Introduction to Cyber Security (22ETC15I) Module 2

MODULE-2: Cyber Offenses:

Cyber Offenses: How Criminals Plan Them: Introduction, how criminals plan the
attacks, Social Engineering, Cyber Stalking, Cybercafe & cybercrimes.
Botnets: The fuel for cybercrime, Attack Vector. Textbook:1 Chapter 2 (2.1 to 2.7)

2.1 Introduction

1. Explain the following terminologies? (06 M)

I. Hacker
II. Brute Force Hacking
III. Cracker
IV. Cracker tools
V. Phreaking
VI. War dialer

• Hacker: A hacker is person with strong interest in computers who enjoys learning
and experimenting with them. He/She is very talented, smart people who
understand computer better than the others.

• Brute Force Hacking: It is a technique used to find passwords or encryption keys.

It involves trying every possible combination of letters, number, etc, until the code
is broken.

• Cracker: A Cracker is a person who breaks into computers. Crackers should not be
confused with hackers the term "cracker” is usually connected to computer
criminals. Crimes conducted by crackers are vandalism, theft and snooping in
unauthorized areas.

• Cracking: It's the act of breaking into computers. Cracking is a popular growing
subject on the internet. There are website→ supplying crackers with programs that
allows them to crack computers (like guessing passwords); they used to break
phone line (phreaking). These files display warnings such as "These files are illegal;
we are not responsible for what you do with them”

• Cracker tools: These are programs that’ break into computer. These are widely
distributed on the internet. Like password crackers, Trojans, Viruses, war dialers
and worms

• Phreaking: This is notorious art of breaking into phone or other communication

systems.

• War dialer: It is program that automatically dials phone numbers looking for
computers on the other end. It catalogs numbers so that the hackers can call back
and try to break in.

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

2. With neat sample network, explain the categories of vulnerabilities that hackers
typically search (06 M)

The network shown in figure 1 consists of the many workstations. These workstations
are connected by switch. Intern switch is connected to the Citrix server and
applications servers.
The clinical data is analyzed and intern connected to the switch.
• BIND: Berkely Internet Name Domain
• IDS: Intrusion Detection System
• IIS: Internet Information Service
• DNS: Domain Name Service
•
Categories of vulnerabilities that hackers typically search for are
1. Inadequate border protection (border as in the sense of network periphery);
Many workstations are connected together and employee instals the PC without a
password. Poor password allows the guessing of password easily.
2. Remote Access Servers (RASs) with weak access controls
These are connected to all the network. A Firewall will protect the PC, by reporting
suspicious activity, when admis tarator fails to monitor the IDS alters.
IDS is a Intrusion Detection system, It is a system that monitors network traffic for
suspicious activity and alters when such activity is discovered.
3. Application servers with well-known exploits;
Administrator fails to install patch to fix the BIND Vulnerability.
Web admis tarator fails to install patch to fix IIS Unicode vulnerability
4. Misconfigured systems and systems with default configurations.

The router which is misconfigured highly vulnerable to DoS attack.

Fig1. Network vulnerabilities-Sample network

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

3. Explain the Four different hat concept in cyber security? (06 M)

Ans:

• Black Hat- Just like in the old westerns, these are the bad guys. A black hat
is also called cracker.

• To add insult to injury, black hats may also share information about the
“break in” with other black hat crackers so they can exploit the same
vulnerabilities before the victim becomes aware and takes appropriate
measures.

• White Hat- White black hats use their skill for malicious purposes, white
hats are ethical hackers.

• They use their knowledge and skill to thwart the black hats and secure the
integrity of computer systems or networks.

• If a black hat decides to target you, it’s a great thing to have a white hat
around. White hat focuses on securing IT systems.

• Whereas black hat would like to break into them. It's like thief and police
game.

• Brown hat hacker is one who thinks before acting or committing a malice or
non-malice deed.

• A Grey hat Commonly refers to a hacker who releases information about

any exploits or security holes he/she finds openly to the public.

• He/she does so without concern for how the information is used in the end.
(whether for patching or exploiting).

