W 32 Bagle And W 32 Sdbot example essay topic

The top 10 malware threats of 2004 as taken from McAfee and defined by Symantec are as followed: Adware-180, Adware-Gator, Exploit-Byte Verify, Exploit-MhtRedir, JS / Noclose, W 32/Bagle, W 32/Mydoom, W 32/Nevsky, W 32/Sasser, W 32/Sdbot (family including sd bot, gao bot, poly bot, spy bot). The majority of these threats enter into our system under a different alias' or by hitching a ride on programs we download online. Adware-180 is a spy bot that monitors the activity its infected's do while online. This program will open up afflicted sites when it sees a certain keyword while searching online. When adware-180 is downloaded it creates a name for itself in the Microsoft registry, this registry then can fix itself it only partial parts of the adware are removed. Adware-Gator is one that I am o h to familiar with.

This adware drives me crazy! I will be searching online and all of a sudden down by my time and date a little box will pop up giving me alternative vacation prices or prescription prices. Gator (or gain as it says in my registry) gets downloaded onto the computer either manually or by sneaking itself in with another download. With this adware on the hard drive it allows websites to upload their content to your computer without your knowledge enabling them to display advertisements at the strangest times. Exploit-MhtRedir is a file that is considered "a malicious website to download and execute programs on your computer". It's file type is a Trojan horse, which disguises itself in order to promote unwanted HTML on your computer.

This Trojan only affects Microsoft internet explorer. W 32/Mydoom comes in an assortment of different subcategories ranging from category 1 to 2. The majority of the Mydoom worms are a category 2. The mass mailing worm that uses its own stp to send emails to people listed on the infected computers.

It allows unauthorized remote access. Once it finds the addresses of people it sends itself in attachments that say things like read the following attachment, please confirm, please read immediately etc. W 32/Sasser is one I think we all remember hearing about. This one gets onto your computer and scans IP addresses to find vulnerable computers.

It's wild threat is medium, the damage it causes is low but the distribution level of this worm is very high. The main threat of this worm is the fact that even though it is unable to infect Windows 95/98/ME it does take up a lot of space making it difficult for such programs as the Symantec removal tool to run. This worm is more or a nuisance then a threat. I was unable to find information using the Symantec definitions but through research using google I managed to find some information on the following: exploit-byte verify, JS / Noclose, W 32/Bagle, and W 32/Sdbot. Exploit-byte verify is a tool that uses the java applet to exploit certain security holes in internet explorer and the outlook programs. JS / Noclose is a javascript Trojan, when you access an infected website the Trojan will minimize internet explorer and will try to access other websites.

W 32/Bagle is a file that locates the Port 80 and tries to establish a connection and download unwanted files from a variety of different sites. The W 32/Sdbot is a worm that gets into the system and turns off programs such as anti-virus programs, it allows other to access your computer, drops more malware, reduces system security, reduces keystrokes, and installs itself in the registry.