Ed Skoudis lists the Top 5 Worst Attacks of 1998 - 2002

That which does not kill us makes us stronger.
-Friedrich Nietzsche

In the November 2002, Information Security Magazine article, Infosec’s Worst NightMares, Ed Skoudis lists the Top 5 Worst Attacks of 1998 – 2002. Mr. Skoudis is the founders of Intelguardians Network Intelligence, LLC and is a handler of the very popular Internet Storm Center.

Mr. Skoudis mentions that the Top five major destructive attacks of 1998 – 2002 made many industries “battle-tested” and more likely to be proactive rather than reactive. The 5 year Worst Skoudis list is based on exploits that shook our very faith in the Internet and security of e-commerce.

1. Code Red (2001). July 13 2001, the worm attacked Microsoft IIS systems. By 19 July 2001, the worm had affected over 350,000 systems. SANS and Honeynet Project set up honey pots to capture the worm. But E-eye Digital Security Programmers did the most intense research on the worm and also named it. The worm exploited a vulnerability in the indexing software distributed with IIS, described in Microsoft’s MS01-033 patch. It was a buffer overflow attack. Some of the lessons learned: Keep systems patched, use of honey pots to capture malware, coordinated response helps to contain worms.

2. Nimda (2001). Shortly after 9/11, the Nimda worm was unleashed. It caused more damage financially than Code Red. There were rumors that it was China that released it to hurt the US further, but this is unlikely due to the nature of Nimda.

While it was bad, it had the appearance of a being written by a determined amateur, not a nation-state that spends $1 Billion annually on cyberwarfare capabilities. – Skoudis.

Nimda affected Windows 95, 98, Me, NT, or 2000 and servers running Windows NT and 2000. It was so affective because it attacked IIS, e-mail, browsers and network shares. This multi dimensional attack method could mark a trend in future cyberfare.

Lessons Learned: The importance of an incident response capability, disabling arbitrary scripts in e-mail and browsers.

3. Melissa (1999) & LoveLetter (2000). Both of these exploited malware through e-mail propagation. Melissa used Microsoft Word Macro virus and LoveLetter (I Love You Virus). The worm harvested the victims address book to forward itself to more victims which killed a lot of email servers. Lessons Learned: Many companies got serious about implementing anti-virus applications throughout the network.

4. Distributed Denial-of-Service (DdoS) attacks (2000). After all the panic of pre-Y2K, a completely new and unexpected storm hit major sites: Yahoo!, Amazon, CNN, E*Trade ZDNet and eBay. All by a single child hacker nicked named Mafiaboy. He had spread zombie flooding agents to hundreds of machines around the world and used them to attack sites with billions of useless packets. Lessons Learned: employ anti-spoofing filters.

5. Remote Control Trojan Horse Backdoors (1998 – 2000). In 1998, the Cult of the Dead Cow hackers group created the Trojan, Back Orifice which initially targeted Windows NT/9x. The tool allowed unskilled attackers to attack any vulnerable system. It also marked the rise of the “script kiddies” and produced a bunch of spin offs such as Subseven, Netbus and Hack-a-Tack.

Popularity: 2% [?]

w32 serflike a

I have never heard of any virus called "w32 serflike a", however if you believe you have this or any other malware a good place to start investigating this is to use Autoruns

Autoruns is the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

More on w32 serflike a

Popularity: 3% [?]

Netdrvr Ext W32 Spybot Worm

Those looking for “Netdrvr Ext W32 Spybot Worm”

You typed “Netdrvr Ext” Did you mean “netdrvr.exe”?

If you meant “netdrvr.exe” then you definitely have malware. More than likely you have a virus running in a critical system folder of Windows: C:\Windows\System32\netdrvr.exe. This virus looks like it might be a device driver (Network DRV) but it is like a cancer to your system resources and privacy.

This virus can be removed with free tools such as Adaware, HijackThis or Microsoft’s Autoruns (recommended).

Popularity: 4% [?]

Storm Worm Erupts Into Worst Virus Sustained Attack In the Last 2 Years

The Storm worm authors are waging a multi-pronged attack and generating the largest virus attack some researchers say they’ve seen in two years.”We are basically in the midst of an incredibly large attack,” said Adam Swidler, a senior manager with security company Postini. “It’s the most sustained attack that we’ve seen. There’s been nine to 10 days straight days of attack at this level.”