4. How are cybercrimes classified? Explain with examples.

• OR
Explain the categories of cybercrime?

Ans: Categories of Cybercrime

• Cybercrime can be categorized based on the following:

• The target of the crime and whether the crime occurs as a Single event or as
a series of events

• Target of the crime

• Cybercrime can be targeted against individuals (persons), asses (property)

and/or organizations (government, business and social).

• Whether the crime occurs as a Single event or as a series of events

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

• Single event of cybercrime: hacking or fraud

• Series of events: Cyberstalking

1. Crimes targeted at Individuals

• The goal is to exploit human weakness such as greed and naivety. These
crimes include financial frauds, sale of non-existent or stolen items, child
pornography, copyright violation, harassment, etc.

• with the development in the IT and the Internet; thus, criminals have a new
tool that allows them to expand the pool of potential victims. However, this
also makes difficult to trace and apprehend the criminals

• Crimes targeted at Property

• These includes stealing mobile devices such as cell phone, laptops, personal
digital assistant (PDAs), and removable medias (CDs and pen drives);

• Transmitting harmful programs that can disrupt functions of the systems

and/or can wipe out data from hard disk.

• And can create the malfunctioning of the attached devices in the system
such as modem, CD drive etc.,

Crimes targeted at Organizations

• Cyberterrorism is one of the distinct crimes against

organizations/governments.

• Attackers (individuals or groups of individuals) use computer tools and the

Internet to usually terrorize the citizens of a particular country by stealing
the private information and also to damage the programs files

• They plant programs to get control of the network system.

Single event of Cybercrime

• It is the single event from the perspective of the victim.

• Ex. Unknowingly open an attachment that may contain virus that will infect
the system (PC/Laptop). It is known as hacking or fraud.

Series of events

• This involves attacker interacting with the victims repetitively.

• Example, attacker interacts with the victim on the phone and/or via chat
rooms to establish relationship first and then exploit that relationship to
commit sexual assault. Ex. Cyberstalking

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

2.2 How criminals plan the attacks,

5. What are the six phases involved in planning cybercrime. And Discuss
(10M)
Phases involved in planning Cybercrime:
1. Reconnaissance
2. Information gathering, first phase passive attack
3. Scanning and scrutinizing the gathered information
4. For validity of the information as well as to identify the existing vulnerabilities
5. Launching an attack and Gaining and maintaining the system access.
Phase 1: Reconnaissance
• It is an act of reconnoitering- explore, often with the goal of finding something
or somebody (gain information about enemy (potential enemy)
• In the world of "hacking," reconnaissance phase begins with foot printing -
this is the preparation toward preattack phase, and involves accumulating
data about the target environment and computer architecture to find ways to
intrude into that environment.
• The objective of this preparatory phase is to understand the system, its
networking ports and services, and any other aspects of its security that
are needful for launching the attack.
• Two phases: passive and active attacks.

Phase 2: Information gathering, first phase passive attack

This Phase Involves gathering information about the target without his/her
knowledge.
1. Google or Yahoo search locate information about employees
2. Surfing online community groups Facebook to gain information about an
individual
3. Organizations website for personal directly or information about the key
employees used in social engineering attack to reach the target.
4. Blogs news groups press releases etc.,
5. Going through job posting
6. Network sniffing information on internet protocol address ranges hidden
server or network or service on the system.
Active Attacks:
It involves probing the network to discover individual host to confirm the
•
information (IP address, operating system type and version, and services on
the network) gathered in the passive attack phase
• Also called as Rattling the Doorknobs or Active Reconnaissance
• Can provide confirmation to an attacker about security measures in place
(Whether front door is locked?)
Phase 3: Scanning and scrutinizing the gathered information
• Is a key to examine intelligently while gathering information about the target
The objectives are:
1. Port scanning
2. Network scanning
3. Vulnerability scanning

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

Port scanning:
• The act of systematically scanning a computer port.
• Support is a place where information goes into and out of a computer port
scanning identify is open doors to a computer.
• It is a similar to a test going through your neighborhood and checking
every door and window on each house to see which ones are open and
which ones are locked.
• There is no way to stop someone from port scanning your computer while
you are on the Internet because accessing internet server open support
which open the door to your computer.
Scrutinizing Phase
• It is also called as enumeration in the hacking world. The object to behind the
step is to identify the following
1. The valid user accounts or groups;
2. Network resources and/or shared resources;
3. Operating System (OS) and different applications that are running on the OS.

