Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

4th Unit IS Notes

Download as pdf or txt
Download as pdf or txt
You are on page 1of 21

Hacking—Definition, Types, Security, and More

A commonly used hacking definition is the act of compromising digital devices and networks through
unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most
commonly associated with illegal activity and data theft by cyber criminals.

But what is hacking in a cyber security context?

Hacking in cyber security refers to the misuse of devices like computers, smartphones, tablets, and networks to
cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-
related activity.

A traditional view of hackers is a lone rogue programmer who is highly skilled in coding and modifying
computer software and hardware systems. But this narrow view does not cover the true technical nature of
hacking. Hackers are increasingly growing in sophistication, using stealthy attack methods designed to go
completely unnoticed by cybersecurity software and IT teams. They are also highly skilled in creating attack
vectors that trick users into opening malicious attachments or links and freely giving up their sensitive personal
data.

As a result, modern-day hacking involves far more than just an angry kid in their bedroom. It is a multibillion-
dollar industry with extremely sophisticated and successful techniques.

History of hacking and hackers


Hacking first appeared as a term in the 1970s but became more popular through the next decade. An article in
a 1980 edition of Psychology Today ran the headline “The Hacker Papers” in an exploration of computer
usage's addictive nature. Two years later, two movies, Tron and WarGames, were released, in which the lead
characters set about hacking into computer systems, which introduced the concept of hacking to a wide
audience and as a potential national security risk.

Sure enough, later that year, a group of teenagers cracked the computer systems of major organizations like
Los Alamos National Laboratory, Security Pacific Bank, and Sloan-Kettering Cancer Center. A Newsweek
article covering the event became the first to use the word “hacker” in the negative light it now holds.

This event also led Congress to pass several bills around computer crimes, but that did not stop the number of
high-profile attacks on corporate and government systems. Of course, the concept of hacking has spiraled with
the release of the public internet, which has led to far more opportunities and more lucrative rewards for
hacking activity. This saw techniques evolve and increase in sophistication and gave birth to a wide range of
types of hacking and hackers.
Types of Hacking/Hackers
There are typically four key drivers that lead to bad actors hacking websites or systems: (1) financial gain
through the theft of credit card details or by defrauding financial services, (2) corporate espionage, (3) to gain
notoriety or respect for their hacking talents, and (4) state-sponsored hacking that aims to steal business
information and national intelligence. On top of that, there are politically motivated hackers—or hacktivists—
who aim to raise public attention by leaking sensitive information, such as Anonymous, LulzSec, and
WikiLeaks.

A few of the most common types of hackers that carry out these activities involve:
Black hat hackers
Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover vulnerabilities
in computer systems and software to exploit them for financial gain or for more malicious purposes, such as to
gain reputation, carry out corporate espionage, or as part of a nation-state hacking campaign.

These individuals’ actions can inflict serious damage on both computer users and the organizations they work
for. They can steal sensitive personal information, compromise computer and financial systems, and alter or
take down the functionality of websites and critical networks.

White hat hackers


White hat hackers can be seen as the “good guys” who attempt to prevent the success of black hat hackers
through proactive hacking. They use their technical skills to break into systems to assess and test the level
of network security, also known as ethical hacking. This helps expose vulnerabilities in systems before black
hat hackers can detect and exploit them.

The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these
individuals are hired by organizations to test and discover potential holes in their security defenses.

Grey hat hackers


Grey hat hackers sit somewhere between the good and the bad guys. Unlike black hat hackers, they attempt to
violate standards and principles but without intending to do harm or gain financially. Their actions are typically
carried out for the common good. For example, they may exploit a vulnerability to raise awareness that it exists,
but unlike white hat hackers, they do so publicly. This alerts malicious actors to the existence of the
vulnerability.
Devices Most Vulnerable To Hacking

Smart devices
Smart devices, such as smartphones, are lucrative targets for hackers. Android devices, in particular, have a
more open-source and inconsistent software development process than Apple devices, which puts them at risk
of data theft or corruption. However, hackers are increasingly targeting the millions of devices connected to
the Internet of Things (IoT).

Webcams
Webcams built into computers are a common hacking target, mainly because hacking them is a simple
process. Hackers typically gain access to a computer using a Remote Access Trojan
(RAT) in rootkit malware, which allows them to not only spy on users but also read their messages, see their
browsing activity, take screenshots, and hijack their webcam.

Routers
Hacking routers enables an attacker to gain access to data sent and received across them and networks that
are accessed on them. Hackers can also hijack a router to carry out wider malicious acts such as distributed
denial-of-service (DDoS) attacks, Domain Name System (DNS) spoofing, or cryptomining.

