Because of some suggestions, I'm going to try to gather some good programming resources in this

thread. If you know any good

websites, either post them here, or PM me and I'll add them to this post.

Tutorials, Books, Utils, Misc

* http://www.ebooksportal.org/ (Lots of Books)
* http://www.techbooksforfree.com/ (Free Books)
* http://www.freeprogrammingresources.com/books.html (Tutorials)
* http://programmersheaven.com/ ( tutorials, examples, utils)
* http://www.maththinking.com/boat/booksIndex.html ( books )
* http://computer.howstuffworks.com/ ( ALL )
* http://www.developer.com/
* http://programmingtutorials.com/ ( tutorials )
* http://www.sysinternals.com/ntw2k/utilities.shtml (freeware utils)
* http://www.wotsit.org/ ( file formats )
* http://www.catb.org/~esr/faqs/hacker-howto.html ( How to be a hacker )
* http://www.echoecho.com
* http://www.programmerstools.org/ (Windows Programming Tools)
* http://www.scriptsearch.com/
* http://www.oreilly.com/openbook/ (O'Reilly Books)
* http://sysadmin.oreilly.com/ ( O'Reilly Books)
* http://www.hoganbooks.com/freebook/webbooks.html
* http://www.informit.com/itlibrary/
* http://www.fore.com/support/manuals/home/home.htm
* http://www.cs.columbia.edu/netbook/ (The Network Book)
* http://www.cs.bell-labs.com/cm/cs/pearls/
* http://202.159.16.55/~pimpa2000
* http://202.159.15.46/~om-pimpa/buku
* http://www.eastcoastfx.com/docs/admin-guides/
* http://www.eastcoastfx.com/~jorn/reading/
* http://www.cs.monash.edu.au/~alanf/se_proj97/
* http://www.redbooks.ibm.com/
* http://solaris.inorg.chem.msu.ru/cs-books/
* http://sweetrude.net/~cab/books/
* http://alaska.mine.nu/books/
* http://poprocks.dyn.ns.ca/dave/books/
* http://58-160.skarland.uaf.edu/books/
* http://202.186.247.194/~ebook/
* http://hooligans.org/reference/
* http://freecomputerbooks.com/
* http://sleekfreak.ath.cx:81/books/
* http://www.cs.wisc.edu/~chilimbi/Pubs.html
* http://www.sysadminmag.com/
* http://www.dotcomma.org/
* http://www.dspguide.com/pdfbook.htm (Digital Processing)
* http://sunsite.auc.dk/hwb/ (The Hardware Book)
* http://www.b213.net/ (Huge Library on Everything)

Visual Basic / *Basic

* http://www.freevbcode.com/
* http://www.vbtutor.net/vbtutor.html
* http://www.a1vbcode.com
* http://www.vbip.com
* http://www.vbcode.com
* http://www.qbasic.com/ (QBasic)
* http://www.vb-world.net/books/

Java

* http://java.sun.com/ ( API's, Examples, Tutorials )
* http://www.mindprod.com/jgloss.html
* http://java.sun.com/
* http://www.javafaq.nu/
* http://www.mindview.net/Books/TIJ/ (Book, Thinking in Java)
* http://polaris.cis.ksu.edu/~schmidt/CIS200/
* http://www.cs.brown.edu/courses/cs016/book/

TCL / TK

* http://tcl.tk ( Tcl/Tk info, with man pages )

Source Code / Examples

* http://oopsilon.com
* http://sf.net
* http://www.planetsourcecode.com
* http://www.hotscripts.com

ASM

* http://asmcompo.org ( ASM Competition )
* http://webster.cs.ucr.edu/AoA/DOS/ (Art of ASM Book)
* irc://irc.efnet.co.uk/asm ( ASM on IRC )
* http://linuxassembly.org/ ( Linux ASM )
* http://intel.com/ ( Intel )
* http://amd.com/ ( ASM Manual )
* http://www.madwizard.org ( x86 ASM )
* http://win32asm.cjb.net/ ( x86 ASM )
* http://www.masm32.com ( x86 ASM )
* http://nasm.sourceforge.net/wakka.php?wakka=HomePage ( x86 ASM )

OS Development

* irc://irc.freenode.com/osdev ( OS/Low Level projects )
* http://my.execpc.com/~geezer/osd/

Windows Programming / .NET

* http://www.winprog.net
* http://msdn.microsoft.com/
* http://www.codeproject.com

Python

* http://www.python.org/topics/learn/
* http://www.awaretek.com/tutorials.html
* http://diveintopython.org/
* http://www.tutorialized.com/tutorials/Python/1
* http://www.techtutorials.info/python.html
* http://www.techiwarehouse.com/Python..._Tutorial.html

Delphi

* http://www.delphi3000.com
* http://www.delphicity.com
* http://www.delphibasics.co.uk/
* http://delphi.about.com/
* http://www.lmc-mediaagentur.de/dpool.htm

C / C++

* http://www.cplusplus.com/
* http://c.rm-f.net
* http://www.eskimo.com/~scs/C-faq/top.html
* http://www.cprogramming.com/
* http://davidrobins.net/code/cpp/EFnet_cpp_faq.html
* http://cplus.about.com/od/beginnerct...blcplustut.htm
* http://www.eskimo.com/~scs/cclass/notes/top.html
* http://www.strath.ac.uk/IT/Docs/Ccourse/
* http://www.cm.cf.ac.uk/Dave/C/CE.html
* http://www.cprogramming.com/tutorial.html
* http://www.cs.virginia.edu/c++programdesign/slides/
* http://www.icce.rug.nl/docs/cplusplus/cplusplus.html

Game Programming / Graphics / AI Programming

* http://www.gamedev.net/ (game programming)
* http://ai-depot.com/Features/Tutorials.html ( AI Programming )
* http://nehe.gamedev.net/ (Some great OpenGL Tutorials)
* http://gpwiki.org/

Markup Languages

* http://www.w3schools.com/
* http://webmonkey.wired.com/webmonkey/programming/

PHP

* http://www.php.net/
* http://www.w3schools.com/php/default.asp
* http://webmonkey.wired.com/webmonkey...php/index.html
* http://www.webscriptsdirectory.com/P...uthentication/
* http://www.hotscripts.com/PHP/Script...uthentication/
* http://www.phpfreaks.com/scripts/Use...ication/16.php
* http://simplythebest.net/scripts/php...n_scripts.html
* http://www.phpscriptsearch.com/0/PHP...uthentication/
* http://www.php-csl.com/snippets/
* http://www.phpbuilder.com/snippet/
* http://www.spoono.com/php/snippets/
* http://fundisom.com/phpsnippets/snip
* http://www.phpsnippets.net/
* http://www.faqts.com/ (FAQ)
* http://www.phpwizard.net (Building dynamic sites with PHP)
* http://www.evilwalrus.com/
* http://www.thescripts.com/serversidescripting/php
* http://www.security-forums.com/forum/php.ASPTear (Resource List)

Perl / CGI

* http://www.cpan.org (Modules)
* http://www.gossland.com/course/index.html (tutorial)
* http://www.perlmonks.org/index.pl?node=Tutorials (tutorials)
* http://archive.ncsa.uiuc.edu/General...ing/PerlIntro/ (tutorial)
* http://www.sthomas.net/oldpages/robe...l-tutorial.htm (tutorial)
* http://www.cgi101.com/
* http://www.perlarchive.com/
* http://www.webdesigns1.com/perl/ir.html
* http://www.ictp.trieste.it/texi/perl/perl_toc.html
* http://www.itknowledge.com/tpj/http:...com/~mjd/perl/

Lisp

* http://www.gigamonkeys.com/book/ Free Common Lisp Book
* http://salaam.cs.buap.mx/EBOOKS/IA/MANUAL-LISP/
* http://www.cs.tulane.edu/www/Villamil/lisp/

JavaScript

* http://www.downloadfreetrial.com/scr...ntication.html
* http://www.tutorialized.com/tutorial...thentication/1
* http://www.refdev.com/free_scripts/J...uthentication/
* http://www.scriptsbank.com/JavaScrip...uthentication/
* http://www.javascript.com
* http://javascript.internet.com/

DHTML

* http://www.fwzone.net/showDetail.asp...=6&NewsId=4204
* http://www.designerwiz.com/roberto/d...fects_list.htm
* http://www.creativephp.com/Dhtml/Dhtml.php3
* http://dynamicdrive.com/

ASP

* http://www.allthescripts.com/browse-69-0.html
* http://www.webscriptsdirectory.com/A...uthentication/
* http://www.codejunction.com/scripts/...authentication
* http://www.matrix28.com/asp/User_aut...ation/index.pl
* http://www.asp101.com/
* http://www.4guysfromrolla.com/
* http://www.asptoday.com/
* http://haneng.com/

Ruby

* http://www.ruby-lang.org/

__________________

Hacking / Security

* http://www.hackthissite.org/
* http://www.cyberarmy.com/zebulun/
* http://loginmatrix.com/hackme/
* http://www.try2hack.nl/
* http://roothack.org/
* http://www.pulltheplug.com/
* http://www.hellboundhackers.org/
* http://www.rootthisbox.org/
* http://theory.lcs.mit.edu/~rivest/crypto-security.html
* http://www.oberlin.edu/~brchkind/cyphernomicon/
* http://www.cacr.math.uwaterloo.ca/hac/ (Handbook of Applied Cryptography)
* http://www.tunix.kun.nl/ptr/tcpip.html
* http://www.cisco.com/univercd/cc/td/doc/product/ (Cisco Product Documentation)
* http://www.rsasecurity.com/
* http://www.kremlinencrypt.com/
* http://cryptography.org/freecryp.htm
* http://world.std.com/~franl/crypto/
* http://www.e4m.net/
* http://www.cybercrime.gov/crypto.html
* http://www.crypto.com/
* http://www.cryptome.org
* http://www.security-forums.com/crypto
* http://www.skuz.net/
* http://packetstormsecurity.nl/trojans/
* http://www.trojanforge.net/
* http://www.areyoufearless.com/
* http://www.dark-e.com
* http://www.sub7.net/
* http://bo2k.sourceforge.net/
* http://www.tlsecurity.net/amt.htm
* http://www.cultdeadcow.com/
* http://www.anti-trojan.org/
* http://www.sophos.com/
* http://vil.mcafee.com/ (Virus Library)
* http://www.firewallguide.com/
* http://www.softbytelabs.com/Frames.html (Black Widow)
* http://sandsprite.com/Sleuth (Web Sleuth)
* http://www.aspalliance.com/mtgal/source_code/tsql.exe (Tsql)
* http://www.immunitysec.com/spike.html (Spike Proxy)

XML

* http://www.devx.com/xml/
* http://www.xml101.com

Object Oriented Programming

* http://www.oopweb.com/

SQL / Databases

* http://www.mysql.com
* http://www.postgresql.org/
* http://w3.one.net/~jhoffman/sqltut.htm
* http://www.doc.mmu.ac.uk/STAFF/E.Ferneley/SQL/index.htm
* http://www.daimi.au.dk/~oracle/sql/index.html

Linux / Unix

* http://www.linuxdoc.org/docs.html (Linux documentation)
* http://www.freebsd.org/tutorials/ (FreeBSD documentation)
* http://osiris.imw.tu-clausthal.de:8888/ (Sun documentation)
* http://uran.vvsu.ru:8888/ (Sun documentation)
* http://tronche.com/gui/x/
* http://www.cen.com/mw3/refs.html
* http://www.gaijin.com/X/
* http://developer.gnome.org/doc/GGAD/ggad.html
* http://www.troll.no/qt/
* http://www.arrakis.es/~rlarrosa/tutorial.html
* http://www.ucs.ed.ac.uk/~unixhelp/index.html
* http://www.uwsg.indiana.edu/usail/
* http://www.franken.de/users/lorien/unix.html
* http://www.cs.buffalo.edu/~milun/unix.programming.html
* http://www.pathname.com/fhs/2.0/fhs-toc.html
* http://www.linuxbase.com/

