DOCSLIB.ORG

Computer Security 37 8.1 Vulnerabilities

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Computer Security 37 8.1 Vulnerabilities Contents 1 Antivirus software 1 1.1 History ................................................ 1 1.1.1 1949-1980 period (pre-antivirus days) ............................ 1 1.1.2 1980-1990 period (early days) ................................ 2 1.1.3 1990-2000 period (emergence of the antivirus industry) ................... 2 1.1.4 2000-2005 period ...................................... 3 1.1.5 2005 to present ........................................ 3 1.2 Identification methods ........................................ 4 1.2.1 Signature-based detection .................................. 4 1.2.2 Heuristics ........................................... 4 1.2.3 Rootkit detection ....................................... 5 1.2.4 Real-time protection ..................................... 5 1.3 Issues of concern ........................................... 5 1.3.1 Unexpected renewal costs ................................... 5 1.3.2 Rogue security applications .................................. 5 1.3.3 Problems caused by false positives .............................. 5 1.3.4 System and interoperability related issues ........................... 6 1.3.5 Effectiveness ......................................... 6 1.3.6 New viruses .......................................... 6 1.3.7 Rootkits ............................................ 6 1.3.8 Damaged files ......................................... 6 1.3.9 Firmware issues ........................................ 7 1.4 Performance and other drawbacks .................................. 7 1.5 Alternative solutions ......................................... 7 1.5.1 Hardware and network Firewall ............................... 7 1.5.2 Cloud antivirus ........................................ 7 1.5.3 Online scanning ....................................... 8 1.5.4 Specialist tools ........................................ 8 1.6 Usage and risks ............................................ 8 1.7 See also ................................................ 8 1.8 References ............................................... 8 1.9 Bibliography .............................................. 11 i ii CONTENTS 1.10 External links ............................................. 12 2 Application security 13 2.1 Methodology ............................................. 13 2.2 Threats, Attacks, Vulnerabilities, and Countermeasures ....................... 13 2.3 Application Threats / Attacks ..................................... 13 2.4 Mobile application security ...................................... 13 2.5 Security testing for applications .................................... 14 2.6 Security certifications ......................................... 15 2.7 Security standards and regulations ................................... 15 2.8 See also ................................................ 16 2.9 References ............................................... 16 2.10 External links ............................................. 16 3 Backdoor (computing) 17 3.1 Overview ............................................... 17 3.1.1 Examples ........................................... 17 3.1.2 Object code backdoors .................................... 18 3.1.3 Asymmetric backdoors .................................... 18 3.2 Compiler backdoors .......................................... 18 3.2.1 Occurrences .......................................... 19 3.2.2 Countermeasures ....................................... 19 3.3 List of known backdoors ....................................... 19 3.4 References .............................................. 20 3.5 External links ............................................. 20 4 Black hat 21 4.1 References ............................................... 21 4.2 See also ................................................ 21 5 Black Hat Briefings 22 5.1 History ................................................. 22 5.2 The conference ............................................ 22 5.3 Conference’s topics .......................................... 22 5.4 New conference goals ......................................... 22 5.5 Antics and disclosures ......................................... 22 5.6 See also ................................................ 23 5.7 References ............................................... 23 5.8 External links ............................................. 23 6 Botnet 24 6.1 Types of botnets ............................................ 24 6.1.1 Legal botnets ......................................... 24 CONTENTS iii 6.1.2 Illegal botnets ......................................... 24 6.2 Recruitment .............................................. 24 6.3 Organization .............................................. 