WAYS OF INFECTION
Nukers are not similar to worms and therefore cannot propagate themselves. However, they are able to infect vulnerable remote systems without user knowledge. Typical nukers need only IP addresses of target computers in order to attack or infect them. Others must be manually installed as any other software with or without user consent. There are two major ways unsolicited threats can get into the system.
1. Most nukers secretly get into attacker specified remote target computers exploiting known security vulnerabilities of the operating system and installed applications. Such parasites do not require any interference from affected computer users. Some nukers run not on the compromised system, but on the hacker’s PC, as such threats do not need to have viral components installed on a target host in order to exploit its flaws.
2. Nukers often get installed by other parasites like worms, trojans, backdoors or viruses. They infect a target system without user knowledge and consent and affect everybody who uses a compromised computer. Some threats can be manually installed by malicious computer users who have sufficient privileges for the software installation.
Nukers affect mostly computers running Microsoft Windows operating system.
WHAT A NUKER DOES?
- Modifies and usually damages registry values of the operating system components or particular applications.
- Corrupts, overwrites or deletes various files, essential system components and installed software.
- Destroys the entire system by erasing its critical files and folders or by formatting hard disk drives.
- Performs Denial of Service (DoS) or other network attacks against hacker specified remote computers.
- Severely damages a computer by changing essential hardware device settings or clearing the CMOS memory.
- Restarts, turns off or crashes a compromised computer.
- Degrades Internet connection speed and overall system performance and causes software instability.
- Provides no uninstall feature, hides processes, files and other objects in order to complicate its detection and removal.
EXAMPLES OF NUKERS
Nukers are not widely spread threats and all have practically identical functionality. The following examples illustrate typical nuker behavior.
The Click nuker is designed to perform a Denial of Service (DoS) attack against a specified computer connected to the Internet. Such attack usually causes the affected system to stop responding or unexpectedly restart without asking for user permission. As a result, the user can lose any work which was not saved before the attack begun.
WinNuker infects hacker defined remote computers by exploiting known Windows security vulnerabilities. It silently creates viral files and modifies the registry, so that the threat runs on every system startup. Once executed, WinNuker runs its payload, which causes a compromised computer to crash. BadLuck
, also known as Belnow, is an extremely dangerous nuker that can be remotely controlled by the attacker. It deletes executables and system critical files, web and text documents. BadLuck corrupts the Windows registry and clears CMOS (this may severely damage a compromised computer). The attacker can use the nuker to display annoying messages and perform other malicious actions.
CONSEQUENCES OF A NUKER INFECTION
Most nukers are very difficult to detect and disable before they run a payload. A typical nuker infection results in general system instability, frequent computer crashes, unexpected restarts and shutdowns. It often causes complete or partial loss of valuable information, personal documents and other user sensitive data. Nukers can totally erase all the files from a hard disk, destroy the entire operating system and installed software or even damage computer hardware and prevent a PC from starting and operating normally.
HOW TO REMOVE A NUKER?
Nukers work in the same manner as the regular trojans or viruses and therefore can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove certain nukers and related malicious components. Powerful anti-spyware solutions such as Microsoft AntiSpyware Beta
, Spyware Doctor
, Ad-Aware SE
or eTrust PestPatrol
are known for quite fair nuker detection and removal capabilities. Several products such as TDS (Trojan Defence Suite) or TrojanHunter are designed specially to detect and remove various trojans and nukers.
In some cases even an antivirus or spyware remover can fail to get rid of a particular nuker. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.