AN
Uploaded byAve Nawsh
PPTX, PDF319 views

Information security & EthicalHacking

The document discusses several types of cyber attacks and threats including ARP spoofing, botnets, cache poisoning, computer worms, keyloggers, malware, man-in-the-middle attacks, rootkits, and spoofing attacks. It provides definitions and examples of each threat as well as methods of detection and prevention. ARP spoofing, botnets, and cache poisoning are network-based attacks while keyloggers and rootkits are installed locally. Man-in-the-middle attacks exploit real-time communications. Detection requires antivirus software, monitoring of running processes and startup programs, and analyzing file system logs and network traffic. Comprehensive prevention relies on encryption, firewalls, and avoiding insecure network configurations.

Technology
Related topics:
Information Security

Embed presentation

Downloaded 10 times
Presented by Avinash.D SNIST 15315A0430 Information Security & Ethical Hacking
Overview APPLICATION -ATTACK –TYPES  ARP Spoofing  Botnet  Cache Poisoning  Computer Worm  Keylogger  Malware  Man in the Middle Attack  Rootkit  Spoofing Attack  Spyware
What is ARP Spoofing ? ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilize the Address Resolution Protocol.
Types of ARP Spoofing  Denial-of-service attacks: DoS attacks often leverage ARP spoofing to link multiple IP addresses with a single target’s MAC address. As a result, traffic that is intended for many different IP addresses will be redirected to the target’s MAC address, overloading the target with traffic.  Session hijacking: Session hijacking attacks can use ARP spoofing to steal session IDs, granting attackers access to private systems and data.  Man-in-the-middle attacks: MITM attacks can rely on ARP spoofing to intercept and modify traffic between victims.
ARP spoofing detection, prevention and protection  Packet filtering  Avoid trust relationships  Use ARP spoofing detection software  Use cryptographic network protocols
What is a BotNet ? A botnet is a network of compromised computers under the control of a malicious actor. Each individual device in a botnet is referred to as a bot. A bot is formed when a computer gets infected with malware that enables third-party control. Bots are also known as “zombie computers” due to their ability to operate under remote direction without their owners’ knowledge. The attackers that control botnets are referred to as “bot herders” or “bot masters.”
BotNet example Zeus is a Trojan horse for Windows that was created to steal bank information using botnets. First discovered in 2007, Zeus spread through email, downloads, and online messaging to users across the globe. Zeus botnets used millions of zombie computers to execute keystroke logging and form grabbing attacks that targeted bank data, account logins, and private user data. The information gathered by Zeus botnets has been used in thousands of cases of online identity theft, credit card theft, and more.
Botnet detection detection and prevention They can be detected by:  IRC traffic (botnets and bot masters use IRC for communications)  Connection attempts with known C&C servers  Multiple machines on a network making identical DNS requests  High outgoing SMTP traffic (as a result of sending spam)  Unexpected popups (as a result of clickfraud activity)  Slow computing/high CPU usage  Spikes in traffic, especially Port 6667 (used for IRC), Port 25 (used in email spamming), and Port 1080 (used by proxy servers)  Outbound messages (email, social media, instant messages, etc) that weren’t sent by the user  Problems with Internet access
What is cache poisoning ?  Cache poisoning is a type of attack in which corrupt data is inserted into the cache database of the Domain Name System (DNS) name server. The Domain Name System is a system that associates domain names with IP addresses. Devices that connect to the internet or other private networks rely on the DNS for resolving URLs, email addresses and other human-readable domain names into their corresponding IP addresses. In a DNS cache poisoning attack, a malicious party sends forged responses from an imposter DNS in order to reroute a domain name to a new IP address. This new IP address is almost always for a server that is controlled by the attacker. DNS cache poisoning attacks are often used to spread computer worms and other malware . More sophisticated uses for DNS cache poisoning include man-in-the-middle attacks and denial-of-service attacks.
Cache poisoning prevention In order to further prevent cache poisoning attacks, IT teams should configure their DNS name servers to:  Limit recursive queries.  Store only data related to the requested domain.  Restrict query responses to only provide information about the requested domain.
Computer worm Often called Malicious software SYMPTOMS:  Users should be familiar with the symptoms of a computer worm so that they can quickly recognize infections and begin the process of computer worm removal. Here are some of the typical symptoms of a computer worm:  Slow computer performance  Freezing/crashing  Programs opening and running automatically  Irregular web browser performance  Unusual computer behavior (messages, images, sounds, etc)  Firewall warnings  Missing/modified files  Appearance of strange/unintended desktop files or icons  Operating system errors and system error messages  Emails sent to contacts without the user’s knowledge