ADA

* http://www.adahome.com/Tutorials/

Cobra

* http://www.iona.com/hyplan/vinoski/

Source : http://www.elitehackers.info/forums/showthread.php?t=13

Language Tutorials --&-- Compilers & Interperters below


* C + + *


Generic Programming--
Code:
http://www.cs.rpi.edu/~musser/gp/index.html

STL Programmer's Guide--
Code:
http://www.sgi.com/Technology/STL/

C+ + Archive--
Code:
http://www.austinlinks.com/CPlusPlus/


-------------------------------------------------------------------------


* C *


C Programming--
Code:
http://www.strath.ac.uk/CC/Courses/NewCcourse/ccourse.html

10 Commandments of C Programming--
Code:
http://www.plethora.net/%7Eseebs/c/10com.html

C History--
Code:
http://cm.bell-labs.com/cm/cs/who/dmr/chist.html

Debugging C Programs--
Code:
http://www.csd.uwo.ca/%7ejamie/C/HowToDebugC-Intro.html

Notes on Programming in C--
Code:
http://www.lysator.liu.se/c/pikestyle.html

Programming in C--
Code:
http://www.lysator.liu.se/c/

The International Obfuscated C Code Contest--
Code:
http://www.ioccc.org/


----------------------------------------------------------------------


* C# *


C# Tutorials--
Code:
http://csharpcomputing.com/Tutorials/TOC.htm

More C# Tutorials--
Code:
http://www.softsteel.co.uk/tutorials/cSharp/cIndex.html

The Advanced C#/.NET Tutorial--
Code:
http://my.execpc.com/~gopalan/dotnet/net_tutorial.html

C# Station Tutorial--
Code:
http://www.csharp-station.com/Tutorial.aspx

C# Tutorials For Beginners--
Code:
http://www.csharphelp.com/archives2/archive402.html

C# Stuff--
Code:
http://www.jaggersoft.com/csharp.html


----------------------------------------------------------------------


* PERL *


PERL FAQ's--
Code:
ftp://ftp.duke.edu/pub/perl/doc/manual/html/pod/perlfaq.html

SAGE - Perl Practicum--
Code:
http://www.usenix.org/publications/perl/perlindex.html

PERL Tutorial--
Code:
http://docs.rinet.ru:8083/Perl5_examples/

The Site For People Learning PERL--
Code:
http://learn.perl.org/

PERL Documentation--
Code:
http://www.perl.com/


----------------------------------------------------------------------


* LISP *


Allegro Common Lisp--
Code:
http://www.franz.com/support/documentation/6.2/doc/contents.htm

Common LISP : An Interactive Approach--
Code:
http://www.cse.buffalo.edu/~shapiro/Commonlisp/

Common LISP : A General Introduction--
Code:
http://www-2.cs.cmu.edu/~dst/LispBook/

----------------------------------------------------------------------


* JAVA || EJB || Applets || JAVA Media *



JAVA Training--
Code:
http://www.ejbnow.com/

Portal For Java Application Servers--
Code:
http://www.app-serv.com/

(EJB) Technology Fundamentals *BY* jGURU--
Code:
http://developer.java.sun.com/developer/onlineTraining/EJBIntro/

JAVASoft Applets--
Code:
http://java.sun.com/applets/index.html

Intel Media Framework--
Code:
http://www.intel.com/technology/comms/cn11031.htm

JAVA Media Framework-- (API)--
Code:
http://java.sun.com/products/java-media/jmf/index.jsp


----------------------------------------------------------------------


* ASP .NET *


Official ASP .NET Website--
Code:
http://www.asp.net/Tutorials/quickstart.aspx

Learn ASP--
Code:
http://www.learnasp.com/learnasp

ASP in 15 Seconds--
Code:
http://www.15seconds.com/

Resource Directory || ASP--
Code:
http://www.123aspx.com/


----------------------------------------------------------------------


* Databases - Data Mining *


Oracle Underground--
Code:
http://www.orafaq.org/faqmain.htm

Data Mining--
Code:
http://www.almaden.ibm.com/software/disciplines/iis/


----------------------------------------------------------------------


* Visual C++ *


FunctionX VC++ Tutorial--
Code:
http://www.functionx.com/vcnet/

Visual C++ Tutorials--
Code:
http://www.freeprogrammingresources.com/visualcpp.html

VC++ - Guide, Tutorials and Documentation--
Code:
http://www.experts-exchange.com/Programming/Programming_Languages/MFC/Q_20171552.html?qid=20171552


----------------------------------------------------------------------


* JAVAScript *



JAVAScript Tutorials--
Code:
http://www.w3schools.com/js/default.asp

Beginning JAVAScript--
Code:
http://pageresource.com/jscript/

JAVAScript kit--
Code:
http://www.javascriptkit.com/

JAVAScript For The Total Non Programmer--
Code:
http://www.webteacher.com/javascript/

Definitive javascript--
Code:
http://www.javascript.com/


----------------------------------------------------------------------


* Visual Basic.NET *


Complete VB.NET--
Code:
http://www.htservices.com/Tools/VBandC/

VB For Developers--
Code:
http://www.developers.net/all_content/Focus/Visual%20Basic

CodeGuru--
Code:
http://www.codeguru.com/

VB.NET Heaven--
Code:
http://www.vbdotnetheaven.com/Sections/Tutorials.asp

Programming Tutorials -- VB--
Code:
http://www.programmingtutorials.com/vbnet.aspx

Code Project VB--
Code:
http://www.codeproject.com/vb/net/

Windows Forms VB.NET--
Code:
http://www.xml.com/pub/r/1212


----------------------------------------------------------------------



* Visual Studio *


VBMW--
Code:
http://www.vbwm.com/pagestore/resources.asp

SitePoint Tutorials--
Code:
http://www.sitepoint.com/subcat/asp

Complete VB--
Code:
http://www.aspfree.com/c/b/VB.NET/

Abstract VB--
Code:
http://abstractvb.com/



----------------------------------------------------------------------



* Python *



Beginners Guide to Python--
Code:
http://wiki.python.org/moin/BeginnersGuide

Python 201 -- (Slightly) Advanced Python Topics--
Code:
http://www.rexx.com/~dkuhlman/python_201/python_201.html

Dive Into Python--
Code:
http://diveintopython.org/

Learn to Program with Python--
Code:
http://www.dickbaldwin.com/tocpyth.htm

Learn to Program a Game with Python
Code:
http://ibiblio.org/obp/py4fun/lode/lode.html


*** Huge List of Python Tutorials ***
Code:
http://www.awaretek.com/tutorials.html


----------------------------------------------------------------------




* Fortran *


Fortran 90 CNL Articles--
Code:
http://wwwasdoc.web.cern.ch/wwwasdoc/f90.html

An Open MP Fortran 95 Tutorial--
Code:
http://www.openmp.org/drupal/presentations/miguel/F95_OpenMPv1_v2.pdf

Fortran 77 Tutorials--
Code:
http://www.strath.ac.uk/CC/Courses/fortran.html

High Performance Fortran in Practice--
Code:
http://www.cs.rice.edu/~chk/hpf-tutorial.html

Modular Programming with Fortran 90--
Code:
http://www.liv.ac.uk/HPC/HTMLF90Course/HTMLF90CourseSlides.html



----------------------------------------------------------------------



* Ada *



Ada 95 - The Craft of Object-Oriented Programming--
Code:
http://www.it.bton.ac.uk/staff/je/adacraft/

Learn Ada--
Code:
http://www.scism.sbu.ac.uk/law/lawhp.html

Quick Ada--
Code:
http://goanna.cs.rmit.edu.au/~dale/ada/aln.html

Ada In Action--
Code:
http://www.cs.kuleuven.ac.be/~dirk/ada-belgium/aia/contents.html

Ada Home: The Web Site for Ada--
Code:
http://www.adahome.com/


----------------------------------------------------------------------
----------------------------------------------------------------------


Programming Compilers and Interpreters


Ada

Code:
https://libre2.adacore.com/index.html


http://www.seas.gwu.edu/~mfeldman/ez2load.html


http://homepage.sunrise.ch/mysunrise/gdm/gnatdos.htm


C#

Code:
http://msdn.microsoft.com/vstudio/express/visualCsharp/default.aspx


http://www.mono-project.com/CSharp_Compiler


http://www.borland.com/products/downloads/download_csharpbuilder.html


C/C++

Code:
http://msdn.microsoft.com/vstudio/express/visualC/default.aspx


http://www.bloodshed.net/devcpp.html


http://www.borland.com/products/downloads/download_cbuilder.html


Fortran

Code:
http://www.intel.com/cd/software/products/asmo-na/eng/compilers/flin/219857.htm


http://gcc.gnu.org/fortran/


http://www.scai.fhg.de/EP-CACHE/adaptor/www/adaptor_home.html

Java

Code:
http://java.sun.com/j2se/index.jsp


http://www.excelsior-usa.com/jetdleval.html


http://www.blackdown.org/


PERL

Code:
http://www.perl.com/download.csp


http://www.activestate.com/Products/ActivePerl/


Python

Code:
http://www.python.org/download/


http://www.activestate.com/Products/ActivePython/

Many Many Great Photoshop Tutorials!
________________________________________
Code:
http://www.heathrowe.com/tutorials.asp

http://www.shiver7.com/?p=tutorials&section=Photoshop

http://www.pslover.com/

www.pixel2life.com
www.good-tutorials.com
http://www.tutorialized.com/tutorials/Photoshop/1

How to bypass the DRM of Microsoft’s Zune

Every song that you send to someone else from your Zune is restricted to a limit number of plays before it becomes useless on the recipients Zune. This is really bad if you want to swap music files that you created on your own for example. There is however a (rather complicated) way to transfer files from one Zune to the other without those DRM restrictions. First you need to enable hard drive mode in your operating system.
To enable hard drive mode you need to change some registry settings. (without the Zune connected and the Zune software running)
• Browse to HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\USB\
• Search for “PortableDeviceNameSpace”. This should be contained in the Vid_####&Pid_####\########_-_########_-_########_-_########\Device Parameters within the above …\USB\ The ##’s listed here will be numbers and letters specific to your Zune
• Change the following values:
• EnableLegacySupport to 1
• PortableDeviceNameSpaceExcludeFromShell to 0
• ShowInShell to 1

This ensures that you can access the Zune from My Computer to drag and drop files to and from it.

The trick so send files without the DRM restrictions would be to rename those files to .jpg and send them to the other Zune with one valid jpg file.

Now, take your Zune and send the folder containing these files to your buddy along with a real photo. If you only send a fake photo, an error is thrown. The last step is to have your friend sync the Zune with their computer, open the “containing folder” where the files were downloaded, and rename the files back to their correct extension.
If you do not apply the storage hack before and use the Zune software to rename the files an error will appear. This is only working with the hard drive hack.

Change Registered Name and Company in WindowsXP
________________________________________
Goto Run
Type regedit.exe
Navigate to
Quote:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
Change the values of Registered Owner and Registered Organization

FAQs about Trojans

1.Intro:
Trojan Horses pose one of the most significant threats to the Windows OS, thus exposing sensitive information to malicious attackers, as well as providing them with full access to the computer, which often results in further illegal activities done via the infected computer. This paper will cover the Windows Trojans topic in-depth, it will highlight a lot of the important aspects, but will also act as a FAQ, summarizing the topic in a brief, easy to understand, yet effective and informative way.

