...The Malware Lifecycle The advancement of technology and the proliferation in the use of the Internet, which offers a variety of products and services to users, provide a pathway to solicit user’s information that can result in identity theft and compromising of sensitive information has increased in the last decade. Cybercrimes have evolved and intensified as hackers develop and supply exploits that can be used as tools for stealing valuable information from financial institution such as banks. Motivations and Evolution Since the evolution of hacking, the skills and creativity of hackers have matured and the motivation behind hacking has been revolutionized from the origins to its current form. Oriyano & Gregg (2011) opines that in the 1960’s, the first generation of hackers that emerged were technology enthusiasts who created the building blocks for technological advancement. These hackers were motivated by intellectual curiosity and entertainment (Oriyano & Gregg, 2011). However, Oriyano & Gregg (2011) argues that the negative connotations that society identifies hackers began in the 1980’s in which they became computer criminals. Hacker’s activities were predominantly theft of services motivated by financial gains or personal gratification (Oriyano & Gregg, 2011). Subsequently, numerous hackers did not seem satisfied with the benign exploration of computer systems simply to learn about their internal operations as the hackers were now interested in individual gains...
Words: 2000 - Pages: 8
...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...
Words: 1054 - Pages: 5
...Stuxnet Virus According to counterterrorism czar Richard Clarke, Stuxnet was a weaponized malware computer worm. Stuxnet was launched in mid-2009, it did major damage to Iran’s nuclear program in 2010 and then spread to computers all over the world (Clarke, 2012). Type of Breach The Stuxnet is a computer worm, “it is a digital ghost with countless lines of code… it was able to worm its way into Iran’s nuclear fuel enrichment facility in Natanz, Iran” (Clarke, 2012). A worm is a program that spreads copies of itself through a network and a worm can also spread copies of itself as a stand-alone program (Pfleeger & Pfleeger, 2007). How the Breach Occurred On June 17, 2010, Sergey Ulasen, head of a small computer security firm called VirusBlokAda, was going his through e-mail when a report caught his attention. A computer belonging to an Iranian customer was caught in a reboot loop; it was “shutting down and restarting repeatedly despite efforts by operators to take control of it. It appeared the machine was infected with a virus” (Zetter, 2011). Ulasen’s research team got hold of the virus infecting their client’s computers. They realized it was using a “zero-day” exploit to spread (Zetter, 2011). Zero-days are the hacking world’s most potent weapons: The virus exploits vulnerabilities in software that are not yet known to the software maker or antivirus vendors. They’re also exceedingly rare; it takes considerable skill and persistence to find such vulnerabilities and...
Words: 1195 - Pages: 5
...E-SECURITY REVIEW 2008 Submission from Microsoft Australia Introduction Microsoft Australia welcomes the opportunity to participate through this Submission in the Whole-of Government Review of E-Security. A periodic review of the E-Security framework, in light of the quickly evolving threat landscape, is both timely and appropriate. Over the last thirty years there have been dramatic advances in information technology - the development of the microprocessor, the rise of the personal computer, the emergence of the Internet - which have revolutionised the way information is created, stored, shared, and used. Today, powerful, affordable and diverse devices, together with expanding broadband networks, create a powerful opportunity for connectivity for individuals and communities. Over the past two decades, rapid advances in software, IT services, and communications have enabled many traditionally separate and disparate infrastructures and business operations to become more connected. Through this connectivity virtually every aspect of society has experienced a transformation. Businesses and governments have been able to manage and streamline their operations. Individuals have been offered ready access to multiple sources of information thereby expanding knowledge and choice. Across every field of endeavour – commercial, social, scientific and philanthropic – the power of information has been increased and the transaction costs of engagement have been lowered. Our broad reliance...
