cybersecurity notes

1. UNIT5
CYBER SECURITY
This Photo by Unknown author is licensed under CC BY-SA-NC.

2. Unit-5
Tools and Methods in Cybercrime: Proxy
Servers and Anonymizers, Password Cracking,
Key loggers and Spyware, virus and worms,
Trojan Horses, Backdoors, DoS and DDoS
Attacks , Buffer and Overflow, Attack on
Wireless Networks,
Phishing : Method of Phishing, Phishing
Techniques.
This Photo by Unknown author is licensed under CC BY-SA.

3. Proxy Server
Proxy server refers to a server that acts as an intermediary between the request made
by clients, and a particular server for some services or requests for some resources.
There are different types of proxy servers available that are put into use according to
the purpose of a request made by the clients to the servers.
The basic purpose of Proxy servers is to protect the direct connection of Internet
clients and internet resources.
The proxy server also prevents the identification of the client’s IP address when the
client makes any request is made to any other servers

4. Need of Proxy
Server
• It reduces the chances of data
breaches.
• It adds a subsidiary layer of security
between server and outside traffic.
• It also protects from hackers.
• It filters the requests.

5. Proxy Server Mechanism
The proxy server accepts the request from the client and produces a response
based on the following conditions
If the requested data or page already exists in the local cache, the proxy server
itself provides the required retrieval to the client.
If the requested data or page does not exist in the local cache, the proxy server
forwards that request to the destination server.
The proxy servers transfer the replies to the client and also being cached to them.

8. Proxy Server
• Internet Client and Internet resources: For internet clients, Proxy servers
also act as a shield for an internal network against the request coming from
a client to access the data stored on the server. It makes the original IP
address of the node remains hidden while accessing data from that server.
• Protects true host identity: In this method, outgoing traffic appears to
come from the proxy server rather than internet navigation. It must be
configured to the specific application such as HTTPs or FTP.
• For example, organizations can use a proxy to observe the traffic of its
employees to get the work efficiently done. It can also be used to keep a
check on any kind of highly confidential data leakage. Some can also use it
to increase their websites rank
This Photo by Unknown author is licensed under CC BY-SA-NC.

9. Working of Proxy Server
The proxy server has its own IP address and it works as a gateway between the client and the
internet.
The client's computer knows the IP address of the proxy server.
When the client sends a request on the internet, the request is re-routed to the proxy. After
that, the proxy server gets the response from the destination or targeted server/site and
forwards the data from the page to the client's browser (Chrome, Safari, etc.).

11. Working of Proxy
Server
• Overall, it can be said that the proxy server
accesses the targeted site, on behalf of the
client, and collects all the requested
information, and forwards them to the user
(client).

13. Proxy Server
Working
• Every computer has its unique IP address which it uses to
communicate with another node.
• Similarly, the proxy server has its IP address that your computer
knows. When a web request is sent, your request goes to the proxy
server first.
• The Proxy sends a request on your behalf to the internet and then
collect the data and make it available to you.
• A proxy can change your IP address So, the webserver will be
unable to fetch your location in the world.
• It protects data from getting hacked too. Moreover, it can block
some web pages also.
This Photo by Unknown author is licensed under CC BY-SA-NC.

15. Advantages of
Proxy Server
• It improves the security and enhances
the privacy of the user.
• It hides the identity (IP address) of the
user.
• It controls the traffic and prevents
crashes.
• Also, saves bandwidth by caching files and
compressing incoming traffic.
• Protect our network from malware.
• Allows access to the restricted content

16. Disadvantages of Proxy Servers
1. Proxy Server Risks: Free installation does not invest much in backend hardware
or encryption. It will result in performance issues and potential data security
issues. If you install a “free” proxy server, treat very carefully, some of those
might steal your credit card numbers.
2. Browsing history log: The proxy server stores your original IP address and web
request information is possibly unencrypted form and saved locally. Always
check if your proxy server logs and saves that data – and what kind of retention
or law enforcement cooperation policies they follow while saving data.
3. No encryption: No encryption means you are sending your requests as plain
text. Anyone will be able to pull usernames and passwords and account
information easily. Keep a check that proxy provides full encryption whenever
you use it.

17. Types of Proxy
Server
• Reverse Proxy Server: The job of a reverse proxy server to listen to the
request made by the client and redirect to the particular web server
which is present on different servers.
• Web Proxy Server: Web Proxy forwards the HTTP requests, only URL is
passed instead of a path. The request is sent to particular the proxy
server responds. Examples, Apache, HAP Proxy.
• Anonymous Proxy Server: This type of proxy server does not make an
original IP address instead these servers are detectable still provides
rational anonymity to the client device.

18. Types of Proxy
Server
• Transparent Proxy: This type of proxy server is unable to provide any
anonymity to the client, instead, the original IP address can be easily
detected using this proxy. But it is put into use to act as a cache for the
websites.
• A transparent proxy when combined with gateway results in a proxy
server where the connection requests are sent by the client , then IP are
redirected. Redirection will occurs without the client IP address
configuration. HTTP headers present on the server-side can easily detect
its redirection .