2.What is a Trojan horse?
Basically a Trojan horse can be defined as:
• An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.
• A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.

[list]
• Any program that appears to perform a desirable and necessary function but (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.

The trojan has borrowed it's name from the old mythical story about how the Greeks gave their enemy a huge wooden horse as a gift, but after the enemy accepted it, during the night the Greek soldiers crept out of the horse and conquered the city.

3.How do Trojans work?
Most trojans come in two parts, a Client, and a Server, but there are exceptions where the trojan does not need a Client, as it's able to automatically do what it was intended to do (stealing passwords, business data etc.), without any intervention from the attacker. However those who use both Client and Server in order to operate need assistance from the attacker. Once the victim runs the Server (unknowingly), the attacker will use a port to connect to the Server (your computer) and start using the Trojan.TCP/IP is the usual protocol used, but there are exceptions using ICMP, and UDP as well. When the Server is executed on the victim's machine, it will hide itself somewhere within the computer and start listening on the specified by the attacker port. However there are trojans that automatically listen for incoming connections once run, which will wait a period of time to reduce the risk of being detected.

It's necessary for the attacker to know the victim's IP address to connect to his/her machine. Many trojans have features such as the ability to mail the victim's IP, as well as the ability to message the attacker via ICQ or IRC. This is used when the victim has a dynamic IP, which means that every time you connect to the Internet you
get a different IP (most of the dial-up users have this). ADSL users have static IPs so the infected IP is always known to the attacker and this makes it considerably easier to connect to your machine.

Most of the Trojans use Auto-Starting Methods in order to auto-run each time your computer is started. These methods include, but are not limited to, using the Windows Registry, using some of the Windows's System Files, as well as using third party configuration files.

System files are located in the Windows Directory. Here is a brief explanation of most of the common auto-starting methods that use the Windows System Files:

Autostart Folder
The Autostart folder is located in C:\Windows\Start Menu\Programs\startup and as its name suggests, automatically starts everything placed within this folder.

Win.ini
Windows system file using load=Trojan.exe and run=Trojan.exe to execute the Trojan.

System.ini
Using Shell=Explorer.exe trojan.exe results in execution of every file after Explorer.exe

Wininit.ini
Mostly used by Setup-Programs. Once it is run, it is auto-deleted, which is very handy for trojans to restart.

Winstart.bat
Acting as a normal bat file, the trojan is added as @trojan.exe to hide its execution from the user.

Autoexec.bat
It's a DOS auto-starting file and it's used as an auto-starting method like this -> c:\Trojan.exe

Config.sys
Could also be used as an auto-starting method for trojans

Explorer Startup
Is an auto-starting method for Windows95, 98, ME and if c:\explorer.exe exists, it will be started instead of the usual c:\Windows\Explorer.exe, which is the common path to the file.

Windows Registry is another commonly used place regarding the auto-starting methods of the Trojans. Here are some known ways:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Info"="c:\directory\Trojan.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Info"="c:\directory\Trojan.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices]
"Info"="c:\directory\Trojan.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServicesOnce]
"Info="c:\directory\Trojan.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Info"="c:\directory\Trojan.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce]
"Info"="c:\directory\Trojan.exe"

- Registry Shell Open

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command]

A key with the value "%1 %*" should be placed there and if there is some executable file placed there, it will be executed each time you open a binary file. It's used like this: trojan.exe "%1 %*"; this would restart the trojan.

- ICQ Net Detect Method

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\App s\]

This key includes all the files that will be executed when ICQ detects an Internet connection. As you can understand, this feature of ICQ is very handy but it's frequently abused by attackers as well.

- ActiveX Component

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\InstalledComponents\KeyName]
StubPath=C:\directory\Trojan.exe

All of the aforementioned methods are well known to the community, although you should not rely on them (by checking these Registry Entries, as well as the System Files ones) as a foolproof method for detecting Trojans, because new methods are discovered literally every day.

4.What are their functions?
Windows Trojans vary in their functions and abilities, although here's a brief summary of the most common ones:
• Change the victim's resolution. This function displays a list with all the resolutions available on the victim's computer and the attacker just pick one and hit "change it!”, after that you'll have your resolution changed
• Notify. The attacker is notified by e-mail, ICQ, IRC when you're online, as well as your IP if you have a dynamic one
• Processes monitoring. The attacker has the ability to monitor all of your processes, start new ones, as well as the ability to kill current one.
• Registry editor. It gives to the attacker, the ability to view/create/delete/change everything in the registry.
• Find files feature. Provides the attacker with the opportunity to find any file on the hard drive, if he/she is looking for something particular
• ScrollLock, CapsLock, NumLock can be turned ON and OFF by the attacker, this function is defined as a "fun" one.
• Disconnect victim. The attacker can hang up the victim's connection to the net at anytime.
• Screenshot. The attacker can make screenshots of your activities, which are directly transferred to his/her computer, however there are more advanced functions including Web Cam monitoring, as well as microphone recording, if you have any of these of course.
• Flip Screen. That's an obvious one, and it's again considered as a "fun" one
• Hide/Show the victim's desktop icons. Annoying the victim is what amuses people sometimes.
• FTP server. This option turns your PC into a FTP server accessible by the whole world, or to the attacker only.
• Open the browser at an address specified by the attacker.
• Hide/show the Start button.
• Enable/Disable keyboard.
• Chat with the victim. Interesting function enabling the attacker to open an ICQ look-alike chat with the victim.
• Start/stop the victim's PC Speaker.
• Restart windows.
• Open/Close the CD-ROM tray
• Turn monitor on/off.
• Get more information about the victim's computer. For exmaple: windows version, user name, company name, screen resolution, etc.
• File manager. This function acts as an explorer for the attacker while browsing through your system.
• Retrieve passwords. This function will provide the attacker with the recorded passwords on your computer.
• KeyLogger. Logs all of the keys you've pressed, could be achieved in offline/online mode.

There you have the most common Trojan's functions. As you've noticed most of these could be, and are, pretty dangerous and destructive ones.

5.How dangerous are they?
Windows Trojans represent a large security threat to your computer. Here I'll cover various scenarios, as well as provide you with further information so that you'll be able to realize how dangerous they are indeed.

As you've noticed while reading all of the aforementioned functions, they can be pretty dangerous. The attacker can have access to ALL of your files, personal information, sensitive work projects, and other confidential information just using the Keylogger, and the Explorer functions. In most cases the attacker will be looking for:
• Credit Card Information (often used for domain registration, shopping with your credit card).
• Any accounting data (E-mail passwords, Dial-Up passwords, WebServices passwords, etc.).
• Email Addresses (Might be used for spamming, as explained above).
• Work Projects (Steal your presentations and work related papers).
• Children's names/pictures, Ages (pedophile attacker?!).
• Schoolwork (steal your papers and publish them with his/her name on it).

You should realize that Trojans can be very destructive, and that they're not only used to delete files, but to steal people's work, job projects, and many other illegal activities.

On the other hand some advanced attackers will use your computer in order to commit further online crimes, and involve you in other illegal activities, thus turning your computer into a proxy, enabling them to move through your computer without any traces left, before they reach their potential aim. It can be illustrated as:

attacker--->your computer--->computer to be attacked
(turned into a proxy)

As you can see this is extremely dangerous to you, as the traces will lead back to you, no matter what is the attacker doing while having access to your PC, in 99% of the cases it will be an illegal activity.

You can contribute to a DDoS (Distributed Denial Of Service Attack), as your computer might be turned into the so called "zombie", proving the attacker with the ability to use your bandwidth for flooding and causing damage to other networks.

6.What are the most common Trojans?
Here are the most popular kinds, although most of these represent a combination of several more, and let's not forget the non-public ones, which will never be released to the public, and are used for the attacker's illegal activities, those are some of the most dangerous ones.

Remote Access Trojans (RAT's)
These are probably the most publicly used Trojans, simply because they give the attackers the power to do more things on the victim's machine than the victim himself, while standing in front of the machine. The idea of these Trojans is to give the attacker COMPLETE access to someone's machine, and therefore access to files, private conversations, accounting data, etc.

Password Sending Trojans
The purpose of these trojans is to rip all cached passwords and also look for other passwords you're entering, then sends them to a specific mail address without the user noticing anything. Passwords for ICQ, IRC, FTP, HTTP or any other application that require a user to enter a login+password are being sent back to the attacker's e-mail address.

Keyloggers
These trojans are very simple. The only thing they do is to log the keystrokes of the victim and then let the attacker search for passwords or other sensitive data in the log file. Most of them come with two functions such as online and offline recording. Of course they could be configured to send the log file to a specific e-mail address on a daily basis.

Destructive
The only function of these trojans is to destroy and delete files. This makes them very simple and easy to use. They can automatically delete all your core system files (for example: .dll, .ini or .exe files, possibly others) on your machine.

Denial Of Service (DoS) Attack Trojans
These trojans are becoming very popular these days, giving the attacker the power to start a DDoS if having infected enough victims of course. The main idea is that if you have 200 ADSL users infected and start attacking the victim simultaneously, this will generate a LOT of traffic (more then the victim's bandwidth, in most cases) and its the access to the Internet will be shut down. WinTrinoo is a DDoS tool that has become really popular recently, and if the attacker has infected many ADSL users, major Internet sites could be shut down as a result, as we've seen it happened in the past few months.

Another variation of a DoS trojan is the mail-bomb trojan, whose main aim is to infect as many machines as possible and simultaneously attack specific e-mail address/addresses with random subjects and contents which cannot be filtered.

Proxy/Wingate Trojans
An interesting feature implemented in many trojans is the ability to turn the victim's computer into a proxy/wingate server available to the whole world or only to the attacker. It's used for anonymous Telnet, ICQ, IRC, etc., and also to register domains with stolen credit cards and for many other illegal activities. This gives the attacker complete anonymity and the chance to do everything from YOUR computer and if he/she gets caught the trace leads back to you.

FTP Trojans
These trojans are probably the simplest ones and are kind of outdated as the only thing they do is open port 21(the port for FTP transfers) and let EVERYONE connect to your machine or only the attacker. Newer versions are password protected so only the one that infected you may connect to your computer.

Software Detection Killers
There are such functionalities built into some trojans, but there are also separate programs that will kill ZoneAlarm, Norton Anti-Virus and many other (popular anti-virus/firewall) programs that protect your machine. When they are disabled, the attacker will have full access to your machine, enabling the attacker to perform some illegal activity, use your computer to attack others and often disappear. Even though you may notice that these programs are not working or functioning properly, it will take you some time to remove the trojan, install the new software, configure it and get back online with some sense of security.

FAQs About Trojans-Part 2

Dear Friendz, in Part-1 i specified some of the FAQs about Trojans, their types, their features etc.
Now its time to know about how badly they r infected and 4 what purpose they r infected.

Lets see some FAQs here:

7.In what ways could I be infected?

The Complete Windows Trojans Paper discusses in-depth each of the possible scenarios as far as becoming infecting with a trojan is concerned. You’re strongly advised to closely look at them, thus being able to understand and properly react to the threat posed by the Windows Trojans.

Via ICQ
People don't understand that they can also get infected while talking via ICQ or any other Instant Messenger Application. It's all risky when it's about receiving files no matter from whom and no matter from where.

