CA-2001-22 W32/Sircam Malicious Code

Original release date: July 25, 2001

Last revised: August 23, 2001
Source: CERT/CC

A complete revision history can be found at the end of this file.

Systems Affected

Microsoft Windows (all versions)

Overview

"W32/Sircam" is malicious code that spreads through email and potentially through unprotected network shares. Once the malicious code has been executed on a system, it may reveal or delete sensitive information.

As of 10:00EDT(GMT-4) Jul 25, 2001 the CERT/CC has received reports of W32/Sircam from over 300 individual sites.

I. Description

W32/Sircam can infect a machine in one of two ways:

• When executed by opening an email attachment containing the malicious code
• By copying itself into unprotected network shares

Propagation Via Email

The virus can appear in an email message written in either English or Spanish with a seemingly random subject line. All known versions of W32/Sircam use the following format in the body of the message:

English	Spanish
Hi! How are you? [middle line] See you later. Thanks	Hola como estas ? [middle line] Nos vemos pronto, gracias.

Where [middle line] is one of the following:

English

I send you this file in order to have your advice I hope you like the file that I sendo you I hope you can help me with this file that I send This is the file with the information you ask for

Spanish

Te mando este archivo para que me des tu punto de vista Espero te guste este archivo que te mando Espero me puedas ayudar con el archivo que te mando Este es el archivo con la informacion que me pediste

Users who receive copies of the malicious code through electronic mail might recognize the sender. We encourage users to avoid opening attachments received through electronic mail, regardless of the sender's name, without prior knowledge of the origin of the file or a valid digital signature.
The email message will contain an attachment whose name matches the subject line and has a double file extension (e.g.subject.ZIP.BAT or subject.DOC.EXE). The CERT/CC has confirmed reports that the first extension may be .DOC, .XLS, or .ZIP. Anti-virus vendors have referred to additional extensions, including .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, and .PS. The second extension will be .EXE, .COM, .BAT, .PIF, or .LNK. The attached file contains both the malicious code and the contents of a file copied from an infected system.
When the attachment is opened, the copied file is extracted to both the %TEMP% folder (usually C:\WINDOWS\TEMP) and the Recycledfolder on the affected system. The original file is then opened using the appropriate default viewer while the infection process continues in the background.

It is possible for the recipient to be tricked into opening this malicious attachment since the file will appear without the .EXE, .BAT,.COM, .LNK, or .PIF extensions if the "Hide file extensions for known file types" is enabled in Windows. See IN-2000-07 for additional information on the exploitation of hidden file extensions.

W32/Sircam includes its own SMTP client capabilities, which it uses to propagate via email. It determines its recipient list by recursively searching for email addresses contained in all *.wab (Windows Address Book) files in the %SYSTEM% folder. Additionally, it searches the folders referred to by

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache

for files containing email addresses. All addresses found are stored in SC??.DLL or S??.DLL files hidden in the %SYSTEM% folder.

W32/Sircam first attempts to send messages using the default email settings for the current user. If the default settings are not present, it appears to use one of the following SMTP relays:

• prodigy.net.mx
• NetBIOS name for 'MAIL'
• mail.<defaultdomain> (e.g., mail.example.org)
• dobleclick.com.mx
• enlace.net
• goeke.net

Propagation Via Network Shares

In addition to email-based propagation, analysis by anti-virus vendors suggests that W32/Sircam can spread through unprotected network shares. Unlike the email propagation method, which requires a user to open an attachment to infect the machine, propagation of W32/Sircam via network shares requires no human intervention.