What is a Keylogger ?  Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (keys pressed) of a keyboard. Keyloggers are a form of spyware where users are unaware their actions are being tracked. Keyloggers can be used for a variety of purposes; hackers may use them to maliciously gain access to your private information, while employers might use them to monitor employee activities. Some keyloggers can also capture your screen at random intervals; these are known as screen recorders. Keylogger software typically stores your keystrokes in a small file, which is either accessed later or automatically emailed to the person monitoring your actions.
Functionality: Keylogger Remote- access software keyloggers can allow access to locally recorded data from a remote location. This communication can happen by using one of the following methods:  Uploading the data to a website, database or FTP server.  Periodically emailing data to a predefined email address.  Wirelessly transmitting data through an attached hardware system.  Software enabling remote login to your local machine.  Additional features that some software keyloggers come with can capture additional information without requiring any keyboard key presses as input. They include:  Clipboard logging – Anything that can be copied to the clipboard is captured.  Screen logging – Randomly timed screenshots of your computer screen are logged.  Control text capture – The Windows API allows for programs to request the text value of some controls, meaning that your password may be captured even if behind a password mask (the asterisks you see when you type your password into a form).  Activity tracking – Recording of which folders, programs and windows are opened and also possibly screenshots of each.  Recording of search engine queries, instant message conversations, FTP downloads along with any other internet activities.
Detection and removal:  There are a variety of ways to detect a keylogger, though none are a catchall, so if you have reason to suspect your computer has a keylogger, we recommend trying a variety of these tactics:  Begin by running your antivirus, which can often detect a keylogger on your system.  Run a program like Spybot Search and Destroy or MalwareBytes to check for certain types.  Check your task list by pressing ctrl+alt+del in Windows. Examine the tasks running, and if you are unfamiliar with any of them, look them up on a search engine.  Scan your hard disk for the most recent files stored. Look at the contents of any files that update often, as they might be logs.  Use your system configuration utility to view which programs are loaded at computer start-up. You can access this list by typing “msconfig” into the run box.
What is MITM ?  Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.  A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.  Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.
What is a Rootkit ?  A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.
Functionality and Detection What Can a Rootkit Do?  A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. A rootkit on an infected computer can also access log files and spy on the legitimate computer owner’s usage. Rootkit Detection  It is difficult to detect rootkits. There are no commercial products available that can find and remove all known and unknown rootkits. There are various ways to look for a rootkit on an infected machine. Detection methods include behavioral-based methods (e.g., looking for strange behavior on a computer system), signature scanning and memory dump analysis. Often, the only option to remove a rootkit is to completely rebuild the compromised system.
Well-known Rootkit examples  Lane Davis and Steven Dake - wrote the earliest known rootkit in the early 1990s.  NTRootkit – one of the first malicious rootkits targeted at Windows OS.  HackerDefender – this early Trojan altered/augmented the OS at a very low level of functions calls.  Machiavelli - the first rootkit targeting Mac OS X appeared in 2009. This rootkit creates hidden system calls and kernel threads.  Greek wiretapping – in 2004/05, intruders installed a rootkit that targeted Ericsson's AXE PBX.  Zeus, first identified in July 2007, is a Trojan horse that steals banking information by man-in-the-browser keystroke logging and form grabbing.  Stuxnet - the first known rootkit for industrial control systems  Flame - a computer malware discovered in 2012 that attacks computers running Windows OS. It can record audio, screenshots, keyboard activity and network traffic.
Spyware  Spyware is any software that installs itself on your computer and starts covertly monitoring your online behavior without your knowledge or permission. Spyware is a kind of malware that secretly gathers information about a person or organization and relays this data to other parties. In some cases, these may be advertisers or marketing data firms, which is why spyware is sometimes referred to as “adware.” It is installed without user consent by methods such as a drive- by download, a trojan included with a legitimate program or a deceptive pop-up window
Signs of spyware  Signs of a spyware infection can include unwanted behaviors and degradation of system performance. It can eat up CPU capacity, disk usage and network traffic. Stability issues such as applications freezing, failure to boot, difficulty connecting to the internet and system crashes are also common.
Information security & EthicalHacking
Information security & EthicalHacking