Phase 4: For validity of the information as well as to identify the existing

vulnerabilities. After collecting the data on the victim, validate the acquired
information and also identify the vulnerabilities.
Phase 5: Launching an attack and gaining and maintaining the system access.
• After scanning and scrutinizing (enumeration) the attack is launched using
the following steps.
1. Crack the password
2. Exploit the privileges
3. Execute the malicious command or application
4. Hide the files
5. Cover the tracks- delete access logs, so that there is no trial illicit activity

6. Explain the difference between passive and active attacks. Provide examples. (10M)

Key Passive Attacks Active Attacks

Definition Attempts to Gain information It involves probing the network to
about the target without discover individual host to confirm
his/her permission. the information (IP address,
operating system type and version,
and services on the network)
gathered in the passive attack phase

Requirement Leads to Breaches of Affects the Availability, Integrity and

confidentiality. Authenticity of data

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

In Active Attack, information is In Passive Attack, information remains

Modification
modified. unchanged.
Dangerous Active Attack is dangerous for Passive Attack is dangerous for
For Integrity as well as Availability. Confidentiality.
Attention is to be paid on Attention is to be paid on prevention.
Attention
detection.
An Active Attack can damage A Passive Attack does not have any
Impact on
the system. impact on the regular functioning of a
System
system.
The victim gets informed in an The victim does not get informed in a
Victim
active attack. passive attack.
Tracking It is difficult to track, it Comparatively easy to trace.
does not leave the any
traces of the attacker's
interference.
Example of Spying, War driving, Session hijacking, Man-in the
attacks Eavesdropping, Dumpster middle (MITM), impersonation,
diving, Foot printing, DoS, DDoS etc.,
Traffic analysis

7. Explain in details Ports and Ports scanning in cyber offenses (06M)

• The act of systematically scanning a computer port.

• Support is a place where information goes into and out of a computer port
scanning identify is open doors to a computer.
• It is a similar to a test going through your neighborhood and checking every
door and window on each house to see which ones are open and which ones
are locked.
• There is no way to stop someone from port scanning your computer while you
are on the Internet because accessing internet server open support which
open the door to your computer.
• There are however software product that can stop port scanner from doing any
damage to your system.
• Port scan consists of sending message to each port one at a time.
• The kind of response received indicates whether the port is used and can there
for be proved for weakness.
• The result of a scan on a port is usually generalized into one of the following
categories
• Open or accepted
• Closed or not listening
• Filtered or blocked.
• A port is an interface on a computer to which one can connect a Device.
•
TCP IP Protocol suite made out of the two protocol TCP and UDP is used

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

Universally to communicate on the Internet each of these ports 0 through

65536 (that is in the range rover 2^0 to 2^16 for binary address calculations.
• The port numbers are divided into 3 ranges:
• 1. Well known ports from 0 to 1023
• 2. Registered ports
• 3. Dynamic and/or private ports
• Ports 20 and 21 File Transfer Protocols (FTP) are used for uploading and
downloading of information.
• Port 25-Simple Mail Transfer Protocol (SMTP) is used for sending/receivingE-
Mails.
• Port 23- Telnet Protocol-is used to connect directly to a remote host and
internet control message.
• Port 80-it is used for Hypertext Transfer Protocol (HTTP).
• Internet Control Message Protocol (ICMP) -It does not have a port abstraction
and is used for checking network errors, for example. ping.