If W32/Sircam detects Windows networking shares with write access, it

1. copies itself to \\[share]\Recycled\SirC32.EXE
2. appends "@ win\Recycled\SirC32.exe" to AUTOEXEC.BAT

If the share contains a Windows folder, it also

3. copies \\[share]\Windows\rundll32.exe to \\[share]\Windows\run32.exe
4. copies itself to \\[share]\Windows\rundll32.exe
5. when virus is executed from rundll32.exe, it calls run32.exe

Infection process

1. When installed on a victim machine, W32/Sircam installs a copy of itself in two hidden files:
   • %SYSTEM%\SCam32.exe
   • Recycled\SirC32.exe
   Installing in Recycled may hide it from anti-virus software since some do not check this folder by default.
   Based on external analyses, there is also a probability that W32/Sircam will copy itself to the %SYSTEM% folder as ScMx32.exe. In that case, another copy is created in the folder referred to byHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup (the current user's personal startup folder). The copy created in that location is named Microsoft Internet Office.exe. When the affected user next logs in, this copy of W32/Sircam will be started automatically.
2. The registry entry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Driver32 is set to%SYSTEM%\SCam32.exe so that W32/Sircam will run automatically at system startup.
3. The registry entry HKEY_CLASSES_ROOT\exefile\shell\open\command is set to "C:\Recycled\SirC32.exe" "%1" %*", causing W32/Sircam to execute whenever another executable is run.
4. A new registry entry, HKEY_LOCAL_MACHINE\Software\SirCam, is created to store data required by W32/Sircam during execution.
5. W32/Sircam searches for filenames with .DOC, .XLS, .ZIP extensions in the folders referred to by
   
   

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal

   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop

   While the personal folder may vary with configuration, it is often set to \My Documents or\Windows\Profiles\%username%\Personal. A list of these files is stored in %SYSTEM%\scd.dll.






6. W32/Sircam attaches its own binary to selected files it finds and stores the combined file in the Recycled folder.

II. Impact

W32/Sircam can have a direct impact on both the computer which was infected as well as those with which it communicates over email.

• Breaches of confidentiality: The malicious code will at a minimum search through select folders and mail potentially sensitive files. This form of attack is extremely serious since it is one from which it is impossible to recover. Once a file has been publicly distributed, any potentially sensitive information in it cannot be retracted.
• Limit Availibility (Denial of Service)
  
  • Fill entire hard drive: Based on external analyses, on any given day, there is a probability that it will create a file named C:\Recycled\sircam.sys which consumes all free space on the C: drive. A full disk will prevent users from saving files to that drive, and in certain configurations impede system-level tasks (e.g., swapping, printing).
  • Propagation via mass emailing: W32/Sircam will attempt to propagate by sending itself through email to addresses obtained as described above. This propagation can lead to congestion in mail servers that may prevent them from functioning as expected.NOTE: Since W32/Sircam uses native SMTP routines connecting to pre-defined mail servers, propagation is independent of the mail client software used.
• Loss of Integrity: Published reports indicate that on October 16 there is a reasonable probability that W32/Sircam will attempt to recursively delete all files from the drive on which Windows is installed (typically C:).

III. Solution

Run and Maintain an Anti-Virus Product

It is important for users to update their anti-virus software. Most anti-virus software vendors have released updated information, tools, or virus databases to help detect and partially recover from this malicious code. A list of vendor-specific anti-virus information can be found in Appendix A.

Many anti-virus packages support automatic updates of virus definitions. We recommend using these automatic updates when available.

Exercise Caution When Opening Attachments

Exercise caution when receiving email with attachments. Users should never open attachments from an untrusted origin, or ones that appear suspicious in any way. Finally, cryptographic checksums should also be used to validate the integrity of the file.

The effects of this class of malicious code are activated only when the file in question is executed. Social engineering is typically employed to trick a recipient into executing the malicious file. The best advice with regard to malicious files is to avoid executing them in the first place. The following tech tip offers suggestions as to how to avoid them:

Protecting yourself from Email-borne Viruses and Other Malicious Code During Y2K and Beyond

Filter the Email or use a Firewall

Sites can use email filtering techniques to delete messages containing subject lines known to contain the malicious code, or they can filter all attachments.

Likewise, a firewall or border router can be used to stop the W32/Sircam outbound SMTP connections to mail servers outside of the local network. This filtering strategy will prevent further propagation of the worm from a particular host when the local mail configuration is not used.