More Related Content

PPT
Reconnaissance & Scanning
byamiable_indian
 
PDF
Web backdoors attacks, evasion, detection
byn|u - The Open Security Community
 
PPT
Honeypots - Tracking the Blackhat Community
byamiable_indian
 
PPTX
Methods of Cybersecurity Attacks
byZyrellLalaguna
 
DOCX
Introduction to trojans and backdoors
byjibinmanjooran
 
PPTX
Hacking by Pratyush Gupta
byTenet Systems Pvt Ltd
 
PPT
Hacking In Detail
byGreater Noida Institute Of Technology
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
Reconnaissance & Scanning
byamiable_indian
 
Web backdoors attacks, evasion, detection
byn|u - The Open Security Community
 
Honeypots - Tracking the Blackhat Community
byamiable_indian
 
Methods of Cybersecurity Attacks
byZyrellLalaguna
 
Introduction to trojans and backdoors
byjibinmanjooran
 
Hacking by Pratyush Gupta
byTenet Systems Pvt Ltd
 
Hacking In Detail
byGreater Noida Institute Of Technology
 
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 

What's hot

PPTX
It act seminar
byAkshay Sharma
 
PDF
Research Paper on Rootkit.
byAnuj Khandelwal
 
PPTX
Learn Hacking With Gflixacademy
byGaurav Mishra
 
PPT
Hacking
byRoshan Chaudhary
 
PPT
Hacking
byrameswara reddy venkat
 
PPT
Hacking tutorial
byMSA Technosoft
 
PDF
Introduction of hacking and cracking
byHarshil Barot
 
PPTX
Network forensics and investigating logs
byanilinvns
 
PPT
Module 8 System Hacking
byleminhvuong
 
PPTX
Intruders detection
byEhtisham Ali
 
PPTX
Ethical Hacking4
bydodontn
 
PPTX
Final project.ppt
byshreyng
 
PPT
Hacking 1224807880385377-9
byGeoff Pesimo
 
PDF
Intro2 malwareanalysisshort
byVincent Ohprecio
 
PPT
Hack the hack
byShakti Ranjan
 
PPT
Backdoor
byphanleson
 
PPTX
Computer security
byINGAMULE SIRAJI
 
DOCX
Hackers dictionary
byTabraiz Bukhari
 
PPTX
why security is needed
bysourov_das
 
PPT
Hacking Presentation
byAnimesh Behera
 
It act seminar
byAkshay Sharma
 
Research Paper on Rootkit.
byAnuj Khandelwal
 
Learn Hacking With Gflixacademy
byGaurav Mishra
 
Hacking
byRoshan Chaudhary
 
Hacking
byrameswara reddy venkat
 
Hacking tutorial
byMSA Technosoft
 
Introduction of hacking and cracking
byHarshil Barot
 
Network forensics and investigating logs
byanilinvns
 
Module 8 System Hacking
byleminhvuong
 
Intruders detection
byEhtisham Ali
 
Ethical Hacking4
bydodontn
 
Final project.ppt
byshreyng
 
Hacking 1224807880385377-9
byGeoff Pesimo
 
Intro2 malwareanalysisshort
byVincent Ohprecio
 
Hack the hack
byShakti Ranjan
 
Backdoor
byphanleson
 
Computer security
byINGAMULE SIRAJI
 
Hackers dictionary
byTabraiz Bukhari
 
why security is needed
bysourov_das
 
Hacking Presentation
byAnimesh Behera
 

Viewers also liked

PPTX
Packet sniffing in switched LANs
byIshraq Al Fataftah
 
PPTX
Packet sniffing in LAN
byArpit Suthar
 
PDF
Arp Cache Poisoning
bySubhash Kumar Singh
 
PDF
Packet sniffing & ARP Poisoning
byViren Rao
 
PDF
Bettercap
byShritesh Bhattarai
 
PDF
Cyber security 2013
byAriel Evans
 
PDF
Protection contre l'ARP poisoning et MITM
byESD Cybersecurity Academy
 
PDF
Intro to Obj-C Design Patterns or Or how I learned to be less bad
byHaris Amin
 
