Malicious Attack

An attack on a computer system or network asset succeeds by abusing vulnerability in the system.

There are four general categories of attacks. An attack can consist of all or a combination of these four
categories:

Fabrications—Fabrications involve the creation of some deception in order to trick unsuspecting users.

Interceptions—An interception involves spying on transmissions and redirecting them for unauthorized
use.

Interruptions— An interruption causes a break in a communication channel, which blocks the

transmission of data.

Modifications— A modification is the alteration of data contained in transmissions or files.

Security threats can be;

 active
 passive.

Both types can have negative repercussions for an IT infrastructure.

An active attack involves a modification of the data stream or attempts to gain unauthorized access to
computer and networking systems. An active attack is a physical intrusion.

In a passive attack, the attacker does not make changes to the system, this type of attack just spies on
and monitors transmissions.

Active threats include the following: • Brute-force attacks • Dictionary threats • Address spoofing •
Hijacking • Phishing • Phreaking • Pharming

Such attacks are widespread and common. A growing number of them appear on an information
systems security professional’s radar screen every year.

Following is a description of several of the most common types of malicious attacks.

1. Brute-Force Attacks
One of the most tried-and-true attack methods is the brute-force attack. In a brute-force attack,
the attacker tries different passwords on a system until one of them is successful. Usually, the
attacker employs a software program to try all possible combinations of a likely password, user
ID. or security code until it locates a match. This occurs rapidly and in sequence.
2. Dictionary Attacks
A dictionary attack is a simple attack that relies on users making poor password choices. In a
dictionary attack, a simple password-cracker program takes all the words from a dictionary tile
and attempts to log on by entering each dictionary entry as a password. Users often engage in
 the poor practice of selecting common words as passwords. A password policy that enforces
complex passwords is the best defense against a dictionary attack. Users should create
passwords composed of a combination of letters and numbers, and the passwords should not
include any personal information about the user.
3. Address Spoofing
Spoofing is a type of attack in which one person, program, or computer disguises itself as
another person, program, or computer to gain access to some resource. A common spooling
attack involves presenting a false network address to pretend to be a different computer. An
attacker may change a computer’s network address to appear as an authorized computer in the
target's network. If the administrator of the target's local router has not configured it to filter
out external traffic with internal addresses, the attack may be successful. Address spoofing can
enable an attacker to access protected internal resources.
4. Phishing
Phishing Fraud is a growing problem on the Internet. Phishing is a type of fraud in which an
attacker attempts to trick the victim into providing private information such as credit card
numbers, passwords, dates of birth, bank-account numbers, automated teller machine (ATM)
PINs, and Social Security numbers.

A phishing scam is an attempt to commit identity theft via e-mail or instant message. The message
appears to come from a legitimate source, such as a trusted business or financial institution, and
includes an urgent request for personal information. Phishing messages usually indicate a critical need
to update an account (banking, credit card, etc.) immediately. The message instructs the victim to either
provide the requested information or click on a link provided in the message. Clicking the link leads the
victim to a spoofed Web site. This Web site looks identical to the official site, hut in fact belongs to the
scammer. Personal information entered into this Web page goes directly to the scammer, not to the
legitimate organization.

Note:

Anti-malware programs and firewalls cannot detect most phishing scams because they do not contain
suspect code. Some spam filters even let phishing messages pass because they appear to come from
legitimate sources.

How to Identify a Phishing Scam?

It may be difficult to identify a phishing scam simply by looking at the Web page that opens when you
click a link in an e-mail message. However, clues in the address can sometimes reveal the deception.
Look for the following:

 Phishers often substitute similar-looking characters for the real characters in a URL. For
example, you might use a "1" (numeral one) in place o f a lowercase "L" — think paypa1.com
rather than paypal.com .
 Phishing scams have become so sophisticated that phishers can appear to use legitimate links,
including the real site's security certificate. Before clicking a link, you should preview it to see w
 here it will take you. If you notice that the domain name looks odd, do not click the link. Instead,
contact the legitimate Web site's customer-service or technical-support group and ask whether
the link is valid. This approach takes more time, but is far safer than just clicking through links
without checking them.
 Some phishers purchase domain names that are similar to those of legitimate companies— for
example, walmartorder.com. The real company is Wal-Mart, but it does not include order in its
domain name.
 One ploy is to use the same domain name, but with .org rather than .com. The con artists who
use these domain names then send o u t millions of e-mails requesting that consumers verify
account information, birth dates, Social Security numbers, and so on. Inevitably, some computer
users will respond. Carefully examine the entire domain name!

How to protect against phishing?

The best way to protect against phishing of any kind is to avoid supplying personal information
when prompted to do so by an e-mail or instant message. If you believe the request might be
legitimate, call the company’s customer-service department to verify this before providing any
information. If you do call the company, do not use phone numbers contained in the message. Even
if the request is legitimate, manually enter the Web address in your browser rather than clicking on
a link in the message.