Believe it or not, there are still guys out there using really old versions of ICQ and it's all because they can see the IP of the person they're talking to. The older versions of ICQ had such functionality and it was useful for everyone capable of using winnuke and other DoS tools, but really how hard is it to launch such attacks with only the click of the mouse? These people are often potential victims of someone that is more knowledgeable on Windows Trojans and takes advantage of their old ICQ versions.

Let's review various ways of getting infected via ICQ:
• You can never be 100% sure who's on the other side of the computer at that particular moment. It could be someone that hacked your friend's ICQ UIN (Unique Identification Number) and wants to spread some trojans among his/her friends. You'll definitely trust your best dude Bob if he offers you something interesting, but is it really Bob on the other side?
• Old versions of ICQ had bugs in the WebServer feature, which creates a site on your computer, with your info from the ICQ database. The bug constitutes a security hole in that the attacker can have access to EVERY file on your machine and if you read the previous sections carefully and know the auto-start methods, you'll probably realize what could happen if someone has access to your win.ini or other system file, namely a trojan installed in a few minutes.
• Trojan.exe is renamed Trojan....(150 spaces).txt.exe, icon changed to a real .txt file and this will definitely get you infected. This bug has almost certainly been fixed in the newer version.
No matter which Instant Messenger Application you're using, you could always get yourself infected by certain program bugs that you have never had the chance to hear about, and never took the precaution of checking for newer versions of the application. Also when you’re receiving files no matter where and no matter from whom, take this potential threat very seriously and recognize the dangers of naïve behavior.

Via IRC
So many people LIVE on IRC and this is another place where you can get yourself infected. Trust is vital no matter what you're doing. No matter who is sending you files, whether they are pretending to be free porn archive, whether offering software for "free internet" or offering a Hotmail hacking program, DO NOT download any of these files. Newbies are often targets of these fakes, and believe me, many people are still newbies where security is concerned. Users get infected from porn-trade channels, and of course, warez channels, as they don't think about the risk but think only of getting free porn and free programs instead.

Here are several scenarios of how you may become infected while using IRC:
• You're talking with someone, probably a "girl", having great time and of course, you want to see the person you're talking to. You ask for a picture or the "girl" offers you her pictures and I'm sure you'll definitely want to see them. The "girl" says that she has just created her first screensaver using some known free or commercial software and offers it to you, but how about if "she" mentions several pictures are nude ones?! You have been talking to "her" for a week or so, you get this screensaver.exe, you run it and yeah, VERY nice pics. Some are nude and she hasn't lied to you so nothing bad or suspicious has happened BUT think again what really has happened!
• Trojan.exe could also be renamed into Trojan.scr like a screensaver extension and will again run properly when you execute it so pay attention about these file extensions.
• Trojan.exe is being renamed Trojan....(150 spaces).txt.exe you'll get the file over IRC and in the DCC it will appear as .TXT and as a result you won't become suspicious, run it and get yourself infected again. In all of these examples the icon of the file is changed of course, because it needs to be the same icon as a normal .TXT and this fools victims very often.
• Most people don't notice in their Explorer that the Type of the file is Application BUT with a .TXT icon. So BEFORE you run something, even if it's with a .TXT icon, check its extension and make sure it really is a text file.
Via Attachments
I'm always amazed by the number of people that get themselves infected by an attachment sent to their mailboxes. Most of these users are new to the Internet and are pretty naive. When they receive an email containing an attachment saying that they will get free porn, free Internet access etc., they run it without completely understanding the risk to their machines. Check the following scenario: you know your friend Alex is a very skilled Visual Basic programmer. You also know he's coding his latest program but you're curious as to what it is all about, and when he finishes coding the application you wait for an e-mail from him with the attachment. Yeah, but the person targeting YOU also knows that. The attacker also knows your friend's e-mail address. Then the attacker will simply code some program or get some freeware one, use some relaying mail server to fake the e-mail's FROM field and make it look like your friend's one. Alex's e-mail address is alex@example.com so the attacker's FROM field will be changed to alex@example.com and of course, it will include the TROJANED attachment... You'll check your mail, see that Alex finally has his program ready and has sent it as an attachment. You'll download and run it without thinking that it might be a trojan or something else, because hey, Alex wouldn't do something like that to me, he's my friend, and in this way you've just been infected.

Information Is Power! Simply because the attacker knew you were waiting for some particular file, he went ahead and found Alex's e-mail address and infected you...the timing of the attack assumes importance here. And it all happened just because you were naive, just because you saw alex@example.com in the FROM field, and just because you didn't check the mail headers to see that the mail actually came from some .jp mail server relaying e-mails and has been used by spammers for several months.

Many people have gotten themselves infected by the famous "Microsoft Internet Explorer Update" sent directly to their mailboxes, by the nonexistent Microsoft Updates Staff. I understand you may have felt great because Microsoft were paying you special attention and sent you the latest updates, but these "updates" are definitely trojans. Microsoft will NEVER send you updates of their software via e-mail even if you see that the FROM field is updates@microsoft.com and as you've noticed in the previous example the FROM field could be and IS faked. If you ever notice some mail in your mailbox with subjects like "Microsoft IE Update" and such, delete WITHOUT viewing or reading the e-mail, because some E-Mail clients like Outlook Express and others, have bugs that automatically execute the file being attached in the e-mail WITHOUT you even touching it. As you can imagine this is an extremely dangerous problem that requires you to keep yourself constantly up-to-date with the latest version of any software you're using.

Physical Access
Physical access is vital for your computer's security. Imagine what an attacker could do while having physical access on your machine, and let's not forget to mention that if you're always connected to the Internet and leave the room for several minutes that you’ve just given long enough of a chance to get yourself infected. Here I'll illustrate several scenarios often used by attackers to infect your computer while they're having physical access to your machine. There are some very smart people out there that keep thinking of new ways of gaining physical access to someone's computer. Here are some tricks that are interesting:
• Your "friend" wants to infect you with a trojan and he/she has physical access to your machine. Let's say you were at home surfing the net, chatting or whatever. Suddenly your "friend" asks you for a glass of water, knowing that you'll go in another room and will be away for 1 or 2 minutes. While you do that, he/she takes out a diskette of his/her pocket and infects your unprotected PC. You came back and everything is OK because your "friend" is doing exactly the same thing before you left ...surfing the net.
• The next example is when 2 guys want to take revenge on you cause of something and are supporting each other in order to accomplish their task. Again you are at home with your "friend", surfing, chatting, whatever you're doing; suddenly the telephone rings and a "friend" of yours wants to speak with you for something that is really important. He/she asks, "Is there anyone around you? If so, please move somewhere away from him/her (after knowing it is him or her, of course). I don't want anyone to listen what I'm going to tell you". The victim is again lured away from the computer, leaving the attacker to do whatever he/she wants on the target computer
• Other approaches similar to the previous ones might be a sudden ring of the doorbell, as well as other variations of phone calls and conversations leaving the attacker alone with the victim's computer. There are so many other possible approaches; just think for a while and you'll see what I mean and how easily you could be tricked, and it's because you're not suspicious enough when it comes to your sensitive computer data.
• Another method of infecting a computer while having physical access is through use of the Auto-Starting CD function. You've probably noticed that when you place a CD in your CDROM it automatically starts with some setup interface. Here's an example of the Autorun.inf file that is placed on such CD's:
[autorun]
open=setup.exe
icon=setup.exe

So you can imagine that while running the real setup program a trojan could be run VERY easily, and since most of you probably aren’t aware of this CD function, you will become infected and won't understand what has happened and how it has been done. Yeah, I know it's convenient to have the setup.exe autostart but security is what really matters here, that's why you should turn off the Auto-Start functionality by doing the following:

Start Button->Settings->Control Panel->System->Device Manager->CDROM->Properties->Settings

And there you'll see a reference to Auto Insert Notification. Turn it off and you won't have any problems with that function anymore.

I know MANY other variations of physical access infections but these are the most common ones so pay attention and try to think up several more by yourself.

When the victim IS connected to the Internet:
Here we have many variations. Again, I'll mention the most common ones. While the attacker has physical access he/she may download the trojan.exe, using various ways just by knowing how various Internet protocols work.
• A special IRCbot known only to the attacker is available in IRC whose only function is to DCC the trojan.exe back to the attacker whenever he/she messages the bot with a special command. The victim will probably be away from the computer.
• The attacker wants to download a specific software such as a new version of some program infected with a trojan of course, and visits some URL known only to him/her and then downloads the trojan.
• The attacker pretends he/she wants to check his/her (web based) mail (for example, at Yahoo! or HotMail) but in fact has the trojan.exe stored in his/her mailbox and simply downloads and executes the file, hereby infecting the computer. In this case the mail service is used as a storage area.
There are many more ways of infecting the victim while connected to the Net, as you can imagine. Any of these examples will succeed but it all depends on the victim's knowledge of the Internet and how advanced his/her skills are, so the attacker needs to check these things somehow before doing any of the activities that I have mentioned here. After that, the attacker will be able to choose the best variant for infecting the victim and doing the job.

Browser And E-mail Software Bugs
Users do not update their software versions as often as they should be, and a lot of the attackers are taking advantage of this well known fact. Imagine you are using an old version of Internet Explorer and you visit a (malicious) site that will check and automatically infect your machine without you having downloaded or executed any programs. The same scenario occurs when you check your E-mail with Outlook Express or some other software with well known problems. Again you will be infected without having downloaded the attachment. Make sure that you always have the latest version of your Browser and E-mail Software, thus reducing the risk to a minimum.

Netbios(File Sharing)
If port 139 on your machine is opened, you're probably sharing files and this is another way for someone to access your machine, install trojan.exe and modify some system file, so it will run the next time you restart your PC. Sometimes the attacker may use DoS (Denial Of Service Attack) to shut down your machine and force you to reboot, so the trojan can restart itself immediately. To block file sharing in Win ME, go to:

Start->Settings->Control Panel->Network->File And Print Sharing

And uncheck the boxes there. That way you won't have any problems related to Netbios abuse.

Fake Programs
Imagine a Freeware SimpleMail program that's very suitable for your needs, and very handy with its features like address book, option to check several POP3 accounts and many other functions that make it even better then your E-mail client and the best thing for you is that it's free. You use ZoneAlarm or any other similar protection software, and mark the program as a TRUSTED Internet server so none of your programs will ever bother you about that program as you are probably using it every day because it's working very well, no problems ever occurred, you're happy, but a lot of things are going on in the background. Every mail you send and all your passwords for the POP3 accounts are being mailed directly into the attacker's mailbox without you noticing anything. Cached passwords and your keystrokes could be also mailed and the idea here is to gather as much info as possible and send it to the attacker. This info includes credit card numbers, passwords for various applications and many other things. Fake programs that have hidden functions often have professional looking web sites, links to various anti-trojan software mentioned as affiliates and make you trust the site; readme.txt is included in the setup and many other things to fool you into trusting it. Pay attention to freeware tools that you download, regard them as extremely dangerous and as a very useful and easy way for attackers to infect your machine with a Trojan.

Freeware Software, and the so called "Hackers" Web Sites
A site located at some free web space provider or just offering some programs for illegal activities can be considered as an untrusted one. As you know, there are thousands of "hacking/security" archives on these free web space providers like Xoom, Tripod, Geocities and many many others. These sites have archives filled with "hacking" programs, scanners, mail-bombers, flooders and many other tools. The guy who created the site infects often several, if not all of these programs. It's highly risky to download any of the programs and the tools located on such untrusted sites; no matter which software you use. Are you ready to take that risk? There are some untrusted sites that look REALLY professional and boast huge archives full of Internet related software, feedback forms and links to other popular sites. I think if you take some time, look deeper, scan all the files you download, then you can decide on your own whether the site you are downloading your software from is a trusted or an untrusted one. Freeware programs should be considered suspicious and extremely dangerous due to the fact that it's a very easy and useful way for the attacker to infect your machine with some freeware program. No matter how suitable you find the program, remember that "free is not always the best" and it's very risky to use any of these programs. My advice is: before using a freeware program, do search for some reviews on it, check popular search engines, and try to look up for some info about it. If you find any reviews written by respected sites, that means they've used and tested it and the chance of infection is hereby minimized. If no reviews or comments about the software are found via the search engines, then it may be highly risky to start using it.

