Happy (early) Valentines Day! Have some virus yaoi.

Slammer (Metal) Sonic— @moderator-monnie

Support me on Ko-Fi

Challenge for artists for fun! (Create A Slammer Clone Oc!)

Create your own 'clone' copy for Slammer.

What Is A Slammer Clone/How to describe one?

1: It can take the form of any character. (Not limited to the Sonic Series.)

2: It can take the form of any insect that, (lays eggs and has a larva stage at some point.)

Rules:

1: They must have empty eye sockets on their face, however they can have an eye or eyes. Somewhere else on the body.

(You can decide the placement on the body.)

2: These Two Colors Must Be Used Somewhere In The Design.

3: Sonic, Shadow, Tails, Amy and Mario already have Slammer Clones/an insect assigned to them, so they can't be used.

4: have fun!

Slammer Sonic for reference art by lazy-charlie

Introduction to Distributed Denial of Service (DDoS) Attacks

DDoS attacks are a form of cyberattack where multiple compromised devices (known as "zombies") are used to overwhelm a target server or network with an immense volume of traffic, rendering the service unavailable to legitimate users. These attacks are a significant threat to online services, targeting the core principle of availability in information security. Unlike viruses or malware that focus on compromising or stealing data, DDoS attacks disrupt services by exhausting resources such as bandwidth, CPU, or memory. The foundation for DDoS attacks emerged in the 1980s with attacks like the Morris worm (1988), which was one of the first large-scale disruptions, affecting internet functionality on a significant scale. As the internet expanded, so did the complexity and frequency of DDoS attacks, making them a primary concern for internet security.

Types and Mechanisms of DDoS Attacks

DDoS attacks can vary in their structure and method of execution but are generally classified into two main categories: resource exhaustion and service disruption.

Resource Exhaustion Attacks: These attacks aim to overload a system by flooding it with traffic. Examples include SYN Flood and ICMP Flood (e.g., Smurf Attack) where attackers flood a server with connection requests or ping requests, respectively, consuming bandwidth and preventing legitimate connections.

Service Disruption Attacks: These attacks exploit specific vulnerabilities in applications or protocols, such as the Ping of Death or SQL Slammer worm. These attacks send malformed packets or exploit application flaws to disrupt service functionality directly, rather than simply flooding the server.

DDoS attacks are facilitated by weaknesses inherent in internet protocols. Protocols like TCP/IP were initially designed for openness and accessibility, without strong security controls to verify the source of traffic. This lack of source verification enables attackers to "spoof" IP addresses, making it difficult to trace the origin of the attack. The structure of these attacks has also evolved, with sophisticated approaches like Reflector and Amplification attacks, which amplify traffic through intermediary servers, and Botnets, where attackers control a large network of compromised devices to launch synchronized attacks.

Defense Mechanisms Against DDoS Attacks

Defense against DDoS attacks requires a layered approach due to the distributed and deceptive nature of these threats. Broadly, defense strategies are classified into prevention, detection, mitigation, and traceback.

Prevention: This involves measures to protect systems before an attack occurs. Techniques include:

Ingress/Egress Filtering: Filtering packets based on IP addresses to prevent spoofed IP traffic from reaching a network.

Source Address Validation (SAVE): Verifying the source address of incoming packets to ensure they originate from legitimate IP addresses.

Hop Count Filtering: Matching the packet’s hop count with known values to detect and filter spoofed packets.

Detection: Effective DDoS defense relies on early detection of anomalous traffic patterns. Common methods include:

Anomaly-based Detection: Establishing a baseline for normal network behavior and flagging traffic that deviates from this baseline.

Pattern-based Detection: Identifying DDoS patterns based on known attack signatures, such as the SYN-ACK ratio in SYN Flood attacks.

Time-Series Analysis: Detecting sustained traffic spikes, often indicative of DDoS attacks.

Mitigation and Reaction: When a DDoS attack is underway, mitigation techniques aim to minimize impact. These include:

Rate Limiting: Limiting the volume of requests to a server to prevent overload.

Filtering and Blacklisting: Blocking known malicious IPs or applying firewall rules to drop suspected malicious packets.