Words: 13936 - Pages: 56
...How to Disable AutoRun in Windows 8 ------------------------------------------------- April 23, 2013 in Featured, How To's, Microsoft Surface How To's, Windows General How To's, Windows How To's While AutoRun lets you play your favorite digital media automatically, it opens up vulnerable doors on your PC at the same time. Any malicious code can easily be injected to your PC using the AutoRun feature, so it’s a good idea to keep it turned OFF. Here’s how you can disable the AutoRun feature in Windows 8 and keep your PC safe from virus and other threats. I. Disabling AutoRun in Windows 8: 1. Open the Run Box by pressing Windows Logo+R keys together. 2. Type in gpedit.msc and hit ENTER. Type in gpedit.msc and hit ENTER 3. The Group Policy Editor will open. Navigate to the following location in the Editor: Computer Configuration>>Administrative Templates>>Windows Components>>AutoPlay Policies 4. Once there, double-click on the entry in the right-hand side that says Turn off Autoplay. Click on Turn off Autoplay 5. Select Enabled and All drives as shown in the screenshot below: Select Enable and All drives 6. Hit Apply and you’re good to go! Cool! The AutoRun feature has been disabled on your Windows 8 and this will certainly help you keep your PC safe from any malicious codes that come attached with USB and other digital media devices. TheUnlockr.com, your source for how to root, hack, and mod to unlock your device's true potential. Look...
Words: 299 - Pages: 2
...Computer Mario Noriega CIS 103 Abstract Computers are one of the greatest inventions in the 20th century, and they used in many fields with a lot of benefits. There are many types of computers, huge and powerful computer are employed by governments and business to perform complex tasks and store data. Computers are particular good at performing repetitive tasks at speeds far faster than any human or team of humans can. Small computers like home and personal computers can also perform domestic tasks. We will see the benefits, risk in those times, 20 years ago, and also a projection 20 years later. Computer Computer is an electronic device used in almost every field even where it is most unexpected. That is why this age is called as the as the era of information technology. And we cannot imagine a world without computers. It is made up of two things one is the hardware and other is software. All physical components of computer like keyboard, mouse, monitor etc. comes under the hardware whereas all the programs and language used by the computer are called software. These days computers are the tools for not only IT professionals, engineers and scientists but also they are being used by millions of people around the world. Computers has become very important at present because it is very much accurate, fast and can accomplish many tasks easily otherwise to complete those tasks manually much more...
Words: 1401 - Pages: 6
...enterprises in 2010. To increase the likelihood of successful, undetected infiltration into the enterprise, an increasing number of these targeted attacks leveraged zero-day vulnerabilities to break into computer systems. Stuxnet and Hydraq teach future attackers that the easiest vulnerability to exploit is our trust of friends and colleagues. Stuxnet could not have breached its target without someone being given trusted access with a USB key. Meanwhile, Hydraq would not have been successful without convincing users that the links and attachments they received in an email were from a trusted source. Social Networks Social network platforms continue to grow in popularity and this popularity has not surprisingly attracted a large volume of malware. One of the primary attack techniques used on social networking sites involved the use of shortened URLs. Under typical, legitimate, circumstances, these abbreviated URLs are used to efficiently share a link in an email or on a web page to an otherwise complicated web address. The report found that attackers overwhelmingly leveraged the news-feed capabilities provided by popular social networking sites to mass-distribute attacks. In a typical scenario, the attacker logs into a compromised...
Words: 727 - Pages: 3
...EXECUTIVE SUMMARY The term ‘keylogger’ itself is neutral, and the word describes the program’s function. Most sources define a keylogger as a software program designed to secretly monitor and log all keystrokes. There is a lot of legitimate software which is designed to allow administrators to track what employees do throughout the day, or to allow users to track the activity of third parties on their computers. However, the ethical boundary between justified monitoring and espionage is a fine line. Legitimate software is often used deliberately to steal confidential user information such as passwords. Most modern keyloggers are considered to be legitimate software or hardware and are sold on the open market. Developers and vendors offer a long list of cases in which it would be legal and appropriate to use keyloggers, including: Parental control, Company security, law enforcement,Jealous spouses or partners can use a keylogger and many more reasons. But today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose.Furthermore, many keyloggers hide themselves in the system (i.e. they have rootkit functionality), which makes them fully-fledged Trojan programs. Although keylogger programs are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, most privacy advocates agree that the potential for abuse...