PPT
Inmunidadenparasitos
byIsradoc
 
PDF
Calendar Ukelle
byinfOlem
 
ODP
Trabajo c.digital
byns676_carmen
 
PPTX
Presentation1
byThanakorn Kaewpia
 
PPTX
Metaphors
byAbul Zia Pervez
 
PPT
Gara d'applto
bysilviadisc
 
PDF
Activity 69 weather amosphere
bynorvely
 
PPTX
Ilse
byalison lizet ramos riva
 
PPTX
Presentation skills
bytamer elmoghazy
 
PPT
Point of View
byThalia Longoria
 
PDF
MITM Attacks with Ettercap : TTU CyberEagles Club
byShritesh Bhattarai
 
PDF
Poly td ea
bySalah-Eddine MAAFI
 
Packet sniffing in switched LANs
byIshraq Al Fataftah
 
Packet sniffing in LAN
byArpit Suthar
 
Arp Cache Poisoning
bySubhash Kumar Singh
 
Packet sniffing & ARP Poisoning
byViren Rao
 
Bettercap
byShritesh Bhattarai
 
Cyber security 2013
byAriel Evans
 
Protection contre l'ARP poisoning et MITM
byESD Cybersecurity Academy
 
Intro to Obj-C Design Patterns or Or how I learned to be less bad
byHaris Amin
 
Inmunidadenparasitos
byIsradoc
 
Calendar Ukelle
byinfOlem
 
Trabajo c.digital
byns676_carmen
 
Presentation1
byThanakorn Kaewpia
 
Metaphors
byAbul Zia Pervez
 
Gara d'applto
bysilviadisc
 
Activity 69 weather amosphere
bynorvely
 
Ilse
byalison lizet ramos riva
 
Presentation skills
bytamer elmoghazy
 
Point of View
byThalia Longoria
 
MITM Attacks with Ettercap : TTU CyberEagles Club
byShritesh Bhattarai
 
Poly td ea
bySalah-Eddine MAAFI
 

Similar to Information security & EthicalHacking

PPTX
Introduction Ethical hacking by eslam hussein
byEslam Hussein
 
PPT
Cybersecurity, Hacking, and Privacy
byNicholas Davis
 
PPT
Keyloggers and Spywares
byAnkit Mistry
 
PPTX
Mitppt
byAarti Prakash
 
PPTX
Protection from hacking attacks
bySugirtha Jasmine M
 
PPTX
ransomware keylogger rootkit.pptx
bydawitTerefe5
 
PPT
Network Attacks
bySecurityTube.Net
 
PPTX
Computer Security
bySatyajit Das
 
PPT
Ethical Hacking
byaashish2cool4u
 
PPTX
e-Security and malwares(virus, trojan and adware)
byJosnaJoy14
 
PPT
Cyber security and detailed informat.ppt
byraga04269
 
PPTX
Internetor interior or theasd Threats.pptx
byjayvargas8
 
PPTX
Information security
byJin Castor
 
PPTX
Information about malwares and Attacks.pptx
bymalikmuzammil2326
 
PPT
Ch02 System Threats and Risks
byInformation Technology
 
PPT
CyberSecurity presentation for basic knowledge about this topic
bypiyushkamble6
 
PPT
Information Security - Viruses, Bots, and Phish
byJAYALAKSHMIP13
 
PPT
Virus phish concepts bots Spyware Phishing Spam
byJAYALAKSHMIP13
 
PPT
Chapter 3 Ensuring Internet Security
byPatty Ramsey
 
PPTX
Surfing with Sharks KS ED TECH 2012
byinf8nity
 
Introduction Ethical hacking by eslam hussein
byEslam Hussein
 
Cybersecurity, Hacking, and Privacy
byNicholas Davis
 
Keyloggers and Spywares
byAnkit Mistry
 
Mitppt
byAarti Prakash
 
Protection from hacking attacks
bySugirtha Jasmine M
 
ransomware keylogger rootkit.pptx
bydawitTerefe5
 
Network Attacks
bySecurityTube.Net
 
Computer Security
bySatyajit Das
 
Ethical Hacking
byaashish2cool4u
 
e-Security and malwares(virus, trojan and adware)
byJosnaJoy14
 
Cyber security and detailed informat.ppt
byraga04269
 
Internetor interior or theasd Threats.pptx
byjayvargas8
 
Information security
byJin Castor
 
Information about malwares and Attacks.pptx
bymalikmuzammil2326
 
Ch02 System Threats and Risks
byInformation Technology
 
CyberSecurity presentation for basic knowledge about this topic
bypiyushkamble6
 
Information Security - Viruses, Bots, and Phish
byJAYALAKSHMIP13
 
Virus phish concepts bots Spyware Phishing Spam
byJAYALAKSHMIP13
 
Chapter 3 Ensuring Internet Security
byPatty Ramsey
 
Surfing with Sharks KS ED TECH 2012
byinf8nity
 

Recently uploaded

PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
final.pdf
byomarbishtawi04
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
apidays New York 2025 | AI in Application Security
byapidays
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
final.pdf
byomarbishtawi04
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 