8.How am I endangering my company's data once infected?

Once infected, critical business data could be exposed to a malicious attacker or a corporate spy. You should not assume that the data is properly protected by the company's firewall, and that even if you get infected, that there would be no way for the attacker to get the data. Firewalls are essential and will block their attempts to connect to the Server (your computer), however attackers are becoming more creative and adaptive, so there are ways to retrieve the data without the need to connect to your computer. You can also unknowingly participate in exposing the whole network to attack, there at work, just by having your computer infected with a Trojan Horse.

9.Why would they target me, or my company?

In fact most of the times no one is targeting you in particular, it's just your bandwidth and the access to your computer that they're trying to get to. However there is the possibility that someone wants to attack you or your company in order to obtain classified business or sensitive personal data.

*bookmarks this thread*

Sticky?

http://www.ninjashoes.net/forum/showthread.php?t=14540

This thread could be merged with this one.

done:yes:

Thanx godbro!!! You're the man.

COMPUTER VIRUSES

Markus Hanhisalo
Department of Computer Science
Helsinki University of Technology
Markus.Hanhisalo@hut.fi


This report briefly introduces computer viruses and how they effect network security. I have introduced today's virus situation. Many people are afraid of viruses, mostly because they do not know much about them. This report will guide you in the event of a virus infection.
Computer viruses and network security is important. There are things that are not public information. Therefore it is good to be a weare of possible network security problems.
--------------------------------------------------------------------------------

Table of Contents:-

1. Introduction to computer viruses
2. General information about computer viruses
2.1 Different Malware types
2.1.1 Viruses
2.1.2 Trojan
2.1.3 Worms
2.2 Macro viruses
2.3 Virus sources
2.3.1 Why do people write and spread viruses?
2.4 How viruses act
2.4.1 How viruses spread out
2.4.2 How viruses activate
2.5 Viruses in different platforms
2.5.1 PC viruses
2.5.2 Macintosh viruses
2.5.3 Other platforms
3. How to deal with viruses
3.1 What are the signs of viruses
3.2 What to do when you find viruses
4. How to protect from viruses
4.1 How to provide against viruses
4.2 Different anti-virus programs
5. Computer viruses in Finland
5.1 A questionnaire survey in Finland about viruses
5.2 It is going to be a criminal act to make viruses in Finland
6. How computer viruses have spread out around the world
7. Computer viruses and network security
8. Conclusions

--------------------------------------------------------------------------------



1. Introduction to Computer Viruses

The person might have a computer virus infection when the computer starts acting differently. For instance getting slow or when they turn the computer on, it says that all the data is erased or when they start writing a document, it looks different, some chapters might be missing or something else ubnormal has happened.
The next thing usually the person whose computer might be infected with virus, panics. The person might think that all the work that have been done is missing. That could be true, but in most cases viruses have not done any harm jet, but when one start doing something and are not sure what you do, that might be harmful. When some people try to get rid of viruses they delete files or they might even format the whole hard disk like my cousin did. That is not the best way to act when the person think that he has a virus infection.

What people do when they get sick? They go to see a doctor if they do not know what is wrong with them. It is the same way with viruses, if the person does not know what to do they call someone who knows more about viruses and they get professional help.

If the person read email at their PC or if they use diskettes to transfer files between the computer at work and the computer at home, or if they just transfer files between the two computers they have a good possibility to get a virus. They might get viruses also when they download files from any internet site. There was a time when people were able to be sure that some sites we secure, that those secure sites did not have any virus problems, but nowadays the people can not be sure of anything. There has been viruses even in Microsoft's download sites.

In this report I am going to introduce different malware types and how they spread out and how to deal with them. Most common viruses nowadays are macro viruses and I am going to spend a little more time with them. I am going to give an example of trojan horses stealing passwords.


2. General information about computer viruses



2.1 Different malware types


Malware is a general name for all programs that are harmful; viruses, trojan, worms and all other similar programs [1].


2.1.1 Viruses


A computer virus is a program, a block of executable code, which attach itself to, overwrite or otherwise replace another program in order to reproduce itself without a knowledge of a PC user.
There are a couple of different types of computer viruses: boot sector viruses, parasitic viruses, multi-partite viruses, companion viruses, link viruses and macro viruses. These classifications take into account the different ways in which the virus can infect different parts of a system. The manner in which each of these types operates has one thing in common: any virus has to be executed in order to operate. [2]

Most viruses are pretty harmless. The user might not even notice the virus for years. Sometimes viruses might cause random damage to data files and over a long period they might destroy files and disks. Even benign viruses cause damage by occupying disk space and main memory, by using up CPU processing time. There is also the time and expense wasted in detecting and removing viruses.



2.1.2 Trojan


A Trojan Horse is a program that does something else that the user thought it would do. It is mostly done to someone on purpose. The Trojan Horses are usually masked so that they look interesting, for example a saxophone.wav file that interests a person collecting sound samples of instruments. A Trojan Horse differs from a destructive virus in that it doesn't reproduce. There has been a password trojan out in AOL land (the American On Line). Password30 and Pasword50 which some people thought were wav. files, but they were disguised and people did not know that they had the trojan in their systems until they tried to change their passwords. [9]

According to an administrator of AOL, the Trojan steals passwords and sends an E-mail to the hackers fake name and then the hacker has your account in his hands.



2.1.3 Worms


A worm is a program which spreads usually over network connections. Unlike a virus which attach itself to a host program, worms always need a host program to spread. In practice, worms are not normally associated with one person computer systems. They are mostly found in multi-user systems such as Unix environments. A classic example of a worm is Robert Morrisis Internet-worm 1988. [1,5]


Picture 1 : An example of a worm.




2.2 Macro virus




Macro viruses spread from applications which use macros. The macro viruses which are receiving attention currently are specific to Word 6, WordBasic and Excel. However, many applications, not all of them Windows applications, have potentially damaging and infective macro capabilities too.
A CAP macro virus, now widespread, infects macros attached to Word 6.0 for Windows, Word 6.0.1 for Macintosh, Word 6.0 for Windows NT, and Word for Windows 95 documents.

What makes such a virus possible is that the macros are created by WordBASIC and even allows DOS commands to be run. WordBASIC in a program language which links features used in Word to macros.

A virus, named "Concept," has no destructive payload; it merely spreads, after a document containing the virus is opened. Concept copies itself to other documents when they are saved, without affecting the contents of documents. Since then, however, other macro viruses have been discovered, and some of them contain destructive routines.

Microsoft suggests opening files without macros to prevent macro viruses from spreading, unless the user can verify that the macros contained in the document will not cause damage. This does NOT work for all macro viruses.

Why are macro viruses so successful? Today people share so much data, email documents and use the Internet to get programs and documents. Macros are also very easy to write. The problem is also that Word for Windows corrupts macros inadvertently creating new macro viruses.


Picture 2 : New macro virus by corruption [12]



Corruption's also creates "remnant" macros which are not infectious, but look like viruses and cause false alarms. Known macro virus can get together and create wholly new viruses.

Picture 3 : Macro virus growth, July 1995 to May 1997 [12]



There have been viruses since 1986 and macro viruses since 1995. Now about 15 percent of virus
are macro viruses. There are about 2.000 macro viruses and about 11.000 DOS viruses, but the problem is that macro viruses spreads so fast. New macro viruses are created in the work-place, on a daily basis, on typical end-user machines, not in a virus lab. New macro virus creation is due to corruption, mating, and conversion. Traditional anti-virus programs are also not good at detecting new macro viruses.
Almost all virus detected in the Helsinki University of Technology have been macro viruses, according to Tapio Keihänen, the virus specialist in HUT.

Before macro viruses it was more easy to detect and repair virus infections with anti-virus programs. But now when there are new macro viruses, it is harder to detect macro viruses and people are more in contact with their anti-virus vendor to detect an repair unknown macro viruses, because new macro viruses spread faster than new anti-virus program updates come up.


2.3 Virus sources


Viruses don not just appear, there is always somebody that has made it and they have own reason to so. Viruses are written everywhere in the world. Now when the information flow in the net and Internet grows, it does not matter where the virus is made.
Most of the writers are young men. There are also few university students, professors, computer store managers, writers and even a doctor has written a virus. One thing is common to these writers, all of them are men, women do not waste their time writing viruses. Women are either smarter or they are just so good that never get caught. [1]


2.3.1 Why do people write and spread viruses?


It is difficult to know why people write them. Everyone has their own reasons. Some general reasons are to experiment how to write viruses or to test their programming talent. Some people just like to see how the virus spreads and gets famous around the World. The following is a list from news group postings alt.comp.virus and tries to explain why people write and spread viruses.

they don't understand or prefer not to think about the consequences for other people
they simply don't care
they don't consider it to be their problem if someone else is inconvenienced
they draw a false distinction between creating/publishing viruses and distributing them
they consider it to be the responsibility of someoneelse to protect systems from their creations
they get a buzz, acknowledged or otherwise, from vandalism
they consider they're fighting authority
they like 'matching wits' with anti virus vendors
it's a way of getting attention, getting recognition from their peers and their names (or at least that of their virus) in the papers and the Wild List
they're keeping the anti virus vendors in a job


2.4 How viruses act


Viruses main mission is to spread out and then get active. Some viruses just spread out and never activate. Viruses when they spread out, they make copies of self and spreading is harmful.



2.4.1 How viruses spread out


Viruses mission is to hop from program to other and this should happen as quickly as possible. Usually viruses join to the host program in some way. They even write over part of the host program.
A computer is infected with a boot sector virus if it is booted from an infected floppy disk. Boot sector infections cannot normally spread across a network. These viruses spread normally via floppy disks which may come from virtually any source:


unsolicited demonstration disks
brand-new software
disks used on your PC by salesmen or engineers
repaired hardware

A file virus infects other files, when the program to which it is attached is run, and so a file virus can spread across a network and often very quickly. They may be spread from the same sources as boot sector viruses, but also from sources such as Internet FTP sites and newsgroups. Trojan horses spread just like file viruses.

A multipartite virus infects boot sectors and files. Often, an infected file is used to infect the boot sector: thus, this is one case where a boot sector infection could spread across a network.



2.4.2 How viruses activate


We are always afraid that viruses do something harmful to files when they get active, but not all the viruses activate. Some viruses just spread out, but when viruses activate they do very different things. Might play a part of melody or play music in the background, show a picture or animated picture, show text, format hard disk or do changes to files.
As an example, in one unnamed company: over a long period of time, the files in a server were corrupted just a bit. So backup copies were taken from the corrupted files. And after they noticed that something was wrong, it was too late to get back the data from the backups. That kind of event is the worst that can happen for the uses.

There is also talk that viruses have done something to hardware like hard disk or monitor. Viruses can not do any harm to hardware but they can do harm to programs and for example to BIOS so that computer does not start after that. Usually you can start the computer from a boot diskette if the computer does not start otherwise.