19. Types of Proxy
Server
• CGI Proxy: CGI proxy server developed to make the websites more
accessible. It accepts the requests to target URLs using a web form and
after processing its result will be returned to the web browser.
• Suffix Proxy: Suffix proxy server basically appends the name of the proxy
to the URL. This type of proxy doesn’t preserve any higher level of
anonymity. It is used for bypassing the web filters. It is easy to use and
can be easily implemented but is used less due to the more number of
web filter present in it.

20. Types of Proxy
Server
• Distorting Proxy: Proxy servers are preferred to generate an incorrect original IP
address of clients once being detected as a proxy server. To maintain the confidentiality
of the Client IP address HTTP headers are used.
• Tor Onion Proxy: This server aims at online anonymity to the user’s personal
information. It is used to route the traffic through various networks present worldwide
to arise difficulty in tracking the users’ address and prevent the attack of any
anonymous activities.
• It makes it difficult for any person who is trying to track the original address. In this type
of routing, the information is encrypted in a multi-folds layer. At the destination, each
layer is decrypted one by one to prevent the information to scramble and receive
original content. This software is open-source and free of cost to use.

21. Types of Proxy
Server
• 12P Anonymous Proxy: It uses encryption to hide all the communications
at various levels. This encrypted data is then relayed through various
network routers present at different locations and thus I2P is a fully
distributed proxy. This software is free of cost and open source to use, It
also resists the censorship.
• DNS Proxy: DNS proxy take requests in the form of DNS queries and
forward them to the Domain server where it can also be cached, moreover
flow of request can also be redirected.

22. Anonymizer
This Photo by Unknown author is licensed under CC BY-SA-NC.

23. Anonymizers
Anonymizer is a name given to a proxy server that limits the amount of data its
user reveals while browsing the internet.
Despite its name, it does not make the user anonymous online.
It will simply hide the device’s IP address from the website they’re connecting to
and replace it with a different one. This makes it appear as if the user is browsing
from a different location.

24. Anonymizers
An Anonymizers or an anonymous proxy is a tool that attempts to make activity on
the Internet untraceable.
It is a proxy server computer that acts as an intermediary and privacy shield between
a client computer and the rest of the Internet.
It accesses the Internet on the user's behalf, protecting personal information by
hiding the client computer's identifying information
Anonymizers can be used for legitimate purposes, such as maintaining online privacy
or bypassing internet censorship, but they can also be misused for illicit activities.

26. Types of Anonymizers in Cybersecurity
VPN (Virtual Private Network): A VPN routes your internet traffic through an
encrypted tunnel to a remote server, making it appear as though you're
accessing the internet from the location of that server. This helps mask your IP
address and provides anonymity, as your true location and identity are hidden.
Proxy Servers: Proxy servers act as intermediaries between your device and
the internet. They can hide your IP address and location, making it more
challenging for websites or online services to trace your online activity back to
you.

27. Types of Anonymizers in Cybersecurity
Tor (The Onion Router): The Tor network routes your internet traffic through a
series of volunteer-operated nodes, making it extremely difficult for anyone to
trace your online activity back to your real IP address. It's often used for
anonymous browsing and accessing the dark web.
Anonymous Browsers: Some web browsers, like the Tor Browser or Brave, are
designed with privacy in mind. They often include features that block
trackers, cookies, and other tools that can be used to identify and monitor your
online behavior.

29. Types of Anonymizers in Cybersecurity
Proxies and Anonymizing Networks: These services and networks are used to
obscure a user's identity and location. They can be utilized for legitimate purposes,
but they are also commonly associated with cyberattacks and malicious activities.
Secure Messaging and Email Services: Some messaging and email services, like
Signal or ProtonMail, offer end-to-end encryption and other privacy features to
ensure the anonymity of their users.

30. Uses of Anonymizers
• Privacy Protection: Anonymizers are often used to protect personal privacy
by concealing the user's identity and online activities from websites,
advertisers, and even internet service providers.
• Bypassing Censorship: In regions with strict internet censorship, people
use anonymizers to access blocked content and communicate more freely
online.
• Whistleblowing: Whistleblowers and activists may use anonymizers to
share sensitive information without revealing their identities.

31. Working of Anonymizers
• User Request: When you connect to an anonymizer service (e.g., a VPN or
proxy), your internet traffic is redirected through that service. In the case of the
Tor network, it's a bit different as it routes your traffic through a series of
volunteer-operated nodes.
• Encryption (in VPNs): With VPNs, your data is encrypted before it leaves your
device. This means that any information you send over the internet is first
encrypted, making it much more difficult for third parties to intercept and
decipher.
• Routing: In the case of VPNs and proxy servers, your request is then sent to a
remote server in a different location. This server acts as an intermediary
between you and the destination website or service. The request to the website
appears to come from the server's location, not your own.

32. Working of Anonymizers
• Destination: The VPN or proxy or the first node in the Tor network then forwards
your request to the desired website or service. The website sees the request as
coming from the server's location (e.g., the VPN server's IP address) rather than your
own.
• Response: When the website or service responds, it sends the data back to the
intermediary server (VPN, proxy, or Tor node).
• Decryption and Forwarding (in VPNs): If you're using a VPN, the server decrypts the
response and sends it back to your device in an encrypted form. Your device decrypts
the data to display the content.

33. Working of Anonymizers
• Privacy and Anonymity: The end result is that the website or service you interact
with doesn't have direct knowledge of your real IP address or location. It sees the
IP address and location of the intermediary server (VPN or proxy) or the last Tor
node.
• Chaining (in Tor): The Tor network takes privacy to a higher level by routing your
traffic through multiple volunteer-operated nodes, encrypting it multiple times.
This makes it extremely difficult for anyone to trace the source of the request back
to your IP address.

35. Drawback
• Cybercrime: Anonymizers can be misused for various cybercrimes,
including hacking, distributed denial of service (DDoS) attacks, and
distributing malicious content.
• Dark Web: Anonymizers like Tor can provide access to the dark web, where
illegal activities are prevalent.
• Malware Distribution: Cybercriminals can use anonymizers to hide the
source of malware distribution or command and control servers.

36. Other Considerations while using Anonymizers
• Legal and Ethical Considerations:
• The use of anonymizers should always adhere to local laws and regulations.
• Ethical considerations should guide the use of anonymizers to ensure that they are not
used for harmful or malicious purposes.
• Performance Considerations:
• Anonymizers can introduce latency due to the additional routing of traffic through
intermediary servers.
• Some online services may block or limit access to users utilizing anonymizers.
• Anonymity Levels:
• Anonymity provided by these tools can vary. Tor, for example, offers a high level of
anonymity, while some VPN services may log user activity and can potentially reveal user
identities under legal pressure.

37. Other Considerations
• VPN and Proxy Logging:
• Be aware that some VPN providers may keep logs of user activity, which can
potentially be used to trace users if legal authorities request this information.
• Defense Mechanisms:
• Organizations and websites may employ security measures to detect and block
anonymized traffic. This can include the use of CAPTCHAs, IP blacklists, and
behavior analysis.
• Multi-Layered Security:
• Anonymizers are just one component of online security and privacy. Users
should also employ strong passwords, keep software up to date, and be
cautious when sharing personal information online.

38. Password
Cracking
-
This Photo by Unknown author is licensed under CC BY-SA-NC.

39. Password Cracking
Password cracking refers to the process of attempting to gain unauthorized
access to a computer system or an account by systematically trying to guess
or decipher the password.
It is often used by hackers with malicious intent, but it can also be employed
by security professionals and system administrators to test the security of
their own systems and identify vulnerabilities.

40. Methods & Tools used for Password Cracking
• Brute Force Attack: In a brute force attack, an attacker systematically tries all possible
combinations of characters until the correct password is found. This method can be
very time-consuming and resource-intensive, especially for complex passwords.
• Dictionary Attack: A dictionary attack involves using a predefined list of words,
phrases, or commonly used passwords to guess the target password. This method is
more efficient than brute force and is successful if the target password is weak or
commonly used.
• Rainbow Table Attack: Rainbow tables are precomputed tables of possible password
hashes. Attackers use these tables to look up the corresponding plaintext password for
a given hash, significantly speeding up the process of password cracking.

41. Methods & Tools used for Password Cracking
• Hybrid Attack: Hybrid attacks combine elements of brute force and
dictionary attacks. They start with dictionary words and then append
or prepend characters to them in an attempt to guess the password.
• Phishing and Social Engineering: In some cases, attackers may not
directly crack passwords but use social engineering or phishing
techniques to trick individuals into revealing their passwords.
• Password Guessing: Attackers may use information they know about
the target, such as their name, birthdate, or common patterns, to
guess the password.

42. Password Cracking Tools
Cain and Abel. This password recovery software can recover passwords for Microsoft Windows user
accounts and Microsoft Access passwords. Cain and Abel uses a graphical user interface, making it more
user-friendly than comparable tools. The software uses dictionary lists and brute-force attack methods.
Ophcrack. This password cracker uses rainbow tables and brute-force attacks to crack passwords. It runs
on Windows, macOS and Linux.
John the Ripper. This tool uses a dictionary list approach and is available primarily for macOS and Linux
systems. The program has a command prompt to crack passwords, making it more difficult to use than
software like Cain and Abel.

43. Working
• Password Hashing: When you create a password for an account, it's not stored in plain text. Instead, it's
typically converted into a one-way cryptographic hash using algorithms like MD5, SHA-1, or more secure
options like bcrypt or Argon2. This hash is what's stored on the server.
• Salting: To make password cracking more challenging, many systems use a technique
called "salting." A unique random value (the salt) is added to the password before
hashing, making it so that even if two users have the same password, their hashes will
be different due to the unique salt. This makes precomputed tables like rainbow tables
less effective.
• Iterative Hashing: To make brute force and dictionary attacks slower, systems may use
multiple rounds of hashing. For example, a password may be hashed 1,000 times before
being stored. This increases the time required for each guess.

