This website uses cookies to ensure you have the best experience. Learn more

Malicious Code Attack Essay

536 words - 3 pages

Week 4: Essay 4.1

Malicious Code Attack

Harold Streat Jr (15813476)

NT2580: Introduction to Information Security

March 2, 2014

DeVon Carter

Malicious Code Attack

The Code Red virus didn't kill the Internet, but it did prove that there is a long way to go in the war against cyber-attacks, and, if the future is anything like the past, it is a war the good guys will never win (Burnett & Gomez, 2001).

The Code Red worm is one example where knowledge of emerging vulnerabilities and implementation of security patches plus overall watchfulness of network activity could have saved many systems from falling prey to a well-publicized attack (Burnett & Gomez, 2001).

The Code Red or Red Wiggler Worm, as it was known, was a self-replicating program designed to consume ...view middle of the document...

The worm began by scanning networks to identify hosts running IIS and accepting information on TCP port 80. Once a valid host was found, the worm attempted to exploit a buffer overflow vulnerability in the IIS Indexing Service. When it was successful, it replicated itself on the infected server and began scanning for more hosts to infect (Burnett & Gomez, 2001).

The original worm defaced web sites while simultaneously attacking hosts. What may have contributed to the infamy of the worm, and caught the attention of the US government, was that the Code Red worm was programmed to attack the IP address for the White House from all sites it managed to infect. The White House avoided the potential denial-of-service attack by changing the IP address of its site, but this was not without significant effort on the part of many security professionals to identify the attack and reconfigure systems with the new IP address. The worm successfully debilitated a substantial number of systems despite alarmist reports from government and private industry sources that spread quickly into mainstream media. Interestingly, hundreds of thousands of systems were infected although a patch (a software fix) was made available to remove the security hole a few months before the worm became widespread. The fact that the attack was successful even though a patch had been available for a while is an example of the current time gap that exists between the dissemination of security information by vendors and security experts and the actual enforcement of the suggested security measures in the real world (Burnett & Gomez, 2001).

References

Burnett, M., & Gomez, C. (2001). When Code Red Attacks: Addressing Vulnerabilities Behind Virus Hysteria. http://www.isaca.org/Journal/Past-Issues/2001/Volume-6/Pages/When-Code-Red-Attacks-Addressing-Vulnerabilities-Behind-Virus-Hysteria.aspx

Other Papers Like Malicious Code Attack

Security for Web Applications Essay

1022 words - 5 pages information. In 2013, Facebook has faced a security breach where 318,000 user accounts have been prone to cyber-attack. This happened due to the use of malicious key logger software called Pony. When the user goes to a particular website then the key logger software gets activated and the keystrokes of the user gets recorded and thereby getting the login information. Trust wave a privately held information security company that provides on demand security

Ddos Prevention Capabilities of Appcito Essay

2351 words - 10 pages . Web application attack vectors Injecting malicious code A common strategy used by unethical hackers is identifying code-intensive libraries or scripts that result in a lot of database queries and injecting a bug in the code. This could be in the form of injecting malicious SQL or PHP or Command codes. Browser-based Bots When a web visitor unsuspectingly visits a malicious website, the visitor’s computer is installed with browser-based bots

Networking and Security Issues

5170 words - 21 pages the action is malicious, some motivation or goal is generally behind the attack. For instance, the goal could be to disrupt normal business operations, thereby denying data availability and production. April 13, 2000, 3:55 P.M. Pacific time: The Web site for the Motion Pictures Association of America (MPAA) is suffering intermittent outages, and the organization suspects computer vandals are to blame. A source inside the organization

Building An Access Control System

996 words - 4 pages attacker has gained access, the goal of the attack fails is they are unable to maintain control. Covering tracks once an attacker has violated a system will destroy all evidence of his or her attacks. You could eliminate Trojans, viruses, and worms to your devices before catastrophic damage to your computer systems make it impossible to fix. Theses malicious bugs use different entry points as mentioned earlier. Trojans are able to enter through