We have the following types of Ports scans namely

• Vanilla: the scanner attempts to connect all 65,535 ports.
• Probe: Amore focus scan looking only for non-services to exploit
• Fragmented packets: the scanner since packets fragments that get through
simple packet filters in a Firewall.
• UDP the scanner Looks for open UDP ports
• sweep the scanner connects to a same port on more than one machine
• FTP Bounce the scanner goes through FTP server in order to disguise the
sources of the scan
• Stealth scanner the scanner blocks the scanned computer from recording
the port can activities

2.3 Social Engineering,

8. What is social engineering? Explain with example

• social engineering Is a Technique to influence and persuasion to device people

to obtain the information or perform some action.
• A social engineer uses telecommunications or internet to get them to do
something that is against the security practices and/or policies of the
organization.
• SE involves gaining sensitive information or unauthorized access privileges by
building inappropriate trust relationship with insiders.
• It is an art of exploiting the trust of people.
• The goal of SE is to fool someone into providing valuable information or
access to that information.
• SE studies human behavior so that people will help because of the desire to
be helpful, the attitude to trust people, and fear of getting into trouble.
• An example is calling a user and pretending to be someone from the service
desk working on a network issue; the attacker then proceeds to ask question

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

about what the user is working on, what files shares he/she uses, what
his/her password is and so on..,
• Example: Talking to an employee of a company, in the name of technical
support from the same office. While taking with the employee the attacker will
collect the confidential information such as name of the company, username
and password etc.

9. Explain the classification of social engineering with examples. (08M)

Human based Social Engineering

It refers to person to person interaction to get the required/desired information.

Impersonating an employee or valid user:

Impersonation" (e.g.. posing oneself as an employee of the same organization) is perhaps
the greatest techniques used by SE to deceive people.
SE take the advantages of the fact that most people are basically helpful, so they are
harmless to tell someone who appears to be lost where the computer room is located. Or
pretending some one as employee or valid user on the system.

Posing as an important user:

The attacker pretends to be an important user for example a chief Executive Officer
(CEO) or high-level manager who needs immediate assistance to gain access to a system.
They think that low level employee don’t ask about the proof or questions to the higher
level employees.

Using a third person:

An attacker pretends to have permission from an authorized source to use a system. This
trick is useful when the supposed authorized personnel is on vacation or cannot be
contacted for verification.

Calling technical support

Calling the technical support for assistance is a classic social engineering example. Help-
desk and technical support personnel are trained to help users, which makes them good
prey for Social Engineering attacks.

Shoulder surfing
It is a technique of gathering information such as usernames and passwords by watching
over a person's shoulder while he/she logs into the system, thereby helping an attacker to
gain access to the system.

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

Fig Shoulder Surfing

Dumpster diving
It involves looking in the trash for information written on pieces of paper or
computer printouts. This is a typical North American term; it is used to describe the
practice of rummaging through commercial or residential trash to find useful free items
that have been discarded.
It is also called dumpstering, binning, trashing garbing or garbage gleaning "Scavenging is
another term to describe these habits. In the UK, the practice is referred to as "binning or
"skipping and the person doing it is a "binner" or a "skipper.

Example: gong through someone's trash for to recover documentation of his/her

critical data [ e.g., social security number (SSN) in the US, PAN/AADHAR number in
India, credit card identity (ID) numbers, etc.].

Computer based Social Engineering

It uses a computer software/Internet to get the required/ desired information.

Fake E-Mails
An attacker sends emails to numerous users in such that the user finds it as
legitimate mail. This activity is called as Phishing. Free websites are available to
send fake emails. One can observe here that "To" in the text box is a blank space.
Phishing involves false emails, chats or websites designed to impersonate real
systems with the goal of capturing sensitive data.
A mail might send to victim (Internet users/ Netizens) by attacker to reveal their
personal information. Phishing is carried through email or instant messaging.

E-Mail attachment
E-Mail attachments are used to send malicious code to a victim's system, which will
automatically (e.g. keylogger utility to capture passwords) get executed.
Viruses. Trojans, and worms can be included cleverly into the attachments to entice a
victim to open the attachment.

Pop-up windows
Pop-up windows are also used. in a similar manner to E Mail attachments Pop-up
windows with special offers or tree stuff can encourage a user to unintentionally install
malicious software.