44. How to create strong Passwords?
• Be at least 12 characters long. The shorter a password is, the easier and faster it will be cracked.
• Combine letters and a variety of characters. Using numbers and special characters, such as periods and
commas, increases the number of possible combinations.
• Avoid reusing a password. If a password is cracked, then a person with malicious intent could use that same
password to easily access other password-protected accounts the victim owns.
• Pay attention to password strength indicators. Some password-protected systems include a password
strength meter, which is a scale that tells users when they have created a strong password.
• Avoid easy-to-guess phrases and common passwords. Weak passwords can be a name, a pet's name or
a birthdate -- something personally identifiable. Short and easily predictable patterns, like 123456, password or
qwerty, also are weak passwords.
• Use encryption. Passwords stored in a database should be encrypted.
• Take advantage of password creation tools and managers. Some smartphones will automatically create
long, hard-to-guess passwords. For example, Apple iPhones will create strong website passwords for users.
An iPhone stores the passwords in its password manager, iCloud Keychain and automatically fills the
password into the correct field so the user doesn't have to remember the complicated password.

45. KeyLoggers -
This Photo by Unknown author is licensed under CC BY-SA.

46. Keyloggers
• Keyloggers, short for "keystroke loggers,"
are software or hardware tools designed
to record the keystrokes made on a
computer or other input devices, such as a
keyboard.
• They are often used for various purposes,
but in the context of cybersecurity, they
are primarily discussed in terms of their
malicious or potentially malicious
applications.
This Photo by Unknown author is licensed under CC BY-ND.

47. Keyloggers
• Mainly key-loggers are used to steal
password or confidential details such
as bank information etc.
• First key-logger was invented in
1970’s and was a hardware key logger
and first software key-logger was
developed in 1983

48. Types of Keyloggers
1. Software key-loggers are the computer programs which are developed to steal
password from the victims computer.
• Microsoft windows 10 also has key-logger installed in it.
• JavaScript based key logger – It is a malicious script which is installed into a web page,
and listens for key to press such as oneKeyUp(). These scripts can be sent by various
methods, like sharing through social media, sending as a mail file, or RAT file.
• Form Based Key loggers – These are key-loggers which activates when a person fills a
form online and when click the button submit all the data or the words written is sent
via file on a computer. Some key-loggers works as a API in running application it looks
like a simple application and whenever a key is pressed it records it.

49. Types of Keyloggers
2. Hardware Key-loggers : These are not dependent on any software as these are hardware key-
loggers. keyboard hardware is a circuit which is attached in a keyboard itself that whenever the key of
that keyboard pressed it gets recorded.
• USB keylogger – There are USB connector key-loggers which has to be connected to a computer
and steals the data. Also some circuits are built into a keyboard so no external wire i used or shows
on the keyboard.
• Smartphone sensors – Some cool android tricks are also used as key loggers such as android
accelerometer sensor which when placed near to the keyboard can sense the vibrations and the
graph then used to convert it to sentences, this technique accuracy is about 80%. Now a days
crackers are using keystroke logging Trojan, it is a malware which is sent to a victims computer to
steal the data and login details.

50. Keyloggers
So key-loggers are the software
malware or a hardware which is
used to steal , or snatch our
login details, credentials , bank
information and many more.
Some keylogger application
used in 2020 are:
1. Kidlogger
2. Best Free Keylogger
3. Windows Keylogger
4. Refog Personal Monitor
5. All In One Keylogger

51. Prevention
• Anti-Key-logger – As the name suggest these are the software which are anti / against key loggers and
main task is to detect key-logger from a computer system.
• Anti-Virus – Many anti-virus software also detect key loggers and delete them from the computer
system. These are software anti-software so these can not get rid from the hardware key-loggers.
• Automatic form filler – This technique can be used by the user to not fill forms on regular bases instead
use automatic form filler which will give a shield against key-loggers as keys will not be pressed .
• One-Time-Passwords – Using OTP’s as password may be safe as every time we login we have to use a
new password.
• Patterns or mouse-recognition – On android devices used pattern as a password of applications and on
PC use mouse recognition, mouse program uses mouse gestures instead of stylus.
• Voice to Text Converter – This software helps to prevent Keylogging which targets a specific part of our
keyboard.

52. This Photo by Unknown author is licensed under CC BY.
Spyware
-

53. Spyware
Spyware refers to software that is installed on a computer or device without the
user's knowledge or consent and is designed to collect information about the
user's activities, often for malicious purposes.
This information can include browsing habits, keystrokes, personal information,
and more.
Spyware is typically hidden from the user and can operate in the background,
making it difficult to detect.

54. History of Spyware
• The term "spyware" first emerged in online discussions in the 1990s,
but only in the early 2000s did cybersecurity firms use it to describe
unwanted software that spied on their user and computer activity.
• The first anti-spyware software was released in June 2000, then four
years later, scans showed that around 80% of internet users had their
systems affected by spyware, according to research by America
Online and the National Cyber Security Alliance.

55. Types of Spyware
1.Adware: This sits on a device and monitors users’ activity then sells their data to
advertisers and malicious actors or serves up malicious ads.
2.Infostealer: This is a type of spyware that collects information from devices. It scans them
for specific data and instant messaging conversations.
3.Keyloggers: Also known as keystroke loggers, keyloggers are a type of info stealer spyware.
They record the keystrokes that a user makes on their infected device, then save the data
into an encrypted log file. This spyware method collects all of the information that the user
types into their devices, such as email data, passwords, text messages, and usernames.
4.Rootkits: These enable attackers to deeply infiltrate devices by exploiting security
vulnerabilities or logging into machines as an administrator. Rootkits are often difficult and
even impossible to detect.