Pushback Scheme: A collaborative response where routers communicate and implement filters upstream to prevent the attack from reaching the target network.

Traceback and Source Identification: Locating the source of DDoS traffic is challenging but essential for a complete defense. IP Traceback methods, including probabilistic packet marking and hash-based traceback, can identify the origin of traffic even when IP spoofing is used.

Challenges and Future Directions

The distributed nature of DDoS attacks poses challenges that make a one-size-fits-all solution unlikely. The attack traffic can often resemble legitimate traffic, making it difficult to distinguish between the two. Additionally, global implementation of protocols like IP traceback is limited by coordination challenges among diverse networks and jurisdictions. Large-scale adoption of D-WARD and Secure Overlay Services (SOS), which operate close to the source of traffic, is still under exploration for practical implementation. Effective DDoS defense will likely require collaborative efforts between ISPs, enterprises, and governments to address technical and regulatory aspects of security, including stricter policies on internet access and accountability.

Conclusion

DDoS attacks remain a persistent threat to internet security, driven by a combination of technical vulnerabilities and the evolving capabilities of attackers. Despite significant advancements in detection and prevention techniques, a completely foolproof solution remains elusive. Future defenses will need to balance flexibility, speed, and scalability to keep up with evolving attack methods. With increased collaboration and adoption of advanced technologies, however, it is possible to significantly reduce the impact of these attacks and improve overall internet resilience.

Endless Data in Dubai has been providing professional service in information security since 2002 , for more information about our security products please visit our website

10 Most Damaging Computer Virus In History

A computer virus is a harmful program that sneaks into your device and takes control of it, changing how it works. It often pretends to be a safe program or file and can stay hidden until you open the program it’s attached to. List of Top 10 Most Damaging Computer Virus In History

ILOVEYOU – $15 Billion

ILOVEYOU, also known as the Love Bug, was a computer worm that originated in the Philippines in May 2000. It was distributed via an email attachment that appeared to be a love confession from a secret admirer.

2 Mydoom – $38 Billion

MyDoom is a computer worm that spread through email in 2004 and caused a lot of damage. It is considered to be one of the fastest-spreading email worms ever, affecting millions of computers around the world.

3 Sobig – $37 Billion

SoBig was a computer worm that first appeared in August 2003 and quickly spread through email attachments, causing an estimated $37 billion in damages.

4 Klez – $19.8 Billion

Klez is a computer worm that first appeared in 2001 and is considered one of the most damaging worms of all time. It is estimated to have caused $19.8 billion in damages, with its most significant impact felt in the United States and China.

5 WannaCry – $4 Billion

WannaCry was a type of ransomware attack that caused widespread damage in 2017, infecting more than 200,000 computers in 150 countries.

6 Code Red $2.4 Billion

Code Red was a computer worm that infected Microsoft IIS web servers running on Windows NT and 2000 operating systems in 2001.

7 Melissa

Melissa was a macro virus that was spread through infected email attachments in 1999. It caused widespread disruption by rapidly infecting computers and clogging email servers, resulting in an estimated $1.2 billion in damages.

8 Sasser $500 Million

Sasser was able to spread rapidly and caused significant disruption to computer networks worldwide. It caused significant damage, estimated at $1.1 billion. The worm was designed to scan for and infect vulnerable systems, causing them to crash or experience other issues.

10 Nimda

Nimda was a computer worm that caused significant damage in 2001. It spread through email and web servers, infecting computers and causing disruptions to businesses and individuals.

