Phishing - PC Virus Buster, the free encyclopedia

What is a phishing attack? A phishing attack is a specific form of cyber crime. The criminal creates an almost 100 percent perfect replica of a chosen financial institution’s website, then attempts to trick the user in to disclosing their personal details – username, password, PIN etc – via a form on the fake website, allowing the criminal to use the details to obtain money. Phishers use various techniques to trick users in to accessing the fake website, such as sending emails that pretend to be from a bank. These emails often use legitimate logos, a good business style and often spoof the header of the email to make it look like it came from a legitimate bank. In general, these letters inform recipients that the bank has changed its IT infrastructure and asks all customers to re-confirm their user information. When the recipient clicks on the link in the email, they are directed to the fake website, where they are prompted to divulge their personal information. How can I protect myself from a phishing attack? There are several steps you can take to protect your computer from today’s cyber threats. Following the simple guidelines below will help minimise the risk of attack. Be very wary of any email messages asking for personal information. It’s highly unlikely that your bank will request such information by email. If in doubt, call them to check! Don’t complete a form in an email message asking for personal information. Only enter such information using a secure website. Check that the URL starts with ‘https://’, rather than just ‘http://’. Look for the lock symbol on the lower right-hand corner of the web browser and double-click it to check the validity of the digital certificate. Or, alternatively, use the telephone to conduct your banking. Report anything suspicious to your bank immediately. Don’t use links in an email message to load a web page. Instead, type the URL into your web browser. Check if your anti-virus program blocks phishing sites, or consider installing a web browser tool bar that alerts you to known phishing attacks. Check your bank accounts regularly (including debit and credit cards, bank statements, etc.), to make sure that listed transactions are legitimate. Make sure that you use the latest version of your web browser and that any security patches have been applied.

quoted from http://www.kaspersky.com/phishing

12 Jenis Virus dan Cecacing Yang Paling Merbahaya Sepanjang Zaman (Sehingga penghujung 2008)

There are thousands of viruses and worms found in PC all the time, and today we picked the 12 most dangerous viruses/worms that have the most impact to the poor Windows users, including myself. Ok, here it is, their order is not important.

1. ILOVEYOU

The ILOVEYOU worm (a.k.a. VBS/Loveletter and Love Bug worm), a computer worm written in VBScript, is considered by many as the most damaging worm ever. It started in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet and causing about $5.5 billion in damage. Most of the “damage” was the labor of getting rid of the virus. The worm arrived in e-mail boxes with the simple subject of “ILOVEYOU” and an attachment “LOVE-LETTER-FOR-YOU.TXT.vbs”. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations. The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a user’s contact list. Only victims with Windows will be affected.

2. Mydoom

Mydoom, also known as W32.MyDoom@mm, Novarg, Mimail.R and Shimgapi, is a computer virus affecting Microsoft Windows. It was first sighted on January 26, 2004 and became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm.

Mydoom appears to have been commissioned by e-mail spammers so as to send junk e-mail through infected computers. Early on, several security firms published their belief that the worm originated from a professional underground programmer in Russia. The actual author of the worm is unknown… Scary.

3. Blaster

The Blaster Worm (also known as Lovsan or Lovesan) was a computer worm that spread on computers running the Microsoft operating systems, Windows XP and Windows 2000. The worm was first noticed and started spreading on August 11, 2003. The rate that it spread increased until the number of infections peaked on August 13, 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster.

You will understand the following if you are tech savvy. The worm was programmed to start a SYN flood on August 15, 2003 against port 80 of windowsupdate.com, thereby creating a distributed denial of service attack (DDoS) against the site. The damage to Microsoft was minimal as the site targeted was windowsupdate.com instead of windowsupdate.microsoft.com to which it was redirected.

If the worm detects a connection to the Internet (regardless of dial-up or broadband), this can even lead to the system becoming so unstable that it displays the following message and then restarts (usually after 60 seconds).

The worm contains two messages hidden in strings.

“I just want to say LOVE YOU SAN!!”

“billy gates why do you make this possible ? Stop making money
and fix your software!!”