Words: 1408 - Pages: 6
...computers, cell phones, GPS’s, and internet are a lot more common. Now that today’s technology is expanding and growing which means that the reliance and dependence of these products is also growing. The dependence and the reliance are not the only two things that technology brings. The more reliance of these things causes cyber attacks which are gradually increasing the occurrence. It is harder to stop these attacks before they occur is more difficult than what can be expected but however it is not impossible. There is a trick to catching these attacks which is within programs and applications that the users uses which detects as well as notifies the user that there is an attack. This could be something like an anti-virus and/or a malware program or even a firewall. The purpose within this paper is to discuss cyber attacks as well as the steps involved and how to prevent them which was discussed in the article by Tony M. Damico entitled Cyber Attack Prevention for the Home User: How to Prevent a Cyber Attack (2009) and other sources Cyber Attack: What It Is A cyber attack is “an attempt to undermine or compromise the function of a computer-based system, or an attempt to track the online movements of individuals without their permission” (WiseGeek, 2011). The easier way to describe a cyber attack would be the targeting something electronic to make it malfunction so that someone is able to collect what it is they need. The cyber attacks that specifically...
Words: 880 - Pages: 4
...Nowadays, E-commerce is a fundamental part of marketing activity. Most of e-commerce proceeds on the websites of publicly traded companies. A challenge that e-business face is that vulnerably experience e-crime, also known as cybercrime. As Internet technology continues to rise throughout the world, the threat of cyber crime also grows. While some of these crimes are relatively harmless and commonplace, others are very serious and carry with them felony charges. Various types of Cyber crimes that can be encountered over the net are spam, fraud, cyber terrorism and so on. Whether for individuals, companies or governments, cybercrime has become a big problem. Spam is defined as unsolicited junk e-mail. It is used by chain mailers, forger and some others who selling dubious products. “The Federal Trade Commission (FTC) has identified 12 types of scams that are most likely to arrive in consumers’ e-mail boxes. The “dirty dozen” are: business opportunities, bulk e-mail, work at home schemes, health and diet scams, effortless income, free goods, investment opportunities, cable descrambler kits, guaranteed loans or credit on easy terms, credit repair, and vacation prize promotions”(Phommalinh). Meanwhile, the most common type of cybercrimes occurred in spam is virus which spread by e-mails. When one receive an e-mail with a virus, the default settings of your computer do not have any action required to resist virus. At that point, virus can follow instructions and does anything whatever...
Words: 1173 - Pages: 5
...Help Net Security is a site (www.net-security.org) run specifically in order to help disseminate information about current security problems and concerns across the full spectrum of computing systems. According to “About” page, Help Net covers “news around the globe… technical articles and papers, vulnerabilities, various vendor advisories, latest viruses, malware and hosts the largest security software download area with software for Windows, Linux, Mac OS X and Windows Mobile.” The paper under review today is titled “Targeted Cyber Attacks”, written by the site GFI.com and published as an eBook available at Help net Security. Targeted Cyber Attacks is an extensive, 25-page review of cyber attacks in a general sense, exposing the impact, extent of the problem, effectiveness of attacks, solutions and attack avoidance. It explains that the definition of a cyber attack is specifically when a company is attacked electronically for the purposes of gaining access to data or compromising functionality and causing denials of service. The paper starts off with a definition of those who are actually at thread for attack – EVERY organization. The paper’s position is that all organizations are vulnerable, whether they believe it or not, and that there is no target too large or too small that can be attacked. Visibility of the company, perception of the ease of attack, and hiding their vulnerability from the public all have nothing to do with whether or not an attack will take place...