Information security & EthicalHacking

  • 1.
  • 2.
    Overview APPLICATION -ATTACK –TYPES ARP Spoofing  Botnet  Cache Poisoning  Computer Worm  Keylogger  Malware  Man in the Middle Attack  Rootkit  Spoofing Attack  Spyware
  • 3.
    What is ARPSpoofing ? ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilize the Address Resolution Protocol.
  • 4.
    Types of ARPSpoofing  Denial-of-service attacks: DoS attacks often leverage ARP spoofing to link multiple IP addresses with a single target’s MAC address. As a result, traffic that is intended for many different IP addresses will be redirected to the target’s MAC address, overloading the target with traffic.  Session hijacking: Session hijacking attacks can use ARP spoofing to steal session IDs, granting attackers access to private systems and data.  Man-in-the-middle attacks: MITM attacks can rely on ARP spoofing to intercept and modify traffic between victims.
  • 6.
    ARP spoofing detection,prevention and protection  Packet filtering  Avoid trust relationships  Use ARP spoofing detection software  Use cryptographic network protocols
  • 7.
    What is aBotNet ? A botnet is a network of compromised computers under the control of a malicious actor. Each individual device in a botnet is referred to as a bot. A bot is formed when a computer gets infected with malware that enables third-party control. Bots are also known as “zombie computers” due to their ability to operate under remote direction without their owners’ knowledge. The attackers that control botnets are referred to as “bot herders” or “bot masters.”
  • 8.
    BotNet example Zeus isa Trojan horse for Windows that was created to steal bank information using botnets. First discovered in 2007, Zeus spread through email, downloads, and online messaging to users across the globe. Zeus botnets used millions of zombie computers to execute keystroke logging and form grabbing attacks that targeted bank data, account logins, and private user data. The information gathered by Zeus botnets has been used in thousands of cases of online identity theft, credit card theft, and more.
  • 9.
    Botnet detection detectionand prevention They can be detected by:  IRC traffic (botnets and bot masters use IRC for communications)  Connection attempts with known C&C servers  Multiple machines on a network making identical DNS requests  High outgoing SMTP traffic (as a result of sending spam)  Unexpected popups (as a result of clickfraud activity)  Slow computing/high CPU usage  Spikes in traffic, especially Port 6667 (used for IRC), Port 25 (used in email spamming), and Port 1080 (used by proxy servers)  Outbound messages (email, social media, instant messages, etc) that weren’t sent by the user  Problems with Internet access
  • 10.
    What is cachepoisoning ?  Cache poisoning is a type of attack in which corrupt data is inserted into the cache database of the Domain Name System (DNS) name server. The Domain Name System is a system that associates domain names with IP addresses. Devices that connect to the internet or other private networks rely on the DNS for resolving URLs, email addresses and other human-readable domain names into their corresponding IP addresses. In a DNS cache poisoning attack, a malicious party sends forged responses from an imposter DNS in order to reroute a domain name to a new IP address. This new IP address is almost always for a server that is controlled by the attacker. DNS cache poisoning attacks are often used to spread computer worms and other malware . More sophisticated uses for DNS cache poisoning include man-in-the-middle attacks and denial-of-service attacks.
  • 11.
    Cache poisoning prevention Inorder to further prevent cache poisoning attacks, IT teams should configure their DNS name servers to:  Limit recursive queries.  Store only data related to the requested domain.  Restrict query responses to only provide information about the requested domain.
  • 12.
    Computer worm Often calledMalicious software SYMPTOMS:  Users should be familiar with the symptoms of a computer worm so that they can quickly recognize infections and begin the process of computer worm removal. Here are some of the typical symptoms of a computer worm:  Slow computer performance  Freezing/crashing  Programs opening and running automatically  Irregular web browser performance  Unusual computer behavior (messages, images, sounds, etc)  Firewall warnings  Missing/modified files  Appearance of strange/unintended desktop files or icons  Operating system errors and system error messages  Emails sent to contacts without the user’s knowledge
  • 13.
    What is aKeylogger ?  Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (keys pressed) of a keyboard. Keyloggers are a form of spyware where users are unaware their actions are being tracked. Keyloggers can be used for a variety of purposes; hackers may use them to maliciously gain access to your private information, while employers might use them to monitor employee activities. Some keyloggers can also capture your screen at random intervals; these are known as screen recorders. Keylogger software typically stores your keystrokes in a small file, which is either accessed later or automatically emailed to the person monitoring your actions.
