payload).
And probably, the most clever part of all this consists in the multiple stages of download. Don’t go thinking that you get a Trojan downloader and then the virus. Oh, no – it’s far more complex. The first will download another that will download another and so on and so forth, or the primary download will download the virus piece by piece, from different hosts and URLs. Also, it may be possible for the initial downloader to retrieve a configuration file, which contains further instructions of content to download, as seen in the same report.
"Coupling the use of automation to frequently update the malicious files with multiple levels of downloading (potentially across multiple domains), often results in fairlycomplex infection mechanisms, involving numerous items of malware and URLs. From the malware author's perspective, such techniques provide a very flexible framework in which to operate.", Fraser Howard wrote in the report.
0 comments: Responses to “ The big Aspects of Hacking and Viruses ”