INTRODUCTION
Two of the common known attacks on computing systems are the deployment of computer viruses and malware.
Computer viruses are minute program which is “embedded inside an application or within a data file which can copy itself into another program“(Adams et al, 2008 ) for the sole determination of meddling with normal computer operations. The consequences may range from corruption and deletion of data; propagation of virus on to network and deployment through attachments through emails in order to further creating havoc to all associated computing devices.
Malwares are mischievous programs crafted to agitate or forbid normal operations to gather selected information which may lead to loss of privacy through
…show more content…
This scripting language is also increasingly being used as an attack mechanism by predators that exploit vulnerabilities within the client’s web browser; unpatched software or other JavaScript based applications for mounting their attack (Karanth et al, 2011). The assailant commonly obtains the information for identify theft and for personal financial gains (Wadlow, 2009).
The methods which the adversary employs may vary from:
1. Zero Day Exploits where the assailant discovers a flaw ahead of the security community in raises the defense (Wadlow, 2009).
2. Injection Attacks where the attacker deposits the scripts into a web request to execute at the client-end (Wadlow, 2009).
3. Cross site vulnerability due to poorly validated coding in JavaScript and DOM (Karanth et al, 2011)
4. XSRF (“Cross site Reference Forgery”) where the victim client is redirected to a webpage that simulates the legitimate site (Wikipedia, 2011)
5. Phishing is where the gullible user is brought to a simulation of the actual site but with a minor difference. Example: “google.com and googIe.com, (where the lowercase l has been replaced by an uppercase
I ‘eye’)” (Wadlow, 2009).
6. Cookie snatching is when the session cookies are extracted from the client’s browser unawares (Wadlow, 2009).
7. Clickjacking is when the unaware user is playing a web game which is overlaid with an e-commerce interface. By clicking on the
page) a person’s web browser to a webpage that is (phony and) malicious in nature,
∆ Purchase Trolling - ( It's when a player purchases someone a rank that's lower then what they already have, and they will check the IP that bought and and ban them from the server store)
Dougherty, C., Householder, A., & Houle, K. (2002). Computer attack trends challenge Internet security. Computer, 35(4), 0005-7.
The tendency of internet users to instantly assume website credibility, provides even the most unskilled hackers an opportunity to gain unauthorized access to someone’s computer in the world today. Often, malicious or ill-intended websites are designed in such as way that visitors perceive as trustworthy, but in the background are set up as platforms for phishing or to intentionally antagonizing users to get a reaction, also known as internet “trolling”. To the untrained user, the signs of a hoax website are often unclear. However, SomaliCruises.com, a website advertising cruises to Somalia in hopes of being hijacked and fighting Somalian pirates, provides an excellent case study of what a hoax website might look like. Specifically, Somali Cruises uses precise formatting and a friendly tone to make a good initial impression, but reveals its status as a hoax through subtle elements like sketchy advertisements,
Viruses and worms are malicious programs that self-replicate on computers or through computer systems without the user being cognizant. Worms are a series programs that repeat themselves from system to system minus the use of a host fie. Worms use methods to infiltrate remote computers and launch replicas of themselves like email messages or coping files to an accessible disk. A computer virus is a
These days, there are thousands of different viruses and malware on Internet. Like the writers of viruses and other malicious code are many and diverse, and their reasons and motives that drive people to create a virus are as wide-ranging as themselves.
Just like a biological virus, a computer virus is able to infect and ruin lives. This malicious software constitutes more than just simple viruses but also includes other types of software including worms, Trojan horses, and ransomware. Malware has been around since the late 1980’s. Originally, people became hackers to gain notoriety online, but today, it has become more of a business. Cyber attacks originate from all around the world, and it is not just individual people that benefit from it. In two decades, numerous cyber crime syndicates have been created, and states all over the world sponsor hacker groups. Over the past twenty-five years, malware has become less about checking the integrity of computer security and gaining notoriety in the underground cyber society, and it has become more of a chaos creating, money making business that many people and institutions take part in.
Vishing is another technique for phishing. It is not always over the internet; in fact, most vishing incidents takes place-using voice technology. Vishing typically accompanied by voice over IP, landline phone, voice email, or cellular phones. Victim receive a message stating their bank account, or credit card, or there email account has compromised or a suspicious activity took place. User needs to call a specific phone number to ensure the fraud did not take place and verify their identity. The attacker can spoof the source to a bank or a trustworthy company that will make victim believe the call is legitimate. Vishing is typically a challenging information security threat specially if occur using voice over IP. Similar to
This term applies to an email seeming to have come from a honest to goodness business, a bank, or charge card organization asking for "verification" of information and cautioning of some desperate outcomes on the off chance that it is not done. The letter for the most part contains a connection to a fake website page that looks authentic with company logos and content and has a structure that may ask for username, passwords, card numbers or pin detail.
Phishing is defined as the attempt to obtain personal information such as usernames and passwords, credit card numbers, PINS, and other sensitive information. In this case, the creator will send out a legitimate looking email in disguise as any big and trustworthy company. The words phishing itself sounds like ‘fishing’ because of their similar concepts that is used. A bait is used in the attempt to catch a victim like for fishing, fisherman will use worm as their bait to attract fishes to their fishing rod or net. As in the hacking term, the bait is referred to any activity that will gain people’s trust so that they want to attach to the bait. And once they are attached, the creator will hack into their information.
Malicious software or malware is software designed for malicious purposes.Some malware may delete, overwrite, or steal user data. In general, this type of software can cause damage to the user’s computer and may steal vital information.Since this is a broad definition, malware can be classified into categories such as viruses, worms, trojan horses, spyware, adware, or botnets. Since there is substantial overlap between these type of malware, we refer to them simply as “viruses”. We can further classify viruses based on the way they try to conceal themselves from being detected by antivirus programs . These categories are “encrypted,” “polymorphic,” and “metamorphic.”
Malware comes in many forms, and in order to stay ahead of the threat, computer users need to be aware of the different types of malware that exist. Viruses are probably the most well-known type of malware. Computer viruses are software programs that are deliberately designed to interfere with computer operation (www.microsoft.com). Viruses are programs that attach themselves to other programs in order to reproduce and cause harm. When the infected program is ran and installed, the virus then activates and spreads itself to other programs that are installed on the computer in order to harm your computer system (www.wisegeek.org). The program might be an application, a macro document, a Windows system file, or a boot loader program (Andrews, 900).
In today’s complicated world of internet security, securing a website or a web-application against hacking is a major task faced by all organization. Aside from static website, webpages have morphed into complex dynamic sites that utilizes vast resources and APIs, all the while communicating with database in real time and also that stores millions of its customers’ information. Among the various forms of attack techniques employed by hackers, Cross Site Scripting (XSS) and SQL Injection had risen to the top and possess the greatest risk in the amount of data and intellectual property loss faced by any corporations who wants to reach out or provide services to its customers in the world wide web. OSWAP (Open Web Application Project), an
In the words of Frederick B. Cohen, computer virus as a" program that can infect other programs by modifying them to include a possibly evolved copy of it ' ' [1]. Computer virus spreads from one computer to another by copying itself to an existing executable code. With the infection property, a virus can spread in a computer system or network using the authorizations of everybody, thereby affecting the user 's program. Every program that gets affected may also act as a virus.
Malicious software often known as malware is simply code that includes either virus, Trojan or worms. It is use communication tools such as emails, social networks, instant messages, websites, chat communications, removable devices etc. to spread. The malicious codes are attached to payloads which then are