Resistive RAM ( Resistive RAM (ReRAM) Technology ) Technology ...
RAM Assignment
of 2
-
Upload
archit-srivastava -
Category
Documents
-
view
215 -
download
0
Transcript of RAM Assignment
-
8/4/2019 RAM Assignment
1/2
OPERATING SYSTEM 2009
description: Conficker, also known as Downup, Downadup and Kido, is
a computer worm targeting the Microsoft Windows operating system that was
first detected in November 2008. It uses flaws in Windows software and
dictionary attacks on administrator passwords to propagate while forming abotnet*. Conficker has since spread rapidly into what is now believed to be
the largest computer worm infection since the 2003 SQL Slammer, with more
than seven million government, business and home computers in over 200
countries now under its control. The worm has been unusually difficult to
counter because of its combined use of many advanced malware techniques.
*[A botnet is a collection of compromised computers, termed bots, that are
used for malicious purposes. A computer becomes a bot when it runs a file,
typically from a drive-by download, that has bot software embedded in it.
Botnets are controlled via protocols such as IRC and http.]
vulnerability: INF/Conficker exploits the Microsoft Autorun feature to spread
itself on local as well as remote computers, i.e. computers connected in a
network. It drops an Autorun.inf file to the root of every removable media
connected to the computer and to the mapped network drives. It then
executes the code written inside the Autorun.inf file to download other
malicious files on the computer to infect it with worms and viruses. The
malicious content is downloaded with the help of remote servers that have
already been setup for such activities.
The size of the Autorun.inf file is of variable length and sometimes, the file
attributes have been set to as S (system) and H (hidden). Since, the windowsdefault settings have been set to Do not show system and hidden files; this
worm remains unnoticeable by the user and can only be detected with the
help of an antivirus.
The content of the Autorun.inf file is something similar to this.
shelLExECUte=RuNdLl32.EXE .\RECYCLER\S-x-x-xx-2819952290-8240758988-
879315005-xxx\jwgkvsq.vmx,ahaezedrn
Upon execution of the Autorun.inf file, the computer is infected with the
malicious content downloaded from remote servers. As the INF/Conficker
worm is injected locally, it doesnt exploit the MS08-067 vulnerability. So, if
you have patched the system to overcome the MS08-067 vulnerability, you
will not be able to stop this worm from execution.
threat:
risk: Five variants of the Conficker virus are known and have been dubbed
Conficker A, B, C, D and E
-
8/4/2019 RAM Assignment
2/2
Conficker A - Downloads from trafficconverter.biz
Updates self to Conficker B, C or D
Conficker B- HTTP pull
Downloads daily from any of 250 pseudorandom domains over 8TLDs[30]
Blocks certain DNS lookups
Disables AutoUpdate
Updates self to Conficker C or D
Conficker C - Creates named pipe to receive URL from remote host, then
downloads from URL
Updates self to Conficker D
Conficker D - Downloads daily from any 500 of 50000 pseudorandom
domains over 110 TLDs
Does an in-memory patch of DNSAPI.DLL to block lookups of anti-
malware related web sites.
Disables Safe Mode
Disables AutoUpdate
Kills anti-malware
Downloads and installs Conficker E
Conficker E - P2P push/pull
Uses custom protocol to scan for infected peers via UDP, then transfer
via TCP
impact:
