Professional Documents
Culture Documents
LOGIC BOMB
What is a Logic Bomb? 3
03/29/2024
A Logic bomb is a piece of code intentionally
inserted into a software system that will set off a
malicious function when specified condition are met.
03/29/2024
Criteria for “Logic Bombs”
For code to be considered a logic bomb that effects of the code should be
unwanted and unknown to the software operator.
Trial software that expires after a certain time is generally not considered a
logic bomb.
03/29/2024
The defining characteristics of a logic bomb are:
It lies dormant for a specific amount of time.
Its payload is unknown until it triggers. A payload is the component of malware that
carries out the malicious activity basically, what sort of damage the malware is coded
to inflict.
It’s triggered by a certain condition. The detonator of the logic bomb is the condition
that must be met. It’s this feature that lets logic code bombs go undetected for long
periods of time.
03/29/2024
Hawassa University, Institute of Technology
School of Electrical and Computer Engineering
Possible Triggers for Logic Bomb 7
03/29/2024
Lapse in time
Specific dates
Specific commands
Specific actions in programs
“Still-there ” logic bomb
Remain in the system with compromising effects.
Will run as instructed by its creator unless the creator deactivates it.
03/29/2024
Do not allow any one person universal access to your system.
Separation of duties.
Always practice safe computing. Always use protection. AntiVirus software can
significantly reduce the risk of contacting a virus which may contain a logic
bomb.
New strain of logic bomb and virus program are constantly being created.
Remember, if you believe your system may be compromised by another entity
(programmer , software or other system). Get tested to prevent the transimission
of dangerous code operation.
03/29/2024
The common bad effects that logic bomb can cause include:
File deletion
Disk wipeout
Data damage
SPIKE
What is Spike? 11
03/29/2024
A Computer Spike or data spike was an electronic device that, when connected
to a computer, allowed a user to slice into secure computer programs to access
data. The spike would assault systems with garbage data to overwhelm security
measures. Most computer could only be used once.
They were usually single-use devices that contained specialized programs
designed to bypass security systems and improve user access to protected
systems.
03/29/2024
Find new vulnerabilities by:
Making it easy to quickly reproduce a complex binary protocol.
Develop a base of knowledge within SPIKE about different kinds of bug classes
affecting similar protocols.
Test old vulnerabilities on new programs.
Make it easy to manually mess with protocols.
03/29/2024
Technically speaking, SPIKE is actually a fuzzer creation kit, providing an API that allows
a user to create their own fuzzers for network based protocols using the C programming
language. SPIKE defines a number of primitives that it makes available to C coders, which
allows it to construct fuzzed messages called “SPIKES” that can be sent to a network
service to hopefully induce errors. SPIKE was specifically designed to focus on finding
exploitable bugs, so it’s an excellent choice for our purposes .
As I mentioned, SPIKE is a C based fuzzer creation kit, but you don’t have to know how to
write C programs to use SPIKE. SPIKE also includes a simple scripting capability, and
within the SPIKE distribution there are a few command line tools which can act as
interpreters to simple text files containing SPIKE primitives .
03/29/2024
SPIKE has a large number of in-built strings to use for fuzzing that are very effective at producing
a wide variety of errors in programs. SPIKE does a lot of the work for you in determining the
values that can best be sent to an application to cause it to fail in a useful way. This means you
don’t have to come up with these values yourself, and you benefit from the considerable
experience of the programs author in choosing good fuzzing strings.
SPIKE has a concept of “blocks”, which can be used to calculate the size of specified
sections within the SPIKES that are generated by the SPIKE code. These size values can
then be inserted into the SPIKES themselves, in a variety of different formats. This is a real
benefit when fuzzing protocols that require accurate size values to be specified for particular
fields within a message, and saves you the effort of doing these calculations yourself.
SPIKE can support a number of different data types that are commonly used in network
protocols, and can accept them in a variety of different formats that allow easy cutting and
pasting from many different programs.
SERVER SPOOFING
What is Meant by Spoofing? 16
03/29/2024
The “spoofing” term in the attack means that the threat actor is using a
malicious site that resembles the official website a user knows. Since DNS is a
critical part of Internet communication, poisoning entries give an attacker the
perfect phishing scenario to collect sensitive data. The threat actor can collect
passwords, banking information, credit card numbers, contact information,
and geographic data.
03/29/2024
Domain name server(DNS) spoofing is a type of cyber-attack that uses
tampered DNS server data to redirect users to take websites. These
malicious sites often look often look legitimate but are actually designed to
install malware onto users devices, steal sensitive data or redirect traffic.
The DNS attack typically happens in a public Wi-Fi environment but can
occur in any situation where the attacker can poison ARP (Address
Resolution Protocol) tables and force targeted user devices into using the
attacker-controlled machine as the server for a specific website.
03/29/2024
There are a few methods attackers can use to execute DNS spoofing attacks, but they
all share the same goal — to trick users and their servers into thinking a fraudulent
website is legitimate. To do this, attackers typically follow these three steps:
Step 1: Accessing the DNS server
Before a hacker can perform this attack, they need to gain access to the DNS
server or DNS resolver cache. This process involves identifying a DNS server’s
software versioning and MAC address, scanning for vulnerabilities and
determining whether it uses DNSSEC (domain name system security
extensions) or DNS encryption. Unfortunately, most DNS queries and responses
are unprotected, making it easy for attackers to gain access and redirect traffic to
a server they control.
03/29/2024
addresses with fake ones. Because these systems can’t differentiate between a
legitimate IP address and a malicious one, attackers can trick them into storing a
spoofed entry that leads to a malicious website. Once this process is complete, the
spoofed entry remains in the system and directs anyone connected to the server to the
malicious site instead of the legitimate one.
Step 3: Accessing Sensitive Data
Once a user arrives at a malicious website, it may prompt them to enter their
login information like they normally would. Because the fake site looks exactly like
the legitimate one, the victim has no idea that they are handing sensitive information
over to the attacker. Attackers can also use DNS spoofing to install malware on a
user’s device or redirect traffic to phishing websites. This is especially common for
online shopping and banking websites.
03/29/2024
When the attacker finds a good public Wi-Fi, the basic steps in DNS poisoning
are:
Use arpspoof to trick a targeted user’s machine into pointing to the attacker’s machine
when the user types a domain address into their browser. This step essentially poisons
the resolution cache on the user’s computer.
Issue another arpspoof command to trick the domain web server into thinking the
client’s IP is the attacker’s machine IP
Create a HOST file entry pointing the attacker’s machine IP to the targeted website.
This HOST entry is used when users request the domain name.
03/29/2024
Set up a phishing website with the same look and feel of the “real” website
on a local malicious computer.
Collect data from targeted victims on the network by tricking them into
authenticating or entering their information into the spoofed website pages.
03/29/2024
Never Click on Unfamiliar Links
Malicious websites often display fake advertisements or notifications that prompt you to
click on a link. By clicking on unfamiliar links, you could expose your device to
dangerous viruses and other malware. If you notice an unfamiliar link or advertisement on
a website you normally use, it’s best to avoid it.
Set up DNSSEC
Domain owners and internet providers can set up DNS security extensions (DNSSEC) to
authenticate DNS entries. DNSSEC works by assigning a digital signature to DNS data
and analyzing a root domain’s certificates to verify that each response is authentic. This
ensures that each DNS response comes from a legitimate website. Unfortunately,
DNSSEC is not widely used, so DNS data for most domains remains unencrypted.
03/29/2024
Because attackers often use DNS spoofing to install viruses, worms and other types of
malware, it’s important to scan your devices for these threats regularly. You can do this by
installing antivirus software that identifies and helps remove threats. If you own a website
or DNS server, you can also install DNS spoofing detection tools. These are designed to
scan all outgoing data to ensure it is legitimate.
Use a VPN
A virtual private network (VPN) is an added security measure that prevents attackers from
tracking your online activity. Instead of connecting your devices to your internet provider’s
local server, a VPN connects to private DNS servers around the world that use end-to-end
encrypted requests. This prevents attackers from intercepting traffic and connects you to
DNS servers that are better protected from DNS spoofing.
03/29/2024
Verify That Your Connection Is Secure
Malicious websites are often identical to legitimate ones at first glance, but there are a few
ways to verify that you’re connected to a secure site. If you’re using Google Chrome, look
for a small, gray padlock symbol in the address bar to the left of the URL. This symbol
shows that Google trusts the domain host’s security certificate and indicates that the website
is not a duplicate.
In some cases, your browser will alert you if you try to access an unsecured site. If you see a
message warning that your connection isn’t secure, you shouldn’t ignore it. It could mean
that the site you’re trying to access is a spoofed site without a legitimate SSL (Secure
Sockets Layer) certificate.
03/29/2024
DNS spoofing can pose multiple risks to users. Some of the most common risks
include:
Data Theft
Attackers frequently use DNS spoofing to access sensitive user data like banking, credit
card and personal log-in information. Phishing websites can be difficult to detect, so
users may not notice that their data was compromised until it’s too late.
Censorship
Attackers can use DNS spoofing to censor web results. Some governments intentionally
poison DNS caches to prevent citizens from accessing certain websites or online
resources. For example, China is known for using DNS hacking as part of its Great
Firewall, a DNS filtering system designed to redirect users away from unapproved
websites.
03/29/2024
Malware Infection
Fake websites are often full of malicious links and downloads that can infect your
device with malware. If the spoofed site is an internet security provider, it can
indirectly expose you to viruses by preventing legitimate security updates. This risk is
highest for users who don’t use antivirus software or other cybersecurity methods.
03/29/2024