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

2.4 Cyber Stalking,

10. What is cyberstalking? As per your understanding is it a crime under the Indian IT
act? (06M)

cyberstalking is the use of Internet or other electronics means to stalk or harass an

individual, a group or an organization. It may include false accusation, defamation,
slander and liable.
It also include monitoring, identity (ID) theft, threats, vandalism, solicitation of minors for
sex, or gathering information that may be used to threaten or harass a person.
Cyberstalking is sometimes referred to as Internet stalking, e-stalking or online stalking.
It refers to the use of Internet or electronic communication such as e-mail or instant
messages to harass the individual.

As per Law Cyber Stalking is a punishable offence and attracts section 354 (D), 509
IPC, and section 67 under I.T. Amendment Act 2008. Information Technology Act, 2000
(amended in 2008) - When a person publishes or sends salacious material via electronic
media is to be charged under Section 67 of the Act.
[Source: https://infosecawareness.in/concept/safety-on-
cyberstalking#:~:text=As%20per%20Law%20Cyber%20Stalking,Section%2067%20of%20the
%20Act.]

11. Explain types of Stalkers (06M)

We have two types of stalkers namely, Online Stalkers and Offline Stalkers.

Both are criminal offenses, both are motivated by a desire to control, intimidate of
influence a victim.
A Stalker may be an online stranger or a person whom the target knows. He may be
anonymous and solicit involvement of other people online who do not even know the
target.
Online Stalkers Offline Stalkers
They aim to start the interaction with the The stalker may begin the attack using
victim directly with the help of s traditional methods such as following the
Internet. E-Mail and chat rooms are the victim, watching the daily routine of the
most popular communication medium to victim, etc. Searching on message
get connected with the victim, rather than boards/newsgroups. Personal websites, and
using traditional instrumentation like people finding services or websites are most
telephone cell phone. The stalker common ways to gather information
makes sure that the victim recognizes the about the victim using the Internet. The
attack attempted on him/her. The stalker victim is not aware that the Internet has
can make use of been used to perpetuate an attack against
a third party to harass the victim. them.

12. Explain the steps of how stalking works? (08M)

The working of stalking is discussed in the below seven steps,

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

1. Personal information gathering about the victim.

2. Established a contact with the victim through telephone or cell phone start
threatening or Harass.
3. Establish a contact with the victim through email
4. Keep sending repeated emails asking for various kinds of favors or threaten the
victim
5. Post victim's personal information's on any website related to illicit services
6. Who so ever comes across the information start calling the victim on the given
contact details asking for sexual services
7. Some stalkers may Subscribe/Register email account of the victim to innumerable
pornographic and sex sites, because of which victim will start receiving such kinds
of unsolicited e-mails.

13.Explain the Real-life Incident of Cyberstalking? (06M)

Case Study
The Indian police have registered first case of cyberstalking in Delhi- the brief account of
the case has been mentioned here. To maintain confidentiality and privacy of the entities
involved, we have changed their names. Mrs. Joshi received almost 40 calls in 3 days
mostly at odd hours from as far away as Kuwait, Cochin, Bombay, and Ahmadabad. The
said calls created havoc in the personal life destroying mental peace of Mrs. Joshi who
decided to register a complaint with Delhi Police.
A person was using her ID to chat over the Internet at the website www.mirc.com, mostly
in the Delhi channel for four consecutive days. This person was chatting on the Internet,
using her name and giving her address, talking in obscene language. The same person
was also deliberately giving her telephone number to other chatters encouraging them to
call Mrs. Joshi at odd hours.
This was the first time when a case of cyberstalking was registered. Cyberstalking does
not have a standard definition but it can be defined to mean threatening, unwarranted
behaviour, or advances directed by one person toward another person using Internet and
other forms of online communication channels as medium.

2.6 Cybercafe & cybercrimes.

14. How cybercafes are creating the paths for cybercrimes? (08M)
• An Internet café or Cybercafé is a place which provides internet access to the public
usually for a fee.
• According to Nielsen Survey on the profile of Cybercafe users in India:
1. 37% of the total population uses cyber cafes
2. 90% of this word male in the age group of 15 to 35 years
3. 52% graduates and post graduates
4. > than 50% were students
• Hence it is extremely important to understand the IT security and governance
practice in the cyber café.