56. Types of Spyware
5. Red Shell: This spyware installs itself onto a device while a user is installing specific
PC games, then tracks their online activity. It is generally used by developers to
enhance their games and improve their marketing campaigns.
6. System monitors: These also track user activity on their computer, capturing
information like emails sent, social media and other sites visited, and keystrokes.
7. Tracking cookies: Tracking cookies are dropped onto a device by a website and then
used to follow the user’s online activity.
8. Trojan Horse Virus: This brand of spyware enters a device through Trojan malware,
which is responsible for delivering the spyware program.

57. How Spyware
Works
• All types of spyware sit on a user’s device
and spy on their activity, the sites they
visit, and the data they amass or share.
• They do this with the objective of
monitoring user activity, tracking login and
password details, and detecting sensitive
data.
• Other spyware strands are also capable of
installing further software on the user’s
device, which enables the attacker to
make changes to the device

58. How Spyware Works
spyware typically follows a three-step process from being installed on a device to sending
or selling the information it has stolen.
• Step 1—Infiltrate: Spyware is installed onto a device through the use of an application
installation package, a malicious website, or as a file attachment.
• Step 2—Monitor and capture: Once installed, the spyware gets to work following the
user around the internet, capturing the data they use, and stealing their credentials,
login information, and passwords. It does this through screen captures, keystroke
technology, and tracking codes.

59. How Spyware Works
• Step 3—Send or sell: With data and information captured, the attacker will
either use the data amassed or sell it to a third party.
• If they use the data, they could take the user credentials to spoof their
identity or use them as part of a larger cyberattack on a business.
• If they sell, they could use the data for a profit with data organizations,
other hackers, or put it on the dark web.

60. How Mobile Spyware attacks?
Mobile spyware typically attacks mobile devices through three methods:
• Flaws in operating systems: Attackers can exploit flaws in mobile operating systems
that are typically opened up by holes in updates.
• Malicious applications: These typically lurk within legitimate applications that users
download from websites rather than app stores.
• Unsecured free Wi-Fi networks: Wi-Fi networks in public places like airports and
cafes are often free and simple to sign in to, which makes them a serious security
risk. Attackers can use these networks to spy on what connected users are doing.

61. Prevention
1. Use Antivirus and Anti-Spyware Software: Regularly update and
run antivirus and anti-spyware software to detect and remove
spyware.
2. Be Cautious When Downloading Software: Only download
software from trusted sources, and be wary of free software that
may come bundled with spyware.
3. Keep Your Operating System and Software Updated: Security
updates can patch vulnerabilities that spyware may exploit.
4. Use a Firewall: A firewall can help block unauthorized access to
your computer and prevent spyware from communicating with its
remote server.
5. Exercise Safe Browsing Habits: Avoid clicking on suspicious links,
opening email attachments from unknown sources, and visiting
untrustworthy websites.
6. Regularly Back Up Your Data: In case your system gets
compromised by spyware, having backups of your data can help
you recover without losing important files.

62. Virus
-
This Photo by Unknown author is licensed under CC BY-SA-NC.

63. What is a Virus?
• A virus is a fragment of code
embedded in a legitimate program.
Viruses are self-replicating and are
designed to infect other programs.
• On reaching the target machine a virus
dropper(usually a trojan horse) inserts
the virus into the system.

64. Types of Virus
• File Virus:
This type of virus infects the system by appending itself to the end of a file. It
changes the start of a program so that the control jumps to its code. After the
execution of its code, the control returns back to the main program. Its execution is
not even noticed. It is also called a Parasitic virus because it leaves no file intact but
also leaves the host functional.
• Boot sector Virus:
It infects the boot sector of the system, executing every time system is booted and
before the operating system is loaded. It infects other bootable media like floppy
disks. These are also known as memory viruses as they do not infect the file
systems.

65. Types of Virus
• Macro Virus:
Unlike most viruses which are written in a low-level language(like C or
assembly language), these are written in a high-level language like Visual
Basic. These viruses are triggered when a program capable of executing a
macro is run. For example, the macro viruses can be contained in
spreadsheet files.
• Source code Virus:
It looks for source code and modifies it to include virus and to help spread it.

66. Types of Virus
• Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that
make up virus code). So in order to avoid detection by antivirus a
polymorphic virus changes each time it is installed. The functionality of the
virus remains the same but its signature is changed.
• Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in encrypted
form. It carries a decryption algorithm along with it. So the virus first
decrypts and then executes.

67. Types of Virus
• Stealth Virus:
It is a very tricky virus as it changes the code that can be used to detect it. Hence, the detection of
viruses becomes very difficult. For example, it can change the read system call such that whenever
the user asks to read a code modified by a virus, the original form of code is shown rather than
infected code.
• Browser Hijacker:
As the name suggests this virus is coded to target the user’s browser and can alter the browser
settings. It is also called the browser redirect virus because it redirects your browser to other
malicious sites that can harm your computer system.
• Memory Resident Virus: Resident viruses installation store for your RAM and meddle together along
with your device operations. They behave in a very secret and dishonest way that they can even
connect themselves for the anti-virus software program files.

