Advertisment

THE DARK SIDE OF IT

author-image
PCQ Bureau
New Update

Day and night, good and evil, angel and devil-there are two sides to

everything. Even IT has a positive and a negative side, and ironically the first

traces of this negative side appeared long before computers and for a totally

different set of reasons. Many consider that the theory behind the first virus

came from mathematician John von Neumann's theory of Cellular Automata or

self-replication. Neumann devised this theory before computers, on pen and

paper. Later, other mathematicians presented their views on automated

self-replication, and finally , Frederick Stahl reproduced the theory in machine

code on an IBM machine. Rest as they say is history. While these scientists

tried to come up with such theories for the good of mankind, there were others

who used it for malicious intent, thus forming the dark side of IT. Presented

here is that dark side, which has prevailed for many decades, and continues to

grow with the positive side of IT. We follow it up with where this dark side is

heading in the future.

Advertisment

Today there are many facets to the dark side of IT. Life has gone far beyond

viruses and worms, and into many other forms of attacks, which are far more

dreadful. Presented here are some of the most dreaded attacks of the past,

followed by what's brewing for the future.

Buffer Overflow attacks



These have been around since 1972, and the first exploitation of buffer

overflows was done by the Morris worm. According to U.S. Government

Accountability office, the damages done by the Morris worm were anywhere from

$10M-100M. Its creator, Robert Tappan Morris, was a student of Cornell

University then , and created this worm to gauge the size of the Internet.

Advertisment

Whatever the case, it gave way to many other worms that utilized buffer

overflow vulnerabilities in programs. Two notable names worth remembering for

having caused the maximum damage were Code Red and SQL Slammer.

Bruteforce attacks



Initially Bruteforce attack was a method of decrypting a cryptographic

scheme by randomly trying large number of combinations till the scheme is

broken. Bruteforce attacks also include dictionary attacks. Other than Crypto

Analysis, Bruteforce attacks were also used to break passwords.

A Brief History of Viruses

& Worms

Early 1970s Creeper virus

appears



1974 Rabbit virus detected


1982 Elk Cloner virus detected on Apple II systems. This was first large
scale computer virus out break



1986 Brain boot sector virus detected


1988 Morria worm exploits buffer overflow vulnerabilities


1995 First Macro virus appears, known as Concept virus


1999 Melissa worm appeared in March and spreads through MS Word. Causes
damages worth USD 4 million.



2000 VBS/Loveletter worm appears. It report edly caused


damages worth atleast 10 billion dollars


2001 Sircam and Cod Red worms emerge in September 2001. Nimda worm appears
in October 2001. The first version of Klez worm appears



2003 SQL Slammer Worm appears Aug 2003. Blaster and Sobig worms spread
rapidly



2004 MyDoom worm appears. It was regarded as the fastest spreading mass
mailer worm till now. In May 2004 Sasser worm detected.



2006 First virus detected in Mac OS X, known as OSX/Leap-A.


2007 Storm worm detected. It created the Storm botnet,


comprising of 10 million computers












Advertisment

Botnets



These are software bots spread across remotely controlled zombie systems.

Botnets can perform various attacks ranging from DoS, Spamming, Spyware, Click

frauds, etc. Most Botnets use IRC as a way of communication with their owners.

The most recent Botnet attack is Storm Botnet which was introduced in Jan 2007

and infected at least 1,000,000 machines. Botnets have also resulted in the rise

of Honeypots and Honeynets. Honeypot is a technique to monitor attackers running

Botnets and other similar malicious tools.

Denial of Service



It's hard to say when the first DoS attack took place. Some say DoS attacks

like Ping flood, UDP flood, etc on IRC have been there since 1988, but it was

not until July 1999 when the Trinoo attack tool launched a Distributed Denial of

Service (DDoS) attack on a University of Minnesota system. Then in Feb 2000 came

the ever popular week of DDoS attacks, when Yahoo, CNN, E-bay and many others

felt the heat of these attacks. After that we saw worms such as Blaster, etc

which launched DDoS attacks; but seven years later in Feb 2007, a DNS Backbone

DDoS attack was back in news. In DNS Backbone DDoS Attack, DNS root servers are

targeted as these servers are responsible for resolving domain names' IP

addresses. So bringing down a name server can result in inaccessibility of many

websites as compared to a DDoS attack that brings down a single website.

Man in the Middle (MITM) attacks



One of the oldest kind of attacks that is still very popular. In MITM, the

attacker captures information exchanged between two parties and sometimes even

modifies it. The most popular form of this attack is packet sniffing which,

interestingly, was meant for network trouble shooting. To counter MITM attacks

various sorts of encryption solutions were launched to ensure secure

communication.

Advertisment

Reverse Engineering



Originally Reverse Engineering was devised to find out how software performs

under particular conditions and how to improve its performance by understanding

the program's logic. But soon it became a way of breaking software and using it

without having to pay for it, and became one of the main contributors to the

piracy industry. To stop this, techniques like encrypting the source code of

programs appeared, but weren't able to make much of an impact and piracy still

remains one of the major problems for vendors.

