This document discusses different types of cyber attacks including SQL injection, malware, and man-in-the-middle attacks. SQL injection allows inserting SQL statements into a user input field to extract or manipulate database data. Malware includes viruses, worms, trojans, and spyware that can damage systems. A man-in-the-middle attack involves an unauthorized party intercepting communications between two users and modifying the exchange.

1. Different types of attack

2. What is SQL injection?
 The ability to inject SQL commands into the database engine through an existing
application

3. SQL INJECTION
 Many web applications take user input from a form
 Often this user input is used literally in the construction of a SQL query submitted to a
database. For example:
SELECT product data FROM table WHERE product name = ‘user input product name’;
 A SQL injection attack involves placing SQL statements in the user input

4. HOW DOES SQL INJECTION WORK?
 Common vulnerable login query
SELECT * FROM users
WHERE login = 'victor'
AND password = '123'
(If it returns something then login)
 ASP/MS SQL Server login syntax
var sql = "SELECT * FROM users
WHERE login = '" + formusr +
"' AND password = '" + formpwd + "'";

6. OTHER INJECTION POSSIBILITIES
Using SQL injections, attackers can:
 Add new data to the database
 Perform an INSERT in the injected SQL
 Modify data currently in the database
 Perform an UPDATE in the injected SQL
 Often can gain access to other user's system
 capabilities by obtaining their password

7. MALICIOUS SOFTWARE
“A Malware is the set of instructions that run on your computer and make system do
something that an attacker wants it to do”

8. TYPES OF MALICIOUS SOFTWARE
 Virus
 Trojan Horse
 Worm
 Spyware
 Cookie
 Bots

9. COMPUTER VIRUS
Computer viruses are small software programs that are designed to spread from one
computer to another and to interfere with computer operation.

10. WORM
It is one of the most dangerous malicious program. It has the capability to spread, without
any human action.

11. HOW WORM SPREAD?

12. Differences Computer Viruses Computer Worms
Definition The virus is the program code that
attaches itself to application
program and when application
program run it runs along with it
The worm is code that replicate itself in
order to consume resources to bring it
down.
How does it infect a
computer
It inserts itself into a file or executable
program
It exploits a weakness in an application
or
operating system by replicating itself.
How can it
spread?
It has to rely on users transferring
infected files/programs to other
computer systems
It has to rely on users transferring
infected files/programs to other
computer systems
Does it
infect
files?
Yes, it deletes or modifies files.
Sometimes a virus also changes
the location of files.
Usually not. Worms usually only
monopolize the CPU and memory.
Whose speed is more? virus is slower than worm worm is faster than virus. E.g.The code
red worm affected 3 lack PCs in just 14
Hrs.

13. TROJAN
Trojan is a malicious software, which at first glance will appear to be the useful software but
will actually damage once installed or run on your computer

14. IMPACTS OF TROJAN
Trojan performs the following actions :
 Deleting data
 Active silly icons and change desktop
 Modifying data
 Copying data
 Disrupting the performance of computers
 Create backdoor

15. WHAT IS MITM ?
A man-in-the-middle (MITM) attack is a form of eavesdropping where communication
between two users is monitored and modified by an unauthorized party. Generally, the
attacker actively eavesdrops by intercepting a public key message exchange and
retransmits the message while replacing the requested key with his own.

16. MITM ATTACK IS ALSO KNOWN AS
 Bucket-brigade attack
 Fire brigade attack
 Monkey-in-the-middle attack
 Session hijacking
 TCP hijacking
 TCP session hijacking

17. NAME ORIGIN
The name "Man-in-the-Middle" is derived from the basketball scenario where two players
intend to pass a ball to each other while one player between them tries to seize it. MITM
attacks are sometimes referred to as "bucket brigade attacks“ or "fire brigade attacks."
Those names are derived from the fire brigade operation of dousing off the fire by passing
buckets from one person to another between the water source and the fire.

18. HOW DOES IT WORK?
Man in the middle is known most to others as "session hijacking" and to general public as
"hijacking". These hackers are primarily targeting specific data about the transactions on
computers. This can be anything from an email to a bank transaction that said the hackers
begin their investigation of the party of interest

19. HOW TO PREVENT FROM THIS ATTACK?
 Maintain proper coding pattern
 Don’t use third party software
 Use anti virus
 Don’t use public wife network
 All always update your operating system