Virus Droppers
Basically, a dropper is just what the name implies: a program designed to run and install (or "drop") a virus onto your system. The program itself is not infected or a virus because it does not replicate.
So, technically, a dropper should be considered a Trojan. Often, because the virus is hidden in the program code, a scanner will not detect the danger until after the virus is dropped onto your system.
It's a technical point, but there is a class of dropper that only infects the computer's memory, not the disk. These are given the name injector by some virus researchers. A Trojan program that installs a virus onto your system is called a dropper. Fortunately, because of technical difficulties, droppers are hard to program and therefore rare.
Some of the viruses help the attackers in gathering the resources required for conducting malicious activities like identity theft, DDOS, software license theft and phishing. Most of the viruses today belong to this category as there is a huge financial gain. These viruses drop various bots and key loggers that are used to carry these malicious activities. Bots are used to add the victim host machines to a Botnet that perform various activities.
Examples of such virus are Trojan-Dropper: W32/Trojan-Dropper
These are categories of computer virus. As a growth of internet and use of computer for communication and exchange of information are increases therefore computer virus and their types are increases. Here we are mentioned some important categories of computer viruses.
- Blue jacking
- Browser hijackers
- Chain letters
- Dialers
- Mobile phone viruses
- Mouse trapping
- Obfuscated spam
- Page-jacking
- Palmtop viruses
- Parasitic viruses
- Potential unwanted applications (PUAs)
- Zombies
Blue jacking - This is sending anonymous, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops. Blue jacking depends on the ability of Bluetooth phones to detect and contact other Bluetooth devices nearby. The Bluejacket uses a feature originally intended for exchanging contact details or ―electronic business cards.He or she adds a new entry in the phone‘s address book, types in a message, and chooses to send it via Bluetooth. The Bluejacket does not steal personal information or take control of your phone. Blue jacking can be a problem if it is used to send obscene or threatening messages or images, or to send advertising.
Browser hijackers – It changes the default home and search pages in your internet browser. Some websites run a script that changes the settings in your browser without your permission. This hijacker can add shortcuts to your ―Favorites‖ folder or, more seriously, can change the page that is first displayed when you open the browser. You may find that you cannot change your browser‘s start page back to your chosen site. Some hijackers edit the Windows registry so that the hijacked settings are restored every time you restart your computer. Others remove options from the browser‘s tools menu, so that you can‘t reset the start page. In every case, the intention is the same: to force you to visit a website.
Chain letters – This is emails that force you to forward copies to other people. Chain letters, like virus hoaxes, depend on you, rather than on computer code,to propagate them selves. The main types are; Hoaxes about terrorist attacks, premium-rate phone line scams, thefts from ATMs and so forth, False claims that companies are offering free flights, free mobile phones, or cash rewards if you forward email., Messages, which purport to be from agencies like the CIA and FBI, warning about dangerous criminals in your area, Petitions. They can also create unnecessary email traffic and slow down mail servers. In some cases the chain letter encourages people to send email to certain addresses, so that these are deluged with unsolicited mail.
Cookies – These are files on your computer that enable websites to remember your details. When you visit a website, it can place a file called a cookie on your computer. This enables the website to remember your details and track your visits. Cookies can be threat to confidentiality, but not to your data. Cookies have benefits for webmasters, as they show which web pages are well used, providing useful input when planning a redesign of the site. Cookies are small text files and cannot harm your data.
However, they can compromise your confidentiality. Cookies can be stored on your computer without your knowledge or consent, and they contain information about you in a form you can‘t access easily. And when you revisit the same website, this data is passed back to the web server, again without your consent. Websites gradually build up a profile of your browsing behavior and interests. This information can be sold or shared with other sites, allowing advertisers to match ads to your interests, ensure that consecutive ads are displayed as you visit different sites, and track the number of times you have seen an ad.
Dialers - These change the number used for dial-up internet access to a premium-rate number. Dialers are not always malicious. Legitimate companies that offer download or games may expect you to use a premium-rate line to access their services. A pop-up prompts you to download the dialer and tells you how much calls will cost. Other dialers may install themselves without your knowledge when you click on a pop-up message. These do not offer access to any special services – they simply divert your connection so that you access the internet via a premium-rate number. Broadband users are usually safe, even if a dialer installs itself. This is because broadband doesn‘t use regular phone numbers, and because broadband users don‘t usually have a dial-up modem connected.