24 6.4 Formation ............................................... 25 6.5 Types of attacks ............................................ 25 6.6 Countermeasures ........................................... 26 6.7 Historical list of botnets ........................................ 26 6.8 Trivia ................................................. 26 6.9 See also ................................................ 26 6.10 References .............................................. 27 6.11 External links ............................................. 28 7 Computer crime 29 7.1 Classification ............................................. 29 7.1.1 Fraud and financial crimes .................................. 29 7.1.2 Cyberterrorism ........................................ 29 7.1.3 Cyberextortion ........................................ 30 7.1.4 Cyberwarfare ......................................... 30 7.1.5 Computer as a target ..................................... 30 7.1.6 Computer as a tool ...................................... 30 7.2 Documented cases ........................................... 32 7.3 Combating computer crime ...................................... 33 7.3.1 Diffusion of Cybercrime ................................... 33 7.3.2 Investigation ......................................... 33 7.3.3 Legislation .......................................... 33 7.3.4 Penalties ........................................... 33 7.4 See also ................................................ 33 7.5 References ............................................... 34 7.6 Further reading ............................................ 35 7.7 External links ............................................. 36 7.7.1 Government resources .................................... 36 8 Computer security 37 8.1 Vulnerabilities ............................................. 37 8.1.1 Backdoors ........................................... 37 8.1.2 Denial-of-service attack .................................... 38 8.1.3 Direct-access attacks ..................................... 38 8.1.4 Eavesdropping ........................................ 38 8.1.5 Spoofing ............................................ 38 8.1.6 Tampering .......................................... 38 8.1.7 Repudiation ......................................... 38 8.1.8 Information disclosure .................................... 38 iv CONTENTS 8.1.9 Privilege escalation ...................................... 39 8.1.10 Exploits ............................................ 39 8.1.11 Social engineering and trojans ................................ 39 8.1.12 Indirect attacks ........................................ 39 8.1.13 Computer crime ....................................... 39 8.2 Vulnerable areas ........................................... 39 8.2.1 Financial systems ....................................... 39 8.2.2 Utilities and industrial equipment ............................... 39 8.2.3 Aviation ........................................... 39 8.2.4 Consumer devices ....................................... 40 8.2.5 Large corporations ...................................... 40 8.2.6 Automobiles ......................................... 40 8.2.7 Government .......................................... 40 8.3 Financial cost of security breaches .................................. 40 8.3.1 Reasons ............................................ 41 8.4 Computer protection (countermeasures) ............................... 41 8.4.1 Security and systems design .................................. 41 8.4.2 Security measures ....................................... 41 8.4.3 Reducing vulnerabilities ................................... 42 8.4.4 Security by design ...................................... 43 8.4.5 Security architecture ..................................... 43 8.4.6 Hardware protection mechanisms .............................. 43 8.4.7 Secure operating systems ................................... 44 8.4.8 Secure coding ........................................ 45 8.4.9 Capabilities and access control lists ............................. 45 8.4.10 Hacking back ......................................... 45 8.5 Notable computer security attacks and breaches ............................ 45 8.5.1 Robert Morris and the first computer worm ......................... 46 8.5.2 Rome Laboratory ....................................... 46 8.5.3 TJX loses 45.7m customer credit card details ......................... 46 8.5.4 Stuxnet attack ......................................... 46 8.5.5 Global surveillance disclosures ................................ 46 8.5.6 Target And Home Depot Breaches by Rescator ........................ 46 8.6 Legal issues and global regulation ................................... 46 8.7 Government .............................................. 47 8.7.1 Public–private cooperation .................................