10 SQL Slammer -

SQL Slammer was a computer worm that caused significant damage in 2003. It targeted Microsoft SQL Server and Desktop Engine databases, infecting computers and causing widespread disruption.

your AU reminded me of the Sapphire Worm aka the SQL Slammer and now the information about it just lives rent free in my head and actually makes me very happy so thank youuu

nice!! virus time baby

just released an update that added 23 new malware (DID NOT MEAN TO DO THIS, I GOT CARRIED AWAY...) but now there are 95!

edit: small patch, added code red II to the list as well as one more malware, say hi to rensenware!

the newly added ones are below :)

worms

SQL Slammer/Sapphire/Helkern Swen Sober Agobot/Gaobot Bolgimo Netsky Witty Caribe/Cabir W32/Storm.worm Stration/Stratio/Warezov Santy Nyxem Zotob Sadmind Nimda Code Red II

other

Graybird Torpig/Anserin/Sinowal Mocmex Storm Worm (Storm Botnet) Zlob Bifrost/Bifrose Vundo/Virtumonde/Virtumondo Rensenware

hi!! i made a malware generator. shocking, i know. as of posting this, it currently has 71 different malwares that can be randomly generated. some of them you've probably never heard of. ooooooh ghost noises ooooooooooh.

it's rlly basic but i'm proud of it :)

HTS Realistic Challenge Reflection

The realistic challenges were definitely a step up from the basic challenges in terms they didn’t rely on one vulnerability but tended to involve chaining together a heap of issues in order to finally get a solution. I found some of the latter ones a bit challenging, however I definitely learnt a fair bit in the process. I’ll highlight some of the cool things I did over these 16 challenges:

1 - Abusing a voting system by forging a GET request

2 - SQL injection to break a login form

3 - Abusing server text file writes to overwrite local files

4 - SQL injection to steal all user data

5 - Cracking a MD5 hash with HashCat

6 - Cracking a crappy encryption algorithm

7 - Abusing server text file reads to grab a password, then breaking the md5crypt with HashCat (and a dictionary)

8 - SQL injection to pull user data, cookie tampering and abusing server text file writes

9 - XSS attack

10 - Abusing default configurations, cookie tampering and forging POST requests

11 - Piping commands into Perl scripts, modifying POST requests and abusing a file download script

12 - DOS command injection through script and abusing server text file reads

13 - GET request fiddling, bit of steganography and breaking a MD5 hash

14 - Abusing input with null-terminating characters

15 - Plaintext attack of encrypted zip files with Pkcrack, bit of steganography, forging POST requests, abusing unparsed PHP inputs, cracking MD5 hashes and buffer overflows

16 - Decompiling flash files, crafting user input to overwriting authentication config and forging GET requests

I probably should have mentioned in all of these challenges, a significant amount of recon was required. Just having to dig around the site to find spots for user input and testing whether they were vulnerable took a fair bit of time.

Some Relevant Cases

As per my guidelines, I was going to give some examples of cases where some of these methods have been used:

Heartland Payment Systems - breach in 2009 with SQL injection

SQL Slammer - computer worm in 2003 which abused a buffer overflow in the Microsoft SQL Server and Desktop Engine products

Samy (worm) - XSS worm that propagated across MySpace in 2005

MongoDB hack - dangers of using default configurations which leave your computer open to the entire internet

There has been a lot more information freely available regarding web security and a lot of the main ones aren’t anywhere near as possible today. Just basic escaping user input and performing sensitive data operations server-side will solve most of the problems.

01 | Life expectancy of a Computer Connected to the Internet

Past computer worms such as the SQL Slammer, Nimda and Witty were able to infect most of the computers affected within an hour with the SQL Slammer taking as little as 10 minutes to infect the majority of its 75,000 victims. As such, it is important for us to know approximately how long a new, unprotected computer will last once connected to the internet.

According to SANS’s Internet Storm Centre, an average brand-new unprotected computer will last approximately 20 minutes once connected to the internet before it becomes compromised. This average survival time from 2004 has dropped from 40 minutes compared to 2003, just a year prior. This trend reflects the narrowing window of opportunity for users to protect their connected computers from vulnerabilities. Following this trend, we can assume a computer in 2019 has a survival time of less than 20 minutes.

The survival time varies between different computers and internet networks. For example, an internet service provider that blocks ports commonly used by worms will have a longer survival time compared to those that do not. Alternatively, high-speed internet services and university networks are frequently targeted with additional scans from malware (seen in the recent ANU data breach), resulting in shorter survival times for connected devices. As such, the actual survival time for a specific computer will depend on its internet service provider and the configuration of its operating system.

