Hackers Underworld 2: Forbidden Knowledge

home *** CD-ROM | disk | FTP | other *** search

/ Hackers Underworld 2: Forbidden Knowledge / Hackers Underworld 2: Forbidden Knowledge.iso / HACKING / ISSM304.TXT < prev next >

Wrap

Text File | 1994-07-17 | 31KB | 570 lines

┌────── Information──────────────────────────────────────────────────┐ │ ░░░█ ░░░░░█ ░░░░░█ ░░█ ░░█ │ ├────── Systems ─────────── ░█ ── ░░░█ ── ░░░█ ─── ░░░░█ ── ░░░█ ────┤ │ ░█ ░░░░░█ ░░░░░█ ░░░░░░░░░░░░█ │ ├────── Security ────────── ░█ ───── ░░█ ─── ░░█ ─ ░░█ ─░░█ ─░░█ ────┤ │ ░░░█ ░░░░░█ ░░░░░█ ░░█ ░░█ │ └────── Monitor ─────────────────────────────────────────────────────┘ Dedicated to the pursuit of security awareness.............. =========================================================================== Volume 3 Number 4 October 1993 =========================================================================== IN THIS ISSUE: Public Debt Connects to Internet Computer Security Day Virus Analysis What's a User to Do? Welcome Aboard Jim's Corner Computer Speak Anti-Virus Procedures Token Training Steps ************************************** * * * Public Debt Connects to Internet * * by Joe Kordella * * * ************************************** Over the past few years, Public Debt computer users have seen a steady increase in the resources made available to them through the various networks to which they are attached. Through the FRCS-80 network it is possible to share mainframe applications developed by Public Debt with our partners at many of the Federal Reserve Bank sites. Our own PDLAN network allows us to share files within our workgroups and among our several sites in Washington and Parkersburg. Recently, the AIS Security Branch within the Office of Automated Information Systems (OAIS), expanded the range of such resources available to Public Debt personnel by establishing a gateway to the "Internet". The Internet was born about 20 years ago. At that time one of its antecedents, called the ARPAnet, was essentially an experimental network designed to support military research. Sometime later, ethernet technology and Local Area Networks (LANS) became commercially available. Organizations which invested in such tools quickly saw the advantage of connecting their local LANS to the larger ARPAnet and other similar networks. Benefits included access to shared information and greatly expedited communications throughout the country and the world. Over time, more and more networks were connected to each other and the resultant network of networks became known as the "Internet". The Security Branch's gateway allows Public Debt users to exchange E-mail with Internet users throughout the world. Users on the system located in Parkersburg can receive mail from individuals throughout the world as user@aisecur.bpd.treas.gov (where "user" is the individual's authorized ID on the Security Branch system.) The gateway also provides access to Internet "News Groups". News groups are the Internet equivalent of CompuServe "forums" or BBS "doors". They are essentially electronic meeting places for people of like interests to swap information and news items about a specific subject of interest. Security Branch's gateway carries news on a wide variety of computer and security related topics. Access to news groups gives Public Debt users access to world class resources, many of whom are willing to share their expertise in a spirit of cooperation and mutual help. Those desiring additional information on the Public Debt e-mail and news gateway should contact the AIS Security Branch or send them email at kclancy@aisecur.bpd.treas.gov . ******************** END OF ARTICLE ******************** //////////////////////////////////// / / / Computer Security Day, 1993 / / By The Editors / / / //////////////////////////////////// The 6th annual nation-wide observance of Computer Security Day is set for December 1, 1993. The primary goal of Computer Security Day is to focus attention on the vital problem of computer security by encouraging management of computer professionals everywhere to bring extra attention to the issues of computer security. Last year The Bureau of Public Debt participated by holding a contest to select the "Best Security Slogan" as submitted by the ISSM Newsletter readership. The slogans, plus the names of the submitters, were posted on the bulletin boards throughout Public Debt, also the slogans were printed in the ISSM Newsletter, along with photos of the participants. This year the Bureau will hold a contest for the "Best Security Poster". The poster can relate to any computer security-related topic. Submit your posters to AIS Security Branch, Poster Contest, Room 107 by March 31, 1994. Posters will be posted on the bulletin boards throughout Public Debt, and all submitters will receive a prize. ******************** END OF ARTICLE ******************** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ~ ~ Analysis of Garden Variety Computer Viruses in 5 Minutes ~ ~ (Well, Almost 5 Minutes...) ~ ~ By George Smith, Ph.D. ~ ~ ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (George can be contacted on CompuServe at 70743,1711 or via internet at 70743.1711@compuserve.com) Occasionally, as a network administrator you may run across a virus which isn't covered by any of your current protection schemes. Lucky you! In any case, analyzing the virus - once you've isolated it - need not be a traumatic affair, or even necessitate a call to an expert. In most instances, you are fully capable of handling the job. Don't let your mind be gripped by insecurity. Yes, I will say it again: "You, too, have the skill to analyze and disassemble computer viruses!" And this news piece will tell you how to get started. If you've discovered a virus, your first goal was to get rid of it. However you found it, you've set your colleagues to work eliminating files you suspect or are sure are infected. But you might want more information. The need for analysis and disassembly - or reverse engineering of the virus to the point where you adequately understand its instructions and purpose - arises. A real world example is the recent spread of the Butterfly virus within the Telemate communications program shareware archive. Because Telemate is a popular program, nearly everyone who received original copies of the recent version of Telemate also received copies of the Butterfly virus. Assume that you have users who use Telemate. All might have executed copies of the Butterfly virus. Simple VISUAL scrutiny of the Telemate programs with any common file viewing/listing utility (DOS, Windows, OS/2, PC Tools and Norton Utilities versions all include such tools) would have revealed the following: 0380 4E 8D B6 50 02 8D 96 2C-02 52 EB 3C B4 1A BA 80 N..P...,.R.<.... 0390 00 CD 21 33 C0 33 DB 33-C9 33 D2 33 F6 33 FF BC ..!3.3.3.3.3.3.. 03A0 FE FF BD 00 01 55 33 ED-C3 0B DB 74 19 B5 00 8A .....U3....t.... 03B0 8E 47 02 B8 01 57 8B 8E-48 02 8B 96 4A 02 CD 21 .G...W..H...J..! 03C0 B4 3E CD 21 33 DB B4 4F-5A 52 B9 07 00 33 DB CD .>.!3..OZR...3.. 03D0 21 73 18 E9 9F 00 FF 47-6F 64 64 61 6D 6E 20 42 !s.....******* B 03E0 75 74 74 65 72 66 6C 69-65 73 FF 8B D6 B8 02 3D utterflies.....= 03F0 CD 21 72 B5 8B D8 B4 3F-B9 04 00 8D 96 04 01 CD .!r....?........ The above shows a portion of a program infected with the Butterfly virus. Note the text "******* Butterflies" (Ed note: text has been sanitized, code is unchanged). This is not standard fare for any program and should raise an eyebrow, unless everyone on your staff is possessed of an unusual