• Cyber café are Used for either real or falls terrorist communication
• For stealing bank password fraudulent withdraw of money
• Keyloggers or Spyware.

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

• Shoulder Surfing
• For sending options Mails to harass people
• They are not network service providers (NSP) according to IT act 2000
• They are responsible for due diligence

15. Illegal activities observed in cyber cafes. (07 M)

1. Pirated software's operating system Browser office.

2. Anti-virus software not updated
3. Cybercafes have installed deep freeze software to protect computer from
prospective malware attacks. This software clears all the activities carried out
details when then press the restart button, hence problem for police or crime
investigators to search the victim.
4. Annual Maintenance Contract (AMC) found to be not in place for serving computer.
Not having AMC is a risk, because cybercriminal can install malicious code for
criminal activities without any interaction.
5. Pornographic websites and similar websites with indecent contents are not blocked.
6. Cybercafe Owners have less Government /ISPs/State Police (cyber-Cell wing) do not
provide s awareness about the IT security and IT Governance.
7. IT Governance guidelines to cybercafé owners
8. No periodic visits to Cyber Cafe by cyber-Cell wing (state Police) or Cybercafe
Association.

16.Discuss the safety and security measures while using the computer in a cybercafe?
(08M)

1. Always logout do not save login information through automatic login

information
While checking E-Mails or logging into chatting services such as instant messaging
or using any other service that requires a username and a password, always click
"logout or sign out" before leaving the system. Simply closing the browser window is
not enough, because if some body uses the same service after you then one can get an
easy access to your account. However, do not save your login information through
options that allow automatic login. Disable such options before logon

2. Stay with the computer

While surfing/browsing, one should not leave the system unattended for any period of
time. If one has to go out, logout and close all browser windows.

3. Clear history and temporary files

Internet Explorer saves pages that you have visited in the history folder and in
temporary Internet files. Your passwords may also be stored in the browser if that
option has been enabled on the computer that you have used. therefore, before you
begin browsing, do the following in case of the browser Internet Explorer: Go to Tools>
Internet options click the Content tab > click AutoComplete. If the checkboxes for
passwords are selected, deselect them. Click OK twice.
After you have finished browsing, you should clear the history and temporary Internet
files folders.

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

For this, go to Tools > Internet options again> click the General tab go to Temporary
Internet Files > click Delete Files and then click Delete Cookies
Then, under history, click clear history. Wait for the process to finish before leaving the
computer
4. Be alert don't be a victim of Shoulder Surfing
One should have to stay alert and aware of the surroundings while using a public
computer. Snooping over the shoulder is an easy way of getting your username and
password.
5. Avoid online financial transaction
Ideally one should avoid online banking, shopping or other transactions that require one
to provide personal, confidential and sensitive information such as credit card or bank
account details. In case of urgency, one has to do it; however, one should take the
precaution of changing all the passwords as soon as possible. One should change the
passwords using a more trusted computer, such as at home and/or in office.
6. Change password
ICICI Bank/SBI about changing the bank account/transaction passwords is the best
practice to be followed by every one who does the online net banking.

7. Virtual Keyboard

Nowadays almost every bank has provided the virtual keyboard on their website.
The advantages of utilizing virtual keyboard is we can avoid the keylogger attack.

8. Security warnings
One should take utmost care while accessing the websites of any banks/financial
institution. The screenshot in Fig. 2.7 displays security warnings very clearly (marked
in bold rectangle), and should be followed while accessing these financial accounts
from cybercafe

2.7 Botnets: The fuel for cybercrime,

17. Explain how Botnets can be used as fuel to cybercrime (06M)

Bot: “ An automated program for doing some particular task, often over a network”
A botnet (also known as a zombie army) is a number of internet computer that, although their
owners are unaware of it, have been set up to forward transmissions (including spam or
viruses )
Any such computer is called as a zombie-in effect, a computer “robot” or “bot” that servers the
wishes of some master spam or virus originator.
Most computers compromised in this way are home based.
According to a report from Russian based Kaspersky labs botnets– not spam, viruses, or
worms– currently pose the biggest threat to the Internet.