Load more

Recommended publications
  • Android Euskaraz Windows Euskaraz Android Erderaz Windows Erderaz GNU/LINUX Sistema Eragilea Euskeraz Ubuntu Euskaraz We
    Oharra: Android euskaraz Windows euskaraz Android erderaz Windows erderaz GNU/LINUX Sistema Eragilea euskeraz Ubuntu euskaraz Web euskaraz Ubuntu erderaz Web erderaz GNU/LINUX Sistema Eragilea erderaz APLIKAZIOA Bulegotika Adimen-mapak 1 c maps tools 2 free mind 3 mindmeister free 4 mindomo 5 plan 6 xmind Aurkezpenak 7 google slides 8 pow toon 9 prezi 10 sway Bulegotika-aplikazioak 11 andropen office 12 google docs 13 google drawing 14 google forms 15 google sheets 16 libreoffice 17 lyx 18 office online 19 office 2003 LIP 20 office 2007 LIP 21 office 2010 LIP 22 office 2013 LIP 23 office 2016 LIP 24 officesuite 25 wps office 26 writer plus 1/20 Harrobi Plaza, 4 Bilbo 48003 CAD 27 draftsight 28 librecad 29 qcad 30 sweet home 31 timkercad Datu-baseak 32 appserv 33 dbdesigner 34 emma 35 firebird 36 grubba 37 kexi 38 mysql server 39 mysql workbench 40 postgresql 41 tora Diagramak 42 dia 43 smartdraw Galdetegiak 44 kahoot Maketazioa 45 scribus PDF editoreak 46 master pdf editor 47 pdfedit pdf escape 48 xournal PDF irakurgailuak 49 adobe reader 50 evince 51 foxit reader 52 sumatraPDF 2/20 Harrobi Plaza, 4 Bilbo 48003 Hezkuntza Aditzak lantzeko 53 aditzariketak.wordpress 54 aditz laguntzailea 55 aditzak 56 aditzak.com 57 aditzapp 58 adizkitegia 59 deklinabidea 60 euskaljakintza 61 euskera! 62 hitano 63 ikusi eta ikasi 64 ikusi eta ikasi bi! Apunteak partekatu 65 flashcard machine 66 goconqr 67 quizlet 68 rincon del vago Diktaketak 69 dictation Entziklopediak 70 auñamendi eusko entziklopedia 71 elhuyar zth hiztegi entziklopedikoa 72 harluxet 73 lur entziklopedia tematikoa 74 lur hiztegi entziklopedikoa 75 wikipedia Esamoldeak 76 AEK euskara praktikoa 77 esamoldeapp 78 Ikapp-zaharrak berri Estatistikak 79 pspp 80 r 3/20 Harrobi Plaza, 4 Bilbo 48003 Euskara azterketak 81 ega app 82 egabai 83 euskal jakintza 84 euskara ikasiz 1.
    [Show full text]
  • July Edition
    July Edition From the Technical Coordinator From the Section Emergency Coordinator From the Affiliated Club Coordinator From the Public Information Coordinator From the Section Traffic Manager Out and About From the Educational Outreach ARES Training Update From the Official Observer Coordinator Handbook Give Away DMR Fun Things To Do, Classes & Hamfests Too Weather Underground Stations Club Corner Final.. Final.. From the Technical Coordinator Jeff Kopcak – K8JTK TC [email protected] Hey Gang, Around the time of Dayton, the FBI asked everyone to reboot their routers. Why would they do that? Over the last two years more than 500,000 consumer and small business routers in 54 countries have become infected with a piece of malware called “VPNFilter.” This sophisticated malware is thought to be the work of a government and somewhat targeted with many of the infected routers located in Ukraine. Security researchers are still trying to determine what exactly VPNFilter was built to do. So far, it is known to eavesdrop on Internet traffic grabbing logon credentials and looking for specific types of traffic such as SCADA, a networking protocol controlling power plants, chemical plants, and industrial systems. Actively, it can “brick” the infected device. Src: Cisco’s Talos Intelligence Group Blog Bricking is a term to mean ‘render the device completely unusable’ and being as useful as a brick. In addition to these threats, this malware can survive a reboot. Wait, didn’t the FBI ask all of us to reboot our routers? Won’t that clear the infection? No. In order for this malware to figure out what it needs to do, it reaches out to a command-and-control server.
