ETHICAL HACKING

Differentiate among the following with respect to

Mode of Operation
One Popular Instance (Year Workflow Damaged Caused)

Sr. Name Definition Mode of Year Workflow Damage caused

No. Operation

1 Virus Virus spread from host Attached with any file and MyDoom, 2004 This email-transmitted virus, It caused slowdowns of internet
to host and has the document and lie dormant first identified on January traffic worldwide. Kaspersky
ability to replicate until its code is execute. 26, quickly spread by estimated that 600,000 to 700,000
itself. Reproduce with Once it effect a system, appearing to be an error computers were infected with the
the help of files and may effect there system message with an worm. 13% were in the US, while
documents. on same network. Harming attachment that, when 1% were in Russia. The
the system software by opened, emailed copies of comparative lack of infections in
corrupting or destroying the virus to addresses in the Russia was attributed to better
data. Access to e-mails victims address book, and security practices in Russia.
and often interrupts the also propagated itself
process of net surfing. through the Kazaa file-
sharing service.
2 Worm An independent piece Due to its replication Morris It worked by exploiting The U.S. Government
of malicious programs nature it takes a lot of worm or Internet known vulnerabilities Accountability Office put the cost
that make copies of space in the hard drive worm of November 2, in Unix sendmail, finger, of the damage at $100,000
themselves again and and consumes more cpu 1988 and rsh/rexec, as well 10,000,000. According to a survey
again on the local uses which in turn makes as weak passwords. that two thousand computers were
drive, network shares, the pc too slow also infected within fifteen hours. It is
etc. Worms spread by consumes more network usually reported that around 6,000
exploiting bandwidth. major UNIX machines were
vulnerabilities in infected by the Morris worm.
operating systems.
3 Trojan A Trojan Horse is a Trojans often are spread Shedun 2015 Shedun malware is known It affecting roughly 20,000 popular
type of virus that via an infected email It target android OS for targeting the Android Android applications. This attacks
pretends to be attachment or a download known as Ghost Push, Accessibility Service as well detected to cause approximately
something useful, that hides in free games, Humming Bad, as for downloading and 1500-2000 infections per day.
helpful, or fun while applications, movies or Hummer, installing arbitrary
actually causing harm greeting cards. The AndroidOS_libskin, as applications without
or stealing data. It do purpose is to steal useful well as by the name of permission.
not replicate private information. the malicious
themselves but they Android .APK
can be just as executable file itself,
 destructive
4 Backdoor Backdoor is the This can compromise files
method to bypass and capture confidential
authentication in any information stored on the
system. It enter in infected machine. They
system and open the also allow hackers to run
ports for compromise malicious software from
the system the computer's Internet
connection to launch other
attacks.
5 Malware Malware is a piece of Malware attaches itself to
software use to harm the components of a web
a legitimate user page, pop-up
system like disrupt, advertisements, toolbars,
gaining access and free stuff that you
stealing information. download, and games, to
name a few. When you
click on these components,
malware sneaks into your
computer. Once malware is
in your computer it can
steal anything from your
music lists to more serious
information like your login
passwords, bank account
numbers, and personal
information.
6 spyware Spyware is a software Spyware does not usually
that install in our self-replicate. . Once it
system accidentally. install it steal our personal
information and provide it
to its creator. Steal
personal information like
credit card number,
passwords, important files
which is right_core.
DSL Backdoor It allow an attacker to send More than 20 popular models sold
commands to the router worldwide have been found to
according to TCP port 32 possess the vulnerability. Once
764 from a command shell remotely in control of the router
without any authentication via a compromised port, the
of network hacker can gain root shell access
administrators and reset the and send malicious commands to
routers configuration and the device.
gain access to the
administrative control panel.
The attack, confirmed to
work on several Linksys and
Netgear DSL modems,
exploits an open port
accessible over the wireless
local network.
Bank Hackers Steal The banks internal Then the group impersonated bank
Millions via Malware in computers, used by officers, not only turning on
2013 employees who process various cash machines, but also
