DOCSLIB.ORG

Hacking and Phishing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hacking and Phishing 2018 NATIONAL SEMINAR US SENTENCING COMMISSION National Seminar Denial of Service Attack (DoS) - DoS Metaphorically it extends to social knowledge of your IP address to your is used against a website or computer engineering in its manipulation of computer via one of its ports, the Hacking & Phishing Glossary: network to make it temporarily social code to effect change. Many points that regulate information traffic 2018 Annual National Seminar unresponsive. This is often achieved by prefer to use the term cracking to f low. sending so many content requests to describe hacking into a machine or the site that the server overloads. program without permission. Hackers IRC - Internet relay chat is a protocol Adware - Adware can mean the government intelligence to build frequently based in the former Soviet Content requests are the instructions are sometimes divided into white hat, used by groups and for one-on-one software that automatically generates backdoors into their products. Union. sent, for instance, from your browser to black hat, and gray hat hackers. conversations, often utilized by advertisements in a program that is Malware is often designed to exploit a website that enables you to see the hackers to communicate or share files. otherwise free, such as an online video back doors. Brute Force Attack - Also known as website in question. Some have Hacktivist - A hacker whose goals are Because they are usually unencrypted, game. But in this context it more an exhaustive key search, a brute force described such attacks as the Internet social or political. Examples range hackers sometimes use packet sniffers commonly means a kind of spyware Black hat - Black hat hackers are those attack is an automated search for every equivalent of street protests and some from reporting online anonymously to steal personal information from that tracks your browsing habits who engage in hacking for illegal possible password to a system. It is an groups, such as Anonymous frequently from a country that attacks free speech them. covertly to generate those ads. purposes, often for financial gain, inefficient method of hacking use it as a protest tool. to launching a DDoS campaign though also for notoriety. Their hacks compared to others like phishing. It’s against a company whose CEO has Keystroke Logging / Keylogger - Anonymous - A non-hierarchical (and cracks) result in inconvenience used usually when there is no Distributed Denial of Service Attack issued objectionable statements. Not to Keystroke logging is the tracking of hacktivist collective, Anonymous uses and loss for both the owners of the alternative. The process can be made (DDoS) - A DoS using a number of be confused with slacktivism, which which keys are pressed on a computer hacking (and arguably cracking) system they hack and the users. shorter by focusing the attack on separate machines. This can be refers to push-button activism in which (and which touchscreen points are techniques to register political protest password elements likely to be used by accomplished by seeding machines a supporter of a social or political used). It is, simply, the map of a in campaigns known as “#ops.” Best Bot - A program that automates a a specific system. with a Trojan and creating a botnet or, campaign’s goals does nothing but computer/human interface. It is used known for their distributed denial of usually simple action so that it can be as is the case with a number of register their support online, for by gray and black hat hackers to record services (DDoS) attacks, past activities done repeatedly at a much higher rate Clone Phishing - Clone phishing is the Anonymous attacks, by using the instance by “liking” a Facebook page. login IDs and passwords. Keyloggers have included attacks against the for a more sustained period than a modification of an existing, legitimate machines of volunteers. are usually secreted onto a device Church of Scientology; Visa, Paypal, human operator could do it. Like most email with a false link to trick the Hash - A hash is a number generated using a Trojan delivered by a phishing and others who withdrew their things in the world of hacking, bots recipient into providing personal Doxing - Discovering and publishing by an algorithm from a string of email. services from WikiLeaks’ Julian are, in themselves, benign and used for information. the identity of an otherwise characters in a message or other string. Assange after that group began a host of legitimate purposes, like anonymous Internet user by tracing In a communications system using Logic Bomb - A virus secreted into a releasing war documents; #OpTunisia online content delivery. However, they Code - Code is the machine-readable, their online publically available hashes, the sender of a message or file system that triggers a malicious action