  • 15.
    Functionality: Keylogger Remote- accesssoftware keyloggers can allow access to locally recorded data from a remote location. This communication can happen by using one of the following methods:  Uploading the data to a website, database or FTP server.  Periodically emailing data to a predefined email address.  Wirelessly transmitting data through an attached hardware system.  Software enabling remote login to your local machine.  Additional features that some software keyloggers come with can capture additional information without requiring any keyboard key presses as input. They include:  Clipboard logging – Anything that can be copied to the clipboard is captured.  Screen logging – Randomly timed screenshots of your computer screen are logged.  Control text capture – The Windows API allows for programs to request the text value of some controls, meaning that your password may be captured even if behind a password mask (the asterisks you see when you type your password into a form).  Activity tracking – Recording of which folders, programs and windows are opened and also possibly screenshots of each.  Recording of search engine queries, instant message conversations, FTP downloads along with any other internet activities.
  • 16.
    Detection and removal: There are a variety of ways to detect a keylogger, though none are a catchall, so if you have reason to suspect your computer has a keylogger, we recommend trying a variety of these tactics:  Begin by running your antivirus, which can often detect a keylogger on your system.  Run a program like Spybot Search and Destroy or MalwareBytes to check for certain types.  Check your task list by pressing ctrl+alt+del in Windows. Examine the tasks running, and if you are unfamiliar with any of them, look them up on a search engine.  Scan your hard disk for the most recent files stored. Look at the contents of any files that update often, as they might be logs.  Use your system configuration utility to view which programs are loaded at computer start-up. You can access this list by typing “msconfig” into the run box.
  • 17.
    What is MITM?  Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.  A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.  Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.
  • 20.
    What is aRootkit ?  A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.
  • 21.
    Functionality and Detection WhatCan a Rootkit Do?  A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. A rootkit on an infected computer can also access log files and spy on the legitimate computer owner’s usage. Rootkit Detection  It is difficult to detect rootkits. There are no commercial products available that can find and remove all known and unknown rootkits. There are various ways to look for a rootkit on an infected machine. Detection methods include behavioral-based methods (e.g., looking for strange behavior on a computer system), signature scanning and memory dump analysis. Often, the only option to remove a rootkit is to completely rebuild the compromised system.
  • 22.
    Well-known Rootkit examples Lane Davis and Steven Dake - wrote the earliest known rootkit in the early 1990s.  NTRootkit – one of the first malicious rootkits targeted at Windows OS.  HackerDefender – this early Trojan altered/augmented the OS at a very low level of functions calls.  Machiavelli - the first rootkit targeting Mac OS X appeared in 2009. This rootkit creates hidden system calls and kernel threads.  Greek wiretapping – in 2004/05, intruders installed a rootkit that targeted Ericsson's AXE PBX.  Zeus, first identified in July 2007, is a Trojan horse that steals banking information by man-in-the-browser keystroke logging and form grabbing.  Stuxnet - the first known rootkit for industrial control systems  Flame - a computer malware discovered in 2012 that attacks computers running Windows OS. It can record audio, screenshots, keyboard activity and network traffic.
  • 23.
    Spyware  Spyware isany software that installs itself on your computer and starts covertly monitoring your online behavior without your knowledge or permission. Spyware is a kind of malware that secretly gathers information about a person or organization and relays this data to other parties. In some cases, these may be advertisers or marketing data firms, which is why spyware is sometimes referred to as “adware.” It is installed without user consent by methods such as a drive- by download, a trojan included with a legitimate program or a deceptive pop-up window
  • 24.
    Signs of spyware Signs of a spyware infection can include unwanted behaviors and degradation of system performance. It can eat up CPU capacity, disk usage and network traffic. Stability issues such as applications freezing, failure to boot, difficulty connecting to the internet and system crashes are also common.