Other Malware

Other malware includes a range of programs that do not threaten computers directly, but are used to create viruses or Trojans, or used to carry out illegal activities such as DoS attacks and breaking into other computers.

• DoS and DDoS Tools
• Hacker Tools and Exploits
• Flooders
• Constructors and VirTools
• Nukers
• FileCryptors and PolyCryptors
• PolyEngines

DoS and DDoS Tools

These programs attack web servers by sending numerous requests to the specified server, often causing it to crash under an excessive volume of requests. If the server is not backed by additional resources, it will signal the failure to process requests by denying service. This is why such attacks are called Denial of Service attacks.

DoS programs conduct such attacks from a single computer with the consent of the user. Distributed Denial of Service (DDoS) attacks use a large number of infected machines without the knowledge or consent of their owners. DDoS programs can be downloaded onto victim machines by various methods. They then launch an attack either based on a date included in the code or when the 'owner' issues a command to launch the attack.

Worms can carry a DoS procedure as part of their payload. For instance, on August 20, 2001, the CodeRed worm launched a successful attack on the official web site of the President of the USA (www.whitehouse.gov). Mydoom.a contained DDoS code directed against SCO's corporate site. The company, a Unix developer, closed the site on February 1, 2004, shortly after the beginning of the DdoS attack and moved it to a different URL.

Hacker Tools and Exploits

These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to victim machines.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

Flooders

These utilities are used to flood data channels with useless packets and emails.

Constructors and VirTools

Virus writers use constructor utilities to create new malicious programs and Trojans. It is known that constructors to create macro-viruses and viruses for Windows are in existence. Constructors can be used to generate virus source code, object modules and infected files.

Some constructors come with a user interface where the virus type, objects to attack, encryption options, protection against debuggers and dissasemblers, text strings, multimedia effects etc. can be chosen from a menu. Less complex constructors have no interface, and read information about the type of virus to be built from the configuration file.

VirTools are all utilites created to simplify virus writing. They can also be used to analyze viruses to see how they can be used in hacking attacks.

Nukers

Hackers use these utilities to crash attacked machines by sending specially coded/phrased requests. These requests exploit vulnerabilities in applications and operating systems to cause fatal errors.

FileCryptors and PolyCryptors

These are hacker utilities used by virus writers use to encrypt malicious programs to prevent them being detected by antivirus software.

PolyEngines

Polymorphic generators are not viruses in the true sense of the word. They do not propagate by opening, closing or writing code into files or reading and writing sectors. These programs encrypt the body of the virus and generate a de-encryption routine.

Virus writers usually spread polymorphic generators as archived files. The main file in a generator archive is the object module which contains the actual generator. This module always contains an external function that calls the generator.