DOCSLIB.ORG

Win32/Kelihos

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Win32/Kelihos http://www.securityhome.eu/malware/malware.php?mal_id=2141573224e82ba04891fc9.31999277 Win32/Kelihos Article URL malware.php?mal_id=2141573224e82ba04891fc9.31999277 Author SecurityHome.eu Published: 28 September 2011 Aliases : There are no other names known for Win32/Kelihos . Explanation : Win32/Kelihos is a trojan family that distributes spam email messages. The spam messages could contain hyperlinks to installers of Win32/Kelihos malware. The malware may communicate with remote servers to exchange information that is used to execute various tasks, including sending spam email, capturing sensitive information or downloading and executing arbitrary files. Top Win32/Kelihos is a trojan family that distributes spam email messages. The spam messages could contain hyperlinks to installers of Win32/Kelihos malware. The malware may communicate with remote servers to exchange information that is used to execute various tasks, including sending spam email, capturing sensitive information or downloading and executing arbitrary files. Installation When run, Win32/Kelihos creates a shared memory object, or "section object", named "GoogleImpl" to ensure only one instance of the trojan executes at a time. The registry is modified to run Win32/Kelihos at each Windows start: In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun Sets value: "SmartIndex" Page 1/7 Win32/Kelihos http://www.securityhome.eu/malware/malware.php?mal_id=2141573224e82ba04891fc9.31999277 With data: "<path and file name of Win32/Kelihos trojan>" Some variants may also install WinPcap, a legitimate and commonly used Windows packet capture library, as the following files: * <system folder>packet.dll * <system folder>wpcap.dll * <system folder>driversnpf.sys These files are not malicious themselves, but Kelihos uses them to spy on the affected computer€™s network activities. Payload Communicates with a remote host Win32/Kelihos exchanges encrypted messages with a remote server via HTTP protocol (TCP 80) to evade detection by security software or other filters. Some variants of the malware use a crafted User-Agent from the following list when communicating with the remote host: * Mozilla/5.0 (Windows; U; Windows NT 6.1; ja; rv:1.9.2a1pre) Gecko/20090403 Firefox/3.6a1pre * Mozilla/5.0 (X11; U; Linux x86_64; cy; rv:1.9.1b3) Gecko/20090327 Fedora/3.1-0.11.beta3.fc11 Firefox/3.1b3 * Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 * Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6 ; nl; rv:1.9) Gecko/2008051206 Firefox/3.0 * Mozilla/5.0 (Windows; U; Windows NT 6.1; es-AR; rv:1.9) Gecko/2008051206 Firefox/3.0 * Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 * Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-HK; rv:1.8.1.7) Gecko Firefox/2.0 * Mozilla/5.0 (Windows; U; Win95; it; rv:1.8.1) Gecko/20061010 Firefox/2.0 * Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 * Mozilla/5.0 (ZX-81; U; CP/M86; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 * Mozilla/5.0 (X11; U; NetBSD alpha; en-US; rv:1.8) Gecko/20060107 Firefox/1.5 * Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 * Mozilla/5.0 (X11; I; SunOS sun4u; en-GB; rv:1.7.8) Gecko/20050713 Firefox/1.0.4 Page 2/7 Win32/Kelihos http://www.securityhome.eu/malware/malware.php?mal_id=2141573224e82ba04891fc9.31999277 * Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.7.5) Gecko/20041222 Firefox/1.0 (Debian package 1.0-4) * Mozilla/5.0 (Windows; U; Win 9x 4.90; rv:1.7) Gecko/20041103 Firefox/0.9.3 * Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.7) Gecko/20040624 Firefox/0.9 * Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322) * Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; Tablet PC 2.0; OfficeLiveConnector.1.3; OfficeLivePatch.1.3; MS-RTC LM 8; InfoPath.3) * Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.21022) * Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322) * Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; x64; SV1) * Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) * Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) * Mozilla/4.0 (compatible; MSIE 5.5; Windows 95) * Mozilla/4.0 (compatible; MSIE 4.01; Windows NT 5.0) * Mozilla/2.0 (compatible; MSIE 3.0; Windows 3.1) * Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) * Microsoft Internet Explorer/1.0 (Windows 95) Data received from the remote server is interpreted by Win32/Kelihos and could contain instructions for the malware to perform any number of actions, including but not limited to the following: * Update a list of possibly compromised computers that the malware communicates and exchanges information with * Send spam email messages * Capture sensitive information * Send notifications or reports * Download and execute arbitrary files Page 3/7 Win32/Kelihos http://www.securityhome.eu/malware/malware.php?mal_id=2141573224e82ba04891fc9.31999277 Sends spam Win32/Kelihos uses SMTP to send spam email messages that are constructed based on certain templates and other data received from a remote server. The subject, body and contents of the spam email vary and can be updated at any time.Win32/Kelihos may have more than one spam campaign running at the same time. Win32/Kelihos may harvest email addresses from the affected computer's local drive by searching within certain files. It avoids searching within certain file types, including the following: * .7z * .avi * .bmp * .class * .dll * .exe * .gif * .gz * .hxd * .hxh * .hxn * .hxw * .jar * .jpeg * .jpg * .mov * .mp3 * .msi * .ocx * .ogg * .png * .rar Page 4/7 Win32/Kelihos http://www.securityhome.eu/malware/malware.php?mal_id=2141573224e82ba04891fc9.31999277 * .vob * .wav * .wave * .wma * .wmv * .zip The harvested email addresses are used as potential recipients for spam email messages distributed by Win32/Kelihos. Captures sensitive information Variants of Win32/Kelihos may use WinPcap to monitor network traffic and capture information such as login credentials from FTP, POP3 and SMTP traffic. In addition, Kelihos checks for the presence of the following applications in the affected computer and attempts to steal login credentials, digital currency and other information: * 32-bit FTP * Bitcoin * BitKinex * Bullet Proof FTP * BulletProof FTP Client * Classic FTP * Core FTP * CoreFTP * CuteFTP * Directory Opus * FAR Manager * FFFTP * FTP Commander * FTP Commander Deluxe * FTP Commander Pro Page 5/7 Win32/Kelihos http://www.securityhome.eu/malware/malware.php?mal_id=2141573224e82ba04891fc9.31999277 * FTP Control * FTP Explorer * FTP Navigator * FTPRush * FileZilla * FlashFXP * Fling * Fling FTP * Frigate3 * Frigate3 FTP * LeapFTP * NetDrive * SecureFX * SmartFTP * SoftX FTP Client * Sota FFFTP * Total Commander * TurboFTP * UltraFXP * WS_FTP * WebDrive * WebSitePublisher * WinSCP Analysis by Gilou Tenebro Page 6/7 Win32/Kelihos http://www.securityhome.eu/malware/malware.php?mal_id=2141573224e82ba04891fc9.31999277 Last update 28 September 2011 Page 7/7.
Recommended publications
  • Muuglines the Manitoba UNIX User Group Newsletter