Email
Email is one of the most common targets of cyberattacks. It is used to spread malware and ransomware and
as a tactic for phishing attacks, which enable attackers to target victims with malicious attachments or links.

Jailbroken phones
Jailbreaking a phone means removing restrictions imposed on its operating system to enable the user to install
applications or other software not available through its official app store. Aside from being a violation of the
end-user’s license agreement with the phone developer, jailbreaking exposes many vulnerabilities. Hackers
can target jailbroken phones, which allows them to steal any data on the device but also extend their attack to
connected networks and systems.
Prevention from Getting Hacked
There are several key steps and best practices that organizations and users can follow to ensure they limit their
chances of getting hacked.

Software update
Hackers are constantly on the lookout for vulnerabilities or holes in security that have not been seen or
patched. Therefore, updating software and operating systems are both crucial to preventing users and
organizations from getting hacked. They must enable automatic updates and ensure the latest software version
is always installed on all of their devices and programs.

Use unique passwords for different accounts


Weak passwords or account credentials and poor password practices are the most common cause of data
breaches and cyberattacks. It is vital to not only use strong passwords that are difficult for hackers to crack but
also to never use the same password for different accounts. Using unique passwords is crucial to limiting
hackers’ effectiveness.

HTTPS encryption
Spoofed websites are another common vehicle for data theft, when hackers create a scam website that looks
legitimate but will actually steal the credentials that users enter. It is important to look for the Hypertext Transfer
Protocol Secure (HTTPS) prefix at the start of a web address. For example: https://www.fortinet.com.

Avoid clicking on ads or strange links


Advertisements like pop-up ads are also widely used by hackers. When clicked, they lead the user to
inadvertently download malware or spyware onto their device. Links should be treated carefully, and strange
links within email messages or on social media, in particular, should never be clicked. These can be used by
hackers to install malware on a device or lead users to spoofed websites.

Change the default username and password on your router and smart
devices
Routers and smart devices come with default usernames and passwords. However, as providers ship millions
of devices, there is a risk that the credentials are not unique, which heightens the chances of hackers breaking
into them. It is best practice to set a unique username and password combination for these types of devices.
Protect Yourself Against Hacking
There are further steps that users and organizations can take to protect themselves against the threat of
hacking.

Download from first-party sources


Only download applications or software from trusted organizations and first-party sources. Downloading
content from unknown sources means users do not fully know what they are accessing, and the software can
be infected with malware, viruses, or Trojans.

Install antivirus software


Having antivirus software installed on devices is crucial to spotting potential malicious files, activity, and bad
actors. A trusted antivirus tool protects users and organizations from the latest malware, spyware, and viruses
and uses advanced detection engines to block and prevent new and evolving threats.

Use a VPN
Using a virtual private network (VPN) allows users to browse the internet securely. It hides their location and
prevents hackers from intercepting their data or browsing activity.

Do not login as an admin by default


"Admin" is one of the most commonly used usernames by IT departments, and hackers use this information to
target organizations. Signing in with this name makes you a hacking target, so do not log in with it by default.

Use a password manager


Creating strong, unique passwords is a security best practice, but remembering them is difficult. Password
managers are useful tools for helping people use strong, hard-to-crack passwords without having to worry
about remembering them.

Use two-factor authentication


Two-factor authentication (2FA) removes people's reliance on passwords and provides more certainty that the
person accessing an account is who they say they are. When a user logs in to their account, they are then
prompted to provide another piece of identity evidence, such as their fingerprint or a code sent to their device.
Brush up on anti-phishing techniques
Users must understand the techniques that hackers deploy to target them. This is especially the case
with antiphishing and ransomware, which help users know the telltale signs of a phishing email or a
ransomware attack or ransomware settlements.

What is Ethical Hacking? How Legal is Ethical


Hacking?
Ethical hacking refers to the actions carried out by white hat security hackers. It involves gaining access to
computer systems and networks to test for potential vulnerabilities, and then fixing any identified weaknesses.
Using these technical skills for ethical hacking purposes is legal, provided the individual has written permission
from the system or network owner, protects the organization’s privacy, and reports all weaknesses they find to
the organization and its vendors.
Denial of Service
DoS attacks are attempts to interrupt a website or network’s operations by overwhelming it with
traffic. The attacker achieves this by sending an enormous amount of requests to the target server,
which causes it to slow down or even crash, making it inaccessible to legitimate users. In this article,
we will learn about what is a DoS attack, the types of DoS attacks, the Prevention of DoS attacks,
and how it impacts our business.