18. Explain with neat diagram how Botnets create business and used for gainful
purpose. (08M)

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

Botnets uses for gainful purpose

19. Define the following technical terms:

• Malware
• Adware
• Spam
• Spamdexing
• DDoS

Malware: It is malicious software. designed to damage a computer system without the owners
informed consent. Viruses and worms are the examples of malware.
Adware: It is advertising-supported software. which automatically plays, displays, or
downloads advertisements to a computer after the software is installed on it or while the
application is being used. Few spywares are classified as adware.
Spam: It means unsolicited or undesired E-Mail messages
Spamdexing: It is also known as search Spam or search engine Spam. It involves a number
of methods. such as repeating unrelated phrases, to manipulate the relevancy or prominence
of resources indexed by a search engine in a manner inconsistent with the purpose of the
indexing system.
DDoS: Distributed denial-of service attack (DDoS) occurs when multiple systems flood
bandwidth of resources of a targeted system, usually one or more web servers. These systems
are by attackers using a variety of methods.
20. Discuss the steps to secure the computer system (04 M)
Ways to secure the system [USUDDCT]
1. Use antivirus and anti-Spyware and keep it up-to-date
lt is important to remove and/or quarantine the viruses. The settings of these
software's should be done during the installations so that these software's get
updated automatically on a daily basis.

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

2. Set the OS to download and install security patches automatically

OS companies issue the security patches for flaws that are found in these systems.

3. Use firewall to protect the system from hacking attack, while it is connected to
the Internet.
A firewall is a software and/or hardware that is designed to block unauthorized access
while permit- ting authorized communications. It is a device or set of devices
configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic
between different security domains based upon a set of rules and other criteria. A
firewall is different from antivirus protection. Antivirus software scans incoming
communications and files for troublesome viruses vis-à-vis properly configured
firewall that helps to block all incoming communications from unauthorized sources.

4. Disconnect internet when not in use

Attackers cannot get into the system when the system is disconnected from the
Internet. Firewall, antivirus, and anti-Spyware software's are not foolproof
mechanisms to get access to the system
5. Don’t trust free downloads, download freeware from trustworthy websites.
It is always appealing to download free software(s) such as games, file-sharing
programs, customized toolbars, etc. However, one should remember that many free
software(s) contain other software, which may include Spyware

6. Check regularly inbox and sent items, for those messages you did not send.
If you do find such messages in your outbox, it is a sign that your system may have
infected with Spyware, and maybe a part of a Botnet. This is not foolproof; many
spammers have learned to hide their unauthorized access.

7. Take immediate action if system is infected.

If your system is found to be infected by a virus, disconnect it from the Internet
immediately. Then scan the entire system with fully updated antivirus and anti-
Spyware software. Report the unauthorized accesses to ISP and to the legal
authorities. There is a possibility that your passwords may have been compromised in
such cases, so change all the passwords immediately.

2.8 Attack Vector.

21. What are the different attacks launched with attack vector and explain
in detail. (08M)
• An attack vector is a path or means by which a hacker (or cracker) can gain access
to a computer or network server in order to deliver a payload or malicious
outcomes.
• Attack vectors enable hackers to exploit system vulnerabilities, including the
human element.
• Attack vector include viruses, email attachments, Web pages, pop-up windows,
instant messages, chat rooms, and deception.
• All of these methods involve programming (or hardware), except deception, in which
a human operator is fooled into removing or weaking system defenses.

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

• To some extent, Firewalls and anti-virus software can block attack vectors.
• But no protection method is totally attempting proof.
• A defense method that is affected today may not remain so for long, because
hackers are constantly updating Attack vectors, and seeking new ones, in their
quest to gain unauthorized access to computers and servers.
• If vulnerability is at the entry point then attack vectors are the way attacks can
launch their results are try to infrate the building .
• In the broadest sent purpose of the attack battery in plant or piece of code that
makes use of a Wonderla score is called as pay load Android vector very in how a
balloon is implemented the most common malicious follow the viruses which can
function as their own attack vectors ) Trojan horses, worms and spyware.
• If an attack vector is thought of as guided missile, its payload can be compared to
the warhead in the tip of the missile.