Social Engineering



This technique has been in use even before computers came into existence,

but in terms of computing, it is a collection of techniques used to trick people

to perform certain actions or retrieve critical information from them. Also

known as socio-technical attacks, they describe humans as the weakest link in

security. Pretexting is the most widely used social engineering technique which

is mostly performed over phone. Other social engineering techniques include

Dumpster Diving, Shoulder Surfing, etc.

Advertisment

Phishing



Phishing was first talked about in 1987 and almost 9 years later the first
phishing attack was detected in Jan 1996 on Usenet newsgroups. But it was not

before 2004-2005 that it caused maximum damages, estimated to be to the tune of

$929 million.

Open Source malware



Not to be confused with Malware for Open Source, these malware are created

the Open Source way, ie source code of malware is made publically available.

Most of you would remember Agbot/Sdbot, which were released under GPL license

and developed in modules. Open Source malware gives anonymity to original

malware authors, as a lot of developers contribute to its code. It also became

the first choice for script kiddies, who could easily add new features to

malware, without having to write them from scratch.

Zero Day attacks



Whenever the underground hacker community comes to know about a flaw in any

application, they start creating an exploit for it. The time between the

creation of the exploit and the public availability of a patch for it is called

the Zero Day Period, and any attack, during this period is called a Zero Day

Attack or ZDA.

Advertisment

With so many different types of attacks having been created, it's not

difficult to predict the future. Expect many more different and even more

malicious forms of attacks in the future.

In fact, the days of unintentional or 'just-for-fun-and-curiosity' attacks

are numbered. In the future, expect most of the attacks to happen with a

malicious intent.

Most of you might remember the news of Paris Hilton's missing phone and the

posting of its address book online. That is not an amusing thought, because with

the exponential growth in cellphones and laptops, the number of thefts of these

devices is also growing.

Advertisment

If a petty thief steals a phone or laptop and sells it for a paltry amount,

the owner can be considered lucky. But what if the thief threatens to give away

important

information from it to others (maybe competition)? Just the thought of such a

thing happening is enough to give anyone nightmares.

There's no IT involved in equipment theft, but they do affect the IT

community, and we must be careful about them.

Increase in mobile malware



The fact that smart phones are getting cheaper and people save critical data

on them is good enough reason for crackers to exploit these devices. According

to a report, there are at least 370 samples where malware has been detected for

smart phones. And already anti-virus vendors are coming up with anti-viruses for

mobile phones, so we might see a serious Mobile malware soon.

There are various ways in which smart phones can be infected; and one of the

most common modes is Internet, just like PCs.

Smart phones can also catch infections if they are synchronized with an

infected computer. A compromised smart phone can further infect other smart

phones through wireless personal area networks.

An example of such kind of an attack is the Cabir prototype worm, which used

Bluetooth as a medium to infect other smart phones. A concept of mobile botnets

was also presented some time ago in a black hat conference but is yet to turn

into reality.

Another demo attack showed by a security researcher was buffer overflows,

exploited through an MMS that contained malicious software. In future we are

likely to see more attacks of this kind.

VoIP attacks



Almost everybody is aware of sniffing attacks on VoIP traffic. While many

steps have been taken to reduce such man in the middle attacks on VoIP, many

other threats are emerging. Another VoIP threat that's doing the rounds is VoIP

Spam, also known as vamming or SPIT (Spam over Internet Telephony).

Vendors are gearing up to deal with VoIP Spam. NEC has announced its

anti-spam VoIP software called VoIP Seal which is scheduled for release in 2008.

Another similar threat is VoIP phishing. These attacks can be more convincing

and harder to detect as compared to email phishing. So far they originate only

through emails that contain a number to call instead of conventional links. The

number usually belongs to a PBX with auto-attendant so that it would appear as

if the number belongs to a legitimate company, thereby tricking users to enter

private information.

Another VoIP phishing attack is where you get a call from a bot and number

spoofed to appear from a known source. Here again the bot pretends to be

authentic and asks users to provide confidential information.

Virtual world threats



Over the past few years, MMOGs (massively multiplayer online games) have

gained considerable popularity. One of the first threats to the persistent

virtual worlds came in the form of Copybot, which replicated objects and avtars

in second life without permission.

One of the threats to such PVWs are software which claim to improve the

performance of the virtual worlds or perform automated tasks and stealthily run

some malicious code which can steal information from players. Other

possibilities include PVW, spamming and phishing attacks on virtual world users.

Virtualization threats



Advantages of virtualization are many and as more companies deploy

virtualization, attackers are going to look for ways to exploit them.

One of the most talked about security threats in virtualization has been

dangers to hypervisor. There have been claims that if hypervisor can be

compromised, attackers can gain access to virtual machines. There are also talks

of hypervisor root kits and malware.

One example of such an attack, is Blue Pill, where complete control of the

virtual machine was taken by manipulating kernel mode paging and related

instructions, used for controlling communication between hypervisor and the

virtual machine. You can find more details about this attack on the researchers'

website at http://www.invisiblethings.org/.

Advertisment