What is a Denial of Service (DoS) Attack?


Denial of service (DOS) is a network security attack, in which, the hacker makes the system or data
unavailable to someone who needs it. Hacker tries to make a network, system, or machine
unavailable by flooding it with fake requests or traffic. This prevents real users from accessing it,
causing anything from slowdowns to complete shutdowns.

Types of DoS Attacks

1. Volume-Based Attacks: Volume-based attacks flood a network with too much data,
overpowering its bandwidth and making the network unusable. Examples include UDP
floods and ICMP floods. In a UDP flood, attackers send many UDP packets to random ports on a
server, making the server busy trying to handle all these requests, which slows down or stops
legitimate traffic.
2. Protocol Attacks: Protocol attacks exploit weaknesses in network protocols to use up server
resources. Examples are SYN floods and the Ping of Death. In a SYN flood, attackers send many
SYN requests to a server but don’t complete the handshake, leaving the server stuck with half-open
connections. The Ping of Death involves sending oversized packets to crash or disrupt the target
server.
3. Application Layer Attacks: Application layer attacks target specific applications or services,
causing them to crash or become very slow. Examples include HTTP floods and Slowloris. In an
HTTP flood, attackers send many HTTP requests to a web server, consuming its resources. Slowloris
keeps many connections to the server open by sending incomplete HTTP requests, preventing the
server from handling new, legitimate requests.
4. Distributed Denial-of-Service (DDoS) Attacks: DDoS attacks use multiple systems, often
compromised computers (botnets), to attack a single target. Examples are amplification
attacks and botnet-based attacks. In an amplification attack, attackers use services like DNS to
send a small query that generates a large response, flooding the victim with data. Botnets coordinate
many infected computers to send attack traffic from multiple sources, making it hard to defend
against.
5. Resource Exhaustion: This is when the hacker repeatedly requests access to a resource and
eventually overloads the web application. The application slows down and finally crashes. In this
case, the user is unable to get access to the webpage.
6. Reflective Attacks: Reflective attacks involve sending requests to third-party servers with the
victim’s IP address. The servers unknowingly send responses to the victim, overwhelming it.
Examples are DNS reflection and NTP reflection. In a DNS reflection attack, attackers send
requests to a DNS server with the victim’s IP address, causing the DNS server to flood the victim
with responses. NTP reflection works similarly but uses Network Time Protocol servers to amplify
the attack.
What is Spoofing in Cyber Security?

Spoofing is a completely new beast created by merging age-old deception strategies with modern
technology. Spoofing is a sort of fraud in which someone or something forges the sender’s identity
and poses as a reputable source, business, colleague, or other trusted contact in order to obtain
personal information, acquire money, spread malware, or steal data.
Types of Spoofing:
 IP Spoofing
 ARP Spoofing
 Email Spoofing
 Website Spoofing Attack
 DNS Spoofing

IP Spoofing:
IP is a network protocol that allows you to send and receive messages over the internet. The sender’s
IP address is included in the message header of every email message sent (source address). By
altering the source address, hackers and scammers alter the header details to hide their original
identity. The emails then look to have come from a reliable source. IP spoofing can be divided into
two categories.
 Man in the Middle Attacks: Communication between the original sender of the message and the
intended recipient is intercepted, as the term implies. The message’s content is then changed
without the knowledge of either party. The attacker inserts his own message into the packet.
 Denial of Service (DoS) Attacks: In this technique, the sender and recipient’s message packets
are intercepted, and the source address is spoofed. The connection has been seized. The recipient
is thus flooded with packets in excess of their bandwidth or resources. This overloads the victim’s
system, effectively shutting it down.
Drawback:
In a Man-in-the-middle attack, even the receiver doesn’t know where the connection got originated.
This is completely a blind attack. To successfully carry out his attack, he will require a great deal of
experience and understanding of what to expect from the target’s responses.
Preventive measures:
Disabling source-routed packets and all external incoming packets with the same source address as a
local host are two of the most frequent strategies to avoid this type of attack.
ARP Spoofing:
ARP spoofing is a hacking method that causes network traffic to be redirected to a hacker. Sniffing
out LAN addresses on both wired and wireless LAN networks is known as spoofing. The idea behind
this sort of spoofing is to transmit false ARP communications to Ethernet LANs, which can cause
traffic to be modified or blocked entirely.
The basic work of ARP is to match the IP address to the MAC address. Attackers will
transmit spoofed messages across the local network. Here the response will map the
user’s MAC address with his IP address. Thus attacker will gain all information from the
victim machine.
Preventive measures:
To avoid ARP poisoning, you can employ a variety of ways, each with its own set of
benefits and drawbacks. Static ARP entries, encryption, VPNs, and packet sniffing are just
a few examples.
 Static ARP entries: It entails creating an ARP entry in each computer for each
machine on the network. Because the machines can ignore ARP replies, mapping
them with sets of static IP and MAC addresses helps to prevent spoofing attempts.
Regrettably, this approach can only defend you from some of the most basic attacks.
 Encryption: Protocols like HTTPS and SSH can also help to reduce the probability of
an ARP poisoning attempt succeeding. When traffic is encrypted, the attacker must go
through the extra effort of convincing the target’s browser to accept an invalid
certificate. Any data sent outside of these standards, however, will remain vulnerable.
 VPN: Individuals may find a VPN to be reasonable protection, but they are rarely
suitable for larger enterprises. A VPN will encrypt all data that flows between the client
and the exit server if it is only one person making a potentially unsafe connection, such
as accessing public wifi at an airport. Since an attacker will only be able to see the
ciphertext, this helps to keep them safe.
 Packet filters: Each packet delivered across a network is inspected by these filters.
They can detect and prevent malicious transmissions as well as those with suspected
IP addresses.

