Eicon Networks S92 Manual do Utilizador descarregar pdf (Página 203)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 203

Viathenonemailroute:

IfGIAChasanantivirussolutionrunning,theemailattachmentmaybestripped

beforereachingtheendusers. Toworkaroundthis,wecan setupaFTPlocation

somewhereontheinternettohostthefile.Then,sendanemailtothecontactpeople

inGIACwithnoattachment.Intheemail,tellthemthatwerepresentasupplierwith

gooddealsforthem.Askthem tologontoourFTP anddownloadthe“catalog”file.

ForkBombsandViruses

Abovearejustexamplesofhowwecan“bypass”theunderfiredsecurity

architecture.The“files”weusecanbeamacrovirus,aforkbomboranythingelse.

AccordingtoRohitSingh,ForkBombsare:

“…programsorshellscriptswhich(either intentionallyoraccidentally)createnew

processesrepeatedly(usingthefork()systemcall.)Newprocessesarecreatedsofast

thatwithinnotimetheprocesstablegetsfilledupandthesystemcomestoagrinding

halt.Nootherprocesscanthenbe started,noteven'ps'toseewhotriggeredthatfork

bomb!Killingthatforkbombmeansyetanotherprocess,andthat’sexactlywhatis

scarce!AforkbombmightmeanpressingthebigRedbutton!”

76

AccordingtotheWordMacroVirusFAQ,aWordMacroVirus:

“…isamacro(listofinstructions)ortemplatefile(usuallywiththe.DOTextension)

whichmasquerades as legitimateMSWORDdocuments(usuallywiththeextension

*.DOC).Aninfected*.DOCfile,doesn'tlookanydifferenttotheaveragePCuser,as

itcanstillcontainanormaldocument.Thedifferenceisthatthisdocumentisreally

justatemplateormacrofile,withinstructions toreplicate,andpossiblycause

damage.M SWORDwillinterpretthe*.DOTmacro/templatefileregardlessof

extension,asatemplatefile.Thisallowsforitbeingpassedoffasalegitimate

document(*.DOC)ThisFAQtakesthepositionthatadocumentismeanttobeDATA,

andaMACROisatleastpartiallyexecutableCODE.Whenadocumenthasbeen

infected,ithasbeenmergedwithexecutablecodeinamultipartfile,partdata/part

76

http://rexgrep.tripod.com/rexfbdmain.htm

1 2 ... 198 199 200 201 202 203 204 205 206 207 208 209

Sem comentários

Eicon Networks S92 Manual do Utilizador Página 203