and others purporting to support the are often used in conjunction with usually text-based instructions that accounts, metadata, and documents can generate a hash, encrypt the hash, when certain conditions are met. The Arab Spring; and a campaign that cracking, and that’s where their public govern a device or program. Changing like email accounts, as well as by and send it with the message. On most common version is the time brought down the website of the notoriety comes from. Bots can be the code can change the behavior of the hacking, stalking, and harassing. decryption, the recipient generates bomb. Westboro Baptist Church. #Ops are used, for instance, to make the content device or program. another hash. If the included and the usually marked with the release of a calls that make up denial of service Firewall - A system using hardware, generated hash are the same, the LulzSec - LulzSec is an Anonymous video of a reader in a Guy Fawkes attacks. Bot is also a term used to refer Compiler - A compiler is a program software, or both to prevent message or file has almost certainly offshoot. It’s best-known actions were mask using a computer generated to the individual hijacked computers that translates high-level language unauthorized access to a system or not been tampered with. hacking user information from the voice. Offshoot groups include AntiSec that make up a botnet. (source code in a programming machine. website of Sony Pictures and for and LulzSec. language) into executable machine IP - Internet protocol address. It’s the allegedly shutting down the CIA Botnet - A botnet is a group of language. Compilers are sometimes Gray Hat - Just like the rest of life, distinctive numeral fingerprint that website with a DDoS attack. LulzSec’s AntiSec - An Anonymous splinter computers controlled without their rewritten to create a back door without hacking is often less black or white each device carries that’s connected to best known, however, for Hector group, AntiSec was best known for the owners’ knowledge and used to send changing a program’s source code. than it is gray. The term gray hat a network using Internet Protocol. If Xavier Monsegur, a.k.a. “Sabu,” a hack of security firm Stratfor, spam or make denial of service attacks. hacker reflects that reality. A gray hat you have a device’s IP you can often hacker turned FBI informant, whose publishing credit card numbers and Malware is used to hijack the Cookie - Cookies are text files sent hacker will break the law in the pursuit identify the person using it, track its intel led to the arrest of four other email addresses taken from the individual computers, also known as from your Web browser to a server, of a hack, but does not do so activity, and discover its location. LulzSec members. He faces the company’s site. Jeremy Hammond was “zombies,” and send directions usually to customize information from maliciously or for personal gain. Many These addresses are apportioned by the possibility of a long prison term despite arrested for alleged Anti-Sec activities through them. They are best known in a website. would argue Anonymous are gray regional Internet registries of the his cooperation. under the alias sup_g. terms of large spam networks, hats. IANA (the Internet Assigned Numbers Cracking - To break into a secure Authority). Crackers can use Malware - A software program Back Door - A back door, or trap door, computer system, frequently to do Hacking - Hacking is the creative designed to hijack, damage, or steal is a hidden entry to a computing device damage or gain financially, though manipulation of code, distinguished, information from a device or system. or software that bypasses security sometimes in political protest. albeit amorphously, from Examples include spyware, adware, measures, such as logins and password programming by focusing on the rootkits, viruses, keyloggers, and many protections. Some have alleged that manipulation of already written code more. The software can be delivered in manufacturers have worked with in the devices or software for which a number of ways, from decoy websites that code was already written. and spam to USB drives. Master - The computer in a botnet that Rootkit - A rootkit is a set of software Spoofing - Email spoofing is altering Whaling - Spear-phishing that targets controls, but is not controlled by, all programs used to gain the header of an email so that it the upper management of for-profit the other devices in the network. It’s administrator-level access to a system appears to come from elsewhere. A companies, presumably in the hope also the computer to which all other and set up malware, while black hat hacker, for instance, might that their higher net worth will result devices report, sending information, simultaneously camouflaging the alter his email header so it appears to in either more profit, if the cracker is such as credit card numbers, to be takeover.
