Download to read offline
More Related Content
Similar to Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)
- 1. TYPES OF ATTACK…(PART 3) MALWARE –PART 2 Prof. Neeraj Bhargava Mrs. Shubha Chaturvedi Department of Computer Science, School of Engineering & System Sciences MDS University Ajmer, Rajasthan
- 2. CRIMEWARE • It’s aSoftware that helps someone perform an unwanted or illegal act via the computer. • Crimeware programs and documentation enable non- technical people to set up their own spam, virus or phishing attacks, essentially a software development kit . • Crimeware is a general term for software used to perpetrate crime, such as stealing personal identities, money or proprietary information. • Crimeware can spread by way of viruses, Trojan horse programs, worms, spyware, or adware.
- 3. Spamming • Spam isany kind of unwanted, unsolicited digital communication, often an email, that gets sent out in bulk. Spam is a huge waste of time and resources. The Internet service providers (ISP) carry and store the data. When hackers can’t steal data bandwidth from the ISPs, they steal it from individual users, hacking computers and enslaving them in a zombie botnet. Types of spam : Email spam, mobile spam, social networking spam, messaging spam.
- 4. TRAPDOOR/BACKDOOR • A trapdoor is kind of a secret entry point into a program that allows anyone gain access to any system without going through the usual security access procedures. Other definition of trap door is it is a method of bypassing normal authentication methods. Therefore it is also known as back door. • Programmers use Trap door legally to debug and test programs. Trap doors turns to threats when any dishonest programmers to gain illegal access. Program development and software update activities should be first focus of security measures. Operating system that controls the trap doors is difficult to implementation.
- 5. KEYLOGGERS • Keyloggers area type of monitoring software designed to record keystrokes made by a user. One of the oldest forms of cyber threat, these keystroke loggers record the information you type into a website or application and send to back to a third party. • Criminals use keyloggers to steal personal or financial information such as banking details, which they can then sell or use for profit.
- 6. SPOOFING Spoofing is aspecific type of cyber-attack in which someone attempts to use a computer, device, or network to trick other computer networks by masquerading as a legitimate entity. It's one of many tools hackers use to gain access to computers to mine them for sensitive data, turn them into zombies (computers taken over for malicious use), or launch Denial-of-Service (DoS) attacks. Of the several types of spoofing, IP spoofing is the most common.
- 7. Phishing Phishing attacks arethe practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine. Phishing is a common type of cyber attack that everyone should learn about in order to protect themselves. • Phishing starts with a fraudulent email or other communication that is designed to lure a victim. The message is made to look as though it comes from a trusted sender. If it fools the victim, he or she is coaxed into providing confidential information, often on a scam website. Sometimes malware is also downloaded onto the target’s computer.
- 8. Sniffing • is theprocess of monitoring and capturing all data packets that are passing through a computer network using packet sniffers. Packet Sniffers are used by network administrators to keep track of data traffic passing through their network. These are called network protocol analyzers. In the same way, malicious attackers employ the use of these packet sniffing tools to capture data packets in a network. • Data packets captured from a network are used to extract and steal sensitive information such as passwords, usernames, credit card information, etc. Attackers install these sniffers in the system in the form of software or hardware.
- 9. Port Scanning • Portscanning is a method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities. • The goal behind port and network scanning is to identify the organization of IP addresses, hosts, and ports to properly determine open or vulnerable server locations and diagnose security levels. • After a thorough network scan is complete and a list of active hosts is compiled, port scanning can take place to identify open ports on a network that may enable unauthorized access. • It’s important to note that network and port scanning can be used by both IT administrators and cybercriminals to verify or check the security policies of a network and identify vulnerabilities — and in the attackers’ case, to exploit any potential weak entry points.
- 10. SQL injection (SQLi) •SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behaviour. • In some situations, an attacker can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack.
- 11. Assignment Q1 .Differentiate betweenComputer Virus, Worms and Trojan Horse? Q2. Difference Between Sniffing and Spoofing ? Q3. What are ports and port numbers? Q4. What is the impact of a successful SQL injection attack?