4. Sobig Worm

The Sobig Worm was a computer worm that infected millions of Internet-connected, Microsoft Windows computers in August 2003. It was written using the Microsoft Visual C++ compiler, and subsequently compressed using a data compression program called tElock. There are plenty of variants of the Sobig worm, but the most destructive and widespread of all is called Sobig.F.

Sobig is a computer worm in the sense that it replicates by itself, but also a Trojan horse in that it masquerades as something other than malware. The Sobig.F worm deactivated itself on September 10, 2003. On November 5 the same year, Microsoft announced that they will pay $250,000 for information leading to the arrest of the creator of the Sobig worm. To date, the perpetrator has not been caught.

Viruses and worms are not the biggest threat nowadays. Trojans, spyware and malware are more common to be seen on PCs because these illegal programs have a much more marketing purpose where as viruses and worms are based on hatred and their goal is solely make your computer inaccessible.

I will talk about the next four viruses in Part 2 so please check back!

Let’s get started with the 5th most dangerous PC Virus existed in our Windows operating system.

5. Code Red

The Code Red worm was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft’s IIS web server. The most in-depth research on the worm was performed by the programmers at eEye Digital Security. They also gave the worm the phrase “Hacked By Chinese!” with which the worm defaced websites. Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On this day, the number of infected hosts reached 359,000.

6. CIH

CIH, also known as Chernobyl or Spacefiller, is a computer virus written by Chen Ing Hau of Taiwan. It is considered to be one of the most harmful widely circulated viruses, overwriting critical information on infected system drives, and more importantly, in some cases corrupting the system BIOS.

7. Klez

Klez is a computer worm that propagates via e-mail. It first appeared in the end of 2001. A number of variants of the worm exist. Klez infects Microsoft Windows systems, exploiting vulnerability in Internet Explorer’s Trident layout engine, used by both Microsoft Outlook and Outlook Express to render HTML mail.

8. Melissa

The Melissa worm, also known as “Mailissa”, “Simpsons”, “Kwyjibo”, or “Kwejeebo”, is a mass-mailing macro virus, hence leading some to classify it as a computer worm. First found on March 26, 1999, Melissa shut down Internet mail systems that got clogged with infected e-mails propagating from the worm. Melissa was not originally designed for harm, but it overflowed servers and caused unplanned problems.

9. Sasser

Sasser (sometimes known as the Big One) is a computer worm that affects computers running vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000. Some machines running Windows 98 were infected. Like other worms, Sasser spreads by exploiting the system through a vulnerable network port. Thus it is particularly potent in that it can spread without user intervention, but it is also easily stopped by a properly configured firewall or by downloading system updates from Windows Update. Sasser was first noticed and started spreading on April 30, 2004. This worm was named Sasser because it spreads by exploiting a buffer overflow in the component known as LSASS (Local Security Authority Subsystem Service) on the affected operating systems.

10. Bagle

Bagle (also known as Beagle) is a mass-mailing computer worm written in pure assembly and affecting all versions of Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variation, Bagle.B is considerably more virulent. Bagle uses its own SMTP engine to mass-mail itself as an attachment to recipients gathered from the victim computer.

11. Win32/Simile

Win32/Simile (also known as Etap) is a metamorphic computer virus written in assembly language for Microsoft Windows. The virus was released in the most recent version in early March 2002. It was written by the virus writer Mental Driller. Some of his previous viruses, such as Win95/Drill (which used the Tuareg polymorphic engine), have proved very challenging to detect.

12. Nimda

Nimda is a computer worm, isolated in September 2001. It is also a file infector. It quickly spread, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes. Due to the release date, some media quickly began speculating a link between the virus and Al Qaeda, though this relationship ended up being untrue. Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, or 2000 and servers running Windows NT and 2000. The worm’s name spelled backwards is “admin”.

taken from http://wikigiz.com/2008/11/08/12-most-dangerous-pc-viruses-and-worms-of-all-time-part-1

&

http://wikigiz.com/2008/11/21/12-most-dangerous-pc-viruses-and-worms-of-all-time-part-2

Virus Nadia Saphira, tidak seanggun namanya

Walaupun tidak merosak file data dan sistem, virus Nadia Saphira bakal mengganggu kerana akan terus menggandakan diri dan menyembunyikan folder-folder yang penting. Jadi, kenali ciri-cirinya kalau-kalau komputer anda diserang dan jangan sampai terlambat sebelum Nadia Saphira palsu sempat bermaharajalela.