Load more

Recommended publications
  • UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations
    UC Santa Barbara UC Santa Barbara Electronic Theses and Dissertations Title A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Permalink https://escholarship.org/uc/item/6w76f8x7 Author Swift, Kathy Publication Date 2017 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA Santa Barbara A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Education by Kathleen Anne Swift Committee in charge: Professor Richard Duran, Chair Professor Diana Arya Professor William Robinson September 2017 The dissertation of Kathleen Anne Swift is approved. ................................................................................................................................ Diana Arya ................................................................................................................................ William Robinson ................................................................................................................................ Richard Duran, Committee Chair June 2017 A Web of Extended Metaphors in the Guerilla Open Access Manifesto of Aaron Swartz Copyright © 2017 by Kathleen Anne Swift iii ACKNOWLEDGEMENTS I would like to thank the members of my committee for their advice and patience as I worked on gathering and analyzing the copious amounts of research necessary to
    [Show full text]
  • Februarie Martie Aprilie Ianuarie Mai Iunie Iulie August
    IANUARIE FEBRUARIE MARTIE APRILIE MAI 1 V △ Makoto Tomioka (1897), scriitorul socialist 1 L Apare revista Dacia Viitoare a Grupului Revoluționar 1 L Apare la New York primul număr din revista Mother 1 J △ Francisco Ascaso (1901); se încheie Războiul Civil 1 S Ziua internaȚională a muncii, muncitorilor și Constantin Mille (1862); începe rebeliunea zapatistă din Român (1883) Earth (1906), scoasă de Emma Goldman din Spania (1939) muncitoarelor; se deschide în București MACAZ - Bar regiunea Chiapas, Mexic (1994) 2 M Adolf Brand (1945); apare la București Dysnomia, 2 M scriitorul Philip K. Dick (1982) 2 V Zamfir C. Arbure (1933); Jandarmeria reprimă violent Teatru Coop., continuare a Centrului CLACA (2016) 2 S „Big Frank” Leech (1953) cerc de lectură feministă și queer (2015) 3 M △filosoful William Godwin (1756), feminista Milly pregătirea protestelor anti-NATO din București (2008) 2 D Gustav Landauer (1919); încep protestele 3 D △ Federico „Taino” Borrell Garcia (1912) 3 M △ coreean Pak Yol (1902), Simone Weil (1909) Witkop (1877); Lansare SexWorkCall la București (2019) 3 S △educator Paul Robin (1837); apare primul număr al studențești în Franța, cunoscute mai târziu ca „Mai ‘68” 4 L Albert Camus (1960); Revolta Spartachistă din 4 J △militantul Big Bill Heywood (1869) 4 J △ Suceso Portales Casamar (1904) revistei Strada din Timișoara (2017) 3 L △scriitorul Gérard de Lacaze-Duthiers (1958) Germania (1919) 5 V △ criticul Nikolai Dobroliubov (1836), Johann Most (1846); 5 V △socialista Rosa Luxemburg (1871) 4 D △militantul kurd Abdullah Öcalan (1949); 4 M Demonstrația din Piața Haymarket din Chicago (1886) 5 M △ Nelly Roussel (1878); Giuseppe Fanelli (1877), Auguste Vaillant (1894) 6 S Apare la Londra primul număr al revistei Anarchy (1968) 5 L Apare nr.
    [Show full text]
  • Security , Hacking, Threats & Tools for Security
    SECURITY , HACKING, THREATS & TOOLS FOR SECURITY N.Anupama Asst Professor ANUCET ANU CONTENT Introduction to security Features of security Hacking Security threats Tools to provide security Conclusion SECURITY Security is the protection of assets. The three main aspects are: Prevention Detection re-action Information can be stolen – how to prevent it. Confidential information may be copied and sold - but the theft might not be detected The criminals try to attack and the system should react to stop it. TYPES OF SECURITY Computer Security deals with the prevention and detection of unauthorised actions by users of a computer system. Network security prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network- accessible resources. Web security deals specifically with security of websites, web applications and web service. Features of security Confidentiality Integrity Availability Non-repudiation Authentication Access Controls Accountability FEATURES OF SECURITY Confidentiality Confidentiality is keeping information secret or private. The prevention of unauthorized disclosure of information. Confidentiality might be important for military, business or personal reasons. Integrity Integrity means that there is consistency in the system - everything is as it is expected to be. Integrity is the authorised writing or modification of information. Data integrity means that the data stored on a computer is the same as the source documents. FEATURES OF SECURITY Availability Information should be accessible and useable upon appropriate demand by an authorized user. Availability is the prevention of unauthorized withholding of information. Non-repudiation Non repudiation is a method of guaranteeing message transmission between parties via digital signature and/or encryption. Non repudiation is often used for digital contracts, signatures and email messages.