Swidler said in an interview with InformationWeek that the attack started a little more than a week ago, and Postini since then has recorded 200 million spam e-mails luring users to malicious Web sites. Before this attack, an average day sees about 1 million virus-laden e-mails, according to Postini. Last Thursday, however, the company tracked 42 million Storm-related messages in that day alone. As of Tuesday afternoon, Postini researchers were predicting they would see that day between 4 million and 6 million virus e-mails — 99% of them associated with the Storm worm.

more on the complete ad heavy Infoweek site 

Popularity: 2% [?]

myspace virus (simple thing you can do to avoid it)

There have been some very sneaky viruses on myspace such as flash based redirects.

But some are a little less sneaky and only take the slightest change in user actions.

Phishing attempts will do something like this. They will ask you to put in your myspace e-mail and password.  More on Myspace viruses

Popularity: 2% [?]

Myspace gets Hacked

Myspace doesn’t seem safe, if someone can change everyone’s about me. This happened a few weeks ago. Changed everyone’s about me to “but most of all nathan is my hero”

read more | digg story

Popularity: 2% [?]

Prevent Computer Viruses

In the last three years or so I haven’t had a single computer virus on my main system unless I put it there on purpose.  I use a very simple method to prevent computer viruses and malware from ever getting on my system. 

check it out here: http://elamb.org/hacked/how-to-prevent-computer-virus.htm

 

Popularity: 7% [?]

Computer Viruses Monitored via Dynamic Worldmap

You'll be able to view Previous Hour, Previous Day, Previous Month, This Year, and Previous Year. Color Coding has 6 Ranges (No Data, Quiet, Low, Medium, High, and Epidemic)

read more | digg story

Popularity: 3% [?]

Bad Web Sites

The Internet is a remarkable reflection of human nature.  Its a gauge of what is going on inside our heads.  I find this both fascinating and disturbing.  For every moving, revolutionary truthful site I have read there are ten that are evil, twisted and greedy.

Here is an example of the types of bad web sites I'm talking about. 

One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites. They bait you with porn, or free software, or software codes. If your guard is down, they sneak some malware onto your system.

Realistically no one should be at these sites. The hold premise behind these websites is bad. It is the equivalent to going to a back alley and buying a “hot” camcorder. The camcorder is definitely stolen, but we conveniently exclude the source of the camcorder from our minds. Serial/crack, warez sites are bad sites featuring stolen goods.

READ MORE about Bad Sites Here.

Popularity: 2% [?]

How to get Malware/Virus/Trojans on your Home Windows computer:

1) Use Window 9x/2000/XP out of the box DO NOT bother to reconfigure it
  

Don't create any login accounts with strong passwords
Do all work from the adminstrator account (Windows does this out automatically  so   don't do anything)
Do not bother with patches no matter how critical (Windows will prompt you to update, just ignore it)
Don't disable the guest account
Don't change the name of default administrator account
Enable as many network protocols as you can

 

2) Use Internet Explorer

If you want your system to get infected with all kinds of malware DO NOT use Firefox or anytype of pop up blockers
When you use IE, don't increase the security under: Tools | Internet Options | Security tab, just leave it as is
Ensure all Java and ASP scripting languages are enabled, allowing other computers to load software on your computer remotely
Never patch Internet Explorer

3) Connect directly to the Internet

Do not use any kind of firewall 
Do not use Network Adress Translation (which will hide your IP adress)
Do not load SP2 for Window XP
  

4) Surf the deadliest sites with no protection

Surf Serial/Crack/Warez sites and always completely trust their sites
Porn sites with no protection
Screen Saver sites
“hacker sites”  not all hackers sites just “black hats” and script kiddie type sites
Find dark IRCs
  

5) Behavior that will help you get your system infected.

Download Screen Savers from site you are not sure about
Open emails from people you don't know
If you get a Security Warning that says “Do you want to download XXXXPROCUT NAMEXXX..” Don't even bother reading the rest just click yes.
  

6) Software that is more than likely infected

Tools bars that automatically download without your permission
Kazaa and some other free P2P tools

 

List of Tools for faster Infection:

Internet Explorer  (Firefox can affectively block malware)
Broadband/DSL (use of a firewall using Network Adress Translation will hide you system)
Windows 9.x/2k/XP (open source OSes such as Linux are less likely to be hacked)

 

Popularity: 5% [?]

Next Page »