    [Show full text]
  • United States V. Auernheimer and the Sixth Amendment Right to Be Tried in the District in Which the Alleged Crime Was Committed
    University of Denver Criminal Law Review Volume 6 Issue 1 Article 3 January 2016 Fundamental Since Our Country's Founding: United States v. Auernheimer and the Sixth Amendment Right to Be Tried in the District in Which the Alleged Crime was Committed Paul Mogin Follow this and additional works at: https://digitalcommons.du.edu/crimlawrev Part of the Criminal Law Commons Recommended Citation Paul Mogin, Fundamental Since Our Country's Founding: United States v. Auernheimer and the Sixth Amendment Right to Be Tried in the District in Which the Alleged Crime was Committed, 6 U. Denv. Crim. L. Rev. 37 (2016) This Article is brought to you for free and open access by the University of Denver Sturm College of Law at Digital Commons @ DU. It has been accepted for inclusion in University of Denver Criminal Law Review by an authorized editor of Digital Commons @ DU. For more information, please contact [email protected],dig- [email protected]. Mogin: Fundamental Since Our Country's Founding: United States v. Auernh 2016 "FUNDAMENTAL SINCE OUR COUNTRY'S FOUNDING" 37 "FUNDAMENTAL SINCE OUR COUNTRY'S FOUNDING": UNITED STATES V. AUERNHEIMER AND THE SIXTH AMENDMENT RIGHT TO BE TRIED IN THE DISTRICT IN WHICH THE ALLEGED CRIME WAS COMMITTED PaulMogin* * Paul Mogin is a partner at Williams & Connolly LLP in Washington, D.C and a graduate of Harvard Law School. A member of the American Law Institute and the National Association of Criminal Defense Lawyers, he argued and won Cleveland v. United States, 531 U.S. 12 (2000), in which the Supreme Court held that the federal mail fraud statute does not extend to an allegedly fraudulent filing seeking a state license.
    [Show full text]
  • Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Missouri, St. Louis University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p.
    [Show full text]
  • الجريمة اإللكرتونية يف املجتمع الخليجي وكيفية مواجهتها Cybercrimes in the Gulf Society and How to Tackle Them
    مسابقة جائزة اﻷمير نايف بن عبدالعزيز للبحوث اﻷمنية لعام )2015م( الجريمة اﻹلكرتونية يف املجتمع الخليجي وكيفية مواجهتها Cybercrimes in the Gulf Society and How to Tackle Them إعـــــداد رامـــــــــــــي وحـــــــــــــيـد مـنـصــــــــــور باحـــــــث إســـتراتيجي في الشــــــئون اﻷمـــنـــية واﻻقتصـــــــــاد الســــــــياسـي -1- أ ت جملس التعاون لدول اخلليج العربية. اﻷمانة العامة 10 ج إ الجريمة اﻹلكترونية في المجتمع الخليجي وكيفية مواجهتها= cybercrimes in the Gulf:Society and how to tackle them إعداد رامي وحيد منصور ، البحرين . ـ الرياض : جملس التعاون لدول اخلليج العربية ، اﻷمانة العامة؛ 2016م. 286 ص ؛ 24 سم الرقم املوحد ملطبوعات اجمللس : 0531 / 091 / ح / ك/ 2016م. اجلرائم اﻹلكرتونية / / جرائم املعلومات / / شبكات احلواسيب / / القوانني واللوائح / / اجملتمع / مكافحة اجلرائم / / اجلرائم احلاسوبية / / دول جملس التعاون لدول اخلليج العربية. -2- قائمة املحتويات قائمة احملتويات .......................................................................................................... 3 قائمــة اﻷشــكال ........................................................................................................10 مقدمــة الباحــث ........................................................................................................15 مقدمة الدراســة .........................................................................................................21 الفصل التمهيدي )اﻹطار النظري للدراسة( موضوع الدراســة ...................................................................................................... 29 إشــكاليات الدراســة ................................................................................................