Email Spoofing:
The most common type of identity theft on the Internet is email spoofing. Phishers, send
emails to many addresses and pose as representatives of banks, companies, and law
enforcement agencies by using official logos and headers. Links to dangerous or
otherwise fraudulent websites, as well as attachments loaded with malicious software, are
included in the emails they send.
Attackers may also utilize social engineering techniques to persuade the target to
voluntarily reveal information. Fake banking or digital wallet websites are frequently
created and linked to in emails. When an unknowing victim clicks on that link, they are
brought to a false site where they must log in with their information, which is then
forwarded to the fake user behind the fake email.
Manual Detection Method:
 Even though the display name appears to be real, if it does not match the “From”
address, it is an indication of email spoofing.
 Mail is most likely fake if the “Reply-to” address does not match the original sender’s
address or domain.
 Unexpected messages (such as a request for sensitive information or an unwanted
attachment) should be opened with caution or reported immediately to your IT
department, even if the email appears to come from a trustworthy source.
Preventive measures:
Implement additional checks like Sender Policy Framework, DomainKeys Identified Mail,
Domain-based Message Authentication Reporting & Conformance, and
Secure/Multipurpose Internet Mail Extensions.
Website Spoofing Attack:
Attackers employ website/URL spoofing, also known as cybersquatting, to steal
credentials and other information from unwary end-users by creating a website that seems
almost identical to the actual trustworthy site. This is frequently done with sites that
receive a lot of traffic online. The cloning of Facebook is a good example.

DNS Spoofing:
Each machine has a unique IP address. This address is not the same as the usual “www”
internet address that you use to access websites. When you type a web address into your
browser and press enter, the Domain Name System (DNS) immediately locates and
sends you to the IP address that matches the domain name you provided. Hackers have
discovered a technique to infiltrate this system and redirect your traffic to harmful sites.
This is known as DNS Spoofing.
Preventive measures:
 DNSSEC or Domain Name System Security Extension Protocol is the most widely
used DNS Spoofing prevention solution since it secures the DNS by adding layers of
authentication and verification. However, it takes time to verify that the DNS records
are not forged, this slows down the DNS response.
 Make use of SSL/TLS encryption to minimize or mitigate the risk of a website being
hacked via DNS spoofing. This allows a user to determine whether the server is real
and belongs to the website’s original owner.
 Only trust URLs that begin with “HTTPS,” which signifies that a website is legitimate.
Consider the risk of a DNS Spoofing Attack if the indicator of “HTTPS” looks to be in
flux.
 The security strategy or proactive approach to preventing a DNS attack is active
monitoring. It’s important to keep an eye on DNS data and be proactive about noticing
unusual patterns of behavior, such as the appearance of a new external host that could
be an attacker.
Spoofing is the most popular strategy utilized by advertisers these days. It is quite simple
for them to utilize because it includes a range of ways to perform it. The above are a few
instances of spoofing and preventative steps that will make our organization safer.
Introduction to Sniffers

Introduction:

A sniffer, also known as a packet analyzer or network analyzer, is a tool used to capture and analyze
network traffic. It is a software or hardware tool that intercepts and records data packets transmitted
between computers or devices on a network.
Packet sniffers are commonly used for network troubleshooting, security analysis, and network
optimization. They can be used to identify network problems such as congestion, packet loss, or
improper configurations, and they can also be used to detect security threats such as network
intrusions or unauthorized access attempts.
Packet sniffers work by capturing packets of data as they are transmitted on the network. These
packets are then analyzed and displayed to the user in a human-readable format, allowing them to
examine the contents of the packets and extract information from them.
Packet sniffers can be used on both wired and wireless networks, and they can capture data from a
variety of network protocols, including TCP/IP, HTTP, FTP, and SMTP.
However, it is important to note that packet sniffers can also be used for malicious purposes, such as
intercepting sensitive information such as passwords, credit card numbers, or personal information.
Therefore, the use of packet sniffers should be regulated and used only for legitimate purposes with
appropriate consent and legal authority.
A Sniffer is a program or tool that captures information over a network. There are 2 types of
Sniffers: Commercial Sniffers and Underground Sniffers.

1. Commercial Sniffers –
Commercial sniffers are used to maintain and monitor information over the network. These
sniffers are used to detect network problems. Network General Corporation (NGC) is a company
that offers commercial sniffers. These can be used for:
1. Fault analysis to detect problems in a network.

2. Performance analysis to detect network bottlenecks.

2. Underground Sniffers –
Underground sniffers are malicious programs used by hackers to capture information over a
network when underground sniffers are installed on the router, it can breach security of any
network that passes through the router. It can capture:
1. Confidential messages like email.

2. Financial data like debit card details.

Components of a Sniffer:
To capture the information over the network sniffer uses the following components:
1. Hardware –
Sniffers use standard network adapters to capture network traffic.

2. Capture Driver –
Capture Driver captures network traffic from Ethernet wire, filters that network traffic for
information that you want, and then stores the filtered information in a buffer.

3. Buffer –
When a sniffer captures data from a network, it stores data in a buffer. There are 2 ways to store
captured data –
1. You can store data until the buffer is filled with information

2. It is the round-robin method in which data in the buffer is always replaced by new data that is
captured.

4. Decoder –
The information that travels over the network is in binary format, which is not readable. you can
use a decoder to interpret this information and display it in a readable format. A decoder helps
you analyze how information is passed from one computer to other.

Placement of Sniffer:
The most common places where you can place sniffers are:
1. Computer
2. Cable wires
3. Routers
4. Network segments connected to the internet

Some common sniffer programs are Ethereal, TCPDump, Snort.


Types of Viruses

A virus is a fragment of code embedded in a legitimate program. Viruses are self-
replicating and are designed to infect other programs. They can wreak havoc in a system
by modifying or destroying files causing system crashes and program malfunctions. On
reaching the target machine a virus dropper(usually a trojan horse) inserts the virus into
the system.
For more details, refer to this.
Various types of viruses:
 File Virus:
This type of virus infects the system by appending itself to the end of a file. It changes
the start of a program so that the control jumps to its code. After the execution of its
code, the control returns back to the main program. Its execution is not even noticed. It
is also called a Parasitic virus because it leaves no file intact but also leaves the host
functional.

 Boot sector Virus:


It infects the boot sector of the system, executing every time system is booted and
before the operating system is loaded. It infects other bootable media like floppy disks.
These are also known as memory viruses as they do not infect the file systems.
 Macro Virus:
Unlike most viruses which are written in a low-level language(like C or assembly
language), these are written in a high-level language like Visual Basic. These
viruses are triggered when a program capable of executing a macro is run. For
example, the macro viruses can be contained in spreadsheet files.

 Source code Virus:


It looks for source code and modifies it to include virus and to help spread it.

 Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that make up
virus code). So in order to avoid detection by antivirus a polymorphic virus changes
each time it is installed. The functionality of the virus remains the same but its
signature is changed.

 Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in encrypted form. It
carries a decryption algorithm along with it. So the virus first decrypts and then
executes.

 Stealth Virus:
It is a very tricky virus as it changes the code that can be used to detect it. Hence, the
detection of viruses becomes very difficult. For example, it can change the read system
call such that whenever the user asks to read a code modified by a virus, the original
form of code is shown rather than infected code.

 Tunneling Virus:
This virus attempts to bypass detection by antivirus scanner by installing itself in the
interrupt handler chain. Interception programs, which remain in the background of an
operating system and catch viruses, become disabled during the course of a tunneling
virus. Similar viruses install themselves in device drivers.