68. Worm
• "worm" is a type of malicious software (malware) that is
designed to self-replicate and spread from one computer or
network to another.
• Unlike viruses, worms do not need to attach themselves to a host
program in order to propagate.
• They can independently move across networks and systems,
exploiting vulnerabilities and spreading rapidly.
This Photo by Unknown author is licensed under CC BY-NC-ND.

69. Worm Characteristics
Self-replication: Worms are self-replicating and can create copies of themselves without
user intervention. This replication is what allows them to spread quickly.
Network-based transmission: Worms typically spread through network connections, such
as the internet, local area networks (LANs), or email systems. They can exploit
vulnerabilities in software or hardware to gain access to new systems.
Exploiting vulnerabilities: Worms often take advantage of security flaws and
vulnerabilities in operating systems, software applications, or network protocols. They can
enter a system without requiring user interaction, making them a potent threat.

70. Worm Characteristics
Payload: Worms can carry a payload, which is a malicious component that performs specific actions on
infected systems. This payload can range from data theft and system control to launching additional
attacks.
Worms vs. viruses: Worms are different from viruses, which require a host program to spread. Viruses
attach themselves to executable files, and their spread is dependent on users executing infected files.
Worms, on the other hand, do not need a host program and can spread independently.
Propagation speed: Worms are known for their rapid spread, as they can infect multiple systems within a
short period of time. This ability to propagate quickly can lead to widespread and disruptive cyberattacks.
Mitigation: Protecting against worms involves keeping software and systems up to date with security
patches, using firewalls and intrusion detection systems, implementing network segmentation, and
employing antivirus software that can detect and block worm infections.

71. How Worm Works?
• To get a worm in a computer, the worm is often transmitted
through vulnerabilities in software.
• They could also be sent through email attachments or within
instant messages or spam emails.
• After a file is opened, it may link the user to a malicious website
or it could download the worm to the user’s device automatically.
After the worm is on the device, it infects it without the user
being able to tell.

72. How Worm Works?
• Worms have the ability to delete and modify files.
• They can also inject more malicious software into a
workstation or other device.
• Sometimes, the worm’s primary mission is to replicate itself
again and again—simply to waste system resources, like
bandwidth or hard drive space.
• Worms can also steal sensitive data and pave a way for a
hacker to get into the computer by installing a backdoor they
can access.

73. Trojan Horse
A Trojan horse, often referred to simply as a
"Trojan," is a type of malicious software or
malware that disguises itself as a legitimate or
benign program or file to gain access to a
computer system or network.

74. Type of Attacks done by Trojan Horse
Data theft: Trojans can be used to steal sensitive information such as passwords,
financial data, and personal documents from the victim's computer.
Remote access: Some Trojans provide attackers with remote access to the infected
system, allowing them to control it, execute commands, or install additional malware.
Botnets: Trojans can be used to create botnets, which are networks of compromised
computers under the control of a single entity. These botnets can be used for various
purposes, including launching distributed denial-of-service (DDoS) attacks.

75. Type of
Attacks done
by Trojan
Horse
• Keylogging: Trojans with keyloggers can record
keystrokes on the victim's computer, capturing
sensitive information like login credentials and
credit card numbers.
• Ransomware delivery: Some Trojans act as a
delivery mechanism for ransomware, which
encrypts the victim's data and demands a
ransom for its decryption.
• Banking Trojans: These specialized Trojans are
designed to target online banking users,
capturing login credentials and other financial
information.

76. How Trojan Horse Work?
Unlike computer viruses, a Trojan horse cannot manifest by itself, so it needs a user to download the server side of the
application for it to work. This means the executable (.exe) file should be implemented and the program installed for
the Trojan to attack a device’s system.
A Trojan virus spreads through legitimate-looking emails and files attached to emails, which are spammed to reach the
inboxes of as many people as possible. When the email is opened and the malicious attachment is downloaded, the
Trojan server will install and automatically run every time the infected device is turned on.
Devices can also be infected by a Trojan through social engineering tactics, which cyber criminals use to coerce users
into downloading a malicious application. The malicious file could be hidden in banner advertisements, pop-up
advertisements, or links on websites.
A computer infected by Trojan malware can also spread it to other computers. A cyber criminal turns the device into a
zombie computer, which means they have remote control of it without the user knowing. Hackers can then use the
zombie computer to continue sharing malware across a network of devices, known as a botnet.