Appendix A. - Vendor Information

Aladdin Knowledge Systems

http://www.esafe.com/home/csrt/valerts2.asp?virus_no=10068

Central Command, Inc.

http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_refno=010718-000010

Command Software Systems

http://www.commandsoftware.com/virus/sircam.html

Computer Associates

http://www.cai.com/virusinfo/encyclopedia/descriptions/s/sircam137216.htm

Data Fellows Corp

http://www.datafellows.com/v-descs/sircam.shtml

McAfee

http://vil.mcafee.com/dispVirus.asp?virus_k=99141&

Norman Data Defense Systems

http://www.norman.com/virus_info/w32_sircam.shtml

Panda Software

http://www.pandasoftware.es/vernoticia.asp?noticia=987

Proland Software

http://www.pspl.com/virus_info/worms/sircam.htm

Sophos

http://www.sophos.com/virusinfo/analyses/w32sircama.html

Symantec

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html

Trend Micro

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.A

Computer security risks to home users

A. What is at risk?
Information security is concerned with three main areas:

>Confidentiality -  information should be available only to those who rightfully have access to it

>Integrity --  information should be modified only by those who are authorized to do so

>Availability --  information should be accessible to those who need it when they need it

These concepts apply to home Internet users just as much as they would to any corporate or government network. You probably wouldn't let a stranger look through your important documents. In the same way, you may want to keep the tasks you perform on your computer confidential, whether it's tracking your investments or sending email messages to family and friends. Also, you should have some assurance that the information you enter into your computer remains intact and is available when you need it.

Some security risks arise from the possibility of intentional misuse of your computer by intruders via the Internet. Others are risks that you would face even if you weren't connected to the Internet (e.g. hard disk failures, theft, power outages). The bad news is that you probably cannot plan for every possible risk. The good news is that you can take some simple steps to reduce the chance that you'll be affected by the most common threats -- and some of those steps help with both the intentional and accidental risks you're likely to face.

Before we get to what you can do to protect your computer or home network, let’s take a closer look at some of these risks.

B.     Intentional misuse of your computer

The most common methods used by intruders to gain control of home computers are briefly described below. More detailed information is available by reviewing the URLs listed in the References section below.

> Trojan horse programs
>Back door and remote administration programs
>Denial of service
>Being an intermediary for another attack
>Unprotected Windows shares
>Mobile code (Java, JavaScript, and ActiveX)
>Cross-site scripting
>Email spoofing
>Email-borne viruses
>Hidden file extensions
>Chat clients
>Packet sniffing






C.     Accidents and other risks




In addition to the risks associated with connecting your computer to the Internet, there are a number of risks that apply even if the computer has no network connections at all. Most of these risks are well-known, so we won’t go into much detail in this document, but it is important to note that the common practices associated with reducing these risks may also help reduce susceptibility to the network-based risks discussed above.




1.  Disk failure
Recall that availability is one of the three key elements of information security. Although all stored data can become unavailable -- if the media it’s stored on is physically damaged, destroyed, or lost -- data stored on hard disks is at higher risk due to the mechanical nature of the device. Hard disk crashes are a common cause of data loss on personal computers. Regular system backups are the only effective remedy.




2.  Power failure and surges
Power problems (surges, blackouts, and brown-outs) can cause physical damage to a computer, inducing a hard disk crash or otherwise harming the electronic components of the computer. Common mitigation methods include using surge suppressors and uninterruptible power supplies (UPS).




3.  Physical Theft
Physical theft of a computer, of course, results in the loss of confidentiality and availability, and (assuming the computer is ever recovered) makes the integrity of the data stored on the disk suspect. Regular system backups (with the backups stored somewhere away from the computer) allow for recovery of the data, but backups alone cannot address confidentiality. Cryptographic tools are available that can encrypt data stored on a computer’s hard disk. The CERT/CC encourages the use of these tools if the computer contains sensitive data or is at high risk of theft (e.g. laptops or other portable computers).

Steam hack confirmed by Valve game company

Steam, the online gaming network run by game company Valve, confirmed Thursday that its forums had been hacked and warned users to keep a close eye on their credit card statements.

The service’s forums had been defaced earlier in the week, resulting in some gamers receiving e-mails from a hacking Web site, Kotaku report

Gallery




 In recent years, lawmakers and advocacy groups have made increased efforts to protects users’ privacy online. Here are some cases that helped stoke the debate about tracking and privacy on the Web.