 Multipartite Virus:
This type of virus is able to infect multiple parts of a system including the boot sector,
memory, and files. This makes it difficult to detect and contain.

 Armored Virus:
An armored virus is coded to make it difficult for antivirus to unravel and understand. It
uses a variety of techniques to do so like fooling antivirus to believe that it lies
somewhere else than its real location or using compression to complicate its code.

 Browser Hijacker:
As the name suggests this virus is coded to target the user’s browser and can alter the
browser settings. It is also called the browser redirect virus because it redirects your
browser to other malicious sites that can harm your computer system.
 Memory Resident Virus:
Resident viruses installation store for your RAM and meddle together along with your
device operations. They behave in a very secret and dishonest way that they can even
connect themselves for the anti-virus software program files.
 Direct Action Virus:
The main perspective of this virus is to replicate and take action when it is executed.
When a particular condition is met the virus will get into action and infect files in the
directory that are specified in the AUTOEXEC.BAT file path.
 Overwrite virus:
This type of virus deletes the information contained in the file that it infects, rendering
them partially or totally is useless once they have been infected.
 Directory Virus:
This virus is also called called File System Virus or Cluster Virus. It infects the directory of
the computer by modifying the path that is indicating the location of a file.
 Companion Virus:
This kind of virus usually use the similar file name and create a different extension of it.
For example, if there’s a file “Hello.exe”, the virus will create another file named
“Hello.com” and will hide in the new file
 FAT Virus:
The File Allocation Table is the part of the disk used to store all information about the
location of files, available space , unusable space etc.
This virus affects the FAT section and may damage crucial information.
What is Computer Worm?

A computer worm is a type of harmful software that copy itself and spread from one computer to
another without requiring any user intervention. It’s like a sickness that can move through a network
of computers, searching for weaknesses to infect. Worms often spread through email attachments that
may seem safe, but they can actually cause a lot of trouble. Once a computer is infected, the worm
can send itself to the person’s contacts, using their email account. This way, it keeps spreading to
more and more computers.
A computer worm operates by finding vulnerabilities in computer systems and networks. Once it
infects one computer, it searches for other computers connected to the same network and spreads to
them. If once they enter into the system, worms create copies of themselves and distribute those
copies to other vulnerable machines. They cause a variety of problems, including slowing down
network performance, consuming system resources, stealing sensitive information, or even damaging
and disrupting computer systems.

How do Computer Worms Work?


First, a worm finds a way to enter a computer system. This can happen through security weaknesses
like outdated software, weak passwords, or unprotected network ports. It may also use infected
external devices, such as USB drives, as a means of entry. Once inside a computer, the worm starts
replicating itself. It searches for other vulnerable systems connected to the same network or
accessible through the infected computer by scanning IP addresses or probing open ports. The worm
carries a payload, which is a malicious component or set of instructions. The worm delivers the
payload to the infected system, allowing it to carry out its intended actions. To continue its spread,
the worm aims to replicate and infect more systems. It generates copies of itself by using self-
replication techniques, where it creates identical or slightly modified versions of its code then it
employs various methods to distribute these copies, such as exploiting network shares or sending
infected email attachments.
As the worm propagates, it may exploit network protocols and services to reach new targets. For
example, it can exploit weaknesses in email programs to send infected messages to contacts in the
users address book. Worms have a continuous lifecycle they are constantly searching for new
vulnerable targets and adapting to changes. They evolve by incorporating new propagation
techniques, updating their payloads, and exploiting newly discovered vulnerabilities. This ensures
their ability to infect more systems over an extended period.
Types of Computer Worms
 Email Worms: Email worms spread through email attachments or links. They trick people into
opening infected attachments or clicking on malicious links in emails. One of the famous example
of email worm is “ILOVEYOU” worm. It spread through email in 2000, disguising itself as a love
letter attachment. When opened, it infected the recipient’s computer and sent copies of itself to
the person’s contacts.
 Network Worms: Network worms move through computer networks by exploiting security
weaknesses in network services or protocols. They infect many systems quickly by scanning and
copying themselves automatically. The “Conficker” worm is a example of network worm. It
exploited vulnerabilities in Windows operating systems and spread rapidly across networks. It
infected millions of computers worldwide and caused significant disruptions.
 File-Sharing Worms: File Sharing worms target shared folders or peer-to-peer file-sharing
networks. They pretend to be normal files and trick users into downloading and running them.
Once executed, they can spread to other shared areas or connected computers. The “Napster”
worm affected the Napster file-sharing network in the late 1990s. It targeted specific songs and
replaced them with infected files
 Instant Messaging (IM) Worms: IM worms spread through instant messaging platforms. They
send infected links or files to a person’s contacts. By tricking users into clicking on these links,
they can infect more systems. The “Kelvir” worm was an IM worm that spread through popular
instant messaging platforms like MSN Messenger. It sent infected links to a person’s contacts,
enticing them to click and unknowingly download the worm.
 Internet Worms: Internet worms target vulnerabilities in websites, web servers, or web
applications. They can infect computers when people visit compromised websites or interact with
infected web content. The “Code Red” worm affected web servers running Microsoft IIS in 2001.
It exploited a vulnerability and defaced websites. The worm spread by scanning the internet for
vulnerable servers and infecting them with its code.
How To Prevent Computer Worm Infections ?
1. Keep your software updated and use strong passwords
2. Enable and properly configure firewalls on your computer and network devices.
3. Be cautious with email when dealing with email attachments and links.
4. Practice safe web browsing by avoiding clicking on suspicious advertisements or pop-up
windows.
5. Install and keep updated a reliable antivirus or anti-malware software.
Trojan Horse