    Muuglines the Manitoba UNIX User Group Newsletter

    MUUGLines The Manitoba UNIX User Group Newsletter Volume 28 No. 10, June 2016 Editor: Bradford C. Vokey Next Meeting: June 14th, 2016, )here to Find the Meeting 7:30 pm University of Winnipeg Room 1M28 Manitoba Hall Main Topic: Gentoo Eric Raine will be presenting on the Gentoo Linux Dist. Differ- ences in installation from Ubuntu will be covered. Also covered is how to configure installation of packages and update. entoo is a free operating s!stem based on either Linux or Free#$D that can be automaticall! optimi%ed and customized for just about any applic- ation or need. RTFM: Termina Control Commands Due to a recent influx of new and novice members 'revor Cordes will be doing an R'") instead of a daemon dash this month. The topic is something ever! *+,- user should master. terminal control commands (i.e.0 ^2 and ^L3 and rudimentar! job control. These little dual ke! presses will streamline !our terminal sessions and make you more efficient. 4ou5ll wonder how you ever got b! without them6 Door %rize'#( )eetings are held in the University of Winnipeg's 'his month we will be giving )anitoba Hall (marked “M” on the map30 along awa! the O8Reill! book #almoral Street south of Ellice Avenue. We can be "Using csh & tcsh"0 found in room 1)@A0 but may occasionall! get b! Paul Du#ois. relocated to nearb! rooms. If there is a change0 it should be conve!ed via a sign on the door to 1)@A. Type Less, Accomplish More. Doors are usuall! open b! 7.CC pm with the meeting starting at 7.DC pm.
  • Directory Opus 6 Kurzanleitung

    Directory Opus 6 Kurzanleitung

    Directory Opus 6 für Windows Anleitung Copyright © 2007 HAAGE & PARTNER Computer GmbH, Deutschland Seite 1 von 58 Directory Opus 6 für Windows Anleitung Inhalt 1. Willkommen....................................................................................................................3 2. Die Installation ...............................................................................................................5 2.1. Voraussetzungen ......................................................................................................5 2.2. Installieren von Directory Opus 6 ..............................................................................5 2.3. Online-Registrierung .................................................................................................6 2.4. Der erste Start...........................................................................................................7 3. Einführung und Übersicht...........................................................................................10 3.1. Die Komponenten von Directory Opus....................................................................10 3.2. Grundlegende Konzepte: Wie Opus arbeitet...........................................................12 4. Erste Schritte ...............................................................................................................16 5. Einstellungen ...............................................................................................................19 5.1. Einstellungen...........................................................................................................19
  • Valami Commander Felhasználói És Fejlesztői Dokumentáció