    [Show full text]
  • Hostscan 4.8.01064 Antimalware and Firewall Support Charts
    HostScan 4.8.01064 Antimalware and Firewall Support Charts 10/1/19 © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco public. Page 1 of 76 Contents HostScan Version 4.8.01064 Antimalware and Firewall Support Charts ............................................................................... 3 Antimalware and Firewall Attributes Supported by HostScan .................................................................................................. 3 OPSWAT Version Information ................................................................................................................................................. 5 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.890.0 for Windows .................................................. 5 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.890.0 for Windows ........................................................ 44 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.824.0 for macos .................................................... 65 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.824.0 for macOS ........................................................... 71 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.730.0 for Linux ...................................................... 73 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.730.0 for Linux .............................................................. 76 ©201 9 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
    [Show full text]
  • Paradise Lost , Book III, Line 18
    _Paradise Lost_, book III, line 18 %%%%%%%%%%%%%%%%%%%%%%%% ++++++++++Hacker's Encyclopedia++++++++ ===========by Logik Bomb (FOA)======== <http://www.xmission.com/~ryder/hack.html> ---------------(1997- Revised Second Edition)-------- ##################V2.5################## %%%%%%%%%%%%%%%%%%%%%%%% "[W]atch where you go once you have entered here, and to whom you turn! Do not be misled by that wide and easy passage!" And my Guide [said] to him: "That is not your concern; it is his fate to enter every door. This has been willed where what is willed must be, and is not yours to question. Say no more." -Dante Alighieri _The Inferno_, 1321 Translated by John Ciardi Acknowledgments ---------------------------- Dedicated to all those who disseminate information, forbidden or otherwise. Also, I should note that a few of these entries are taken from "A Complete List of Hacker Slang and Other Things," Version 1C, by Casual, Bloodwing and Crusader; this doc started out as an unofficial update. However, I've updated, altered, expanded, re-written and otherwise torn apart the original document, so I'd be surprised if you could find any vestiges of the original file left. I think the list is very informative; it came out in 1990, though, which makes it somewhat outdated. I also got a lot of information from the works listed in my bibliography, (it's at the end, after all the quotes) as well as many miscellaneous back issues of such e-zines as _Cheap Truth _, _40Hex_, the _LOD/H Technical Journals_ and _Phrack Magazine_; and print magazines such as _Internet Underground_, _Macworld_, _Mondo 2000_, _Newsweek_, _2600: The Hacker Quarterly_, _U.S. News & World Report_, _Time_, and _Wired_; in addition to various people I've consulted.
    [Show full text]
  • Antivirus Software Before It Can Detect Them
    Computer virus A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.[1][2] The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious.
    [Show full text]
  • List of Targets of Arrested Computer Hackers 6 March 2012
    List of targets of arrested computer hackers 6 March 2012 The five computer hackers charged in New York Tribune and Los Angeles Times, using on Tuesday and a sixth who pleaded guilty are misappropriated login credentials. accused of involvement in some of the most notorious hacking incidents of the past 18 months. -- February 2011: A cyberattack on private computer security firm HBGary that involved the The following are some of the cyberattacks in theft of 60,000 emails from HBGary employees and which the two Britons, two Irishmen and two the HBGary chief executive, as well as defacing his Americans allegedly played a role as members of Twitter account. Anonymous, Lulz Security or associated groups: -- April-May 2011: A cyberattack on a Fox -- December 2010: Operation Payback. Distributed Broadcasting Company website that involved the denial of service (DDoS) attacks by members of theft of names, dates of birth, telephone numbers, Anonymous on the websites of MasterCard, email and residential addresses for more than PayPal and Visa in retaliation for their refusal to 70,000 potential contestants on the Fox television accept donations for WikiLeaks. In a DDoS attack, show the "X-Factor." a website is bombarded with traffic, slowing it down or knocking it offline completely. -- May 2011: A cyberattack on Sony Pictures Entertainment that revealed the passwords, email -- January 2011: Defacing a website of the Irish addresses, home addresses and dates of birth of political party Fine Gael after accessing computer 100,000 users of the www.sonypictures.com servers in Arizona used to maintain the website, website and a subsequent online attack against www.finegael2011.com.
