DigTheBug

Sandbox

2010-08-09T23:34:00.000-07:00

In short is call virtualization. What happen here is that sandbox allows a secure space for testing untested or suspected code that might be infected with malware. Examples are applets, jail programs, rule base execution, virtual machines emulate and new generation pastebins. Well, i am new to all and so i guess is time to read and test. Will post when i have something.

No choice la - Reformat la

2010-08-09T23:31:00.000-07:00

I was trying really hard to understand what went wrong with my PC but i guess technically i am not so smart to do that. After troubleshooting for a while, just could not figure out how can i recover from my machine. The most important tools - the task manager could not be launched at all. So rather than waste time i just reformat my PC. Case closed.

I think my system is infected

2010-07-29T08:45:00.001-07:00

Previously when my system gets infected or show symptom of dieing, i reformat and reinstall it. I guess this time it comes at the right time when i am actually trying to learn what malware is all about. Well, since this is the case, i am going to start my very own project to fix my PC from all this infection.

What ? Malware steals your money ...

2010-07-29T00:01:00.001-07:00

So it is true that malware does that. Lets look at the most common malware that is capable of doing that.

This malware are commonly known as Data Stealing malware that divests victims of personal information with the intent to steal data through direct or underground distribution. The most popular ones are keyloggers, adware, spyware, screen scrapers. These are not activities that cause spam, phishing, DNS poisoning or SEO abuse. This threat happens when a download happen and cause the files to be the proxy that helps to gather the vital information.

The characteristics of such malware are as below :

1. Usually stored in cache that is always flushed out.
2. The malware maybe be installed through a drive by download process.
3. The website that host the malware as well as the malware itself is rogue and temporarily.
4. Difficult to detect the final payload attributes due to combination of malware components.
5. Malware uses multiple file encryption levels.

The best part is that such malware can even thwart IDS (Intrusion Detection System)
There are no perceivable network anomalies
The malware hides in web traffic
The malware is stealthier in terms of traffic and resource use

Thwarts disk encryption
Data is stolen during decryption and display
The malware can record keystrokes, passwords, and screenshots
Thwarts Data Loss Prevention (DLP)
Leakage protection hinges on metadata tagging, not everything is tagged
Miscreants can use encryption to port data.

Examples are data stealing Malware are Bancos, LegMir and Qhost.

The different type of malware's and what it does

2010-07-28T00:53:00.000-07:00

There are a few variance of malware available and I am going to list down all of them here. For the start, lets just list down what we have.

1. Most popular is viruses. Viruses spreads to executable files and it needs human intervention for it to spread.
2. Worm - Dependent on vulnerabilities (loophole) server programs. Can spread like wild fire just like the SQL Slammer worm that torn the internet in just minutes.
3. Trojan Horses - is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. Trojan horses known as dropper will insert a worm into the local network to start the spread.
4. Rootkits - When installs into a system, it will conceal itself from being detected by the user through modification of the operating system. It can prevent it from being listed in the processes listing. Some rootkits have even defense system that will regenerate when deleted. Some even create the file name that looks like legitimate. Example are VSexplorer.exe.
5.Backdoor - A method of bypassing the normal authentication procedure. It is usually installed after the system has been compromise for easier access in the future.
6. Spyware - A software that is use to collect information regarding a user, showing them pop-ups, and altering web behaviour for the financial benefit author. Example is redirecting the search engine to pay advertisement to author instead of the actual person. Another way that can benefit them financially is to make other infected machines work for them. This are call zombie computers which are proxies to send spam messages. This would give them anonymity, thus protecting them from prosecution.
7. Botnets - is a malware that logs in IRC channel and coordinated attacks simulataneously. It can also be use to push upgrade to the existing malware on an infected system.

All the list above tells how important is security to our system today. I am going to going into the next topic of malware that steals money, which is now one of the biggest threat to businesses.

What in the world is a malware ?

2010-07-23T08:47:00.000-07:00

My first day to getting myself to be a secure geek. So i am now looking at what in the world is a malware.

So malware is a software created with the intention to penetrate target system without the owner consent. Malware can be categorised in virus, worms, trojan horses, spyware, dishonest adware, crimeware, rootkits and other malicious software. Malware primary pathway is through email and the internet. So next step is to get myself familiar on the difference of virus, worms, trojan horses, spyware and many more