Shadowserver Foundation - Viruses - Impact

Big View ? Attach:Site/PageHeader/softflow.gif Δ Home Edit History Recent Changes
HomePage Shadowserver Mission Terms of Service Standards and Guidelines Organizations Calendar Future Goals Job Opportunities Press Security Organizations News Articles Blogs and Forums Misc Presentations Chronological Operations Status Knowledge Base Technology in Use Botnets Botnet Detection Honeypots eFraud Malware Whitepapers Definitions Links Get Involved Get Reports on your Network Blacklists and Blocking TOR Nodes and Reporting Mailing List Submit a Botnet Build a Honeypot Hall of Fame Services Info Binary Whitelist Test IP/ASN/Geo Mapping MD5/SHA1 AV Results Statistics ASN Bots Bot Counts Drone Maps Drone Historical Conficker Botnets Botnet Charts Botnet Maps Botnet Maps Historical DDoS DDoS Charts DDoS Maps DDoS Historical Geo Locations IRC Ports Malware Sandbox Charts Sandbox Graphs Packer Statistics Scans Scan Charts Scan Maps Scan Maps Historical URLs Viruses Sharing Virus Daily Stats Virus Weekly Stats Virus Monthly Stats Virus 60-Day Stats Virus 90-Day Stats Virus 180-Day Stats Virus Yearly Stats Virus Two Year Stats Virus Three Year Stats Combined Results Combined Performance Improvement Between Initial and Retests Contact Us Site Statistics edit SideBar	Impact Modern Computer Viruses Author Aim Four Installments Impact Impact – User Privileges Home user - Impact Keyloggers Steal - Software Licenses Impact Home User - DDoS Business - Impact Inside Perimeter Firewall More Business Impact Government - Impact New trends Author - Chas Tomlin IT Security Specialist in School of Electronics and Computer Science Member of Shadowserver Maintain a db of currently ~15,000 unique viruses and their associated network traffic. Top Aim Take a look at current viruses/malware and how they propagate See what features modern viruses come with See what impact an infected machine might have on your network Learn to detect and prevent viruses Top Four Installments: Infection Payload Impact Response Focus on Windows viruses Top Impact Depends on the environment User privileges Administrator Non privileged Location of the infected host Home user Business Government Top Impact – User Privileges Viruses that spread using remote buffer overflows will typically gain complete control over un-patched systems. Drive by downloads can only infect the system as far as the context of the user that is logged in. Top Home user - Impact Steal Bank login Email login Any login!! Credit Card details Software licenses/CD keys Attack DDoS Spam Proxy IP masking Top Keyloggers SSL, Encryption stops attackers from grabbing login from the wire Keyloggers allow them to grab the plain text of what you are typing. Top Steal - Software Licenses Some malware has the capability to search a system for software licenses, cd keys etc. Top Impact Home User - DDoS Massive amounts of traffic ~ 20 Gb/s Enough to cause very large network disruption People are beginning to realise that this could have a severe impact on critical IT infrastructure Risks on and impact of traffic jam and other incidents on the information highways by Luc Beirens Top Business - Impact Steal Interlectual property Source code Attack DDoS (more bandwidth) Spam (not ISP broadband net) Other systems behind firewall. Top Inside Perimeter Firewall Top Business Impact Top Government - Impact Steal Passwords Documents Compromise national security Top New trends Targeted attacks, moving away from mass email. Mostly using exploits in MS Office Not widely deployed, hard to detect New zero day MS Word exploit Received the payload at the end of last week. Based around the trojan poison ivy GENERAL FEATURE LIST firewall bypassing, reverse connection, ARC4 encrypted communications, transparent compression of transfers and communications, full-featured file, registry, services and process manager, relay server, view installed applications (some support remote silent uninstallation), key logger, socks4/5 server, traffic sniffer, remote screen capture and web cam viewing, password manager (IE cached passwords, MSN passwords, Firefox cached passwords, wireless zero configuration passwords, LM/NTLM hashes), runs on restricted accounts. Top << \| Viruses \| >> Edit Page History Source Attach File Backlinks List Group Page last modified on December 31, 2005, at 04:32 AM	Bot Counts Botnets Calendar/Blog March 2011 01 · April 2011 03 · May 2011 17 · June 2011 July 2011 August 2011 02 \| 08 · September 2011 21 · October 2011 November 2011 December 2011 January 2012 February 2012 March 2012 April 2012 May 2012 Link List Arbor Networks ASERT AV Comparatives Emerging Threats Mwcollect Nepenthes Offensive Computing SANS ISC Securtyfix SecuriTeam Sunbelt/CWSandbox Support Intelligence TaoSecurity ThreatSTOP Websense Zeus Tracker