References: The Register Infected in 20 Minutes  GCN Unprotected PCs Can Expect Infection in Minutes  SANS Internet Storm Center 

Ejemplos

Durante el avance de la tecnología a estado mejorando los progamas antivirus pero esto no a impedido que algunos virus hayan infectado  a muchos dispositivos, algunos de estos son Morris Worm, CryptoLocker, SQL Slammer, ILOVEYOU y Nimba

Your content is quite intresting not to mention your character designs are so diverse and clearly have effort put into them! 

Even if you didn’t do anymore content with your own Exe chararters I can still enjoy what there was and your other content as well it’s quite intresting.

And ahh it appears both me and rose my artist friend did right then! we wanted it to appear cute and innocent being so bright at first then suddenly have all the color but the blood and worms disappear!

And thank you plenty I'm suprised you've known about him before this! Slammer Sonic is defiantly my passion creation I care deeply for him I loved the idea of making a computer virus EXE but I wanted to take the “worm” part of the SQL Slammer Worm litearly.

I quite like designing horror character's honestly it's a passion of mine!

I might not be an artist myself but one thing I can do is concepts and ideas.

I appreciate your time! :D

Eventually I will have another exe as well ((though he won't get comics lol))

Oh Heck howdy! I'm Monnie, gotta say your one of the people I look up to in the exe tumblr community ((along with weirdoz, rabbit and cloudie))

So seeing you check out the latest Slammer Sonic comic means alot!

Hope I'm not bothering you genuinely, if I may ask if you have the time of course do you have any thoughts or opinions on Slammer?

I would have never expect that

Thank you that means a lot ☺️

Reminds me that it has been quite some time since I last drawn any of my EXE characters

I'm glad

Also I would have never thought of such a twisting ending

Like I thought it would be a normal cute comic with Amy saving Sonic but then I saw the whole comic and was like "Oh! 😨"

I do love some good twisting endings

As of thoughts or opinions on Slammer

Definitely scary and interesting character

I always thought that Slammer had an interesting design ever since I first saw them

Also I love the fact that it's a computer virus in like a insect form, very fascinating

Happy (slightly late) Halloween! Have these two goobers on this spooky day.

SQL!SLAMMER— @moderator-monnie

May I please get some asks about some of my chararters/collab chararters?

I have so many I could talk about and want to talk about incase anyone is curious about any of em,

I got Slammer Sonic, Dirus Harold Hog, Zepperaith The Dreamer, Plutonium The Mongoose, Monolith The Echidna and Inanis Weolcan Sonic.

I'd very much appreciate it any ask would be fantastic.

Resource : SQL Injection https://www.youtube.com/watch?v=h-9rHTLHJTY https://www

Resource : SQL Injection Watch this video on the SQL Slammer worm Watch these videos on inference attacks Write an essay discussing sqlmap, an automated tool for sql injection and database takeover in 500 words or more. Why do we need an automated tool for sql injection?  Do not copy without providing proper attribution. This paper will be eavaluated through SafeAssign.  Write in essay format…

View On WordPress

Refer the following videos and use the below-metioned link for articles at lease

Refer the following videos and use the below-metioned link for articles at lease

Refer the following videos and use the below-metioned link for articles at lease use 3 articles as a reference.  SQL Injection Watch this video on the SQL Slammer worm Watch these videos on inference attacks Do not copy without providing proper attribution. This paper will be evaluated through SafeAssign.  Write in essay format not in outline, bulleted, numbered, or another list format.   Use…

View On WordPress

Refer the following videos and use the below-metioned link for articles at lease

Refer the following videos and use the below-metioned link for articles at lease

Refer the following videos and use the below-metioned link for articles at lease use 3 articles as a reference.  SQL Injection Watch this video on the SQL Slammer worm Watch these videos on inference attacks Do not copy without providing proper attribution. This paper will be evaluated through SafeAssign.  Write in essay format not in outline, bulleted, numbered, or another list format.   Use…

View On WordPress

Slammer worm installs itself on PC running a faulty version of a Microsoft database package named SQL Server 2000. To remove the slammer worm, follow the steps