Tuesday, February 28, 2012

ASSIGNMENT (VIRUS)


 What is a Virus?


        A virus is just a piece of software which can copy itself inside of computers whenever it is executed, and, overall, which contains statements to damage the system where it is runned.
  SOURCE: http://www.tml.tkk.fi/Opinnot/Tik-110.501/1997/viruses.html


          It  is a potentiallly damaging computer program that affects or infects a computer negatively by a altering the way the computer works without the computer knowledge or permission. Once the virus infects the computer, it can spread throughout and may damage files and system software including the operating system.
  SOURCE: DISCOVERING THE COMPUTERS 2007, A GATEWAY TO INFORMATION




Worm


        A worm is a program which spreads usually over network connections. Unlike a virus which attach itself to a host program, worms always need a host program to spread. In practice, worms are not normally associated with one person computer systems. They are mostly found in multi-user systems such as Unix environments. A classic example of a worm is Robert Morrisis Internet-worm 1988
SOURCE: http://www.tml.tkk.fi/Opinnot/Tik-110.501/1997/viruses.html






Trojan horses


          They aren't really viruses, because they can't produce a copy of themselves, but they are really dangerous. You can't identify them, because they are hidden inside of normal programs. They don't produce effects for a while, and you think that your system is clean. But they come out in an unforeseeable way. Very famous is the 'PKZIP300.EXE' trojan horse, which isn't the new version of PKZIP program (its last release never reached 3.0!). Antiviruses can nothing in these cases. However it isn't so easy to meet a trojan horse. Usually they are so famous that it's pretty difficult to load them inside computers.
           SOURCE:http://www.wowarea.com/english/help/kindvir.htm




Payload


  The eventual effect of a software virus that has been delivered to a user's computer.


    SOURCE: http://searchsecurity.techtarget.com/definition/payload


It is the event or prank the program is intended to deliver the computer infected by a virus, worm or Trojan Horse often has one or more symptoms.


SOURCE: DISCOVERING THE COMPUTERS 2007, A GATEWAY TO INFORMATION




HONEYPOTS


       Is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.


SOURCE:http://en.wikipedia.org/wiki/Honeypot_(computing)


       
BOTNETS


       A botnet is a collection of compromised computers connected to the Internet (each compromised computer is known as a 'bot'). When a computer is compromised by an attacker, there is often code within the malware that commands it to become part of a botnet. The "botmaster" or "bot herder" controls these compromised computers via standards based network protocols such as IRC.


SOURCE:http://en.wikipedia.org/wiki/Honeypot_(computing)


SPOOFING



       Spoofing is when an attacker pretends to be someone else in order gain access to restricted resources or steal information. This type of attack can take a variety of different forms; for instance, an attacker can impersonate the Internet Protocol (IP) address of a legitimate user in order to get into their accounts. Also, an attacker may send fraudulent emails and set up fake websites in order to capture users’ login names, passwords, and account information. Faking an email or website is sometimes called a phishing attack. Another type of spoofing involves setting up a fake wireless access point and tricking victims into connecting to them through the illegitimate connection.
IP addresses are similar to postal addresses and route information to the correct location across networks. Data is broken up and sent in pieces called packets. Each packet contains the sender’s and the recipient’s address. IP address spoofing is possible because an attacker can forge the sender’s address and make the packet appear to be coming from someone else. A common use of IP address spoofing is a denial of service attack where an attacker using spoofing to hide the source of their attack.

DENIAL OF SERVICE ATTACKS



      This document provides a general overview of attacks in which the primary goal of the attack is to deny the victim(s) access to a particular resource. Included is information that may help you respond to such an attack.
A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include

  • attempts to "flood" a network, thereby preventing legitimate network traffic
  • attempts to disrupt connections between two machines, thereby preventing access to a service
  • attempts to prevent a particular individual from accessing a service
  • attempts to disrupt service to a specific system or person

Not all service outages, even those that result from malicious activity, are necessarily denial-of-service attacks. Other types of attack may include a denial of service as a component, but the denial of service may be part of a larger attack.
Illegitimate use of resources may also result in denial of service. For example, an intruder may use your anonymous ftp area as a place to store illegal copies of commercial software, consuming disk space and generating network traffic.

SOURCE:http://www.cert.org/tech_tips/denial_of_service.html#1


BACKDOOR


        A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.




The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference.[1] They noted a class of active infiltration attacks that use "trapdoor" entry points into the system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning. More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J.P. Anderson and D.J. Edwards in 1970.[2]
A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. A famous example of this sort of backdoor was used as a plot device in the 1983 film WarGames, in which the architect of the "WOPR" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode and direct interaction with the artificial intelligence).

SOURCE:http://en.wikipedia.org/wiki/Backdoor_(computing)



FIREWALLS

       firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.
Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routersthat pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.

SOURCE:http://en.wikipedia.org/wiki/Firewall_(computing)