Glossary of Virus Terms - N
|
NE
|
|
NE refers to New Executable, which is the standard Windows 16-bit executable file
format. Windows 16-bit viruses are detected by Trend products as NE_malwarename.
|
Back to Top
Network firewall
|
A network firewall protects a computer network from unauthorized access and is often
considered the first line of defence in protecting a computer network against outside
threats. On most configurations, data packets entering or leaving a network pass
through a firewall, which examines each packet and drops those that do not meet
specified criteria. Network firewalls may also be configured to limit how internal
users connect externally.
Firewalls, in general, can be implemented as hardware, software, or a combination
of both.
|
Back to Top
Network topology
|
|
Topology refers to the shape of a network, or a network's layout, and can be either
physical or logical. A network's topology determines how its nodes are connected
and how they communicate. The five most common network topologies are Mesh, Star,
Bus, Ring, and Tree.
|
Back to Top
Network viruses
|
A network virus is a self-contained program (or set of programs) that can spread
copies of itself or its segments across networks, including the Internet. Propagation
often takes place via shared resources, such as shared drives and folders, or other
network ports and services. Network viruses are not limited to the usual form of
files or email attachments, but can also be resident in a computer's memory space
alone (often referred to as memory-only worms).
In many cases, network viruses exploit vulnerabilities in the operating system or
other installed programs. Some existing network viruses have the ability to spread
themselves via legitimate network ports, such as port 80 (HTTP), 1434 (SQL), or
135 (DCOM RPC).
Once a network virus infects a new system, it often searches for other potential
targets. It achieves this by searching the network for other vulnerable systems.
Once a new vulnerable system is found, the network virus will attempt to infect
the other system as well.
Some network viruses also have payloads, such as denial of service (DoS) attacks.
When such an attack is carried out, infected computers will attempt to overwhelm
the target system until it is unable to function properly. Example: The MSBLAST
virus carried out a denial of service attack against the URL windowsupdate.com.
The most notorious network viruses are CodeRed, Nimda, SQLSlammer, and MSBlast.
CodeRed spreads as a series of packets in system memory via network port 80 (http)
by exploiting a vulnerability hole (MS01-033) in Microsoft IIS (Internet Information
Service).
Nimda spreads via network port 80 (http) by exploiting a vulnerability hole (MS00-078)
in Microsoft IIS (Internet Information Service). Nimda is considered a blended threat,
since it also has the ability to spread itself across the network via shared drives
and email attachments.
SQLSlammer spreads as a series of packets in system memory via UDP network port
1434 (SQL) by exploiting a vulnerability hole in Microsoft SQL Server 2000 and Microsoft
Desktop Engine 2000 (MSDE).
MSBlast spreads via network port 135 (DCOM RPC) by exploiting a vulnerability in
the Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC)
interface. It also uses several other network ports (UDP 69, TCP 4444) during its
propagation.
|
Back to Top
NSLookup
|
|
Displays information from Domain Name system (DNS) name servers. Given an IP address
or a DNS address, it will look up and show the corresponding DNS or IP address.
|