Page 105 - StudyBook.pdf
P. 105
General Security Concepts: Attacks • Chapter 2 89
Logic Bombs
A logic bomb is a type of malware that can be compared to a time bomb.They are
designed to do their damage after a certain condition is met.This can be the
passing of a certain date or time, or it can be based on the deletion of a user’s
account. Often attackers will leave a logic bomb behind when they’ve entered a
system to try to destroy any evidence that system administrators might find. One
well-known logic bomb was known as the Chernobyl virus. It spread via infected
floppy disks or through infected files, and replicated itself by writing to an area on
the boot sector of a disc.What made Chernobyl different from other viruses is that
it didn’t activate until a certain date, in this case,April 26, the anniversary of the
Chernobyl disaster. On that day, the virus caused havoc by attempting to rewrite
the victim’s system BIOS and by erasing the hard drive. Machines that were the
unfortunate victims of this virus required new BIOS chips from the manufacturer
to repair the damage.While most logic bombs aren’t this well publicized, they can
easily do similar or greater damage.
Other examples of well-known logic-bombs include the Michelangelo virus,
which was set to go off on March 6, the birthday of the famous Renaissance painter,
and delete the data from hard disks; the DDoS attack Blaster attempted on window-
supdate.com, and Code Red’s attempted attack to the White House Web site.
Spyware and Adware
Spyware programs, as their name implies, spy on the machines they are installed on.
They gather personal information, with or without the user’s permission, and use it
for many purposes. Spyware has become such a pervasive problem that dozens of
anti-spyware programs have been created. Most spyware programs do not have
harmful payloads, and their danger lies in the instability and the consumption of
computing resources they cause in infected systems.
There are a lot of types of spyware in terms of their purpose, their installation
method, their collection methods, and so forth. Purposes can include marketing
(showing ads while browsing, also called adware), traffic redirection (taking users to
sites they didn’t intend to visit), and even criminal purposes (stealing passwords and
credit card numbers, sending it to the spyware’s creator). Spyware can be willingly
installed by users downloading them from Web sites, but more often than not they
are tricked into installing spyware, covertly installed as part of another utility’s
installation, or use an exploitable vulnerability in browsers.As for the method of
collecting information, they can record and inform on Web site browsing history,
look for information stored in the computer’s file system, or even log keystrokes
looking for passwords.
www.syngress.com