Words: 1450 - Pages: 6
...Introduction and Abstract Copyright(c), 1984, Fred Cohen - All Rights Reserved This paper defines a major computer security problem called a virus. The virus is interesting because of its ability to attach itself to other programs and cause them to become viruses as well. There are two spellings for the plural of virus; 'virusses', and 'viruses'. We use the one found in Webster's 3rd International Unabridged Dictionary Given the wide spread use of sharing in current computer systems, the threat of a virus carrying a Trojan horse [Anderson72] [Linde75] is significant. Although a considerable amount of work has been done in implementing policies to protect from the illicit dissemination of information [Bell73] [Denning82], and many systems have been implemented to provide protection from this sort of attack [McCauley79] [Popek79] [Gold79] [Landwehr83], little work has been done in the area of keeping information entering an area from causing damage [Lampson73] [Biba77]. There are many types of information paths possible in systems, some legitimate and authorized, and others that may be covert [Lampson73], the most commonly ignored one being through the user. We will ignore covert information paths throughout this paper. The general facilities exist for providing provably correct protection schemes [Feiertag79], but they depend on a security policy that is effective against the types of attacks being carried out. Even some quite simple protection systems cannot be proven 'safe' [Harrison76]...
Words: 8970 - Pages: 36
...CNB are as follows • Malware • Malicious software • Unprecedented of Spam Malware, short for malicious software, is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software. Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious BHOs, rogue security software, and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. States. Malware is different from defective software, which is a legitimate software but contains harmful bugs that were not corrected before release. However, some malware is disguised as genuine software, and may come from an official company website in the form of a useful or attractive program which has the harmful malware embedded in it along with additional tracking software that gathers marketing statistics. Software such as anti-virus, anti-malware, and firewalls are relied upon by users at home, small and large organizations around the globe to safeguard against malware attacks which helps in identifying and preventing the further spread of malware in the network. 2) In...
Words: 830 - Pages: 4
...------------------------------------------------- CYBER CRIME IN ITS VARIOUS FORMS ------------------------------------------------- Amneet Bedi ------------------------------------------------- CSE-Dept, RBCENTW Hoshiarpur ------------------------------------------------- e-mail.: amneetb2@gmail.com ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- Abstract: This Paper is a review paper on the topic of Cybercrime and its forms. The paper describes very basic information about cybercrime. It includes introduction to cyber crime, its brief history, its types along with their brief description, today’s scenario regarding cybercrime and an introduction to cyber security as a weapon against cybercrime . The paper is best suited for those who want to understand what cybercrime exactly is at the beginners’ level and what are the prevailing cybercrimes. ------------------------------------------------- Keywords: Cybercrime, cyber security, Hacking, spoofing, Cyber stalking, DOS Attack, Computer Vandalism, Cyber terrorism, Softaware Piracy, Phishing, Data diddling, Virus/ Worms, Trojan ,Cyber Laundering, Cyber contraband. ------------------------------------------------- Introduction: Today , the world is moving towards a point where everything from banking, stock exchanges, traffic control, telephones to electric power, health care, welfare and education depends on software. Undoubtedly...
Words: 1944 - Pages: 8
...current and up-to-date. Have you downloaded the latest virus definitions? If not, do so and note which ones you downloaded. Run a virus scan on your computer and note your results. As a Mac user, I didn’t worry about malware like Windows users do. But I still install virus software for my computer called ClamXav. It’s a free program that will scan your Mac to determine if you have a virus, but won’t pre-emptively protect you from getting one. It’s an “on-demand” versus an active scanner. I update and run it every so often after I hear of some new threat. The results of my virus scan show my computer is healthy and safety. 3) Does your software have a personal Firewall and is it active? If you don't know what a Firewall is or what it does, research it and explain. Yes, I have a personal Firewall on my Mac. I use NetMine for several years. It is one of the most popular third-party firewall for Mac book. This firewall controls and monitors the entire network and Internet activity of your Mac. The NetMine safeguards the Mac book against prohibit entry to and from your computer together with other activities initiated by an external source or software programs. 4) Do you have software in your computer to protect you and clean your computer of Spyware and Malware? If so what software?...
Words: 815 - Pages: 4