Any malicious software intended to harm or exploit any programmable device, service, or network is
referred to as malware. Malware includes computer viruses, worms, Trojan horses, ransomware,
spyware, and other malicious programs. In this article we will understand about Trojan Horse virus.

What is a Trojan Horse?


The name of the Trojan Horse is taken from a classical story of the Trojan War. It is a code that is
malicious in nature and has the capacity to take control of the computer. It is designed to steal,
damage, or do some harmful actions on the computer. It tries to deceive the user to load and execute
the files on the device. After it executes, this allows cybercriminals to perform many actions on the
user’s computer like deleting data from files, modifying data from files, and more. Now like
many viruses or worms, Trojan Horse does not have the ability to replicate itself.
For example:
There was a Trojan that disguised itself as a game. Many users have downloaded this game and that
secretly turned into a self-replicating virus. The game was a simple theme-based game, but it started
to back up all the files on the drive where the user would access them. The Trojan turned out to be
harmless, and it was easy for them to fix. So this was identified as Trojan because it did not disclose
the virus.
Now after this many Trojan viruses or Malware came which turned out to be a threat or the most
popular malware attack. As these Trojans can be found as versatile, this is used by many online
criminals for malware attacks. The Trojans are a bit tougher to be identified. Trojans can be found in
MP3 songs that the user may have downloaded, downloading games from an unsecured website, or
advertisement that pops up when the user is browsing the page.
Many people have been infected by Trojans without realizing it. This type of Trojans is called Direct-
Action-Trojans. It can’t spread to any user because when a virus infects the system show some
indications that it has been affected by the virus.
Another example there is a direct action Trojan name Js. ExitW. It can be downloaded from many
malicious sites. The effect of the Js. ExitW is to make the computer fall into a never-ending loop of
start and shutdown. The Trojan does not do any damage which could be considered dangerous. But
we should be aware that there are many Trojans that are far more dangerous.
Features of Trojan Horse
 It steals information like a password and more.
 It can be used to allow remote access to a computer.
 It can be used to delete data and more on the user’s computers.

How Does Trojan Horse Work?


Unlike computer viruses, a Trojan horse requires a user to download the server side of the application
for it to function because it cannot manifest by itself. This means that for the Trojan to target a
device’s system, the executable (.exe) file must be implemented and the software installed.
In order to reach as many people’s inboxes as possible, spammers send emails with attachments that
appear to be legal and that contain files that propagate trojan viruses. The trojan will install and run
automatically each and every time the infected device is turned on the email is opened and
downloaded malicious attachment.
Cybercriminals can also utilize social engineering techniques to trick people into installing malicious
software, which can then infect a device with a Trojan. The malicious file may be hidden
in internet links, pop-up ads, or banner advertisements. The malicious file may be hidden in internet
links, pop-up ads, or banner advertisements.
Trojan software can propagate to other computers from a Trojan-infected the computer. A hacker
makes the device into a zombie computer, giving them remote access to it without the user’s
knowledge. The zombie machine can then be used by hackers to spread malware among a botnet of
computers.
A user might, for example, get an email from a friend that has an attachment that likewise appears to
be real. However, the attachment has malicious code that runs on the user’s device and installs the
Trojan. The user may not be aware that anything suspicious has happened because their machine may
continue to function regularly without any signs of it having been infected.
Until the user makes a certain action, such visiting a specific website or banking app, the malware
will remain undiscovered. As a result, the malicious code will be activated and the Trojan will do the
required hacking activity. The malware may destroy itself, go back to being dormant, or continue to
be active on the device, depending on the type of Trojan and how it was developed.