    [Show full text]
  • Sample Iis Publication Page
    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
    [Show full text]
  • Bank & Lender Liability
    Westlaw Journal BANK & LENDER LIABILITY Litigation News and Analysis • Legislation • Regulation • Expert Commentary VOLUME 17, ISSUE 6 / AUGUST 1, 2011 Expert Analysis Once More Into the Breach: Are We Learning Anything? By Cynthia Larose, Esq. Mintz Levin Cohn Ferris Glovsky & Popeo I’m a guy who doesn’t see anything good having come from the Internet. … [The Internet] created this notion that anyone can have whatever they want at any given time. It’s as if the stores on Madison Avenue were open 24 hours a day. They feel entitled. They say, “Give it to me now,” and if you don’t give it to them for free, they’ll steal it. –Sony Pictures Entertainment CEO Michael Lynton, May 14, 20091 How ironic. This comment two years ago by Lynton created a minor firestorm and drove him to post a lengthy rebuttal on The Huffington Post,2 but at the time, Lynton was referring to content piracy, not data breaches. Given the events since Sony’s massive data breaches in April3 (and subsequent breaches in May and June), he might as well as have been referring to user informa- tion held by Sony and its various properties. As a matter of fact, the Sony Pictures hackers said, “Sony stored over 1 million passwords of its customers in plain text, which means it’s just a matter of taking it.”4 Since the April PlayStation Network breach that exposed more than 100 million user accounts, Sony has been hacked more than 10 times. Sony Europe,5 Sony BMG Greece,6 Sony Thailand,7 Sony Music Japan8 and Sony Ericsson Canada9 all suffered some intrusion and compromise of user information.
    [Show full text]
  • Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Missouri, St. Louis University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p.
    [Show full text]
  • The Rise of Cyber-Espionage
    Case Study: THE RISE OF CYBER-ESPIONAGE 5HFUXLWPHQW3ODQ CounterTh e 20 7KH&RXQWHU7HUURULVW ~ June/July 2012 ©istockphoto/loops7 By Chris Mark At a Hopkinton, Massachusetts, offi ce, an executive received an email that appeared to be from a coworker on March 1, 2011. Attached to the email was an Excel spreadsheet titled “2011 Recruitment Plan.” The man opened the spreadsheet. The email was not from a coworker, it was a carefully crafted attack known as ”spearfi shing” in which a fraudulent email is sent to a specifi c person. he spearfi shing email contained an system, SecurID. SecurID is used by an Excel spreadsheet with a zero- estimated 250 million people worldwide. Tday exploit and a version of the Poison Th e attack was believed to have been ini- Ivy RAT (remote administration tool) tiated using a zero-day exploit created by payload embedded. Th e RAT enabled a Chinese hacker. Evidence suggests the a hacker to gain privileged access to the possibility of Chinese-sponsored cyber- network of RSA Security (an American espionage.1 RSA’s CEO, Art Coviello, computer and network security com- stated the stolen SecurID information pany). Th e company had been founded “could potentially be used to reduce by Ron Rivest, Adi Shamir, and Leonard the eff ectiveness of a current two-factor Adleman, the inventors of the RSA public authentication implementation as part key cryptographic algorithm. Th is single of a broader attack (italics added).”2 Th is The US government event initiated an attack that would result proved to be an ominous prediction.
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • JULIAN ASSANGE: When Google Met Wikileaks
    JULIAN ASSANGE JULIAN +OR Books Email Images Behind Google’s image as the over-friendly giant of global tech when.google.met.wikileaks.org Nobody wants to acknowledge that Google has grown big and bad. But it has. Schmidt’s tenure as CEO saw Google integrate with the shadiest of US power structures as it expanded into a geographically invasive megacorporation... Google is watching you when.google.met.wikileaks.org As Google enlarges its industrial surveillance cone to cover the majority of the world’s / WikiLeaks population... Google was accepting NSA money to the tune of... WHEN GOOGLE MET WIKILEAKS GOOGLE WHEN When Google Met WikiLeaks Google spends more on Washington lobbying than leading military contractors when.google.met.wikileaks.org WikiLeaks Search I’m Feeling Evil Google entered the lobbying rankings above military aerospace giant Lockheed Martin, with a total of $18.2 million spent in 2012. Boeing and Northrop Grumman also came below the tech… Transcript of secret meeting between Julian Assange and Google’s Eric Schmidt... wikileaks.org/Transcript-Meeting-Assange-Schmidt.html Assange: We wouldn’t mind a leak from Google, which would be, I think, probably all the Patriot Act requests... Schmidt: Which would be [whispers] illegal... Assange: Tell your general counsel to argue... Eric Schmidt and the State Department-Google nexus when.google.met.wikileaks.org It was at this point that I realized that Eric Schmidt might not have been an emissary of Google alone... the delegation was one part Google, three parts US foreign-policy establishment... We called the State Department front desk and told them that Julian Assange wanted to have a conversation with Hillary Clinton...