Ciri-ciri dari file virus ini, diantaranya sebagai berikut :
1. Memiliki ukuran file sebesar 17 kb & 69 kb.
2. Mempunyai type file Application.
3. Berekstensi file exe & ini.
4. Memiliki icon folder.
5. Membuat salinan folder sesuai dengan nama folder yang ada dan menyembunyikan folder aslinya.
6. Menghilangkan pilihan “Folder Options”.
7. CD Rom tidak boleh digunakan
8. Command Prompt tidak boleh diakses.

Jika virus berhasil menginfeksi, maka ia akan membuat beberapa file virus diantaranya :
1. C:-autorun.inf (pada semua root drive)
2. C:-NadiaSaphira.ini (pada semua root drive)
3. C:-Documents and Settings-All User-Start Menu-Programs-Startup-lan.exe
4. C:-Documents and Settings-%User%-NadiaSaphira.ini
5. C:-WINDOWS-taskmgr.exe
6. C:-WINDOWS-system32-.exe
7. C:-WINDOWS-system32-allsys.exe
8. C:-WINDOWS-system32-misconfig.exe
9. C:-WINDOWS-system32-MS586.sys
10. C:-WINDOWS-system32-System
11. C:-WINDOWS-system32-wtoolsb.exe
12. C:-WINDOWS-system32-dllcache-.exe
13. C:-WINDOWS-system32- dllcache-System
14. Membuat duplikat file virus pada setiap folder yang ada pada removable drive/usb.

Hidden file

Sebagai pertahanan, virus akan mencuba melakukan usaha blok terhadap beberapa fungsi Windows. Beberapa fungsi Windows yang di blok diantaranya sebagai berikut :
1. Folder Options (dilakukan untuk mencegah akses terhadap file/folder yang disembunyikan)
2. Registry Editor (dilakukan untuk mencegah akses perbaikan registry)
3. Search/Find (dilakukan untuk mencegah dari pembersihan virus)
4. Command Prompt (dilakukan untuk mencegah dari proses kill virus)

Aktif di Start up

Untuk memastikan agar dapat aktif dengan baik pada saat komputer dijalankan, virus menyisipkan file virus pada startup windows sehingga akan aktif jika komputer dijalankan. Setelah aktif, virus memanggil kedua rakannya (virus pendukung) supaya susah dimatikan.

File virus yang aktif pada startup yaitu :
C:-Documents and Settings-All User-Start Menu-Programs-Startup-lan.exe
File ini yang kemudian memanggil kedua rakannya (virus pendukung) untuk memperkuat existensinya, yaitu :
1. C:-WINDOWS-system32-misconfig.exe
2. C:-WINDOWS-taskmgr.exe

Ubah Registry windows

Untuk dapat melakukan blok fungsi “Search” windows, virus akan membuat string registry sebagai berikut :

HKEY_CURRENT_USER-Software-Microsoft-Windows-CurrentVersion-Policies-Explorer
nofind = 1
HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows-CurrentVersion-Policies- Explorer
nofind = 1

Untuk dapat melakukan blok fungsi “Folder Options” windows, virus akan membuat string registry sebagai berikut:

HKEY_CURRENT_USER-Software-Microsoft-Windows-CurrentVersion-Policies-Explorer
NoFolderOptions = 1

Untuk dapat melakukan blok fungsi “Registry Editor” windows, virus akan membuat string registry sebagai berikut :

HKEY_CURRENT_USER-Software-Microsoft-Windows-CurrentVersion-Policies-System
DisableRegistryTools = 1