daily transfers and conduct transferring millions of dollars from
bookkeeping, had been banks in Russia, Japan,
penetrated by malware that Switzerland, the United States and
allowed cybercriminals to the Netherlands into dummy
record their every move. accounts set up in other countries.
The malicious software
lurked for months, sending
back video feeds and
images that told a criminal
group including Russians,
Chinese and Europeans how
the bank conducted its daily
routines, according to the
investigators.
Lenovo has caught Michael Horowitz from It invades the privacy of customers
installing spyware on Computerworld by learning their Internet browsing
its laptops and has discovered a software habits, a class action claims.
workstations without program, called "Lenovo
the user's permission Customer Feedback Program
or knowledge. 64," that operates daily on
these systems and can be
categorized as Spyware. The
 and many other personal
stuff, emails ect.
7 rootkit Set of tools enable Rootkit is installed at the
administrator-level root level of the operating
access to a computer system, which ultimately
or computer network. enables it to operate in
stealth mode. Cracker
installs a rootkit on a
computer after first
obtaining user-level
access, either by
exploiting a known
vulnerability or cracking a
password. It direct harm to
the target machine,
enables continual access.
For example, it may steal
data or gain complete
control of the system, all
without the user or even
administrators noticing a
thing.
8 Ransom- Ransomware stops Prevent you from
ware you from using your accessing Windows.
PC. It holds your PC or Encrypt files so you can't
files for ransom. It is use them. Stop certain
done for ransom apps from running (like
either they lock the your web browser).
victims data or Ransomware will demand
threaten to publish it.
that you pay money (a
ransom) to get access to
your PC or files. We have
purpose of this program is
to send customers' feedback
data to Lenovo servers.
According to Horowitz, the
company has mentioned
this in its EULA, but
he "cannot recall ever being
asked [for] a Customer
Feedback program" while
ever setting up his Lenovo
PC.
Sony BMG copy Sony-BMG has been using
protection rootkit copy-protection technology
scandal in 2005 called XCP in its recent CDs.
You insert your CD into your
Windows PC, click "agree" in
the pop up window, and the
CD automatically installs
software that uses rootkit
techniques to cloak itself
from you.
Hacktivism in Latin It enters through spams and
America encrypt files and
documents. Once it enter it
sends a message to
desktops with instructions
about how users can pay to
have files decrypt.
and backup systems for a few days
One of the programs installed,
even if the user refused its end-
user license agreement (EULA),
would still "phone home" with
reports on the user's private
listening habits; the other was not
mentioned in the EULA at all,
contained code from several
pieces of open-source software in
an apparent infringement of
copyright, and configured the
operating system to hide the
software's existence, leading to
both programs being classified
as rootkits.
Hospital systems are on notice for
ransomware attacking their health
IT systems after three hospital
systems are reported to be victims
of computer viruses. In response,
one hospital system paid almost
$17,000 in Bitcoin to retrieve their
EHR, while the other two hospital
systems worked off paper records
while their main IT systems were
taken down to flush out the virus.
 also seen them make you
complete surveys. There is
no guarantee that paying
the fine or doing what the
ransomware tells you will
give access to your PC or
files again.
9 Crime The software tools
ware used in cybercrime is Crime ware can redirect a
sometimes referred to user's Web browser to a
as crime ware. counterfeit website
Its purpose of controlled by the thief. It
conducting malicious can enable remote access
and illegal activities of applications, allowing
online. It refers to criminals to break into
programs that are networks and steal
meant to automate passwords cached on a
the theft of user's system. It can also
information, allowing install keystroke loggers to
the thief to gain collect data, such as
access to a persons password and login
financial accounts information for online bank
online. accounts.
10 Scare Scare ware is design Scareware, which
to trick victims into generates pop-ups that
ware
purchasing and resemble Windows system
downloading useless messages, usually
and potentially purports to be antivirus or
dangerous software. antispyware software, a
firewall application or
a registry cleaner. They
said that they have find a
infect files in your system,
to clean your system
purchase their software to
perform that task but
actually it doesnt
happened.
11 Adware Adware is a software The advertisements
application in which usually run in a small
There are a number of