    [Show full text]
  • Easier Said Than Done: Legal Reviews of Cyber Weapons
    Easier Said Than Done: Legal Reviews of Cyber Weapons Gary D. Brown* & Andrew O. Metcalf** INTRODUCTION On June 1, 2012, author and New York Times reporter David Sanger created a sensation within the cyber-law community. Just over a year previously, Vanity Fair, among other media outlets, reported that a malware package of unprec- edented complexity had effectively targeted the Iranian nuclear research pro- gram.1 The malware, which came to be known as Stuxnet, was also discovered on many computer systems outside Iran, but it did not appear to do any damage to these other systems. Just as the discussions spurred by the discovery of Stuxnet had begun to die down, the New York Times published an interview with Mr. Sanger to discuss his newest book, in which he alleged that the Stuxnet malware had been part of a U.S. planned and led covert cyber operation. The assertion that a nation state had used a “cyber attack” in support of its national objectives reinvigorated the attention of cyber-law commentators, both in and out of government. What makes Stuxnet interesting as a point of discussion is that the basic functioning of the software is easy to understand and easy to categorize. A piece of software was deliberately inserted into the target systems, and physical damage was the result. However, resulting physical damage is not characteristic of most cyber operations, and the legal analysis of Stuxnet is of limited utility when examining a broad range of cyber activities.2 A distinct lack of physical effects is much more characteristic of cyber operations, and the absence of physical effects has continued to complicate the legal analysis of cyber in the context of military operations.
    [Show full text]
  • 7/26/2018 1 Grand Prize Don't Forget to Fill out Your Card! Overview
    The information provided here is for informational and educational purposes and current as of the date of publication. The information is not a substitute for legal advice and does 7/26/2018 not necessarily reflect the opinion or policy position of the Municipal Association of South Carolina. Consult your attorney for advice concerning specific situations. Anatomy of a Ransomware Attack Presented by Matt Hooper Session #1 Grand Prize Don't forget to fill out your card! 2 Overview Ransomware attacks are unfortunately common. Learn what they are, how to avoid an attack and what to do if your city is targeted. 3 1 7/26/2018 Security Breach Statistics . The government vertical in the US has become the largest group to suffer loss due to data breaches . On average, 57 confidential records are lost every second ...that’s 4,924,800 records per day . Almost 1.5 billion were lost in the month of March 2018 . The average cost for organizations reporting data breaches was $3.62 million dollars per breach . Security experts believe the majority of data breaches are either undetected or unreported! 4 What is Ransomware? Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
    [Show full text]
  • A Glance Into the Eye Pyramid Technical Article V2
    A glance into the Eye Pyramid RĂZVAN OLTEANU Security Reasercher We keep you safe and we keep it simple. 01 Introduction On January 11, 2017 Italian news agency AGI, published a court order regarding cyber-attacks against high ranking Italian government members and Italian institutions. The attacks were conducted by two Italian brothers to get financial information that would help them gain an advantage when trading on financial markets. Overview The campaign was carried out over several years starting in 2008 and continuing into 2010, 2011, 2012 and 2014. The mechanism the brothers used to distribute their malware was simple; targeted spear-phishing emails aimed at victims who had already been selected. The emails con- tained a malware attachment, which once opened harvested information from the victims’ computers. This information consisted of pictures, documents, archives, presenta- tions, email contacts, email bodies, usernames, passwords, keystrokes, web pages content and databases. Technical details The malware was written in VisualBasic.net and was obfuscated twice using common obfuscators: Dotfuscator and Skater .NET which can be easily reversed. The malware stored its sensitive data – license keys, URLs and paths – by encrypting with the Triple DES algorithm using the MD5 of a provided password as key and SHA256 of the pass- word as initialization vector. A glance into the Eye Pyramid 01 02 Figure 1 Security applications To remain unnoticed, it tried to disable any security application installed on the victim’s computer. Targeted
    [Show full text]