North County Computers - For All Your Computing Needs
Hardware Solutions From North County Computers Network Solutions From North County Computers Software Solutions From North County Computers Hardware Solutions From North County Computers
Hardware Solutions From North County Computers Network Solutions From North County Computers Software Solutions From North County Computers Hardware Solutions From North County Computers
    Email: support@nccomp.com  |  Contact Us   |  Portfolio   |  Employment   |  Tech Docs     
 



Page 3 of 7

4) The virus includes a time-bomb, but is built around the idea of fast infection. The virus is already written. It is coded to take advantage of exploits and such. However, many systems are already patched against known vulnerabilities, so Team Blue is waiting for a new vulnerability to be posted to the internet. Once one exists, they add the final code to assault the new vulnerability and release the virus. (Heck, they even test the virus using PCs running VMWare so that their own systems aren’t infected). Microsoft’s track record averages 14 to 30 days for patches to known vulnerabilities. So within 3 days of a new vulnerability, Team Blue has added the code to their virus and released it. The virus spreads for 48 hours and immediately does the DDoS attacks listed above. This inhibits people from getting vulnerability patches (which probably aren’t available yet anyway) and from getting updated anti-virus definition files to stop and clean the virus. After 48 hours and worldwide propagation, the real payload is released. As to what the “real payload” is? That's anyone’s guess. But with the sites that distribute the vulnerability patches and anti-virus definition files being crippled by DDoS attacks, and after sysadmins worldwide being awake for more than 24 hours with no sleep as a result of the infection, the virus could do just about anything that Team Blue wants it to.

5) Also coded into the virus is a whois client. Since whois data is public domain, the virus is coded to query whois (such as whois.org) servers, then send itself to info@..., jobs@..., careers@..., support@..., etc. to all domains that can be queried via whois lookups. Since most of those email addresses are aliases to real accounts, a carefully worded subject of “Resume for My Name” to careers@mydomain.com could likely arrive at the Inbox of the HR person of MyDomain.com. The virus is embedded in a table in the word doc and goes active when opened.

6) Since open mail relays are still a constant issue, the virus is further coded to query many of the publicly available lists of open mail relays to further distribute itself.

7) The last source for infection is P2P networks. Team Blue has coded their virus into hundreds of MP3 files named after the most popular songs released in the last month, thus ensuring a high download rate. If the MP3s are downloaded prior to updated anti-virus definition files, then anti-virus softwares won’t detect the virus.

8) The virus also puts entries into the system registry to make systems appear to have all the latest, greatest patches when, in fact, they do not. Thus, any successful hits to the Windows Update website makes your system falsely appear to be up to date.

<previous><next>
1 - 2 - 4 - 5 - 6 - 7

  
 
 
© Copyright 2005 NCC All Rights Reserved
Privacy Statement Legal Statement
Notice To Bulk Emailers		 Resources for Christian Believers