2.5 Viruses in different platforms



2.5.1 PC viruses


Viruses are mostly written for PC-computers and DOS environment. Even though viruses are made for DOS environment, they are working also in Windows, Windows95, Windows NT and OS/2 operating systems. Some viruses like boot sector viruses, do not care what about operating systems.[1]


2.5.2 Macintosh viruses


Macintosh viruses are not as a big problem as PC viruses are. There are not so many viruses in Macintosh operating system. Macintosh viruses has been found mostly from schools.
How many Mac viruses there are? I found out that there are about 2-300 Mac-specific viruses. There are virtually no macro viruses which have a Mac-specific payload, but all macro viruses can infect on Macs and other platforms which runs Word 6.x of better.



2.5.3 Other platforms


Viruses can be found from in almost any kind of computer, such as HP calculators used by students like HP 48-calculators and old computers like Commodore 64 and Unix computers too. [1]
In general, there are virtually no non-experimental UNIX viruses. There have been a few Worm incidents, most notably the Morris Worm,. the Internet Worm, of 1988.

There are products which scan some Unix systems for PC viruses. Any machine used as a file server (Novell, Unix etc.) can be scanned for PC viruses by a DOS scanner if it can be mounted as a logical drive on a PC running appropriate network client software such as PC-NFS.

Intel-based PCs running Unix e.g. Linux, etc. can also be infected by a DOS boot-sector virus if booted from an infected disk. The same goes for other PC-hosted operating systems such as NetWare.

While viruses are not a major risk on Unix platforms, integrity checkers and audit packages are frequently used by system administrators to detect file changes made by other kinds of attack.



3. How to deal with viruses



3.1 What are the signs of viruses


Almost anything odd a computer may do, can blamed on a computer "virus," especially if no other explanation can readily be found.Many operating systems and programs also do strange things, therefore there is no reason to immediately blame a virus. In most cases, when an anti-virus program is then run, no virus can be found.

A computer virus can cause unusual screen displays, or messages - but most don't do that. A virus may slow the operation of the computer - but many times that doesn't happen. Even longer disk activity, or strange hardware behavior can be caused by legitimate software, harmless "prank" programs, or by hardware faults. A virus may cause a drive to be accessed unexpectedly and the drive light to go on but legitimate programs can do that also.

One usually reliable indicator of a virus infection is a change in the length of executable (*.com/*.exe) files, a change in their content, or a change in their file date/time in the Directory listing. But some viruses don't infect files, and some of those which do can avoid showing changes they've made to files, especially if they're active in RAM.

Another common indication of a virus infection is a change to the reassignment of system resources. Unaccounted use of memory or a reduction in the amount normally shown for the system may be significant.

In short, observing "something funny" and blaming it on a computer virus is less productive than scanning regularly for potential viruses, and not scanning, because "everything is running OK" is equally inadvisable.


3.2 What to do when you find viruses


First thing what you should do when you find virus is count to ten and stay cool. You should keep notes on what you do and write down what your virus programs and you computer tells you. If you are not sure what to do, you should call the administrator for future action. In some cases it is not good to start you computer from hard disk, because the virus may active and then do some harm.
Second,make sure that you should get sure that it is virus and what virus it is. It is important to know what kind of virus we are dealing with. Companies that make anti-virus programs knows what different viruses does and you can ether call them and ask about that viruses or you can go to their web pages and read about the virus you have.

When you start you computer you should do it from a clean (non-infected) floppy diskette and after that run the virus program. The boot diskette should be write protected so that virus can not infect the boot diskette too.[6]

It is good to take a backup of the file that was infected. Virus program could do some damage to the file and that is why it is good to have a backup.

It is good to let you administrator to know about the virus, so viruses would not spread around so much. In TKK PC classes are protected by anti-virus program and that virus program reports to a person, responsible for virus protection.


4. How to protect from viruses



4.1 How to provide against viruses


Best way to protect yourself is to prepare your computer against viruses in advance. One way to protect you computer is to use updated anti-virus program. When you get an email attachment, you should first check the attachment by checking the file with a anti-virus program.
As an example in one unnamed Finnish company all information was mailed in email attachments. There was this one Word document that was mailed to everybody. That email attachment was infected by a macro virus. Everyone got the infected attachment and those who opened that attachment by Word got that CAP-macro virus. After all there were a few thousand infections. It took lots of time and money to clear that virus.

One can protect the computer against boot sector viruses by setting the BIOS to start from a hard disk rather than from a floppy disk.

Write protection is a good way to prohibit against viruses. Write protection works well in floppy disks, Windows NT and UNIX, but not that well in Windows and Windows95.



4.2 Different anti-virus programs


There are three different kind of anti-viral packages: activity monitors, authentication or change-detection software, and scanners. Each type has its own strengths and weaknesses. Commercial anti-viral programs have a combination of the above mentioned functions.[7]
There are over ten good anti-viral programs. Most knows programs are Data Fellows F-Prot, EliaShim ViruSafe, ESaSS ThunderBYTE, IBM AntiVirus, McAfee Scan, Microsoft Anti-Virus, Symantec Norton AntiVirus and S&S Dr Solomon's AVTK.

On a day-to-day basis, the average corporation should be very interested in the scan time; these impact strongly the users, who should be scanning hard drives and disks on a daily basis. If a product takes too long to carry out these basic tasks, users will be unwilling to wait, and will stop using it. This is clearly undesirable - the perfect anti-virus product would be one which takes no time to run and finds all viruses.



5. Computer viruses in Finland



5.1 A questionnaire in Finland about viruses


Computer viruses are not uncommon in Finland, especially not in schools and universities. "Virus prevention was not well organized in some organizations and tended to be better in government organizations than in local government or in firms" writes Marko Helenius in his Computer viruses in Finland report. He did a large scale questionnaire survey in Finland in the summer 1993. There were not macro viruses at that time yet, so today the virus situation is a bit different, but some results were pretty interesting.
The knowledge of viruses was quite poor in all sectors: government, local authorities and companies. Respondents' knowledge of viruses was best in government organizations. How importance is virus prevention? The most positive attitude to virus prevention was in government organizations.

90% of the government organizations used some kind of anti-virus program, the same in local authority organizations was about 55 % and in companies it was over 60 %. [3]


5.2 It is going to be a criminal act to make viruses in Finland


There is a new government bill about writing and spreading viruses. If the bill goes through, it is going to be a criminal act to make and spread viruses in Finland and one could get two years in prison or a fine, if one spread or write viruses. If a person make a virus it would be same thing in court than a person were planning to burn something. It is criminal to make viruses in England, Italy, Netherlands, Switzerland and Russia.
It is not punished to make or spread viruses in Finland, according today's penal code. If viruses make harm to somebody that could be punished. Nobody has been punished for that in Finland, even though some Finns has made viruses, for example Finnish Spryer. That virus formatted about 600 hard disks and did lots of damage. They say that it was made in Espoo, but they never got the persons that made that virus.

Virus business in Finland is pretty big. Businesses that have specialized in viruses have about 100 million in sales together. It costs money to stop working and clean up the viruses. Computer viruses put in danger general safety, says Pihlajamäki from Ministry of Justice. It is dangerous if viruses gets to programs that control trains or airplanes.

Computer viruses can also be used as a weapon. It is sad that America used computer viruses to slay and to make Iraq's computers non-functional. [4]



6. How computer viruses have spread out around the world


Computer viruses are a problem all over the world. The following picture tells us how many times people have accessed Data Fellows, a company that makes anti-virus program F-Prot, more than 1,672,846 per month[10]. It means that people are interesting in virus information. One reason is that people have to deal with viruses. Viruses in not only a problem in Finland and USA, it is a problem around the world.



Picture 4 : Accesses per month




Today's most common virus is the macro virus. Cap virus is one of the macro viruses. Last month there were 3100 Cap macro virus accesses during the last 30 days in Data Fellows. Next common virus was Join the Crew with 1171 accesses and third common was Pen pal Greetings with 895 accesses. [10]


Picture 5 : Twenty most accessed virus descriptions during the last 30 days





7. Computer viruses and network security


Computer viruses are one network security problem. A few people when asked if computer viruses can cause network security problems answered as follows.
Dave Kenney answered from National Computer Security Assoc: "There is one macro virus for MSWord that is received as an attachment to MS Mail messages. If a user has Word open, and double clicks to see the contents of the attachment, MS Word and the open document is infected. Then the document is mailed to three other users listed in the original user's address book."

"The only information that is leaked is the thing you should be worried about, your password! The trojan sends an E-mail to the hackers fake name and then he has your account at his hands," wrote CJ from American Online.

"Rarely, a Word macro virus may accidentally pick up some user information and carry it along; we know of one case where a macro virus "snatched" an innocent user macro that contained a password, and spread it far outside the company where that happened. In the future, however, it is entirely possible that more network-aware viruses will cause significant network security problems," wrote David Chess from IBM.

Marko Helenius wrote from Virus Research Unit, that there has been some cases when hackers have used trojan horses to gain information. There is one example in one finnish corporation where some money were transferred illegally a year ago. There has been a trojan in the University of Tampere too where the trojan pretend to be a host transfer program. The trojan saved users login name and password to hard disk.


8. Conclusions


There are lots of viruses in the world and new viruses are coming up every day. There are new anti-virus programs and techniques developed too. It is good to be aware of viruses and other malware and it is cheaper to protect you environment from them rather then being sorry.
There might be a virus in your computer if it starts acting differently. There is no reason to panic if the computer virus is found.

It is good to be a little suspicious of malware when you surf in the Internet and download files. Some files that look interesting might hide a malware.

A computer virus is a program that reproduces itself and its mission is to spread out. Most viruses are harmless and some viruses might cause random damage to data files.

A trojan horse is not a virus because it doesn't reproduce. The trojan horses are usually masked so that they look interesting. There are trojan horses that steal passwords and formats hard disks.

Marco viruses spread from applications which use macros. Macro viruses spreads fast because people share so much data, email documents and use the Internet to get documents. Macros are also very easy to write.

Some people want to experiment how to write viruses and test their programming talent. At the same time they do not understand about the consequences for other people or they simply do not care.

Viruses mission is to hop from program to other and this can happen via floppy disks, Internet FTP sites, newsgroups and via email attachments. Viruses are mostly written for PC-computers and DOS environments.

Viruses are not any more something that just programmers and computer specialist have to deal with. Today everyday users have to deal with viruses.



References:-


[1] Keihänen T., TKK:n virusopas, TKK Offset 1996, pp 3-11
[2] Lammer V., Computer Viruses, Virus Bulletin '93
[3] Helenius M., Computer viruses in Finland - A questionnaire survey, University of Tampere 1994
[4] Koskinen P., Tietokonevirusten teko ja levitys aiotaan säätää rangaistavaksi, Helsingin Sanomat 12.11.1997
[5] Sudduth A., The What, Why, and How of the 1988 Inernet Worm, 1988
<http://www.mathcs.carleton.edu/students/darbyt/pages/worm.html>
[6] Harjuniemi M., Virusohje
<http://www.helsinki.fi/~harjunie/opas/virus.htm>
[7] Woody, The Scanner - The Anti-Virus Newsletter of Today Volume 3 Issue 1
<http://diversicomm.com/scanner/scnr9607.htm>
[8] Wells J., WildList, September 1997
<http://www.virusbtn.com/WildLists/199709.html>
[9] General Discussions in Computer Security
<http://webconf.ncsa.com/>
[10] DataFellows.com
<http://www.DataFellows.com/>
[11] Wood C., Policies Frpm the Ground Up
<http://www.infosecnews.com/articles/9705/article1.html>
[12] Proceedings of the Seventh International Virus Bulletin Conference, The Fairmont Hotel San Francisco USA, 2-3 October 1997
http://www.virusbtn.com/

Best Web Site for free Courese on line as follows
1 http://www.w3schools.com/
The best & fantastic web site for learning web based computing language,dbms,
rdbms,programming Languages,multimedia, such asp,asp.net,vb script,java script,php, wml 1.1,xml, html,dhtml,html dom,soap,rdf,rss,wap,Ajax,e4x, wml script,sql,plsql
,ado,flash,svg,smil,media,tc p/ip,udp,socket programming ,linux
2 http://www.cyberdiem.com/vin/l earn.html
To learn c,c++,java
3 ) www.vbwm.com/learnvb/
To learn visual basic,oracle,vb.net
4) http://visualbasic.about.com/o d/learnvbnet/
Vb.net &.net
5) http://www.bbc.co.uk/worldserv ice/learningenglish/
To learn english language & english grammer
6) http://www.englishclub.com/wri ting/index.htm
To learn english language & english grammer
7. Http://www.docnmail.com/ free! And tons to choose from!
8. Http://www.free-ed.net/free-ed /
For free education
9 http://www.word2word.com/cours ead.html
A great place to pick up a second language!
10. Http://courses.help.com
Wonderful site offers many classes with great instructors.

