Malicious Code

 This kind of attack includes the execution of viruses, worms, Trojan horses, and active web scripts with the intent to destroy or steal information

 The state of the art in attacking systems in 2002 is the multi-vector worm using up to six attack vectors to exploit a variety of vulnerabilities in commonly found information system devices.

Attack Descriptions:

 IP Scan and Attack – Compromised system scans random or local range of IP addresses and targets any of several vulnerabilities known to hackers or left over from previous exploits

 Web Browsing - If the infected system has write access to any Web pages, it makes all

Web content files infectious, so that users who browse to those pages become infected

 Virus - Each infected machine infects certain common executable or script files on all computers to which it can write with virus code that can cause infection

 Unprotected Shares - using file shares to copy viral component to all reachable locations

 Mass Mail - sending e-mail infections to addresses found in address book

 Simple Network Management Protocol - SNMP vulnerabilities used to compromise and infect

 Hoaxes - A more devious approach to attacking computer systems is the transmission of a virus hoax, with a real virus attached.

 Back Doors - Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource

 Password Crack - Attempting to reverse calculate a password

 Brute Force - The application of computing and network resources to try every possible combination of options of a password

 Dictionary - The dictionary password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) to guide guesses

 Denial-of-service (DoS) –

– attacker sends a large number of connection or information requests to a target

– so many requests are made that the target system cannot handle them

successfully along with other, legitimate requests for service

– may result in a system crash, or merely an inability to perform ordinary functions

 Distributed Denial-of-service (DDoS) - an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

 Spoofing - technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host

 Man-in-the-Middle - an attacker sniffs packets from the network, modifies them, and inserts them back into the network

 Spam - unsolicited commercial e-mail - while many consider spam a nuisance rather than an attack, it is emerging as a vector for some attacks.

 Mail-bombing - another form of e-mail attack that is also a DoS, in which an attacker routes large quantities of e-mail to the target

 Sniffers - a program and/or device that can monitor data traveling over a network.

Sniffers can be used both for legitimate network management functions and for stealing information from a network

 Social Engineering - within the context of information security, the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker

 People are the weakest link. You can have the best technology; firewalls, intrusion- detection systems, biometric devices ... and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything.‖

 ―brick attack‖ – the best configured firewall in the world can‘t stand up to a well placed brick.

 Buffer Overflow –

– application error occurs when more data is sent to a buffer than it can handle– when the buffer overflows, the attacker can make the target system execute instructions, or the attacker can take advantage of some other unintended consequence of the failure

 Timing Attack –

– relatively new

– works by exploring the contents of a web browser‘s cache

– can allow collection of information on access to password-protected sites

– another attack by the same name involves attempting to intercept cryptographic

elements to determine keys and encryption algorithms.