On Thursday, Valve co-founder Gabe Newell left a message on the company’s forums confirming the intrusion, saying that all forum passwords will be reset and adding that the attack “goes beyond the Steam forums.” While there is evidence of a deeper intrusion, the company is not yet requiring all Steam users to reset their account passwords, which are separate from forum accounts.

“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked,” Newell wrote. “We are still investigating.”

He added that there have been no reports that Steam accounts were compromised, but advised users to change their passwords as a precaution.

“I am truly sorry this happened, and I apologize for the inconvenience,” he said.

The intrusion comes at a bad time for Steam, which is not only premiering a major title — Bethesda’s “Elder Scrolls V: Skyrim” — Friday, but is also facing long-term challenges from Electronic Arts’ Origin service, cloud gaming service OnLive and an as-yet-unreleased online service from retailer GameStop.

Security, understandably, is the most pressing issue facing these services as they ask gamers to trust their saved data, credit cards and other personal information to off-site servers. Companies are also jumpy following the Sony data hack that pulled the PlayStation Network and Sony Online Entertainment services off line for a month and resulted in a lot of bad press for the electronics giant.

7 Things You Need To Know About Recent Web Hack Attacks

By Jeremiah Grossman
Citigroup, Sony, PBS, Sega, Nintendo, Gawker, AT&T, the Central Intelligence Agency, the United States Senate, NASA, Nasdaq, the NYSE, Zynga, BBC Music, the Royal Navy, and thousands of others have one thing in common – they have all fallen victim to hack attacks in the last year.
Jeremiah Grossman
Millions of credit-card numbers, customers’ personal information and records, not to mention gigabytes worth of intellectual property, have been compromised. And the onslaught shows no signs of stopping. The net result has been stark – hundreds of millions of dollars in corporate losses, sharp stock price declines, lawsuits, fines and costly downtime. Most alarmingly, it no longer matters whether a company is in financial services, retail, education, gaming, social networking, government, telecom, media or travel – no industry is immune to these breaches.

8 Steps To Keep Your PCs Safe From Online Criminals

By Mike Cote
Mike Cote is vice president at Dell Secureworks.

Mike Cote

With the diversity of security attacks globally, it is becoming increasingly difficult and complex for small and medium-sized businesses to assemble the right in-house resources to protect themselves against the cyber threats they face, whether it’s a data breach through the network, data leakage by employees, or lost laptops or mobile devices. We have also seen an uptick in the number of court cases, where SMBs have had six-figure amounts stolen out of their bank account by cyber thieves. The liability for these breaches is being shifted to the CIOs and IT managers, as SMBs are being accused of not taking the appropriate precautions to protect their data. The need for comprehensive information security is more pressing now than ever before.

Homes & Small Businesses Network security tips

1. A basic firewall or a unified threat management system. 
2. For Windows users, basic Antivirus software. An anti-spyware program would also be a good idea. There are many other types of antivirus or anti-spyware programs out there to be considered. 
3. When using a wireless connection, use a robust password. Also try to use the strongest security supported by your wireless devices, such as WPA2 with AES encryption. 
4. If using Wireless: Change the default SSID network name, also disable SSID Broadcast; as this function is unnecessary for home use. (However, many security experts consider this to be relatively useless).[5] 
5. Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router. 
6. Assign STATIC IP addresses to network devices. 
7. Disable ICMP ping on router. 
8. Review router or firewall logs to help identify abnormal network connections or traffic to the Internet. 
9. Use passwords for all accounts. 
10. For Windows users, Have multiple accounts per family member and use non-administrative accounts for day-to-day activities. 
11. Disable the guest account[citation needed] 
12. Raise awareness about information security to children

Want to Enable GodMode in Windows 7? Here's how !!!

I thought this was a joke when I read it, but evidently not. If you want a quick way to get to all the settings on Windows 7 at a SINGLE PLACE.
Then. 
GodMode is a great trick that allows you to access all Windows 7 configuration options from one location.
Windows 7 users are all abuzz about the OS and its GodMode. If you haven't heard of it, GodMode is a feature that was revealed by CNet's Microsoft Correspondent, Ina Fried. GodMode is a folder that brings together a long list of customization settings allowing you to change all your settings from one place. Neat huh? It's very easy to enable and damn useful if you tweak things around a lot.


