Virus – this is a term that used to be generic.
Any bad software used to be a virus;
however, we use the term “malware” now.
We use the word “virus” to describe a
program that self-replicates after hooking
itself onto something running in Windows®.
Worm – a worm is another kind of self-
replicating program but generally doesn’t
hook itself onto a Windows process. Worms
generally are little programs that run in the
background of your system.
Trojan – software that you thought was going
to be one thing, but turns out to be
something bad. Named for the fabled “Trojan
Horse” that appeared to be a gift but in fact
carried a dangerous payload.
Drive-by download – this is probably the
most popular way to get something nasty
into your computer. Most of the time, it
comes from visiting a bad web page. That
web page exploits a weakness in your
browser and causes your system to become
infected.
Malware Actions
Malware:
This is a big catchall phrase that covers all
sorts of software with nasty intent. Not
buggy software, not programs you don’t like,
but software which is specifically written
with the intent to harm.
Once malware is in your computer, it can do
many things. Sometimes it’s only trying to
replicate itself with no harm to anyone, other
times it’s capable of doing very nasty things.
Adware – not truly malware and almost
never delivered using one of the methods
above. Adware is software that uses some
form of advertising delivery system.
Sometimes the way that advertisements are
delivered can be deceptive in that they track
or reveal more information about you than
you would like. Most of the time, you agree
to the adware tracking you when you install
the software that it comes with. Generally, it
can be removed by uninstalling the software
it was attached to.
Spyware – software that monitors your
computer and reveals collected information
to an interested party. This can be benign
when it tracks what webpages you visit; or it
can be incredibly invasive when it monitors
everything you do with your mouse and
keyboard.
Ransomware – lately a very popular way for
Internet criminals to make money. This
malware alters your system in such a way
that you’re unable to get into it normally. It
will then display some kind of screen that
demands some form of payment to have the
computer unlocked. Access to your computer
is literally ransomed by the cyber-criminal.
Scareware – software that appears to be
something legit (usually masquerading as
some tool to help fix your computer) but
when it runs it tells you that your system is
either infected or broken in some way. This
message is generally delivered in a manner
that is meant to frighten you into doing
something. The software claims to be able to
fix your problems if you pay them.
Scareware is also referred to as “rogue”
software – like rogue antivirus.
Bots
"Bot" is derived from the word "robot" and
is an automated process that interacts with
other network services. Bots often automate
tasks and provide information or services
that would otherwise be conducted by a
human being. A typical use of bots is to
gather information (such as web crawlers),
or interact automatically with instant
messaging (IM), Internet Relay Chat (IRC), or
other web interfaces. They may also be used
to interact dynamically with websites.
Bots can be used for either good or
malicious intent. A malicious bot is self-
propagating malware designed to infect a
host and connect back to a central server or
servers that act as a command and control
(C&C) center for an entire network of
compromised devices, or "botnet." With a
botnet, attackers can launch broad-based,
"remote-control," flood-type attacks against
their target(s). In addition to the worm-like
ability to self-propagate, bots can include the
ability to log keystrokes, gather passwords,
capture and analyze packets, gather financial
information, launch DoS attacks, relay spam,
and open back doors on the infected host.
Bots have all the advantages of worms, but
are generally much more versatile in their
infection vector, and are often modified
within hours of publication of a new exploit.
They have been known to exploit back doors
opened by worms and viruses, which allows
them to access networks that have good
perimeter control. Bots rarely announce
their presence with high scan rates, which
damage network infrastructure; instead they
infect networks in a way that escapes
immediate notice.
Exploit
An exploit is a piece of software, a
command, or a methodology that attacks a
particular security vulnerability. Exploits are
not always malicious in intent—they are
sometimes used only as a way of
demonstrating that a vulnerability exists.
However, they are a common component of
malware.
Back Door
A back door is an undocumented way of
accessing a system, bypassing the normal
authentication mechanisms. Some back doors
are placed in the software by the original
programmer and others are placed on
systems through a system compromise, such
as a virus or worm. Usually, attackers use
back doors for easier and continued access
to a system after it has been compromised.
