Browse by Subject
Abbreviations
Actors
Aircraft
Architecture
Computer Viruses
Costume
Dictionary
Food & Drink
Gazetteer
General Information
Heraldry
Language
Latin
Medicine
Money
Movies
Music
Mythology
Nature
People
Recreation
Rocks & Minerals
SciTech
Shakespeare
Ships
Slang
Warfare

Downloads
e-Books

The Probert Encyclopaedia of Computer Viruses

SX VIRUS

The SX Virus is a computer virus which infects .COM files including COMMAND. COM. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation, corrupts program or overlay files.
Research SX Virus

SYLVIA VIRUS

The Sylvia Virus is a computer virus which infects .COM files. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation, corrupts program or overlay files.
Research Sylvia Virus

SYN FLOODING

SYN flooding is a common form of attack made upon Internet connected servers with the objective of denying the service offered by the server to legitimate users. This is known as a "Denial of Service attack' or 'Dos'.
SYN flooding is very simple, the attacker pretends to request a connection with the target server, but uses a false IP address. The target server, receives the request to open a connection, and responds by sending a reply to what it believes is the requesting machine and awaits the appropriate reply back, but of course in reality the target server is now trying to communicate with the false IP address which may not exist, or at best has not sent a request and as such will not make the awaited response. The target server typically waits a few minutes for the required response, so as to allow for connection difficulties through the Internet, before rejecting the requested connection. In the meantime, the attacker has been sending numerous more fake requests for connections, and the target server responds to each of them accordingly. Since a server can only satisfy a limited number of connections at any one time, during a SYN flood attack all the available connections are taken up by false requests, and legitimate requests are rejected by the server on the basis that it is too busy trying to establish other connections already.
SYN flood attacks can be difficult to detect. The establishment of a communication channel requires very little processor activity, and the attack does not cause a surge in processor activity. Under Unix based operating systems the server administrator can check the number of SYN communications which are pending by using the 'netstat' command, which will show the connections which are currently in a 'SYN RECEIVED' state. Under Linux, the shell command to check for SYN RECEIVED connections is 'netstat -n -p tcp
grep SYN RECV'. A large number of connections in a SYN RECEIVED state may be an indication of a SYN flood attack occurring.
Most Linux operating systems detect possible SYN flood attacks and defend against them by checking the number of pending requests for connections, and when this queue becomes close to being full, sending a SYN cookie to the machine requesting the connection and waits for a response to the cookie before continuing to try to establish the connection. When the server sends the cookie, it clears the SYN request from its queue for connections, effectively ignoring the request. If an appropriate response to the cookie is received, then the connection request is re-queued and the appropriate response to the original SYN request for a connection is sent as normal. Under Linux, the operating system records possible SYN flood attacks and its response in the file /var/log/kernel which may contains data such as 'possible SYN flooding on port 80. Sending cookies' for example when a web server is under possible attack.
Research SYN Flooding

SYS VIRUS

The Sys Virus is an encrypted computer virus which uses stealth techniques to avoid detection and which infects .COM, .EXE and overlay files including COMMAND.COM. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program or overlay files and data files.
Research Sys Virus

SYSLOCK/3551 VIRUS

The Syslock/3551 Virus is an encrypted computer virus which infects .COM and .EXE files. The virus is loaded into memory by executing an infected program. The virus corrupts program or overlay files and data files. When an infected program is run, the virus searchs through the COM and EXE files and subdirectories on the current disk, picking one executable file at random to infect. The infected file will have its length increased by about 3,551 bytes. The virus will damage files by searching for the word 'Microsoft' in any combination of upper and lower case characters, and when found replace the word with 'MACROSOFT'. If it finds an environment variable of 'SYSLOCK' has been set to '@' (hex 40), the virus will not infect any programs or perform string replacements, but will instead pass control to its host immediately. The author may have used this during the creation of the virus.
Research Syslock/3551 Virus

 
  
Home  Publishers  Quiz  Products  FAQ  Privacy Policy  Add URL Contact  Site Map