    [Show full text]
  • Web Security School Article #1
    Know your enemy: Why your Web site is at risk By Michael Cobb To the tag line for the Internet -- “Build it and they will come” -- I would add “...and try to crack it, deface it, abuse it, break it and steal it.” Hackers have more resources and time than even the largest organizations, and they don't suffer from the usual organizational constraints, such as office politics and budgets, that security practitioners face. In fact, hackers can show an almost enviable example of online collaboration, sharing information in order to achieve a result. This article will help you understand the tools, tactics and motives of the black hat community so that you have a better appreciation of the threats to your Web site and the system it runs on, and the importance of protecting them. Statistics to keep you awake at night In a test conducted over a two-week period in September 2004 by USA TODAY, there were 305,922 attempts to break into six computers connected to the Internet. The attacks literally began as soon as the computers went online, averaging more than 300 per hour against both a Windows XP Service Pack 1 machine with no firewall and an Apple Macintosh. There were more than 60 attacks per hour against a Windows Small Business Server. During the test, both of the Windows-based machines were compromised. These figures show how active the hacker community is. Any computer connected to the Internet is at risk, particularly a Web server. Although e-commerce Web sites receive more targeted attacks than any other type of Web site, it is no longer a question of if, but when your site will be probed.
    [Show full text]
  • Stratfor: “US Aims to Prevent a German-Russian Alliance”
    Stratfor: “US aims to prevent a German-Russian alliance” By Eric Zuesse Region: Europe, Russia and FSU Global Research, March 18, 2015 Theme: Intelligence, US NATO War Agenda Deutsche Wirtschafts Nachrichten The head of the private intelligence agency Stratfor has for the first time publicly said that the US government considers to be its overriding strategic objective the prevention of a German-Russian alliance. Blocking that alliance is the only way to prevent an alternative world power capable of challenging extension of the American position of being the world’s lone superpower. [In this video, he says that the U.S. will fail in that overriding objective; German technology and capital will combine with Russian natural resources and “land-power,” to produce a truly bipolar world: U.S. v. Eurasia. So: he sees the U.S. strategy as being to block that, by weakening both Germany and Russia. That strategy would explain what Obama is doing in Ukraine, and the sanctions that are hurting both Russia and Germany, but Friedman thinks that nothing can work.] Background: The American political scientist George Friedman is chief of intelligence think tank “Stratfor Global Intelligence”, which he founded in 1996. The headquarters of Stratfor is located in Texas. Stratfor advises 4,000 companies, individuals and governments around the world, reports the New York Times. These include Bank of America, the US State Department, Apple, Microsoft and Lockheed Martin, Monsanto and Cisco, on security issues. In December 2011 there was a hacker attack on the computer system of Stratfor. Then 90,000 names, addresses, credit card numbers, passwords Stratfor clients were published.
    [Show full text]
  • Malware Xiaowei Yang Previous Lecture
    590.05 Lecture 5: Malware Xiaowei Yang Previous lecture • Accountability • OS security Today • Malware Malware: Malicious Software 10/21/13 Malware 4 Viruses, Worms, Trojans, Rootkits • Malware can be classified into several categories, depending on propagaon and concealment • Propagaon 10/21/13 • Virus: human-assisted propagaon (e.g., open email aachment) • Worm: automac propagaon without human assistance Malware • Concealment • Rootkit: modifies operang system to hide its existence • Trojan: provides desirable funcBonality but hides malicious operaon • Various types of payloads, ranging from annoyance to crime 5 Insider Attacks • An insider a)ack is a security breach that is caused or facilitated by someone who is a part of the very organizaon that controls or builds the asset that should be protected. • In the case of malware, an insider aack refers to a security 10/21/13 hole that is created in a soXware system by one of its programmers. Malware 6 Backdoors • A backdoor, which is also someBmes called a trapdoor, is a hidden feature or command in a program that allows a user to perform acBons he or she would not normally be allowed to do. • When used in a normal way, this program performs completely as 10/21/13 expected and adverBsed. • But if the hidden feature is acBvated, the program does something Malware unexpected, oXen in violaon of security policies, such as performing a privilege escalaon. • Benign example: Easter Eggs in DVDs and soXware An Easter egg is an intenBonal inside joke, hidden message, or feature in a work such as a computer program, movie, book, or 7 crossword.
    [Show full text]