Lets talk about virus

Nimda: mass-mailing worm,
Interest: thrives on email and open network shares
Nimda is a fast spreading internet worm and file infectors that arrives as an embedded attachment, readme.exe file, in an email thathas an empty message body and usually empty subject field, nimda exploits a known internet explorer vulnerability and does not require email receiver to open the attachment for it to execute, this worm has four modes of spreading: via email, via network shared drives, via unpatched iis server and via file infection

Slammer: internet worm
Interest: loves to slow down network traffic
Slammer code only resides in memory, and there are no file counterparts because of this, antivirus scanner that do not support memory scanning cannot detect the code, the code can be unleased by an attacker through a program that can initially send out packet to potential vulnerable server, if a vulnerable may be a arbitrarily executed, this futhers the propagation of the worm code. When the malware countinuosly send out a large number of packet to a vulnerabile sql server, it couses a enial of service(DOS) which result in slowdown or even failure, in the affected network.

Blaster: worm
Intererst: enjoy causing trouble at microsoft
Upon execution, blaster creates an autorun registry entry so that it executes every time windows start it creates a mutex which it uses to check if another copy i already running, if it finds another copy running, it terminates, if no another copy is running, it countinues with its routines, it constantly check for internet connection, once it secure system date, on specified dates, in lounches a thread that performs a distibutes denial of service (dos) attact against microsoft. Blaster exploit a vulnerability in windows to infect remote machine, the vulnerability allow an attacker to gain full access and execute any code on a target machine, leaving it compromised.




Adi Maulana

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s