Two more from me....

Code:
http://www.academictutorials.com/

Code:
http://www.devshed.com/

10-Step Security

If you have about an hour, you can batten down your machine's hatches against Net threats new and old. Here's how.

PC security can be effective without being a chore. These ten quick and easy tips will help protect your hardware, software, and data.

1. Patch automatically: Ensure Windows is set to update itself. In XP, click Start, Control Panel, Security Settings (if you're in Category view), Automatic Updates. In 2000, choose Start, Settings, Control Panel, Automatic Updates. In both versions, verify that 'Automatic (recommended)' is selected. You can also have Windows notify you before it downloads an update, or you can install the update manually. (The steps and options are only slightly different in Windows 98 and Me.)

2. Don't wait for Windows: If your PC has been off for more than a few days, don't wait for Windows' automatic update to kick in. Make the Windows Update site your first Internet stop. Also, there may be a lag between when a patch is available and when Windows Update pushes it to you. Microsoft releases Windows patches on the second Tuesday of each month, so to be safe check for updates manually every couple of weeks. And don't forget to set your antivirus and anti-spyware tools to update automatically (or check weekly for updates yourself).

3. Use XP's security monitor: Windows XP Service Pack 2's most welcome addition is the Windows Security Center, which alerts you when your PC's firewall and antivirus protection are disabled or out of date. Still, XP's own firewall protects you only from inbound pests; it doesn't alert you to suspicious outbound traffic.I recommend that you disable the XP firewall and instead use Zone Labs' (ZoneAlarm) or another third-party firewall program that protects both ways.

4. Make your file extensions visible: Some viruses masquerade as harmless file types by adding a bogus extension near the end of their name, as in "funnycartoon.jpg.exe," in hopes your system is set to hide such extensions (the default in Windows XP and 2000)--you see '.jpg' but not '.exe'. To make these troublemakers easier to spot, open Windows Explorer or any folder window and click Tools, Folder Options, View. Ensure that the option 'Hide file extensions for known file types' is unchecked.
Bonus Tip 1: To get the most complete picture of your Windows setup, check Show hidden files and folders and uncheck Hide protected operating system files (Recommended).

5. Keep Internet Explorer safe: Many people find IE 6's Medium security level too obliging to ActiveX controls and other small programs, or scripts, that the browser runs on your PC. ActiveX and JavaScript enable such useful Web features as order forms and security scans, but they also may run malicious code and give attackers access to your system. To make IE safer, click Tools, Internet Options, Security, Custom Level, select High from the drop-down menu at the bottom of the Security Settings dialog box, and click Reset, Yes, OK.
Unfortunately, setting IE to the High security setting can lead to the browser's unleashing a fusillade of warnings and permission pop-ups every time you visit a site. The solution is to add the sites that you access often to IE's Trusted Sites list: Choose Tools, Internet Options, Security, click the Trusted Sites icon, and then click the Sites button. Enter the Web address, click Add, and repeat as necessary. Be sure to uncheck Require server verification for all sites in this zone. When you're finished, click OK twice.

6. Make Firefox more secure: The only way to block JavaScripts on a site-by-site basis in the Mozilla Foundation's free Firefox browser is to download and install the NoScript add-in. NoScript places a warning bar at the bottom of all the Web pages you visit that use JavaScript. Click the bar to see options for allowing scripts on the site (permanently or temporarily), blocking scripts, and other operations. The program can also stifle Flash animations and other Firefox plug-ins, but keep in mind that going Flash-less means you'll be missing out on some of the Web's richest content (along with all of those great dancing ads).

7. Handle e-mail links with care: If a virus infects your PC, chances are good it arrived piggybacked on e-mail. To reduce your risk of an e-mail-borne infection, don't click links in suspicious messages (the text in the message may mask the actual Web address). Instead, enter the URL in your browser's address bar manually, or go to the site's home page and then navigate to the page in question.

8. Scan attachments for viruses: Run each of the e-mail attachments you receive through your antivirus software before you open them. Rather than double-clicking the attachment to open it instantly, save the file to a drive on your PC, open Windows Explorer, right-click the file, and choose the option to scan it for viruses. (Better yet, set your antivirus software to scan incoming and outgoing e-mail automatically.)

9. Close the preview pane: Some maleficent messages need only be opened in your e-mail program's preview window to do their dirty work. That's why we recommend that you close the preview pane in all of your inboxes. In Microsoft Outlook 2003, click View, Reading pane, Off. In Outlook Express 6, click View, Layout and verify that 'Show Preview Pane' is unchecked. In Mozilla Thunderbird, click View, Layout and confirm that 'Message pane' is unchecked (or press <F8> to toggle the preview pane on and off).

10. Read your mail in plain text: Since many e-mail pests rely on HTML code to achieve their nefarious goals, you can stop them in their tracks by viewing your messages as plain text. In Outlook 2003, click Tools, Options, Preferences, E-mail Options and check Read all standard mail in plain text. In Outlook Express 6, choose Tools, Options, Read and click Read all messages in plain text. In Mozilla Thunderbird, select View, Message Body As, Plain Text.

Four Generations of Firewall Architectures

A firewall is a network gateway that enforces security rules on the conversion of peer-to-peer communications. Essentially, a firewall creates a boundary between two or more networks. A firewall is usually configured as a bastion host or a dual-homed bastion host. It evaluates each network packet against a network security policy, which is a collection of security rules, conventions, and procedures governing communications into and out of a network. Usually, IP traffic forwarding is disabled on the firewall to ensure that all traffic between the internal network and external networks passes through the firewall server, thereby allowing the firewall to inspect all network packets that traverse the network boundary.


Most firewall technologies provide different capabilities for auditing communication events. Usually, the firewalls generate audit records detailing the cause and circumstances surrounding the triggering of audit events. As firewall technology improves, firewalls inspect additional network packet information, use more sophisticated inspection algorithms, maintain more state information, and inspect the network packets at more network layers. As such, more mature firewall technology provides more detailed audit records, or summary information, about the network packets that are allowed through or prevented from traversing the firewall. By analyzing such audit records, administrators can often detect network security policy problems, such as attempts to break in or misconfiguration of the firewall's network security policy enforcement features. As a general rule, more detailed and descriptive audit record information yields better monitoring capabilities in a firewall product.



Before Cisco Centri Firewall, firewalls inspected network traffic using one of four architectural models, which are defined by the information that they examine to make security-relevant decisions. In the next four sections, we define these different architectures in detail.

How Packet Filters Work :


A packet filter firewall is a first-generation firewall technology that analyzes network traffic at the transport protocol layer. Each IP network packet is examined to see if it matches one of a set of rules defining what data flows are allowed. These rules identify whether communication is allowed based upon information contained within the internet and transport layer headers and the direction in which the packet is headed (internal to external network or vice-versa).

Packet filters typically enable you to manipulate (that is, permit or prohibit) the transfer of data based on the following controls:

* the physical network interface that the packet arrives on
* the address the data is (supposedly) coming from (source IP address)
* the address the data is going to (destination IP address)
* the type of transport layer (TCP, UDP, ICMP)
* the transport layer source port
* the transport layer destination port

Note This architecture implements a very limited command set to perform analysis for one or more network protocols; however, it performs its inspection in kernel space.

Packet filters generally do not understand the application layer protocols used in the communication packets. Instead, they work by applying a rule set that is maintained in the TCP/IP kernel. This rule set contains an associated action that will be applied to any packets matching the criteria mentioned above.
Advertisement

The action taken may take on one of two values: "deny" or "permit" the network packet. Two lists, the deny list and the permit list, are maintained in the kernel. For a network packet to be routed to its proper destination, it must first pass a check of both the deny and permit lists. That is, it must not be expressly denied, and it must be expressly permitted. Some packet filters that are incorporated into router hardware implement a different policy. In these types of packet filters, the packet must be expressly denied or else it is permitted. In order for you to understand the filtering rules, you must consider the security stance utilized by the routing hardware.

Packet filters typically implement command sets that allow the checking of the source and destination port numbers on the TCP and UDP transport layer protocols. This check determines whether an applicable permit or deny rule exists for that specific port and protocol combination. Due to the fact that the ICMP protocol layer does not utilize port numbers for its communications protocol, it is difficult for packet filters to apply any security policy to this form of network traffic. In order to apply an effective security policy to ICMP, the packet filter must maintain state tables to ensure that an ICMP reply message was recently requested from an internal host. This ability to track communications state is one of the primary differences between simple packet filters and dynamic packet filters.

Because packet filters are implemented in the network layer, they generally do not understand how to process state information in the high-level protocols, such as FTP. The more sophisticated packet filters are able to detect IP, TCP, UDP, and ICMP. Using a packet filter that includes the TCP/UDP port filtering capability, you can permit certain types of connections to be made to specific computers while prohibiting other types of connections to those computers and similar connections to other computers.

The complete network packet inspection adheres to the following general algorithm:

* If no matching rule is found, then drop the network packet.
* If a matching rule is found that permits the communication, then allow peer-to-peer communication.
* If a matching rule is found that denies the communication, then drop the network packet.

Because this type of firewall does not inspect the network packet's application layer data and does not track the state of connections, this solution is the least secure of the firewall technologies. It allows access through the firewall with a minimal amount of scrutiny. In other words, if the checks succeed, the network packet is allowed to be routed through the firewall as defined by the rules in the firewall's routing table. However, because it does less processing than the other technologies, it is the fastest firewall technology available and is often implemented in hardware solutions, such as IP routers.

Packet filter firewalls often readdress network packets so that outgoing traffic appears to have originated from a different host rather than an internal host. The process of readdressing network packets is called network address translation. Network address translation hides the topology and addressing schemes of trusted networks from untrusted networks.

How To Set Up Proxies In Your Browser

This is a small Tutor - try it out!

===================================
How to set up proxies in your browser, (!!!!be anonymous and make the passes last longer...!!!!!!
===================================
In Internet Explorer
===================================
Click "Tools", then "Internet Options", the in the "connections" Tab, click the "LAN Setup" Button in the bottom. There is a "Proxy Servers", tick the "Use a proxy....." and then enter the proxy in the bigger textbox and the port (the part that comes after the ":") in the smaller textbox. Hit okay, and then go to
CODE
www.whatismyip.com
to see if the proxy is now your IP.
===================================
In OPERA
===================================
Click "Files", then "Preferences", then "Network", then click the button "Proxy Servers", tick "HTTP", fill in with the proxy:port, click okay and that's it! Don't forget to check with
CODE
www.whatismyip.com

===================================
In Firefox
===================================
Tools -> Options
Then click the General Icon
Then the "Connection Settings..." button
Then click the "manually configure proxies" radio button, and enter the proxy address and port in the HTTP Proxy area.
Don't forget to check with
CODE
www.whatismyip.com


CODE
www.proxy4free.com
www.safeproxy.org
www.megaproxy.com
www.guardster.com
www.silenter.com
www.anonymizer.com


Happy Anonymous surfing!