Untuk dapat melakukan blok fungsi “Command Prompt” windows, virus akan membuat string registry sebagai berikut :

HKEY_CURRENT_USER-Software-Microsoft-Command Processor
Autorun =
HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Command Processor
Autorun =

Walaupun Folder Options sudah di blok, tetapi virus mencegah untuk menampilkan file yang tersembunyi. Untuk itu, ia membuat string registry sebagai berikut :

HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows-CurrentVersion-Explorer-Advanced-Folder-Hidden-SHOWALL
CheckedValue = 0
DefaultValue = 0

Untuk dapat mengaburi user terhadap file virus dan mencuba mengubah type file exe, virus membuat string sebagai berikut :

HKEY_CLASSES_ROOT-exefile
(Default) = File Folder
Info Tip = File Folder
TileInfo = File Folder

Terakhir virus berusaha melakukan blok sanbungan file “Microsoft Visual Studio Spy Debugging Tools”, virus membuat string sebagai berikut :

HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows NT-CurrentVersion-Image File Execution Options-msiexec.exe
Debugger =
HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows NT-CurrentVersion-Image File Execution Options-sessmgr.exe
Debugger =
HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows NT-CurrentVersion-Image File Execution Options-SPYXX.exe
Debugger =

dipetik daripada http://www.sabahdaily.com/2009/06/kenali-virus-nadia-saphira-jangan-sampai-merajalela/

Pengenalan kepada Virus Komputer

Apakah itu Virus Komputer? Seandainya anda meng'Google' perkataan seperti what is computer virus?, virus computer definition, apa itu virus komputer? maka akan keluarlah begitu banyak laman web yang dapat memberikan beberapa info tentang virus komputer itu sendiri.

Sebagai posting pertama untuk blog ini, maka penulis dengan suka hati ingin memberikan beberapa definisi virus komputer itu sendiri yang diambil secara terus daripada laman-laman sesawang seperti di bawah:

Definisi daripada Wikipedia:

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.^[1][2]

The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious.

Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging, and file sharing systems to spread.

Definisi daripada Hitachi ID systems:

A Virus is a small program that embeds itself into other programs. When those other programs are executed, the virus is also executed, and attempts to copy itself into more programs. In this way, it spreads in a manner similar to a biological virus.

viruses, by definition, can "infect" any executable code. Accordingly, they are found on floppy and hard disk boot sectors, executable programs, macro languages and executable electronic mail attachments.

viruses can be found using a Virus Scanner or a Virus Wall. Some software products are also available to remove them with a minimum of harm to the "infected" files.

Some viruses are self-modifying, in order to make detection more difficult. Such viruses are called polymorphic (many shapes).

Definisi daripada About.com

Definition: In computer technology, viruses are malicious software programs, a form of malware. By definition, viruses exist on local disk drives and spread from one computer to another through sharing of "infected" files. Common methods for spreading viruses include floppy disks, FTP file transfers, and copying files between shared network drives.

Once installed on a computer, a virus may modify or remove application and system files. Some viruses render a computer inoperable; others merely display startling screen messages to unsuspecting users.

Advanced antivirus software programs exist to combat viruses. By definition, antivirus software examines the contents of local hard drives to identify patterns of data called "signatures" that match known viruses. As new viruses are built, antivirus software manufacturers update their signature definitions to match, then deliver these definitions to users via network downloads.

Jadi secara keseluruhannya dapatlah disimpulkan di sini virus adalah suatu pengaturcaraan komputer yang dapat mereplikasikan, memasuki, mengawal, menyamar, mengaburi dan juga menjangkiti sesebuah komputer tanpa kerelaan pengguna komputer itu sendiri.

Kemusnahan yang boleh diakibatkan oleh virus komputer ini bolehlah dikategorikan daripada sekecil-kecil kemusnahan seperti hanya menimbulkan gangguan seperti pranks hingga ke sebesar-besar kemusnahan sehingga boleh menyebabkan kemusnahan sesuatu organisasi dan syarikat.

Sekian sahaja topik kali ini. Segala perbincangan lain akan menyusul kemudian