Mobile phone viruses - This can be infected by worms that spread themselves via the mobile phone network. In 2004, the first mobile phone worm was written and uses the Symbian operating system, and is transmitted as a telephone game file (an SIS file). If you launch the file, a message appears on the screen, and the worm is run each time you turn the phone on thereafter. There are also conventional viruses that send messages to mobile phones to send text (SMS) messages to selected mobile numbers, but in cases like these the virus can‘t infect or harm the mobile phone.
Mouse trapping – It prevents you from leaving a website. If you are redirected to a bogus website, you may find that you cannot quit with the back or close buttons. In some cases, entering a new web address does not enable you to escape either. The site that mousetraps you will either not allow you to visit another address, or will open another browser window displaying the same site. Some mousetraps let you quit after a number of attempts, but others do not.
Obfuscated spam – This is email that has been disguised in an attempt to fool anti-spam software. Spammers are constantly trying to find ways to modify or conceal their messages so that your anti-spam software can‘t read them, but you can. This allows the spammer to write messages that anti-spam software ―sees quite differently from the way you see them. Spammers often include large amounts of hidden text, often cut from online reference books, to try to fool anti-spam software that assesses mail according to the frequency of certain key words.
Page-jacking - This is the use of replicas of reputable web pages to catch users and redirect them to other websites. Scammers copy pages from an established website and put them on a new site that appears to be legitimate. They register this new site with major search engines, so that users doing a search find and follow links to it. When the user arrives at the website, they are automatically redirected to a different site that displays advertising or offers of different services. Page-jacking annoys users and can confront them with offensive material. It also reduces revenue for legitimate websites, and makes search engines less useful. In some cases, page-jacking is used in phishing attacks.
Palmtop viruses – It provide new opportunities for viruses, but so far virus writers have shown little interest. Palmtops or PDAs run special operating systems – such as Palm and Microsoft Pocket PC. These are vulnerable to malicious code, but so far the risks are low. There are currently only a few items of known malware written for Palm. Virus writers prefer to target desktop systems, perhaps because they are more popular and allow viruses to spread rapidly via email and the internet. The real risk at present is that your palmtop will act as a carrier. When you connect it to a home or office PC to synchronize data, a virus that is harmless on the palmtop could spread to the PC, where it can do harm.
Parasitic viruses – It also known as file viruses, spread by attaching themselves to programs. When you start a program infected with a parasitic virus, the virus code is run. To hide itself, the virus then passes control back to the original program. The operating system on your computer sees the virus as part of the program you were trying to run and gives it the same rights. These rights allow the virus to copy itself, install itself in memory or make changes on your computer. Parasitic viruses appeared early in virus history but they can still pose a threat.
Potentially unwanted applications (PUAs) – These are programs that are not malicious but may be unsuitable on company networks. Some applications are non-malicious and possibly useful in the right context, but are not suitable for company networks. Examples are adware, dialers, non-malicious spyware, tools for administering PCs remotely, and hacking tools. Certain Anti-virus programs can detect such applications on users‘ computers and report them. The administrator can then either authorize the applications for use or remove them from the computers.
Zombies – It is a computer that is remotely controlled and used for malicious purposes, without the legitimate user‘s knowledge. A virus or Trojan can infect a computer and open a ―back door‖ that gives other users access. As soon as this happens, the virus sends a message back to the virus writer, who can now control the computer remotely via the internet. From now on, the computer is a ―zombie, doing the bidding of others, although the user is unaware. Collectively, such computers are called a ―Botnet. The virus writer can share or sell access to control his or her list of compromised computers, allowing others to use them for malicious purposes. For example, a spammer can use zombie computers to send out spam mail.
Up to 80% of all spam is now distributed in this way. This enables the spammers to avoid detection and to get around any blacklisting applied to their own servers. It can also reduce their costs, as the computer‘s owner is paying for the internet access. Hackers can also use zombies to launch a ―denial-of-service attack. They arrange for thousands of computers to attempt to access the same website simultaneously, so that the web server is unable to handle all the requests reaching it. The website thus becomes inaccessible.