77. Types of Trojan
• Backdoor Trojan: A backdoor Trojan enables an attacker to gain remote access to a computer and take
control of it using a backdoor. This enables the malicious actor to do whatever they want on the device,
such as deleting files, rebooting the computer, stealing data, or uploading malware. A backdoor Trojan is
frequently used to create a botnet through a network of zombie computers.
• Banker Trojan: A banker Trojan is designed to target users’ banking accounts and financial information.
It attempts to steal account data for credit and debit cards, e-payment systems, and online banking
systems.
• Distributed denial-of-service (DDoS) Trojan: These Trojan programs carry out attacks that overload a
network with traffic. It will send multiple requests from a computer or a group of computers to
overwhelm a target web address and cause a denial of service.
• Downloader Trojan: A downloader Trojan targets a computer that has already been infected by
malware, then downloads and installs more malicious programs to it. This could be additional Trojans or
other types of malware like adware.

78. Types of Trojan
• Exploit Trojan: An exploit malware program contains code or data that takes advantage of specific vulnerabilities within
an application or computer system. The cyber criminal will target users through a method like a phishing attack, then
use the code in the program to exploit a known vulnerability.
• Fake antivirus Trojan: A fake antivirus Trojan simulates the actions of legitimate antivirus software. The Trojan is
designed to detect and remove threats like a regular antivirus program, then extort money from users for removing
threats that may be nonexistent.
• Game-thief Trojan: A game-thief Trojan is specifically designed to steal user account information from people playing
online games.
• Instant messaging (IM) Trojan: This type of Trojan targets IM services to steal users’ logins and passwords. It targets
popular messaging platforms such as AOL Instant Messenger, ICQ, MSN Messenger, Skype, and Yahoo Pager.
• Infostealer Trojan: This malware can either be used to install Trojans or prevent the user from detecting the existence of
a malicious program. The components of infostealer Trojans can make it difficult for antivirus systems to discover them
in scans.
• Mailfinder Trojan: A mailfinder Trojan aims to harvest and steal email addresses that have been stored on a computer.
• Ransom Trojan: Ransom Trojans seek to impair a computer’s performance or block data on the device so that the user
can no longer access or use it. The attacker will then hold the user or organization ransom until they pay a ransom fee to
undo the device damage or unlock the affected data.

79. Denial of Service Attack
• A Denial-of-Service (DoS) attack is an attack meant
to shut down a machine or network, making it
inaccessible to its intended users.
• DoS attacks accomplish this by flooding the target
with traffic, or sending it information that triggers a
crash.
• In both instances, the DoS attack deprives
legitimate users (i.e. employees, members, or
account holders) of the service or resource they
expected.

80. Denial of
Service Attack
• Victims of DoS attacks often target web servers of
high-profile organizations such as banking,
commerce, and media companies, or
government and trade organizations.
• Though DoS attacks do not typically result in the
theft or loss of significant information or other
assets, they can cost the victim a great deal of
time and money to handle.

82. How DOS Work?
DoS attacks typically exploit vulnerabilities in a target’s network or computer systems. Attackers can
use a variety of methods to generate overwhelming traffic or requests, including:
Flooding the target with a massive amount of data
Sending repeated requests to a specific part of the system
Exploiting software vulnerabilities to crash the system

83. Prevention
Cloud Mitigation Provider – Cloud mitigation providers are experts at providing DDoS mitigation from the cloud. This means
they have built out massive amounts of network bandwidth and DDoS mitigation capacity at multiple sites around the Internet
that can take in any type of network traffic, whether you use multiple ISP’s, your own data center, or any number of cloud
providers. They can scrub the traffic for you and only send “clean” traffic to your data center.
Firewall – This is the simplest and least effective method. Python scripts are often written to filter out malicious traffic, or
existing firewalls can be utilized by enterprises to block such traffic.
Internet Service Provider (ISP) – Some enterprises use their ISP to provide DDoS mitigation. These ISPs have more bandwidth
than an enterprise would, which can help with large volumetric attacks.

84. Prevention
Network Segmentation: Segmenting the network can help prevent a DoS attack
from spreading throughout the entire network. This limits the impact of an attack
and helps to isolate the affected systems.
Use Intrusion Detection and Prevention Systems: Intrusion Detection and
Prevention Systems (IDS/IPS) can help to detect and block DoS attacks by
analyzing network traffic and blocking malicious traffic.
Develop a Response Plan: Having a DoS response plan in place can help minimize
the impact of an attack. This plan should include steps for identifying the attack,
isolating affected systems, and restoring normal operations.

85. Prevention
Limit Bandwidth: Implementing bandwidth limitations on incoming traffic can help prevent a DoS attack from
overwhelming the network or server.
Implement Content Delivery Network (CDN): A CDN can help to distribute traffic and reduce the impact of a DoS attack
by distributing the load across multiple servers.
Use Anti-Malware Software: Anti-malware software can help to detect and prevent malware from being used in a DoS
attack, such as botnets.
Perform Regular Network Scans: Regular network scans can help identify vulnerabilities and misconfigurations that can
be exploited in a DoS attack. Patching these vulnerabilities can prevent a DoS attack from being successful.

86. DDoS
• A Distributed Denial of Service (DDoS) attack is designed to force a website, computer, or online service offline. This is accomplished by
flooding the target with many requests, consuming its capacity and rendering it unable to respond to legitimate requests.
• A DDoS attack differs from a Denial of Service (DoS) attack because it is distributed. The malicious traffic comes from a variety of different IP
addresses, often the members of a botnet. This makes the attack more difficult to defend against and enables the attackers to generate a
larger volume of malicious traffic than a single system can generate on its own.

