Table of Contents
Advertisement
A rash of Melissa variants and copycats appeared soon after. Some, such as
W97M/Prilissa, included destructive payloads. Later the same year, a number
of new viruses and worms either demonstrated novel or unexpected ways to
get into networks and compromise information security, or actually
perpetuated attacks. Examples included:
• W32/ExploreZip.worm and its variants, which used some of Melissa's
techniques to spread, initially through e-mail. After it successfully infected
a host machine, ExploreZip searched for unsecured network shares and
quietly copied itself throughout a network. It carried a destructive payload
that erased various Windows system files and Microsoft Office documents,
replacing them with an unrecoverable zero-byte-length files.
• W32/Pretty.worm, which did Melissa one better by sending itself to every
entry in the infected computer's MAPI address book. It also connected to
an Internet Relay Chat (IRC) server, joined a particular IRC channel, then
opened a path to receive commands via the IRC connection. This
potentially allowed those on the channel to siphon information from the
infected computer, including the computer name and owner's name, his or
her dial-up networking user name and password, and the path to the
system root directory.
• W32/FunLove.4099, which infected ActiveX .OCX files, among others.
This meant that it could lurk on web pages with ActiveX content, and infect
systems with low or nonexistent browser security settings as they
downloaded pages to their hard disks. If a Windows NT computer user
had logged into a system with administrative rights, the infecting virus
would patch two critical system files that gave all users on the network
—including the virus—administrative rights to all files on the target
computer. It spread further within the network by attaching itself to files
with the extensions .SCR, .OCX, and .EXE.
• VBS/Bubbleboy, a proof-of-concept demonstration that showed that a
virus could infect target computers directly from e-mail messages
themselves, without needing to propagate through message attachments.
It effectively circumvented desktop anti-virus protection altogether, at
least initially. Its combination of HTML and VBScript exploited existing
vulnerabilities in Internet-enabled mail systems; its author played upon the
same end-user psychology that made Melissa successful.
The other remarkable development in the year was the degree to which virus
writers copied, fused, and extended each others' techniques. This cross-
pollination had always occurred previously, but the speed at which it took
place and the increasing sophistication of the tools and techniques that became
available during this period prepared very fertile ground for a nervously
awaited bumper crop of intricate viruses.
Preface
Administrator's Guide
ix
Advertisement
Table of Contents
Related Manuals for McAfee VIRUSSCAN 4.5
Related Products for McAfee VIRUSSCAN 4.5
- McAfee VirusScan Command Line
- McAfee VirusScan Professional
- McAfee VPF40E001RAA - VirusScan 2005 - PC
- McAfee VLF09E002RAA - VirusScan Professional 2005
- McAfee VSF09EMB1RAA - VirusScan Plus 2009
- McAfee VSMCDE-AA-AA - VirusScan Mobile - PC
- McAfee VCLCDE-AA-DA - VirusScan Command Line Scanner Standard
- McAfee Endpoint Encryption v5