5. Pharming
Pharming is another type of attack that seeks to obtain personal or private financial information
through domain spoofing. A pharming attack doesn’t use messages to trick victims into visiting
spoofed Web sites that appear legitimate, however. Instead, pharming uses domain spoofing,
“poisoning" a domain name system (DNS) server. The result is that when a user enters the
poisoned server’s Web address into his or her address bar, that user navigates to the attacker’s
site. The user’s browser still shows the correct Web site, which makes pharming difficult to
detect— and therefore more serious. Where phishing attempts to scam people one at a time
with an e-mail or instant message, pharming enables scammers to target large groups of people
at one time through domain spooling.

What Is Malicious Software?

Malicious Software- are set of instructions that designed to cause damage, escalating security
privileges, exposing private data, or even modifying or deleting data.

Not all software performs beneficial tasks. Some software infiltrates one or more target computers
and follows an attacker’s instructions. This type of software is malicious software, or malware.

The purpose of malware is to damage or disrupt a system.

The effects of malware can range from slowing down a PC, to causing it to crash, to the theft of
credit card numbers, and worse. Simply surfing the Internet, reading e-mail, or downloading music
or other files can infect a personal computer with malware, usually without the user’s knowledge.

Malware exists in two main categories:

1. Infecting programs - Infecting programs actively attempt to copy themselves to other

computers. Their main purpose is to carry out an attacker’s instructions on new targets.
Malware of this type includes the following:

• Viruses

• Worms

2. Hiding programs- hide in the computer, carrying out the attacker's instructions while avoiding
detection. Malware that tends to hide includes the following:

• Trojan horses

• Rootkits

• Spyware

Viruses

A computer virus is a software program that attaches itself to or copies itself into another program
on a computer. The purpose of the virus is to trick the computer into following instructions not
intended by the original program developer. Users copy infected files from another computer on a
network, from a flash drive, or from an online service. Alternatively, users can transport viruses from
home and work on their portable computers, which have access to the Internet and other network
services.

A computer virus acts in a similar fashion to a biological virus. It “infects" a host program, and may
cause that host program to replicate itself to other computers. The virus cannot exist without a host,
and it can spread from host to host in an infectious manner.

Worms

A worm is a self-contained program that duplicates and sends copies of itself to other computers,
generally across a network. The worm’s purpose may be simply to reduce availability by using up
network bandwidth, or it may take other evil actions. The main difference between a virus and a
worm is that a worm does not need a host program to infect. The worm is a standalone program.

Trojan Horse

A Trojan horse, also called a Trojan, is malware that pretenses as a useful program. (Its name comes
from the Trojan horse in The Aeneid. In the story, the Greeks, who had been at war with Troy for
10 years, construct a large wooden horse and offer it as a “gift" to the Trojans. The Trojans,
viewing the gift as a peace offering, bring the horse into the city. That night, as the Trojans sleep,
Greek soldiers hiding in the belly of the hollow horse climb out and open the city gates to admit
the rest of the Greek army into the city. The Greeks soundly defeat Troy that night. )

Trojan horse programs use their outward appearance to trick users into running them. They look like
programs that perform useful tasks, but actually, they hide malicious code. Once the program is
running, the attack instructions execute with the user's permissions and authority.

Rootkits

Rootkits are newer than other types of malware. A rootkit is a type of malware that modifies or
replaces one or more existing programs to hide traces of attacks. Although rootkits commonly
modify parts of the operating system to hide traces of their presence, they can exist at any level—
from a computer’s instructions up to the applications that run in the operating system. Once
installed, rootkits provide attackers with easy access to compromised computers to launch
additional attacks.

Rootkits often work with other malware. For example, suppose a program, malware.exe, is
running on a Windows system. A simple rootkit might replace the Windows Task Manager with a
modified version that does not list any program named malware.exe. Administrators would not
know the malware program is running.

Spyware

Spyware is a type of malware that specifically threatens the confidentiality of information. It gathers
information about a user through an Internet connection without his or her knowledge.

Spyware is sometimes bundled as a hidden component of freeware or shareware programs that

users download from the Internet, similar to a Trojan horse. Spyware can also spread via peer-
topeer tile swapping. (Spyware has been around since the late 1990s, but increased in popularity
after 2000. The rapid growth of the Internet enabled attackers to collect useful information from
more and more unsuspecting users.)

Once installed, spyware monitors user activity on the Internet. Spyware can also gather information
such as e-mail addresses and even passwords and credit card numbers. The spyware can relay this
data to the author of the spyware. The author might use the data simply for advertising or
marketing purposes, but could employ it to facilitate identity theft.

Note

Licensing agreements that accompany software downloads sometimes warn users that a spyware
program will be installed along with the requested software. Often, however, because they are com
posed in dense legal language, these licensing agreements go unread.
Because spyware exists as independent executable programs, it can perform a number of
operations, including the following:

• Monitoring keystrokes

• Scanning files on the hard drive

• Snooping other applications, such as chat programs or word processors

• Installing other spyware programs

• Reading cookies

• Changing the default home page on the Web browser

Assignment

1. How to identify spyware and how to protect assets from it?

2. How to identify rootkits and how to protect assets from it?
3. How to identify Trojan horse and how to prevent it from infecting your system?