Tuesday 12 August 2014
Computer threats Malware, Spyware, Virus, Worm , Bot , Backdoor
Meaning of HTTP Status Codes
HTTP, Hypertext Transfer Protocol, is the
method by
which clients (i.e. you) and servers
communicate.
When someone clicks a link, types in a URL
or submits
out a form, their browser sends a request to
a server
for information. It might be asking for a
page, or
sending data, but either way, that is called
an HTTP
Request. When a server receives that request,
it sends
back an HTTP Response, with information for
the
client.
Usually, this is invisible, though I'm sure
you've seen
one of the very common Response codes -
404,
indicating a page was not found. There are a
fair few
more status codes sent by servers, and the
following
is a list of the current ones in HTTP 1.1,
along with an
explanation of their meanings.
Acunetix
Acunetix has a free and paid version. This
hacking tool has many uses but in essence it
tests and reports on SQL injection and Cross
Site scripting testing. It has a state of the art
crawler technology which includes a client
script analyzer engine. This security tool
generates detailed reports that identify
security issues and vulnerabilities. The latest
version, Acunetix WVS version 8, includes
several security features such as a new
module that tests slow HTTP Denial of
Service. This latest version also ships with a
compliance report template for ISO 27001.
This is useful for penetration testers and
developers since it allows organizations to
validate that their web applications are ISO
27001 compliant
Aircrack-ng
Aircrack-ng is a comprehensive set of
network security tools that includes,
aircrack-ng (which can cracks WEP and WPA
Dictionary attacks), airdecap-ng (which can
decrypts WEP or WPA encrypted capture
files), airmon-ng (which places network cards
into monitor mode, for example when using
the Alfa Security Scanner with rtl8187),
aireplay-ng (which is a packet injector),
airodump-ng (which is a packet sniffer),
airtun-ng (which allows for virtual tunnel
interfaces), airolib-ng (which stores and
manages ESSID and password lists),
packetforge-ng (which can create encrypted
packets for injection), airbase-ng (which
incorporates techniques for attacking clients)
and airdecloak-ng (which removes WEP
cloaking). Other tools include airdriver-ng (to
manage wireless drivers), airolib-ng (to store
and manages ESSID and password lists and
compute Pairwise Master Keys), airserv-ng
(which allows the penetration tester to
access the wireless card from other
computers). Airolib-ng is similiar to easside-
ng which allows the user to run tools on a
remote computer, easside-ng (permits a
means to communicate to an access point,
without the WEP key), tkiptun-ng (for WPA/
TKIP attacks) and wesside-ng (which an an
automatic tool for recovering wep keys).
Like most of the security tools in our list,
Aircrack also has a GUI interface – called
Gerix Wifi Cracker. Gerix is a freely licensed
security tool under the GNU General Public
License and is bundled within penetration
testing Linux distributions such a kali linux ,
BackTrack And Backbox. The Gerix GUI has
several penetration testing tools that allow
for network analysis, wireless packet
capturing, and SQL packet injection.
Wireshark
Wireshark has been around for ages and is
extremely popular. Wireshark allows the
pentester to put a network interface into a
promiscuous mode and therefore see all
traffic. This tool has many features such as
being able to capture data from live network
connection or read from a file that saved
already-captured packets. Wireshark is able
to read data from a wide variety of
networks, from Ethernet, IEEE 802.11, PPP,
and even loopback. Like most tools in our
2013 Concise Courses Security List the
captured network data can be monitored and
managed via a GUI – which also allows for
plug-ins to be inserted and used. Wireshark
can also capture VoIP packets and raw USB
traffic can also be captured.
How to deface the whole server
There are two type of server
1-shared server
2-independent server
in shared server there are lot of website
running on that server .that's why hacking all
websites is easier.
for mass deface firstly we can find the vuln
website(sqli, rfi,lfi)
after that you can upload your shell
(c99 ,r57)
then if it is Linux server then you can
symlink the server or rooted the server by
using net cat
if it is windows server then you can use
metasploit
for that you can create vuln file and
executed by the shell.after that you got
meterpreter and by using that you have fully
access on all websites for deface