    Valami Commander Felhasználói És Fejlesztői Dokumentáció

    Tuska Balázs Valami Commander Felhasználói és Fejlesztői Dokumentáció Témavezető: Porkoláb Zoltán ELTE IK 2004 1 Tartalomjegyzék 1. Bevezető...............................................................................................................................4 1.1. A programról.................................................................................................................4 1.1.1. Motiváció és történet.............................................................................................5 1.1.2. Mire használható?.................................................................................................7 1.1.3. Mire nem használható?.........................................................................................7 1.2. Telepítés........................................................................................................................7 1.2.1. Követelmények és Ajánlások................................................................................7 1.2.2. A telepítés menete.................................................................................................8 2. Funkciók részletesen a felhasználók számára.......................................................................9 2.1. A fő ablak......................................................................................................................9 2.1.1. Panelek................................................................................................................10 2.1.2. A parancssor........................................................................................................11
  • W32.Ramnit Analysis

    W32.Ramnit Analysis

    W32.Ramnit analysis SECURITY RESPONSE W32.Ramnit analysis Symantec Security Response Version 1.0 – February 24, 2015, 12:00 GMT It is estimated that the Ramnit botnet may consist of up to 350,000 compromised computers worldwide. CONTENTS SUMMARY ..................................................................... 3 Overview ....................................................................... 4 Operations ..................................................................... 6 Victims .......................................................................... 8 Technical analysis of W32.Ramnit.B ........................... 10 Overview ................................................................ 10 Exploit usage ......................................................... 11 Anti-analysis .......................................................... 11 Installer ................................................................. 11 Device driver .......................................................... 14 Embedded DLL_1 .................................................. 14 DLL_2 .................................................................... 16 Communications ................................................... 18 Master boot record infection routine .................... 19 Ramnit modules .................................................... 24 Detection guidance ..................................................... 30 Network traffic ...................................................... 30 Yara signature ......................................................
  • DLCC Software Catalog

    DLCC Software Catalog

    Daniel's Legacy Computer Collections Software Catalog Category Platform Software Category Title Author Year Media Commercial Apple II Integrated Suite Claris AppleWorks 2.0 Claris Corporation and Apple Computer, Inc. 1987 800K Commercial Apple II Operating System Apple IIGS System 1.0.2 --> 1.1.1 Update Apple Computer, Inc. 1984 400K Commercial Apple II Operating System Apple IIGS System 1.1 Apple Computer, Inc. 1986 800K Commercial Apple II Operating System Apple IIGS System 2.0 Apple Computer, Inc. 1987 800K Commercial Apple II Operating System Apple IIGS System 3.1 Apple Computer, Inc. 1987 800K Commercial Apple II Operating System Apple IIGS System 3.2 Apple Computer, Inc. 1988 800K Commercial Apple II Operating System Apple IIGS System 4.0 Apple Computer, Inc. 1988 800K Commercial Apple II Operating System Apple IIGS System 5.0 Apple Computer, Inc. 1989 800K Commercial Apple II Operating System Apple IIGS System 5.0.2 Apple Computer, Inc. 1989 800K Commercial Apple II Reference: Programming ProDOS Basic Programming Examples Apple Computer, Inc. 1983 800K Commercial Apple II Utility: Printer ImageWriter Toolkit 1.5 Apple Computer, Inc. 1984 400K Commercial Apple II Utility: User ProDOS User's Disk Apple Computer, Inc. 1983 800K Total Apple II Titles: 12 Commercial Apple Lisa Emulator MacWorks 1.00 Apple Computer, Inc. 1984 400K Commercial Apple Lisa Office Suite Lisa 7/7 3.0 Apple Computer, Inc. 1984 400K Total Apple Lisa Titles: 2 Commercial Apple Mac OS 0-9 Audio Audioshop 1.03 Opcode Systems, Inc. 1992 800K Commercial Apple Mac OS 0-9 Audio Audioshop 2.0 Opcode Systems, Inc.
  • New Telebots Backdoor: First Evidence Linking Industroyer to Notpetya

