Botnet
Botnets are a major threat to the Internet and yet many people don’t know exactly what a Botnet is. The term is an amalgam of the words “robot” and “network,” and describes a network of online computers that can secretly transfer information, such as personal data or credit card information, to other computers. Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.
Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals. The computers (also known as zombies) are infected with malware that causes them to act on behalf of the network. Each computer acts autonomously, usually without the owner knowing it, but follows the directions of a third-party master.What’s the problem? Hackers build botnets to commit cybercrime. These crimes may be as minimal as spamming or as serious as stealing personal information to commit ID theft. The malicious networks can also be used to transmit viruses or redirect people to a specific website, overwhelming it with traffic and shutting it down as a method of cyberterrorism. And this is not one-time crime; hackers today also “rent” their botnets to other criminals.
____________________________________________________________________________
What Is a Virus?
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because a virus is spread by human action people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.____________________________________________________________________________
What Is a Worm?
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.____________________________________________________________________________
What Is a Trojan Horse?
A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.____________________________________________________________________________
Honeypot
Programs that simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. A honey pot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack____________________________________________________________________________
Spam
The term spam refers to unsolicated commercial advertisments distributed online. Most spam comes to people via email, but spam can also be found in online chat rooms and message boards.Spam consumes a tremendous amount of network bandwidth on the Internet. More importantly, it can consume too much of peoples' personal time if not managed properly.
____________________________________________________________________________
Honeymonkey
Automated system simulating a user browsing websites. The system is typically configured to detect web sites which exploit vulnerabilities in the browser. Also known as Honey Client.
____________________________________________________________________________
Brute Force
A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one.
____________________________________________________________________________
Threat
A negative effect or undesired event. An effect that might damage or compromise an asset or objective. It may or may not be malicious in nature.
____________________________________________________________________________
Phishing Attacks
This lure often comes in the form of a spam email or pop-up warning that looks like it has been sent from a company we trust. Often the companies are ones that we use regularly, like our bank, credit card company or some other online payment system. If we click on the link indicated, we are directed to a web site that is designed to look exactly like the official site of the company being mis-represented. Under the assumption that they are at an official site, victims enter specific personal information, such as social security number, credit card number or password.
____________________________________________________________________________
Pharming
In pharming, a cyber criminal exploits a vulnerability in an ISP’s (Internet Service Provider) DNS server and hijacks the domain name of a legitimate web site. Anyone going to the legitimate site is redirected to an identical but bogus site. Once redirected, unsuspecting site users will enter personal information, such as a password, PIN number or account number.Reference:
____________________________________________________________________________
DOS
Denial of Service attacks overwhelm a target with either too many connection requests or too much bandwidth. The intended result is to make the target inaccessible, although other infrastructure elements (routers, switches, load balancers, etc.) may suffer collateral damage along the path of an attack. A variety of attack types, including connection floods, TCP SYN floods, ICMP and UDP floods may be used in such an attack.
DoS attacks are often launched against high profile targets by using a network of zombie machines in a botnet. Sources can be forged, although targets are usually not forged.
DoS attacks are often launched against high profile targets by using a network of zombie machines in a botnet. Sources can be forged, although targets are usually not forged.
Reference:
____________________________________________________________________________
XSS works in the following way. The attacker inserts code or scripts into a web page, thereby altering its function. This can happen to any page that requests any type of information or input from the user, even through script code embedded in a URL within an email or a blog posting in a place unrelated to the altered web page. This means, of course, that there are many potential avenues for an XSS attack, and a key concern in the network security community is that XSS is becoming increasingly prevalent as trends in website design move toward greater interactivity for the user. XSS Attack
____________________________________________________________________________
Drive-By Download
Drive-by download means two things, each concerning the unintended download of computer software from the Internet:Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet).
Any download that happens without a person's knowledge, often spyware, a computer virus or malware.
Drive-by downloads may happen when visiting a website, viewing an e-mail message or by clicking on a deceptive pop-up window: by clicking on the window in the mistaken belief that, for instance, an error report from the computer' operating system itself is being acknowledged, or that an innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the person "consented" to the download although actually unaware of having started an unwanted or malicious software download. Websites that exploit the Windows Metafile vulnerability (eliminated by a Windows update of 5 January 2006) may provide examples of drive-by downloads of this sort.
Hackers use different techniques to obfuscate the malicious code so that antivirus software is unable to recognize it. The code is executed in hidden iframes and can go undetected even by experienced users.
____________________________________________________________________________
DNS
Is a naming system for computers that converts human readable domain names e.g. (infosecinstitute.com) into computer readable IP-addresses. DNS converts human readable domain names into IP-addresses. This is because domain names are much easier to remember than IP-addresses. This process may take place through a local cache or through a zone file that is present on the server. A zone file is a file on the server that contains entries for different Resource Records (RR). These records can provide us a bunch of information about the domain. We will look more into Resource Records and the zone file in the next section.
Reference:
Reference:
____________________________________________________________________________
BEAST Attack:
The BEAST attack is a practical attack based on a protocol vulnerability that was discovered in 2004. A successful exploitation of this issue will result in a disclosure of victim's session cookies, allowing the attacker to completely hijack the application session. Despite having been addressed in TLS v1.1 in 2006, the problem is still relevant because most clients and servers do not support newer protocol versions. Practical mitigation requires that your servers speak only RC4 when using TLS v1.0 or SSL v3.0.
BEAST Attack:
The BEAST attack is a practical attack based on a protocol vulnerability that was discovered in 2004. A successful exploitation of this issue will result in a disclosure of victim's session cookies, allowing the attacker to completely hijack the application session. Despite having been addressed in TLS v1.1 in 2006, the problem is still relevant because most clients and servers do not support newer protocol versions. Practical mitigation requires that your servers speak only RC4 when using TLS v1.0 or SSL v3.0.
____________________________________________________________________________
SQL Injection
SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.____________________________________________________________________________
Countermeasure
Addresses a vulnerability to reduce the probability of an attack or the impact of a threat. They do not directly address threats; instead, they address the factors that define the threats. Countermeasures range from improving application design, or improving your code, to improving an operational practice.____________________________________________________________________________
Vulnerability
A weakness in some feature of a system that makes an exploit possible. Vulnerabilities can exist at various levels of a network or at application levels and also include operational practices.
____________________________________________________________________________
Attack (or exploit)
An action taken that uses one or more vulnerabilities to realize a threat.
____________________________________________________________________________
Payload:
After the attack, what an attacker plans to do is called as Payload.
____________________________________________________________________________
Back Door :
A means of gaining access to a program or system by bypassing its security controls. Programmers often build back doors into systems under development so that they can fix bugs. If the back door becomes known to anyone other than the programmer, or if it is not removed before the software is released, it becomes a security risk.Also called: trapdoor.
____________________________________________________________________________
Back Orifice:
A hostile application tool used by hackers to gain control of a remote computer. Back Orifice consists of client and server applications. The client application is used to control a computer running the server application. A target computer is taken over after an executable
file, typically delivered by an e-mail attachment or a removable disk, is opened. Back Orifice then copies itself to the Windows System directory and transfers control to the machine running the client application. Back Orifice first appeared in the summer of 1998 and was quickly contained through updated security software. Its name is a play on words for the Microsoft BackOffice suite of servers. ____________________________________________________________________________
No comments:
Post a Comment