Different ways to launch Attack

Attack by E-mail:
The hostile content is either embedded in the message or linked to by the message.
Sometimes attacks combine the two vectors, so that if the message does not get you, the
attachment will. Spam is almost always carrier for scams, fraud, dirty tricks, or malicious
action of some kind. Any link that offers something "tree or tempting is a suspect.

Attachments:
Malicious attachments install malicious computer Code. The code could be a virus, Trojan
Horse, Spyware, or any other kind of malware. Attachments attempts to install their
payload as soon as you open them.

Attacks by deception: social engineering/hoaxes

Deception is aimed at the user/operator as a vulnerable entry Point. It is not just
malicious computer code that one needs to monitor. Fraud, scams, hoaxes, and some
extent Spam, not to mention viruses, worms and such require the unwitting cooperation
of computer's operator to succeed. Social engineering and hoaxes are other forms of
deception that are often an attack vector too.

Hackers
Hacker or cracker are a formidable attack vector because, unlike ordinary malicious code,
people are flexible and they can improvise. They have hacking tool, heuristic, and social
engineering to gain access to computer and online accounts. They often install Trojan
Horse to commandeer the computer for their own use.

Heedless guests (attack by webpages):

Counterfeit websites are used to extract personal information. Such websites look very
much like the genuine websites they imitate. One may think he/she is doing business
with someone you trust. However, he/she is really giving their personal information, like
address, credit card number, and expiration date. They are often used in conjunction with
Spam, which gets you there in the first place. Pop-up webpages may install Spyware,
Adware or Trojans.

vtucode.in
 Introduction to Cyber Security (22ETC15I) Module 2

Attack of the worms:

Many worms are delivered as E-Mail attachments, but network worms use holes in
network protocols directly. Any remote access service, like file sharing, is likely to be
vulnerable to this sort of worm. In most cases, a firewall will block system worms. Many of
these system worms install Trojan Horses. Next, they begin scanning the Internet from the
computer they have just infected, and start looking for other computers to infect. If the
worm is successful, it propagates rapidly. The worm owner soon has thousands of
"zombie" computers to use for more mischief.

Malicious macros:
Microsoft Word and Microsoft Excel are some of the examples that allow macros. A macro
does something like automating a spreadsheet, for example. Macros can also be used for
malicious purposes. All Internet services like instant messaging, Internet Relay Chart
(IRC), and P2P file-sharing networks rely on cozy connections between the computer and
the other computers on the Internet. If one is using P2P software then his/her system is
more vulnerable to hostile exploits

Foistware/sneakware: Foistware is the software that adds hidden components to the

system on the sly. Spyware is the most common form of Foistware. Foistware is quasi-
legal software bundled with sone attractive software. Sneak software often hijacks your
browser and diverts you to some "revenue opportunity" that the Foistware has set up.

Viruses:
These are malicious computer codes that hitch a ride and make the payload. Nowadays,
virus vectors include E-Mail attachments, downloaded files, worms, etc.

22. Explain the Zero-Day Attack? (04 M)

A zero-day attack

A zero-day (or zero - hour or day zero) attack or threat is an attack that exploits a
previously unknown vulnerability in a computer applications or operating system, one
that developers have not had time to address and patch.
Software vulnerabilities may be discovered by hackers by security companies or
researchers, by the software vendors themselves of by users.
If discovered by hackers, an exploit will be kept secret for as long as possible and will
circulate only through the ranks of hackers, until software or security companies become
aware of it or of the attacks targeting it.
Zero-day emergency response team (ZERT): This is a group of software engineers who
work to release non-vendor patches for zero-day exploits. Nevada is attempting to provide
support with the Zero day Project at www.zerodayproject.com, which purports to provide
information on upcoming attacks and provide support to vulnerable systems.

***********************end***************************

vtucode.in