    New Telebots Backdoor: First Evidence Linking Industroyer to Notpetya

    10/14/2018 New TeleBots backdoor links Industroyer to NotPetya for first time (https://www.welivesecurity.com/) New TeleBots backdoor: First evidence linking Industroyer to NotPetya ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven Among the most significant malware-induced cybersecurity incidents in recent years were the attacks against the Ukrainian power grid (https://www.welivesecurity.com/2017/06/12/industroyer-biggest- threat-industrial-control-systems-since-stuxnet/) – which resulted in unprecedented blackouts two years in a row – and the devastating NotPetya ransomware outbreak (https://www.welivesecurity.com/2017/06/27/new-ransomware- attack-hits-ukraine/). Let’s take a look at the links between these major incidents. The first ever malware-enabled blackout in history, which happened in December 2015, was facilitated by the BlackEnergy malware toolkit (https://www.welivesecurity.com/2016/01/04/blackenergy-trojan- strikes-again-attacks-ukrainian-electric-power-industry/). ESET researchers have been following the activity (https://www.welivesecurity.com/2014/10/14/cve-2014-4114-details- august-blackenergy-powerpoint-campaigns/) of the APT group https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/ 1/19 10/14/2018 New TeleBots backdoor links Industroyer to NotPetya for first time utilizing BlackEnergy both before and after this milestone event. After th(het t2p0s:1/5/w bwlawc.kwoeulivte, stehcuer igtyr.ocoump/ s) eemed to have ceased actively using BlackEnergy, and evolved into what we call TeleBots (https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing- disruptive-killdisk-attacks/).
  • Paul Collins Status Name/Startup Item Command Comments X System32

    Paul Collins Status Name/Startup Item Command Comments X System32

    SYSINFO.ORG STARTUP LIST : 11th June 2006 (c) Paul Collins Status Name/Startup Item Command Comments X system32.exe Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field X pathex.exe Added by the MKMOOSE-A WORM! X svchost.exe Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder X SystemBoot services.exe Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder X WinCheck services.exe Added by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft" subfolder of the Windows or Winnt folder X Windows services.exe Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder X WinStart services.exe Added by the SOBER.O WORM! Note - this is not the legitimate
  • What Is the Contribution of Personal Information Management Systems (PIMS) to the Working Model and Personal Work System of Knowledge Workers?

    What Is the Contribution of Personal Information Management Systems (PIMS) to the Working Model and Personal Work System of Knowledge Workers?

    Open Research Online The Open University’s repository of research publications and other research outputs What is the contribution of personal information management systems (PIMS) to the Working Model and personal work system of knowledge workers? Thesis How to cite: Gregory, Mark Roger (2017). What is the contribution of personal information management systems (PIMS) to the Working Model and personal work system of knowledge workers? PhD thesis The Open University. For guidance on citations see FAQs. c 2016 The Author Version: Version of Record Copyright and Moral Rights for the articles on this site are retained by the individual authors and/or other copyright owners. For more information on Open Research Online’s data policy on reuse of materials please consult the policies page. oro.open.ac.uk What is the contribution of personal information management systems (PIMS) to the Working Model and personal work system of knowledge workers? Mark Gregory, B.Sc. (Hons), M.Sc. Thesis submitted in partial fulfilment of the requirements for the degree of Ph.D. in Information Systems December 2016 The Open University Rennes School of Business Affiliated Research Centre ARC Supervisors: Prof. David Weir (Visiting Professor at York St John University) Dr. Renaud Macgilchrist (Rennes School of Business) Examiners: Prof. Trevor Wood-Harper (Manchester Business School) Dr. Tom Mcnamara (Rennes School of Business) 1 / 343 Abstract The thesis reports research into a phenomenon which it calls the personal working model of an individual knowledge worker. The principal conjecture addressed in this thesis is that each of us has a personal working model which is supported by a personal work system enabled by a personal information management system.
  • Met MC(Chistovik)-New