How to Secure Your Systems

1690 words - 7 pages that could affect an organization at any time.   Whether it is a worm, Trajan horse, virus, back door hacking, or even Denial-of-Service, they are all serious threats and need to be stopped and prevented. As we know that malicious code can come in many forms, but their intent is all the same. They are built to either steal information, or destroy it. There are many ways in which organizations fall victim to types of malicious code. As we stated

The School of Cheating

1807 words - 8 pages force the machine into a botnet system which is part of DDOS attack. Some attacks that can be unintended or used out of pure intent of being malicious is to crash the victims PC, corrupt data and even format storage disks. Key loggers are often used in Trojan form. Worms are another type of virus that can infect a victim’s computer. The worm virus is designed to cripple computer networks and systems. One of the traits of the worm allows it to

Information Systems

1212 words - 5 pages can cause much damage to the infrastructure of our company. For an electronic attack it uses the power of electromagnetic energy as a weapon, but more commonly as an electromagnetic pulse to overload computer circuitry in a less violent form in order to insert a stream of malicious digital code directly into an enemy radio transmission. Finally, for a computer network attack this usually involves malicious code used as a weapon to infect enemy

Computer Data Security

838 words - 4 pages instance, when a Hacker tries to obtain private information or destroy your data. He can do this by sending phishing e-mails which are malicious e-mails pretending to be legitimate. In the second article title, “Technology: When IT Workers Attack.” INC.com. This article talks about an IT help desk employee who lost his job and took retribution against his former employer. He did this by implementing a logic bomb, which is a malicious code that

Network Security

1817 words - 8 pages website. Exploit Code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system or to provide unauthorized access to affected data or application. Firewall A security program that filters inbound and outbound network connections. In some ways you can think of firewalls as a virtual traffic cop, determining which traffic can go

Information Security

1620 words - 7 pages vulnerabilities. An expert hacker is a master of several programming languages, networking protocols, and operating systems. An unskilled hacker is one who uses scripts and code developed by skilled hackers. They rarely create or write their own hacks, and are unskilled in programming languages, networking protocols, and operating systems. Protecting against expert hackers is difficult because they use newly developed attack code not yet detectable by

Internet Mitigation

906 words - 4 pages for various reasons, which can cause a significant threat to users (Howe 2013). Web Application Vulnerabilities and Attacks Often spread by attachments in email messages, a computer virus is a program designed to perform malicious acts and cause disruption to your operating system or applications. A Trojan virus resembles a file or software program except that there is malicious code contained inside that appears to be a harmless (Meier

Related Essays

Attack Prevention Paper

969 words - 4 pages targeted group. Cyber Media states that 86% of all attacks are aimed at home users (2006). As attacks on home users increase, new techniques are surfacing, including the use of malicious code to attack web browsers and desktop applications. The following is a short review of some techniques that are easily employed and can help stem the tide of these criminal cyber-attacks: Although home users may not feel like they are connected to a network

Cyber Attack Prevention Essay

737 words - 3 pages closer to cyber-attack prevention. The prevention system has several functions. The functions include blocking malicious code, not blocking legitimate traffic while blocking malicious code, and remain scalable (Damico, 2009). In addition to intrusion prevention, home users should familiarize the techniques and tricks that hackers’ use (Damico, 2009). A couple of the tricks and techniques are as follows: o Scanning systems seeking the

Assignment 1 Top Security Threats

699 words - 3 pages malicious website in the victim’s status area. Zero-day vulnerabilities and rootkits Once inside an organization, a targeted attack attempts to avoid detection until its objective is met. Exploiting zero-day vulnerabilities is one part of keeping an attack stealthy since these enable attackers to get malicious applications installed on a computer without the user’s knowledge. Zero-day vulnerabilities become everyday vulnerabilities via

Top Security Threats Essay

752 words - 4 pages networking sites to mass-distribute attacks. In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area. Zero-day vulnerabilities and rootkits Once inside an organization, a targeted attack attempts to avoid detection until its objective is met. Exploiting zero-day vulnerabilities is one part of keeping an attack stealthy since these enable