I've broken it down into five-step process to avoid confusion:


Step 1: Right click.


Step 2: Click create folder.


Step 3: Rename Name your  folder this to :-
GODMOD.{ED7BA470-8E54-465E-825C-99712043E01C}


Step 4: Blink as the folder changes form to look like the control panel.

How Encryption Works

When we use the Internet, we're not always just clicking around and passively taking in information, such as reading news articles or blog posts -- a great deal of our time online involves sending others our own information. Ordering something over the Internet, whether it's a book, a CD or anything else from an online vendor, or signing up for an online account, requires entering in a good deal of sensitive personal information. A typical transaction might include not only our names, e-mail addresses and physical address and phone number, but also passwords and personal identification numbers (PINs).

The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live and work. It's extremely easy to buy and sell goods all over the world while sitting in front of a laptop. But security is a major concern on the Internet, especially when you're using it to send sensitive information between parties.


Let's face it, there's a whole lot of information that we don't want other people to see, such as:


Credit-card information
Social Security numbers
Private correspondence
Personal details
Sensitive company information
Bank-account information ­

5 Tips to Improve Your Wireless Connection

Wireless technology makes it easy to get rid of the cables and take computing away from the desk. It's becoming the household norm, and while the technology is advancing quickly, there are some easy things you can do to improve your own wireless connectivity.

1: Position Your Router

2: Replace your Antenna

3: Get a Repeater

4: Get an Antenna Booster

5: Upgrade Firmware

How to Detect if Someone's Stealing Your WiFi

Okay, it's time to get down to it. Is your wireless network running slowly? Do you have intermittent losses in Internet access and you can't figure out why? Chances are, you've already detected a WiFi squatter and didn't even know it. If you regularly experience these problems, maybe you have something wrong with your wireless connection. But if you're suddenly having intermittent problems with your Internet performance, especially at the same time each day, it's a red flag that someone is piggybacking off your wireless connection and it's time for you to diagnose your WiFi network.

The first and simplest thing you can do is check out your wireless network connection and see if it's secure. When you install your router, you're given the option of setting a wireless encryption protocol (WEP) key. Basically this is a password-protected method for you to log on to your own wireless network. If you don't have one, you're operating an open network. That means anyone within range can use your wireless for free. While it's not hacking, it is debatable as to whether this is actually stealing. In any case, if you don't have a WEP key, you're vulnerable to WiFi squatting and certainly not deterring squatters.
Even if you have a WEP key, that doesn't necessarily mean your neighbor hasn't bypassed it. To determine if he or she is logging onto your wireless network, you can do so by checking your wireless network log. To do this, click your Start Menu in Microsoft Windows, then double-click My Network Places. Next, double-click View Entire Network. If there are more devices connected than you have allowed on your network, you have WiFi thieves.
A similar method to determining the status of your WiFi user list is to check your router's DHCP client table. Much like viewing your network, your DHCP client table will list the machines on your network. If the number exceeds what you've set up, you have someone stealing your WiFi.
Nobody wants to be taken advantage of. What's more, you certainly don't want illegal information flowing through your wireless network. That's why you need to take matters in your own hands. The final section will give you the power to thwart off Internet thieves and protect your wireless connection. Are you ready to fight back? Turn the page to learn how.

10 Worst Computer Viruses of All Time

Computer viruses can be a nightmare. Some can wipe out the information on a hard drive, tie up traffic on a computer network for hours, turn an innocent machine into a zombie and replicate and send themselves to other computers. If you've never had a machine fall victim to a computer virus, you may wonder what the fuss is about. But the concern is understandable -- according to Consumer Reports, computer viruses helped contribute to $8.5 billion in consumer losses in 2008 [source: MarketWatch]. Computer viruses are just one kind of online threat, but they're arguably the best known of the bunch.