    Met MC(Chistovik)-New

    3 МІНІСТЕРСТВО ОСВІТИ І НАУКИ УКРАЇНИ Запорізький національний технічний університет МЕТОДИЧНІ ВКАЗІВКИ до виконання лабораторних робіт з дисципліни “Системне програмне забезпечення” для студентів спеціальності 123 “Комп’ютерна інженерія” усіх форм навчання частина 2 Файл-менеджери в операційній системі Linux 2018 PDF created with pdfFactory Pro tria3l version www.pdffactory.com 4 Методичні вказівки до виконання лабораторних робіт з дисципліни “Системне програмне забезпечення” для студентів спеціальності 123 “Комп’ютерна інженерія” усіх форм навчання частина 2. Файл-менеджери в операційній системі Linux /Укл. Т.О.Паромова, Т.М.Семерюк. - Запоріжжя: ЗНТУ, 2018.- 18с. Укладачі: Т.О.Паромова, ст.викладач, Т.М. Семерюк, асистент Рецензент: С.Ю.Скрупський, доцент, к.т.н. Відповідальний за випуск: Т.М. Семерюк, асистент Затверджено на засіданні кафедри “Комп’ютерні системи та мережі” Протокол № 8 від “ 25 ” квітня 2018р. Рекомендовано до видання НМК факультету комп’ютерних наук і технологій Протокол №9 від “ 27 ” квітня 2018р. PDF created with pdfFactory Pro trial version www.pdffactory.com 4 3 ЗМІСТ 1. ЗАГАЛЬНІ ВІДОМОСТІ ......................................................... 4 1.1. Загальна інформація про оболонку: ......................................... 4 1.2. Зовнішній вигляд екрану Midnight Commander: ...................... 4 1.3. Меню панелей: ......................................................................... 5 1.4. Управління панелями: ............................................................ 10 1.5. Функціональні клавіші:
  • Directory Opus 9

    Directory Opus 9

    Reference Manual Directory Opus 9 (c) GPSoftware, Brisbane, 2008 Reference Manual Directory Opus 9 Contents · i Contents Copyright Notice ..................................................................................................................1 Program License...................................................................................................................2 Acknowledgments ................................................................................................................4 Introduction and Overview 6 System Requirements............................................................................................................7 Installing and Registering Directory Opus 9 ..........................................................................8 Launching Opus for the First Time......................................................................................10 Welcome to Directory Opus................................................................................................11 Summary ..............................................................................................................11 Directory Opus 9 Components 13 Overview............................................................................................................................14 New Features for Version 9 17 New Vista related ...............................................................................................................17 New Explorer Replacement Changes...................................................................................18
  • CIT381 COURSE TITLE: File Processing and Management

    CIT381 COURSE TITLE: File Processing and Management

    NATIONAL OPEN UNIVERSITY OF NIGERIA SCHOOL OF SCIENCE AND TECHNOLOGY COURSE CODE: CIT381 COURSE TITLE: File Processing and Management CIT381 COURSE GUIDE COURSE GUIDE CIT381 FILE PROCESSING AND MANAGEMENT Course Team Ismaila O. Mudasiru (Developer/Writer) - OAU NATIONAL OPEN UNIVERSITY OF NIGERIA ii CIT381 COURSE GUIDE National Open University of Nigeria Headquarters 14/16 Ahmadu Bello Way Victoria Island Lagos Abuja Office No. 5 Dar es Salaam Street Off Aminu Kano Crescent Wuse II, Abuja Nigeria e-mail: [email protected] URL: www.nou.edu.ng Published By: National Open University of Nigeria First Printed 2011 ISBN: 978-058-525-7 All Rights Reserved CONTENTS PAGE iii CIT381 COURSE GUIDE Introduction …………………..…………………………………… 1 What You Will Learn in this Course………………………………. 1 Course Aims ………………………………………………………. 2 Course Objectives …………………………………………………. 2 Working through this Course………………………….…………… 3 The Course Materials………………………………………………. 3 Study Units…………………………………………………………. 3 Presentation Schedule……………….……………………………… 4 Assessment…………………………………………………………. 5 Tutor-Marked Assignment…………………………………………. 5 Final Examination and Grading……………………………………. 6 Course Marking Scheme…………………………………………… 6 Facilitators/Tutors and Tutorials…………………………………… 6 Summary…………………………………………………………… 7 iv CIT381 FILE PROCESSING AND MANAGEMENT Introduction File Processing and Management is a second semester course. It is a 2- credit course that is available to students offering Bachelor of Science, B. Sc., Computer Science, Information Systems and Allied degrees. Computers can store information on several different types of physical media. Magnetic tape, magnetic disk and optical disk are the most common media. Each of these media has its own characteristics and physical organisation. For convenience use of the computer system, the operating system provides a uniform logical view of information storage. The operating system abstracts from the physical properties of its storage devices to define a logical storage unit, the file.
  • Comodo Cybersecurity Threat Intelligence Lab ������������������������������������������������������������������������������ 66

    Comodo Cybersecurity Threat Intelligence Lab ������������������������������������������������������������������������������ 66

    Comodo Cybersecurity Q1 2018 REPORT Table of Contents Highlights �� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 4 Ransomware gives way to cryptominers �� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 5 Monero is ahead of Bitcoin �� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 5 Ransomware vs� cryptominers� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 5 Bitcoin mining malware �� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 7 Bitcoins vs� other cryptocurrency miners �� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 7 Monero mining malwares �� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 8 GhostMiner � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 13 CoinMiner� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