Examples of Trojan Horse Virus Attacks


Trojan assaults that infect systems and steal user data are to blame for significant damage. Typical
instances of Trojans include:
 Rakhni Trojan: The Rakhni Trojan infects devices by delivering ransomware or a cryptojacker
utility that allows an attacker to utilize a device to mine bitcoin.
 Tiny Banker: With the use of Tiny Banker, hackers can steal users’ bank information. As soon as
it infected, it was discovered at least 20 U.S. banks.
 Zeus or Zbot: Zeus, often known as Zbot, is a toolkit that allows hackers to create their own
Trojan virus and targets financial services. To steal user passwords and financial information, the
source code employs strategies like form grabbing and keystroke logging.

Uses of Trojan Horse


There are many ways that it can be used :
1. Spy: Some Trojans act as spyware. It is designed to take the data from the victim like social
networking(username and passwords), credit card details, and more.
2. Creating backdoors: The Trojan makes some changes in the system or the device of the victim,
So this is done to let other malware or any cyber criminals get into your device or the system.
3. Zombie: There are many times that the hacker is not at all interested in the victim’s computer, but
they want to use it under their control.

Types of Trojan Horse


Now there are many Trojans which is designed to perform specific functions. Some of them are: –
 Backdoor trojan: A trojan horse of this kind gives the attacker remote access to the
compromised machine.
 Ransom trojan: This kind of trojan horse is intended to encrypt the data on the compromised
system and then demand payment in exchange for its decryption.
 Trojan Banker: It is designed to steal the account data for online banking, credit and debit cards,
etc.
 Trojan Downloader: It is designed to download many malicious files like the new versions
of Trojan and Adware into the computer of the victims.
 Trojan Dropper: It is designed to prevent the detection of malicious files in the system. It can be
used by hackers for installing Trojans or viruses on the victim’s computers.
 Trojan GameThief: It is designed to steal data from Online Gamers.
 Trojan I’s: It is designed to steal the data of login and passwords like: -a. skype b. yahoo pager
and more.
Other Trojans can also be used like: -Trojan-notifier, Trojan-clicker, and more.

Advantage of Trojan Horse


 It can be sent as an attachment in an email.
 It can be in some pop-up ads that we find on the web page.
 It can be used to allow remote access to a computer.
 It can be used to delete data and more on the user’s computers.

Disadvantages of Trojan Horse


 It can’t manifest by itself. It requires the implementation of the .exe files.
 It remains undetected and starts its execution when the user is doing any online transaction
activity.
 the system or the device where it has been affected will be slow.
 The user can also experience a direct shutdown of the computer.
 The user will experience the files to be opening much slower.

Prevention from Trojan Horse


The most basic prevention method: –
 Do not download anything like the images, and audios from an unsecured website.
 Do not click on the ads that pop up on the page with advertisements for online games.
 Do not open any attachment that has been sent from an unknown use.
 The user has to install the anti-virus program. This anti-virus program has the capacity to detect
those files which are affected by a virus.
What is Phishing?
Last Updated : 13 Jun, 2024


Phishing is a form of online fraud in which hackers attempt to get your private information such as
passwords, credit cards, or bank account data. This is usually done by sending false emails or
messages that appear to be from trusted sources like banks or well-known websites. They aim to
convince you so that they can manage to have your information and use it as a fraudster. Always
ensure that you are certain about whom you are dealing with before you provide any information.
What is a Phishing Attack?
Phishing is another type of cyber attack. Phishing got its name from “phish” meaning fish. It’s a
common phenomenon to put bait for the fish to get trapped. Similarly, phishing works. It is an
unethical way to dupe the user or victim to click on harmful sites. The attacker crafts the harmful site
in such a way that the victim feels it to be an authentic site, thus falling prey to it. The most common
mode of phishing is by sending spam emails that appear to be authentic and thus, taking away all
credentials from the victim. The main motive of the attacker behind phishing is to gain confidential
information like:
 Password
 Credit card details
 Social security numbers
 Date of birth
The attacker uses this information to further target the user impersonate the user and cause data theft.
The most common type of phishing attack happens through email. Phishing victims are tricked into
revealing information that they think should be kept private. The original logo of the email is used to
make the user believe that it is indeed the original email. But if we carefully look into the details, we
will find that the URL or web address is not authentic.

You might also like