To be clear: if I give you 255.255.255.255:8080, that means 255.255.255.255 is the proxy and 8080 is the port
To Optain Fresh and new proxies,u can alvays check Google...

===================================
In Netscape Navigator
===================================
Click "Edit", then "Preferences", then in the "category" section, goto the "Advanced" Option in the bottom. There is a "Proxies" option, tick the "Manual Proxy configuration" and then enter the proxy in the bigger textbox and the port (the part that comes after the ":") in the smaller textbox. Hit okay, and then go to
CODE
www.whatismyip.com
to see if the proxy is now your IP.

whichever browser allows u to install switchproxy doesnt need to be manually adjusted to change proxies..
the s/w provides an interface where u can add,select and remove proxies from a list....
makes it more convinient....
mozillla,netscape allows switchproxy...

Ip Address : just basic things about IP

IP address
(Internet Protocol address) The address of a device attached to an IP network (TCP/IP network). Every client, server and network device must have a unique IP address for each network connection (network interface). Every IP packet contains a source IP address and a destination IP address.


Static and Dynamic IP

An IP network is somewhat similar to the telephone network in that you have to have the phone number to reach a destination. The big difference is that IP addresses are often temporary.

Each device in an IP network is either assigned a permanent address (static IP) by the network administrator or is assigned a temporary address (dynamic IP) via DHCP software. Routers, firewalls and proxy servers use static addresses as do most servers and printers that serve multiple users. Client machines may use static or dynamic IP addresses. The IP address assigned to your service by your cable or DSL Internet provider is typically dynamic IP. In routers and operating systems, the default configuration for clients is dynamic IP (see DHCP).


Dotted Decimals

IP addresses are written in "dotted decimal" notation, which is four sets of numbers separated by periods; for example, 204.171.64.2. If you knew the IP address of a Web site, you could enter the dotted decimal number into your browser instead of the domain name (which is why we have DNS!).

Although the next version of the IP protocol offers a virtually unlimited number of unique addresses (see IPv6), the traditional IP address (IPv4) uses a 32-bit number that defines both the network and the host computer. The network class determines how many of the 32 bits are used for the network address, leaving the remaining bits for use as the host number (note the numbers of networks and hosts in the table below). The host number can be further divided between subnetworks and hosts.


Class A, B and C

Although the computer identifies the class by the first three bits of the address (A=0; B=10; C=110), people identify the class by the first number in the address (see range below). This class-based system has also been greatly expanded, eliminating the huge disparity in the number of hosts that each class can accommodate.

Maximum Maximum Number of
Class Number Hosts Bits used in
Number of per Network/Host
Class Range Networks Network ID ID

A 1-126 127 16,777,214 7/24
B 128-191 16,383 65,534 14/16
C 192-223 2,097,151 254 21/8

>>>>> 127 reserved for loopback test.

Understanding computer viruses

A virus reproduces, usually without your permission or knowledge. In general terms they have an infection phase where they reproduce widely and an attack phase where they do whatever damage they are programmed to do (if any). There are a large number of virus types.

Viruses are a cause of much confusion and a target of considerable misinformation even from some virus "experts." Let's define what we mean by virus:

A virus is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed.

You could probably also say that the virus must do this without the permission or knowledge of the user, but that's not a vital distinction for purposes of our discussion here. We are using a broad definition of "executable file" and "attach" here.

An obvious example of an executable file would be a program (COM or EXE file) or an overlay or library file used by an EXE file. Less obvious, but just as critical, would be the macro portion of what you might generally consider to be a data file (e.g., a Microsoft Word document). It's important to also realize that the system sectors on either a hard or floppy disk contain executable code that can be infected-even those on a data disk. More recently, scripts written for internet web sites and/or included in E-mail can also be executed and infected.

To attach might mean physically adding to the end of a file, inserting into the middle of a file, or simply placing a pointer to a different location on the disk somewhere where the virus can find it.

Most viruses do their "job" by placing self-replicating code in other programs, so that when those other programs are executed, even more programs are "infected" with the self-replicating code. This self-replicating code, when triggered by some event, may do a potentially harmful act to your computer.

Another way of looking at viruses is to consider them to be programs written to create copies of themselves. These programs attach these copies onto host programs (infecting these programs). When one of these hosts is executed, the virus code (which was attached to the host) executes, and links copies of itself to even more hosts.

Similar to viruses, you can also find malicious code in Trojan Horses, worms, and logic bombs. Often the characteristics of both a virus and a worm can be found in the same beast; confusing the issue even further.

Before looking at specific virus types you might also want to consider the following general discussions:

Virus Behavior. Infect, then attack; common behavior of most viruses.
Number of Viruses. Lots and lots.
Virus Names. It's not easy nor standardized.
How Serious Are Viruses? Worms spreading due to user inattention are a serious threat.
What About Good Viruses? The general consensus is that there are none.
Hardware Threats. Viruses are not the only things that can cause damage. Consider some hardware problems.
Software Threats. Viruses are not the only things that can cause damage. Consider some software problems.

A virus is a program that reproduces its own code.
Generally, the first thing a virus does is to reproduce (i.e., infect).
Viruses balance infection versus detection possibility.
Some viruses use a variety of techniques to hide themselves.
On some defined trigger, some viruses will then activate.
Viruses need time to establish a beachhead, so even if they activate they often will wait before doing so.
Not all viruses activate, but all viruses steal system resources and often have bugs that might do destructive things.
The categories of viruses are many and diverse. There have been many made and if you get one it should be taken seriously. Don't be fooled by claims of a good virus; there is no reason at the moment to create one.

Viruses come in a great many different forms, but they all potentially have two phases to their execution, the infection phase and the attack phase:

Infection Phase
Virus writers have to balance how and when their viruses infect against the possibility of being detected. Therefore, the spread of an infection may not be immediate.

When the virus executes it has the potential to infect other programs. What's often not clearly understood is precisely when it will infect the other programs. Some viruses infect other programs each time they are executed; other viruses infect only upon a certain trigger. This trigger could be anything; a day or time, an external event on your PC, a counter within the virus, etc. Virus writers want their programs to spread as far as possible before anyone notices them.

It is a serious mistake to execute a program a few times - find nothing infected and presume there are no viruses in the program. You can never be sure the virus simply hasn't yet triggered its infection phase!

Many viruses go resident in the memory of your PC in the same or similar way as terminate and stay resident (TSR) programs. (For those not old enough to remember TSRs, they were programs that executed under DOS but stayed in memory instead of ending.) This means the virus can wait for some external event before it infects additional programs. The virus may silently lurk in memory waiting for you to access a diskette, copy a file, or execute a program, before it infects anything. This makes viruses more difficult to analyze since it's hard to guess what trigger condition they use for their infection.

On older systems, standard (640K) memory is not the only memory vulnerable to viruses. It is possible to construct a virus which will locate itself in upper memory (the space between 640K and 1M) or in the High Memory Area (the small space between 1024K and 1088K). And, under Windows, a virus can effectively reside in any part of memory.

Resident viruses frequently take over portions of the system software on the PC to hide their existence. This technique is called stealth. Polymorphic techniques also help viruses to infect yet avoid detection.

Note that worms often take the opposite approach and spread as fast as possible. While this makes their detection virtually certain, it also has the effect of bringing down networks and denying access; one of the goals of many worms.

Attack Phase
Viruses need time to infect. Not all viruses attack, but all use system resources and often have bugs.
Many viruses do unpleasant things such as deleting files or changing random data on your disk, simulating typos or merely slowing your PC down; some viruses do less harmful things such as playing music or creating messages or animation on your screen. Just as the infection phase can be triggered by some event, the attack phase also has its own trigger.

Does this mean a virus without an attack phase is benign? No. Most viruses have bugs in them and these bugs often cause unintended negative side effects. In addition, even if the virus is perfect, it still steals system resources. (Also, see the "good" virus discussion.)

Viruses often delay revealing their presence by launching their attack only after they have had ample opportunity to spread. This means the attack could be delayed for days, weeks, months, or even years after the initial infection.

The attack phase is optional, many viruses simply reproduce and have no trigger for an attack phase. Does this mean that these are "good" viruses? No! Anything that writes itself to your disk without your permission is stealing storage and CPU cycles. (Also see the "good" virus discussion.) This is made worse since viruses that "just infect," with no attack phase, often damage the programs or disks they infect. This is not an intentional act of the virus, but simply a result of the fact that many viruses contain extremely poor quality code.

An an example, one of the most common past viruses, Stoned, is not intentionally harmful. Unfortunately, the author did not anticipate the use of anything other than 360K floppy disks. The original virus tried to hide its own code in an area of 1.2MB diskettes that resulted in corruption of the entire diskette (this bug was fixed in later versions of the virus).

There are currently over 50,000 computer viruses and that number is growing rapidly. Fortunately, only a small percentage of these are circulating widely.

There are more MS-DOS/Windows viruses than all other types of viruses combined (by a large margin). Estimates of exactly how many there are vary widely and the number is constantly growing.

In 1990, estimates ranged from 200 to 500; then in 1991 estimates ranged from 600 to 1,000 different viruses. In late 1992, estimates were ranging from 1,000 to 2,300 viruses. In mid-1994, the numbers vary from 4,500 to over 7,500 viruses. In 1996 the number climbed over 10,000. 1998 saw 20,000 and 2000 topped 50,000. It's easy to say there are more now.

The confusion exists partly because it's difficult to agree on how to count viruses. New viruses frequently arise from someone taking an existing virus that does something like put a message out on your screen saying: "Your PC is now stoned" and changing it to say something like "Donald Duck is a lie!". Is this a new virus? Most experts say yes. But, this is a trivial change that can be done in less than two minutes resulting in yet another "new" virus.

Another problem comes from viruses that try to conceal themselves from scanners by mutating. In other words, every time the virus infects another file, it will try to use a different version of itself. These viruses are known as polymorphic viruses.

One example, the Whale (a huge clumsy 10,000 byte virus), creates 33 different versions of itself when it infects files. At least one person counts this as 33 different viruses on their list. Many of the large number of viruses known to exist have not been detected in the wild but probably exist only in someone's virus collection.

David M. Chess of IBM's High Integrity Computing Laboratory reported in the November 1991 Virus Bulletin that "about 30 different viruses and variants account for nearly all of the actual infections that we see in day-to-day operation." Now, about 180 different viruses (and some of these are members of a single family) account for all the viruses that actually spread in the wild. To keep track visit the Wildlist, a list which reports virus sightings.

How can there be so few viruses active when some experts report such high numbers? This is probably because most viruses are poorly written and cannot spread at all or cannot spread without betraying their presence. Although the actual number of viruses will probably continue to be hotly debated, what is clear is that the total number of viruses is increasing, although the active viruses not quite as rapidly as the numbers might suggest.

A virus' name is generally assigned by the first researcher to encounter the beast. The problem is that multiple researchers may encounter a new virus in parallel which often results in multiple names.

What's in a name? When it comes to viruses it's a matter of identification to the general public. An anti-virus program does not really need the name of a virus as it identifies it by its characteristics. But, while giving a v