Hacktivism in Latin methods used, ranging from
America website defacementwhen
hackers change the
appearance of a siteto a
denial-of-service attack,
which makes a website slow
or inaccessible.
Police in the United States
FBI targets two and seven other countries
"scareware" rings in
seized computers and
U.S., Europe servers used to run a
"scareware" scheme that
has netted more than $72
million from victims tricked
into buying fake anti-virus
software.
Lenovo pre-installs This is a pre-install adware
adware on its injects ads when users
Hacktivists throughout the region
tend to target government
websites. The group Anonymous
defaced Chiles Ministry of
Education site in support of
student protests, and
also hacked the websites of
Argentine President Cristina
Fernndez de Kirchner and
Nicaraguan President Daniel
Ortega. Hackers defaced the
Honduran police website,
and attacked numerous
government sites in Guatemala
including the presidency and
congressional homepagesover
the past two years.
The suspects involved in the
scheme, who were not identified,
planted "scareware" on the
computers of 960,000 victims. The
scareware would pretend to find
malicious software on a computer.
The goal is to persuade the victim
to voluntarily hand over credit card
information, paying to resolve a
non-existent problem
This could effectively allow the
software to perform a man-in-the-
 advertising banners section of the software systems, which could browse the web, with middle attack on your private
are displayed while interface or as a pop-up also steal your private Google searches being a data. Internet Explorer and
any program is ad box on your desktop. data. Despite that, primary target. It also Chrome could be affected by this,
running. Adware can When you stop running the Lenovo claims its installs its own security while Firefox is currently safe
automatically get software, the ads should useful software that certificate which shares its thanks to its independent
downloaded to your disappear. This allows helps users discover private key. This allows any certificate repository. And the
system while consumers to try the products visually. software that uses that key security certificate itself doesn't
browsing any website software before they buy to fool the device into get removed alongside the
and can be viewed and you always have the thinking its legitimate program so users could still be
through pop-up option of disabling the ads Microsoft software. It would vulnerable even if they get rid of
windows or through a by purchasing a then be able to decode Superfish.
bar that appears on a registration key. encrypted data such as the
computer screen one sent between you and
automatically. Adware your bank.
are used by
companies for
marketing purpose.
12 APT A network attack in Titan Rain (2003) It can spread by infected It is a state level attack .Once
which an An APT attacker uses spear Sykipot Attacks (2006) USB hard drives. APTs attacker gain target machine
unauthorized person fishing, to gain access to GhostNet (2009) select their targets based control he can use machine by his
gains access to a the network through Stuxnet Worm (2010) on specific intelligence will. He will steal secret of state to
network and stays legitimate means. Once Deep Panda (2015) gathering or system use them.
there undetected for a access has been achieved, disruption objectives.
long period of time to the attacker establishes Once the APT has its
steal data rather than a back door. And steal marching orders from the
to cause damage to credential records. command and control (C&C)
the network. server, it begins to spread
through your network,
calling home with
interesting data, and hiding
itself from detection.

Bibliography
https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
http://thehackernews.com/2015/09/lenovo-laptop-virus.html
https://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html?_r=0
https://www.symantec.com/connect/articles/what-are-malware-viruses-spyware-and-cookies-and-what-differentiates-them
http://www.webopedia.com/DidYouKnow/Internet/spyware.asp
http://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT
https://www.getsafeonline.org/business-blog/five-notable-examples-of-advanced-persistent-threat-apt-attacks/
https://en.wikipedia.org/wiki/Ransomware
http://www.natlawreview.com/article/ransomware-scandals-rock-hospital-systems-hhs-proposed-rule-may-help
https://heimdalsecurity.com/blog/what-is-ransomware-protection/
https://en.wikipedia.org/wiki/Crimeware
http://www.infoworld.com/article/2606776/hacking/155947-Biggest-baddest-boldest-software-backdoors-of-all-
time.html#slide3
https://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
http://blog.trendmicro.com/backdoor-attacks-work-protect/
http://www.infoworld.com/article/2606776/hacking/155947-Biggest-baddest-boldest-software-backdoors-of-all-
time.html#slide3