Category Archives: Malware Tips

Firewalls and Proxies

In building construction, a firewall is a structure designed to contain building fires. For example, an attic crawlspace that covers the entire length of the building would allow a fire to roar from one end of the building to the other. Breaking up the crawlspace with non-flammable walls helps to slow the spread of a fire.

Network firewalls have a similar function. A firewall is a network security system, either a program or an actual device, that breaks up a network to contain viruses and hackers.

Imagine two large fish tanks side by side, separated by a wall. We want to allow the blue fish to mingle, but we need to keep the carnivorous fish on the left away from the baby fish on the right. If we opened a computer-controlled door in the wall, programmed to only allow blue fish to pass but no one else, that would be a fishtank firewall.

Network firewalls “segment” the network. Local traffic, the information that moves between the computers in that segment, doesn’t go through the firewall to the larger network outside. And information that doesn’t need to reach anyone inside the firewall is blocked out, just like the carnivorous fish in our example.

A Proxy is another network security tool. Proxies are replacements for Internet servers. When a computer requests a website from the internet, a main hub provides the IP address. A firewall can interfere with this, and declare that no one inside the firewall can surf the Internet. The Proxy is then the “official” way past the firewall.

A proxy server has a list of “authorized” websites. When the user’s computer requests the address from the Internet, the proxy checks it against the list, and if the website is approved, it authorizes the firewall to let the traffic through. If the website is not approved, then the firewall sends a message saying “you are not authorized to visit this website.”

More info

Backdoor Programs

It’s the ultimate nightmare for a computer user, the idea that someone outside the computer can take over. The official “technical” term is Remote Administration, but hackers are more likely to use the word Backdoor.

With Windows XP, remote administration comes pre-installed. Windows XP has an option called Remote Assistance, where an XP technician can “remote in” and take over your computer. The remote tech has as much control over your system as if he was sitting there at the keyboard.

The hackers predate Microsoft by several years.

NetBus, for example, was designed in 1998 by Carl-Fredric Neikter, and many of the backdoor programs since then have followed a similar design.

The program comes in two parts, the Client, and the Server. The server is the part that has to be installed on the machine to be hacked, and the Client is the controlling system. Once the Server program has been installed, the Client has almost total control, from dangerous things like recording keystrokes or launching programs to annoying things like opening the CD tray. Netbus 2.0 Pro was even marketed commercially as a remote administration program.

Some other backdoor programs are Back Orifice (which was named as a pun on Microsoft’s Back Office program), SubSeven, and Poison Ivy.

Any backdoor program allows an outsider full, unrestricted access to the hacked computer. The hacker can copy information off of the computer, activate webcams, even remotely shut down or crash the computer. Netbus and SubSeven are very popular among “script kiddies.”

In one major case in 1999, a law professor was fired and charged because system administrators found child pornography on his system. He was acquitted, almost five years later, when the court was shown that Netbus was used to copy the images onto the computer.

Most backdoor programs are easily stopped by antivirus and firewall programs.

More info

Malware Overview

Do you know what goes on under the hood of your car? Do you know the solution for a warning light on the dash? Do you know what’s wrong with the car if it starts making strange noises or loses power?

Those same questions can be asked about your computer.

Computers can have many of the same problems as cars. Engine problems can cause cars to lose power, just like a large program can take up too much of the computer for anything else to run. Where an engine could “throw a rod” or “break a timing chain,” computers can mysteriously reboot or die with the dreaded “Blue Screen of Death.”

We expect that our car will bog down sometimes. You can’t expect a car to perform as well when pulling a two-ton trailer up a five degree hill. Likewise, when a computer gets bogged down with a big project, you would expect it to respond a little slower.

What you don’t expect is for either the car or the computer to bog down or die when we’re not pushing so hard.

One of the things that “Malware” can do is exactly that. It forces the computer to work harder, taking power away from our programs. It would be like sneaking a dozen cinderblocks into the back of the family car right before the trip.

“Malware” is software that works without the user’s knowledge and consent. Sometimes called “badware,” it covers a wide range of programs, including computer viruses, spyware, adware, and more. Adware can bog down the computer, because it contacts websites to download fresh ads. Spyware collects data on you and the websites you visit and returns all of that data to the host website. And viruses just want to find a way to spread to other computers.

But most importantly, malware runs “under the hoood” and behind your back, so that you don’t even know that it’s there.

More info