Malicious programs, network attacks and Internet-fraud
|Back-doors||Brute force attacks||Defacement||DoS-attacks|
|Key-loggers||Logic bombs||Mail bombs||Phishing|
Back-doors — programs enable logging on into the system or obtaining the privileged function and bypassing existing access system. It is often used to bypass existing security system. Back-doors do not infect files, but they write themselves into register modifying the register keys in the process.
Brute force attacks — the attacks that use "brute force" technique. Users usually employ simple passwords, for instance, "123", "admin", etc. It is exactly what computer attackers make use of. They calculate a password required for entering the network with special Trojan programs using trial-and-error method based on password dictionary built into the program or by generating random sequences of symbols.
Defacement — Web-pages deformation. It is a kind of a computer vandalism sometime serving as an amusement for a hacker but it can be a method of expressing the political preferences. Deformations can be done in certain part of the site or it can be total replacement of the site's pages (most often a starting one).
DoS-attacks — the attacks for denial of a service. It is popular among attackers kind of network attacks bordering with terrorism. Enormous amount of requests for service are sent to the attacked server in order to make it fail. When certain limit of requests is reached (it depends on server's hardware) the server cannot process more of them so it fails. Usually the attack is preceded by spoofing. DoS-attacks became widely used method of bluffing and blackmailing the competitors.
Key-loggers — a kind of Trojan programs which main function is to log the data entered by user with keyboard. The objects to steal are personal and network passwords, logins, credit card data and other personal information.
Logic bombs — a kind of Trojans - hidden modules built into already written and widely used program. They are an instrument of computer sabotage. Such module is harmless until particular event happened (user pressed certain keys, changes in the file occurred or the set date or set time came) when it is activated.
Mail bombs — one of the simplest kinds of network attacks. Attacker sends to a user's computer or a company mail server one huge message or many (tens of thousand) e-mail messages which leads to the failure of the system. Dr.Web Antivirus for e-mail servers have special mechanism of protection against such attacks.
Phishing — technology of Internet-fraud which used for stealing personal confidential data such as access passwords, bank and identification cards data, etc. By using spam mailing or mail worms the fictitious letters supposedly from legitimate organizations are sent to potential victims. In the letters they are asked to visit phony made up by the criminals "site" of such organization and confirm the passwords, PIN-codes and other personal information then used by the attackers for stealing money from the victim's account and for other crimes.
Pharming — relatively new kind of Internet-fraud. Pharming technologies enable changing DNS (Domain Name System) records or records in HOSTS file. During user's stay on what he thinks is the legitimate page the redirection to phony page created for collection of confidential information is done. Most often such pages substitute the bank pages both offline and online.
Rootkits — ill-intended programs designed to intercept system functions of the operating system (API) to hide its presence in the system. In addition, Rootkit can masquerade processes of other programs, different registry keys, directories, and files. Rootkit propagate as independent programs and as additional components inside other malicious programs — backdoors, mail worms etc. The Rootkit can be divided into two groups : User Mode Rootkits (UMR) — the Rootkits operating in the user mode and Kernel Mode Rootkit (KMR) — those operating in the kernel mode. UMR intercept functions of libraries of user mode, while KMR install drivers into the system which intercept functions of the kernel, which makes their detection and neutralization much more complicated.
Scamming — "scam" is synonym to "cheat" a kind of Internet-fraud. It consists of attracting the clients supposedly by matrimonial agencies (in truth scam-agencies) so as to tap some money with marriage frauds.
Sniffing — a kind of network attack called also "passive listening through network". It is not authorized traffic flow analysis and data monitoring with special not malicious program called packet sniffer which is capturing all network packets of the monitored domain. The captured data can be used by attackers to legally enter the network as a phony user.
Spoofing — a kind of network attack directed to getting access to the network in a fraudulent way with spoofing i.e. connection imitation. Spoofing is used for bypassing access control systems based on IP addresses, and also for currently on rise masking the phony sites as if they are their legal twins or just legal businesses.
Time bombs — is a sort of the logic bombs, where activation of the hidden module depends on time.
Trojan Horses — malicious programs containing hidden module. It acts upon the computer making operations without user's authorization. These operations are not necessarily destructive but they will always be directed to the detriment of the user. Name of this kind of attacks comes from famous legend about wooden horse statue used by Greeks to enter Troy.
Trojan vandal-programs substitute certain often run program, perform its functions or imitate the work simultaneously making some maleficent actions (erase files, destroy directories, format disks, send out the passwords or other confidential information stored on the user's computer). Certain Trojan programs have mechanism for updating their components via Internet.
Vishing — an Internet fraud technique, a kind of a fishing technique. It uses for malicious purposes “war diallers” and VoIP technology to steal personal sensitive data, such as passwords, banking details, identification cards details, etc. Potential victims receive telephone calls, as if made by legitimate companies and institutions. They are asked to confirm PIN-codes or passwords from keyboards of their smart phones or PDAs which are used in future by criminals to steal money from bank accounts and in other crimes.
Zombies — small computer programs distributed around Internet by computer worms. Zombie-programs install themselves into infected system and wait for further commands to execute.