Computer viruses have been around for many years. In fact, in 1949, a scientist named John von Neumann theorized that a self-replicated program was possible [source: Krebs]. The computer industry wasn't even a decade old, and already someone had figured out how to throw a monkey wrench into the figurative gears. But it took a few decades before programmers known as hackers began to build computer viruses.
While some pranksters created virus-like programs for large computer systems, it was really the introduction of the personal computer that brought computer viruses to the public's attention. A doctoral student named Fred Cohen was the first to describe self-replicating programs designed to modify computers as viruses. The name has stuck ever since.
In the good­ old days (i.e., the early 1980s), viruses depended on humans to do the hard work of spreading the virus to other computers. A hacker would save the virus to disks and then distribute the disks to other people. It wasn't until modems became common that virus transmission became a real problem. Today when we think of a computer virus, we usually imagine something that transmits itself via the Internet. It might infect computers through e-mail messages or corrupted Web links. Programs like these can spread much faster than the earliest computer viruses.
We're going to take a look at 10 of the worst computer viruses to cripple a computer system. Let's start with the Melissa virus.

1. Melissa
2. ILOVEYOU
3. The Klez Virus
4. Code Red and Code Red II
5. Nimda
6. SQL Slammer/Sapphire
7. MyDoom
8. Sasser and Netsky
9.  Leap-A/Oompa-A
10. Storm Worm (The latest virus on list)

Famous Hackers

Steve Jobs and Steve Wozniak



Steve Jobs and Steve Wozniak, founders of Apple Computers, were both hackers. Some of their early exploits even resembled the questionable activities of some malicious hackers. However, both Jobs and Wozniak outgrew their malicious behavior and began concentrating on creating computer hardware and software. Their efforts helped usher in the age of the personal computer -- before Apple, computer systems remained the property of large corporations, too expensive and cumbersome for average consumers.

Linus Torvalds, creator of Linux, is another famous honest hacker. Hisopen source operating system is very popular with other hackers. He has helped promote the concept of open source software, showing that when you open information up to everyone, you can reap amazing benefits.

Richard Stallman, also known as "rms," founded the GNU Project, a free operating system. He promotes the concept of free software and computer access. He works with organizations like the Free Software Foundation and opposes policies like Digital Rights Management.

On the other end of the spectrum are the black hats of the hacking world. At the age of 16, Jonathan James became the first juvenile hacker to get sent to prison. He committed computer intrusions on some very high-profile victims, including NASA and a Defense Threat Reduction Agency server. Online, Jonathan used the nickname (called a handle) "c0mrade." Originally sentenced to house arrest, James was sent to prison when he violated parole.

Kevin Mitnick

Kevin Mitnick gained notoriety in the 1980s as a hacker who allegedly broke into the North American Aerospace Defense Command (NORAD) when he was 17 years old. Mitnick's reputation seemed to grow with every retelling of his exploits, eventually leading to the rumor that Mitnick had made the FBI's Most Wanted list. In reality, Mitnick was arrested several times for hacking into secure systems, usually to gain access to powerful computer software.

How to Secure Your Home Network

We've been treated to some pretty entertaining feats of espionage courtesy of Hollywood. Who can forget the way Tom Cruise dangled from the ceiling as he attempted to crack into a computer security system in "Mission Impossible?" Or how about the mysterioushacker who seems to slip past every security to corrupt the Rossum Corporation's data in the "Dollhouse" television series? Hacking into a network must require superhuman skills and knowledge, right?

You might be surprised to learn how easy it is for someone to hack into a computer network. The fact is that many computer networks are practically defenseless to intruders. In the early days of home computer networks, the people who put the networks together were experts and enthusiasts. They put their systems together knowing how computers can communicate with each other and built in protective measures to prevent other computer users from snooping.

Today, home computer networks are popular among a broad range of consumers. User knowledge spans from expert to newbie. Some users may be unaware of the dangers they can encounter if they don't properly secure their network. Others may think home network security is too complicated or confusing. But network security is more important than ever and it's worth the effort to learn more about it.

