Administrator’s Guide
xiii
Preface
A rash of Melissa variants and copycats appeared soon after. Some, such as
W97M/Prilissa, included destructive payloads. Later the same year, a number
of new viruses and worms either demonstrated novel or unexpected ways to
get into networks and compromise information security, or actually
perpetuated attacks. Examples included:
• W32/ExploreZip.worm and its variants, which used some of Melissa’s
techniques to spread, initially through e-mail. After it successfully infected
a host machine, ExploreZip searched for unsecured network shares and
quietly copied itself throughout a network. It carried a destructive payload
that erased various Windows system files and Microsoft Office documents,
replacing them with an unrecoverable zero-byte-length files.
• W32/Pretty.worm, which did Melissa one better by sending itself to every
entry in the infected computer’s MAPI address book. It also connected to
an Internet Relay Chat (IRC) server, joined a particular IRC channel, then
opened a path to receive commands via the IRC connection. This
potentially allowed those on the channel to siphon information from the
infected computer, including the computer name and owner’s name, his or
her dial-up networking user name and password, and the path to the
system root directory.
• W32/FunLove.4099, which infected ActiveX .OCX files, among others.
This meant that it could lurk on web pages with ActiveX content, and infect
systems with low or nonexistent browser security settings as they
downloaded pages to their hard disks. If a Windows NT computer user
had logged into a system with administrative rights, the infecting virus
would patch two critical system files that gave all users on the network
—including the virus—administrative rights to all files on the target
computer. It spread further within the network by attaching itself to files
with the extensions .SCR, .OCX, and .EXE.
• VBS/Bubbleboy, a proof-of-concept demonstration that showed that a
virus could infect target computers directly from e-mail messages
themselves, without needing to propagate through message attachments.
It effectively circumvented desktop anti-virus protection altogether, at
least initially. Its combination of HTML and VBScript exploited existing
vulnerabilities in Internet-enabled mail systems; its author played upon the
same end-user psychology that made Melissa successful.
The other remarkable development in the year was the degree to which virus
writers copied, fused, and extended each others’ techniques. This cross-
pollination had always occurred previously, but the speed at which it took
place and the increasing sophistication of the tools and techniques that became
available during this period prepared very fertile ground for a nervously
awaited bumper crop of intricate viruses.
Содержание DR SOLOMON S ANTI-VIRUS 8.5
Страница 1: ...Dr Solomon s Anti Virus Administrator s Guide Version 8 5 ...
Страница 146: ...Using Dr Solomon s Anti Virus Administrative Utilities 146 Dr Solomon s Anti Virus ...
Страница 166: ...Installed Files 166 Dr Solomon s Anti Virus ...
Страница 184: ...Using Dr Solomon s Anti Virus Command line Options 184 Dr Solomon s Anti Virus ...
Страница 216: ...Understanding iDAT Technology 216 Dr Solomon s Anti Virus ...