comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
drivers on my commlink before I turn it off for the night; most<br />
people don’t think to disinfect immediately when they boot up,<br />
and anybody trying to jack my shit lets the virus spread through<br />
their PAN to their implants.<br />
Worms are specialized malware agents with an emphasis on<br />
stealth instead of brute force. As long as you keep the agent from<br />
running the entire payload at once, a good worm can last for days<br />
or weeks on a node without being discovered. Corporate hackers<br />
and law enforcement tend to favor worms, especially dataworms,<br />
to keep track of hackers or limit their capabilities. One really nasty<br />
combination is to load a worm with a pacifist virus that infects<br />
the hacker’s combat proggies and prevents them from frying the<br />
worm outright. On the other<br />
hand, worms themselves have<br />
few defenses against viruses. I<br />
usually stick with an inertiainfected<br />
autosoft to jam their<br />
replicate ability.<br />
> Kinda sucks for riggers<br />
though, huh?<br />
> Sticks<br />
> The best defense for a drone<br />
is simply not to get hacked to<br />
begin with, but a good back-up<br />
for riggers is strong encryption—stymies<br />
most worms.<br />
In a pinch, a rigger that can’t<br />
deal with a worm or a virus immediately<br />
is best off cutting it<br />
out of their network before the<br />
infection spreads.<br />
> Rigger X<br />
> Or shut the infected drone down and leave it as an effective boobytrap<br />
for somebody. I got burned like that once.<br />
> Turbo Bunny<br />
Viruses and worms are both straight forward and proactive<br />
programs designed to weaken a node or device in some way. By<br />
contrast, trojans are more like scouts that go in and pave the way<br />
for a later hack.<br />
> Of course, there’s nothing to stop you from combining different<br />
types of malware. You can have a worm with a virus and a trojan in<br />
its payload that moves in, smoothes your entry, and unleashes the<br />
virus to cover your tracks when you leave. It’s almost like creating<br />
genetic chimerae in its elegance.<br />
> The Smiling Bandit<br />
agentS<br />
Agents are essential to the function of the modern Matrix,<br />
and many hackers have at least one to help them with background<br />
tasks they don’t have time to do themselves. An agent is really a<br />
presence multiplier for hackers, letting them expand the number<br />
of places that they can be in and what they can do. No surprise,<br />
then, that some hackers go for agents in a big way.<br />
from: Clockwork<br />
Subject: Re: Ergonomic Malware<br />
Whether or not to load your malware with ergonomic<br />
programs depends on the purpose of the malware agent. If<br />
you want to slow down or crash the system, loading the malware<br />
with regular programs is a good way to go. On the other<br />
hand, if you want your malware to be undetected, I’d go with<br />
the ergonomic program option: less program load means it’s<br />
less likely to be noticed. Sometimes you might even want to<br />
combine the two ideas. For example, maybe you want a worm<br />
to spread throughout a system (using ergonomic stealth programs<br />
to stay undetected), and then when the signal is given<br />
(or timer clocks down, whatever), the agent de-activates its<br />
ergonomic program and runs its regular programs to slow the<br />
system down. The only catch, of course, is that there’s a period<br />
of time between activating and de-activating programs<br />
where the worm is particularly vulnerable.<br />
Unwired<br />
> Some hackers frown on the use of agents, especially when some<br />
brainless ape that knows jack-all about hacking uses a mook instead<br />
of figuring out how to do things themselves.<br />
> The Smiling Bandit<br />
> Mook?<br />
> Sticks<br />
> A high-end agent that does everything in the Matrix for the user,<br />
even the most basic tasks. Instead of learning how to hack, the<br />
user commands the mook to do it for him. Most MSPs provide basic<br />
agents to make the user’s life easier, and lazy users just order them<br />
to do everything. Of course, commercial mooks have built-in limitations<br />
against breaking<br />
the law. To build a mook<br />
capable of hacking, you<br />
need a real hacker.<br />
> The Smiling Bandit<br />
Another advantage<br />
agents can provide is<br />
that they are eminently<br />
disposable—if the agent<br />
gets crashed, the hacker can<br />
just re-load it. Still, hackers<br />
should be wary about feeding<br />
their agents to IC and<br />
spiders: unless you load<br />
it onto the node (which<br />
requires privileges most<br />
hackers don’t have), the<br />
agent can be traced directly<br />
back to you. If you do load<br />
an agent on a node, you’d<br />
better be sure it doesn’t have any incriminating data on it, because if it’s<br />
found and dissected it can lead straight back to you—or the spider can<br />
research exploits to use specifically against that type of agent or the programs<br />
it carries, giving them an advantage over you in cybercombat.<br />
The major limitations on agents are the number of active subscriptions<br />
they take up and the number of programs they can have<br />
running before seeing lag. Having two agents running at the same<br />
time can slow your commlink down something fierce. You can get<br />
around the lag by not running any programs yourself—only really<br />
an option if you’re letting your commlink run overnight while you’re<br />
not connected to it or something—or you can load the agent onto<br />
another node and let their system lag. When you upload an agent<br />
to run on another node, though, you still have to keep an active subscription<br />
to it to receive data and give it orders in real time. When<br />
you want to use more agents than your commlink could handle on<br />
its own, the next step up is a botnet.<br />
> Note the key word there is “in real time.” Hackers that don’t mind<br />
the snail’s pace and uncertainty of knowing whether or not their agent<br />
is still active and running can sever the active subscription and let<br />
the agent just run on its own until the hacker re-establishes contact,<br />
or a hacker and agent can forward their communications through an<br />
e-mail account or use other non-real-time communication methods.<br />
> Glitch<br />
Simon Wentworth (order #1132857) 9<br />
87<br />
hacker’s handbook . . . . . . . . . . . . . . . . . . . . . . . . . .