An unprotected network could allow malicious hackers -- known as crackers -- access to your data. It might even allow someone to take control of your computers and use them to commit crimes like a distributed denial of service attack (DDoS). Even if no one snoops on your information or controls your computer, someone might use your network to access the Internet. As more ISPs begin to place caps on how much data you can download, it becomes even more important to control your network. You don't want to get slapped with a huge bill for Internet services you didn't even use.

With the right tools and knowledge, you can minimize your chances of having your security compromised by malicious hackers or computer viruses. Let's get started.

How Hackers Work

Thanks to the media, the word "hacker" has gotten a bad reputation. The word summons up thoughts of malicious computerusers finding new ways to harass people, defraud corporations, steal information and maybe evendestroy the economy or start a war by infiltrating military computer systems. While there's no denying that there are hackers out there with bad intentions, they make up only a small percentage of the hacker community.

The term computer hacker first showed up in the mid-1960s. A hacker was a programmer -- someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers -- they saw the potential of what computers could do and created ways to achieve that potential.

A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug -- a section of bad code that prevented the program from working properly -- hackers would often create and distribute small sections of code calledpatches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they'd happily do for free.

As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning -- a person using computers to explore a network to which he or she didn't belong. Usually hackers didn't have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge.­

In fact, that's still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious -- they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors.

In this article, we'll explore common techniques hackers use to infiltrate systems. We'll examine hacker culture and the various kinds of hackers as well as learn about famous hackers, some of whom have run afoul of the law.

How Trojan Horses Work

One of the most enduring stories of the Trojan War, the most important conflict in Greek mythology, is the tale of the Trojan horse. Trying to find a way into the city of Troy, the great warrior Odysseus ordered his men to build a massive wooden horse, one big enough for several Greek soldiers to fit in. Once the structure was finished, he and several other warriors climbed inside, while the rest of the Greeks sailed away from Troy. One man named Sinon, however, stayed behind in order to deceive the Trojans, convincing them that his fellow Greeks had betrayed him and fled from the city. The wooden horse, he told the Trojans, was safe and would bring them luck.

After some discussion over the matter, the Trojans agreed to wheel the horse through their gates, unknowingly giving the Greek enemy access to the city. After proclaiming victory and partying all night, the citizens of Troy went to sleep -- it was then that Odysseus and his men crept out of the Trojan horse and wreaked havoc on the city.
Video Trojan Horses Working exploitation. click here

Although you've probably heard of the Trojan horse from Greek mythology, chances are you've also heard of Trojan horses in reference to computers. Trojan horses are common but dangerous programs that hide within other seemingly harmless programs. They work the same way the ancient Trojan horse did: Once they're installed, the program will infect other files throughout your system and potentially wreak havoc on your computer. They can even send important information from your computer over the Internet to the developer of the virus. The developer can then essentially control your computer, slowing your system's activity or causing your machine to crash.

Though they're not actually viruses, they're referred to as "Trojan horse viruses," "Trojan viruses," "Trojan horses" or just plain "Trojans." Regardless of what people call them, they all mean same thing. But what happened? How did you let this Trojan horse into your computer in the first place? And what can you do stop one from getting in?

X-FORCE DATABASE UPDATES Microsoft Windows TCP/IP code execution

 High Risk 

Microsoft Windows TCP/IP code execution

Description:

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by an error in the TCP/IP stack when processing UDP packets. By sending specially-crafted UDP packets to a closed port, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.

Platforms Affected:

• Microsoft Windows 7 SP1 x64

• Microsoft Windows 7 x32

• Microsoft Windows Server 2008 R2 x64

• Microsoft Windows Server 2008 R2 SP1 x64

• Microsoft Windows Server 2008 R2 SP1 Itanium

• Microsoft Windows Server 2008 R2 Itanium

• Microsoft Windows Server 2008 x64

• Microsoft Windows Server 2008 SP2 x32

• Microsoft Windows Server 2008 SP2 Itanium

• Microsoft Windows Vista SP2 x64

• Microsoft Windows Vista SP2

References:

• Microsoft Security Bulletin MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution (588516).

• CVE-2011-2013: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

• SA46731: Microsoft Windows TCP/IP Reference Counter Overflow Vulnerability

for more information click HERE.