88. Working
• A DDoS attack is essentially the legitimate use of an online service taken
too far. For example, a website may be capable of handling a certain
number of requests per minute. If that number is exceeded, then the
website’s performance is degraded, or it may be rendered completely
inaccessible.
• This overload may be caused by an attack or even legitimate use, such as
an e-commerce site being overwhelmed on Black Friday or a ticket sales
platform going down when sales for a popular event are opened.

89. Working
• DDoS attacks are capable of overwhelming a target at various levels. For
example, a web application may have a maximum number of requests that
it can handle.
• Alternatively, the server that it is running on may have a limit on the
amount of simultaneous connections that it can manage. A corporate
network likely has bandwidth restrictions that could be overwhelmed by an
attacker.
• Exceeding any of these thresholds will result in a DoS attack — or a DDoS
attack if the attack uses multiple IP addresses — against the system.

90. Types of DDoS Attack
• Amplification Attacks: Some services, such as DNS, have responses that are much larger
than the corresponding request. In DDoS amplification attacks, attackers will send a
request to a DNS server with their IP address spoofed to the IP address of the target,
causing the target to receive a large volume of unsolicited responses that eat up
resources.
• Bandwidth Saturation: All networks have a maximum bandwidth and throughput that
they can maintain. Bandwidth saturation attacks attempt to consume this bandwidth with
spam traffic.
• Cloud Resource Exploitation: Scalability is one of the hallmarks of cloud computing. By
exploiting this fact, DDoS attackers can perform large-scale attacks against a target
system.

91. Prevention
• Take quick action: Sooner the DDoS attack is identified, the quicker the harm can be resisted.
Companies should provide DDoS services or a certain kind of technology so that the heavy
traffic can be realized and worked upon as soon as possible.
• Configure firewalls and routers: Firewalls and routers should be configured in such a way that
they reject bogus traffic and you should keep your routers as well as firewalls updated with the
latest security patches.
• Consider artificial intelligence: While present defenses of advanced firewalls and intrusion
detection systems are very common, Artificial Intelligence is being used to develop new
systems.
• Secure your Internet of Things devices: To keep your devices from becoming a part of
a botnet, it’s smart to make sure your computers have trusted security software. It’s important
to keep it updated with the latest security patches.

93. Phishing Attack
Phishing is a type of cybersecurity attack that attempts to obtain data that are sensitive like Username, Password,
and more. It attacks the user through mail, text, or direct messages.
Now the attachment sends by the attacker is opened by the user because the user thinks that the email, text,
messages came from a trusted source. It is a type of Social Engineering Attack. For Example,
The user may find some messages like the lottery winner. When the user clicks on the attachment the malicious
code activates that can access sensitive information details. Or if the user clicks on the link that was sent in the
attachment they may be redirected to a different website that will ask for the login credentials of the bank.

94. Types of Phishing Attack
• Spear Phishing –
This attack is used to target any specific organization or an individual for unauthorized access.
These types of attacks are not initiated by any random hacker, but these attacks are initiated
by someone who seeks information related to financial gain or some important information.
Just like the phishing attack spear-phishing also comes from a trusted source. This type of
attack is much successful. It is considered to be one of the most successful methods as both
of the attacks(that is phishing and spear-phishing) is an online attack on users.
• Clone Phishing –
This attack is actually based on copying the email messages that were sent from a trusted
source. Now the hackers alter the information by adding a link that redirects the user to a
malicious or fake website. Now, this is sent to a large number of users and the person who
initiated it watches who clicks on the attachment that was sent as a mail. This spreads
through the contacts of the user who has clicked on the attachment.

95. Types of Phishing Attack
• Catphishing –
It is a type of social engineering attack that plays with the emotions of a person and exploits them
to gain money and information. They target them through dating sites. It is a type of engineering
threat.
• Voice Phishing –
Some attacks require to direct the user through fake websites, but some attacks do not require a
fake website. This type of attack is sometimes referred to as vishing. Someone who is using the
method of vishing, use modern caller id spoofing to convince the victim that the call is from a
trusted source. They also use IVR to make it difficult for the legal authorities to trace, block, monitor.
It is used to steal credit card numbers or some confidential data of the user. This type of phishing
can cause more harm.
• SMS phishing –
These attacks are used to make the user revealing account information. This attack is also similar to
the phishing attack used by cybercriminals to steal credit card details or sensitive information, by
making it look like it came from a trusted organization. Cybercriminals use text messages to get
personal information by trying to redirect them to a fake website. This fake website looks like that it
is an original website.

96. Symptoms of Phishing
• It may request the user to share personal details like the login credentials
related to the bank and more.
• It redirects to a website if the user clicks on the link that was sent in the
email.
• If they are redirected to a website it may want some information related to
the credit card or banking details of the user.

97. Preventions
• Do not try to open any suspicious email attachments.
• Do not try to open any link which may seem suspicious.
• Do not try to provide any sensitive information like personal information or banking
information via email, text, or messages.
• Always the user should have an antivirus to make sure the system is affected by the
system or not.