3. Threats and Vulnerabilities
3.1 Analyze and differentiate among types of malware
Adware: Type of spyware that pops up advertisements based on what it has learned about the user.
Virus: A computer virus attaches itself to a program or file so it can spread from one computer to another. Almost all viruses are attached to an executable file, and it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.
Worm: Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. The danger with a worm is its capability to replicate itself. Unlike Virus, which sends out a single infection at a time, a Worm could send out hundreds or thousands of copies of itself, creating a huge devastating effect.
Trojan Horse: The Trojan Horse, at first glance appears to be a useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening it because it appears to be receiving legitimate software or file from a legitimate source.
Spyware A type of malicious software either downloaded unwittingly from a website or installed along with some other third-party software.
A back door is a program that allows access to the system without usual security checks. These are caused primarily due to poor programming practices.The following are know back door programs:
1. Back Orifice: A remote administration program used to remotely control a computer system.
2. NetBus: This is also a remote administration program that controls a victim computer system over the Internet. Uses client –server architecture. Server resides on the victim’s computer and client resides on the hackers computer. The hacker controls the victim’s computer by using the client.
3. Sub7: This is similar to Back Orifice, and NetBus. Used to take control of victim’s computer over the Internet.
Botnet : it is an compromised computer from which malware can be distributed throughout the internet .It is controlled by a master computer where attacker resides.
3.2 Analyze and differentiate among types of attacks
Man-In-The-Middle :These attacks intercept all data between a client and a server. It is a type of active interception. If successful, all communications now go through the MITM attacking computer. The attacking computer can at this point modify the data, insert code, and send it to the receiving computer. This type of eavesdropping is only successful when the attacker can properly impersonate each endpoint.
Distributed Denial of Service (DdoS) : It is an attack where multiple compromised systems (which are usually infected with a Trojan) are used to send requests to a single system causing target machine to become unstable or serve its legitimate users. A hacker begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master", also called as "zombie". It is from the zombie that the intruder identifies and communicates with other systems that can be compromised. The intruder loads hacking tools on the compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. This causes Distributed Denial of Service (DDoS) attack on the target computer.
Denial-of-service (DoS) : These attacks, are explicit attempts to block legitimate users system access by reducing system availability. Any physical or host-based intrusions are generally addressed through hardened security policies and authentication mechanisms. Although software patching defends against some attacks, it fails to safeguard against DoS flooding attacks, which exploit the unregulated forwarding of Internet packets. Hackers use zombies to launch DoS or DDoS attacks. The hacker infects several other computers through the zombie computer. Then the hacker sends commands to the zombie, which in turn sends the commands to slave computers. The zombie, along with slave computers start pushing enormous amount of useless data to target computer, making it unable to serve it legitimate purpose.
Smurf attack : Smurf attack is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system
Phishing : Phishing is the act of sending an e-mail to a user claiming to be a reputed organization (such as a bank) in an attempt to scam the user into providing information over the Internet. The e-mail directs the user to a Web site where they are prompted to provide private information, such as credit card, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
Zombies : Zombies are malware that puts a computer under the control of a hacker. Hackers use zombies to launch DoS or DDoS attacks. The hacker infects several other computers through the zombie computer. Then the hacker sends commands to the zombie, which in turn sends the commands to slave computers. The zombie, along with slave computers start pushing enormous amount of useless data to target computer, making it unable to serve it legitimate purpose.
IP spoofing : In IP spoofing, the attacker uses somebody else’s IP address as the source IP address. Since routers forward packets based on the destination IP address, they simply forward the packets to the destination without verifying the genuineness of the source IP address.
Replay : A replay attack is a network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. An attacker might use a packet sniffer to intercept data and retransmit it later.
Spoofing : When an attacker masquerades as another person by falsifying information.
Pharming : It is when an attacker redirects one website’s traffic to another bogus and possibly malicious website. Pharming can be prevented by carefully monitoring DNS configurations and hosts files.
DNS poisoning : The modification of name resolution information that should be in a DNS server’s cache.
ARP poisoning : It is an attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination. The spoofed frames of data contain a false source MAC address, which deceives other devices on the network.
Transitive access : When one computer uses a second computer to attack a third, based on the trust of the second and third computers