 |
| Digital Crimes Unit Logo property of Microsoft Inc. |
Once present in a system, the Nitol virus hides itself in every application on a computer by burying its self within that application's directory under the file name LPK.DLL. This is a file that is accessed by every Windows application during that application's start-up process, but is normally accessed from the System32 directory. The virus then takes advantage of the Windows Module Loading Process, in which an application first accesses files from its own directory to run in sequence, then expands into other necessary directories, with System32 being the last directory accessed. In this way Nitol is activated silently and discretely. The virus then functions as a program with no use interface operating behind the scenes and primarily serves as a tactical point for a third party to initiate a Distributed Denial of Service attack. (An attack in which many compromised systems simultaneously flood information into a single source eftively overloading the system.)
 |
| Image credit to http://computer.howstuffworks.com/zombie-computer3.htm |
Once the Denial of Service attack is under way, it the attacker has the ability to open up other ports on the compromised computer opening it up to other malware spanning from "Back Doors," which allow an attacker to utilize all functions a normal user would have within a compromised computer, to "Remote Access," malware in which an attacker could activate a user's digital camera or microphone for a multitude of purposes.
The Nitol virus is transmitted primarily through removable media, such as flash drives, external hard drives, and .rar files, making it difficult to track as unwitting carriers could unknowingly spread the virus to a new computer simply by accessing stored applications, such as patches, on a removable drive. Would be attackers could simply install the virus on an old pc, then sell it at a yard sale. That PC would then infect the buyer's flash drive, once the removable device was attached to the computer. The infected device might be taken to work, possibly to update system applications, patch software, or for many other reasons,and the virus would then self install and embed on the company computer. At that point,the attacker could then access that user's work PC, and activate code within the Nitol virus that would force the PC to download Trojans, or even keystroke monitors. This simple process of passive invasion is just one of many risks surrounding the purchase of technology through chains and retail locations that are not highly regulated, also known as "Unsecure Supply Chains." Microsoft has recently taken up a stronger advocacy of tight regulation of product and shipping in response to increased knowledge of the ubiquity of such supply chains. Boscovich proclaimed that at the end of his statement that "We will continue to protect people that use our products and services from these threats and the cybercriminals behind them. In addition, consumers should also exercise their right to demand that resellers provide them with non-counterfeit products free of malware."
After concluding their study of the Nitol virus and it's primary host domain 3322.org, Microsoft filed with the U.S. District court pointing out the violations the data presented. On September 10th, the court ruled that Microsoft could host the 3322.org domain name through Microsoft's new Domain Name System. This system would allow Microsoft to block the operation of Nitol along with nearly 70,000 other malicious sub-domains, while at the same time allowing for normal traffic on legitimate sub-domains without disruption.
No comments:
Post a Comment