All About Hacking Computers_ Virus And Malwares

Document Sample
All  About Hacking Computers_ Virus And Malwares Powered By Docstoc
					When a fortune-teller stares into her crystal ball she claims to see through to the misty
future and offers guidance to those willing to hand over the required fee. However,
she might be stumped when faced with questions about the state of tomorrow's
computer viruses, or whether or not there will be a global outbreak of cyber warfare.
She ought not to be because, although the internet threat landscape is continually
evolving, there are some basic principles that help us predict what's coming next.
  Perhaps surprisingly, these hold the human condition at their core. A 21st century
Mystic Meg should have no problems foretelling the digital future and we'll explain
how you too can look into the future at internet threats. Anti Virus Companies like
Symantec, GRISOFT , etc have researchers that investigate current threats and new
technologies with a view to discovering what the next big security problems are going
to be, and they don't use crystal balls.
  ITS ALL ABOUT THE MONEY, In the old days the original computer viruses were
born of pride or misplaced curiosity. Anonymous individuals wrote computer code to
show how clever they were, viewing security software as a challenge. If they could
beat anti-virus programs produced by big names such as Symantec, McAfee etc then
they would have outsmarted the experts. In some cases their motivation was increased
as anti-virus (AV) programs improved over time.
  Today things have moved up a few gears and every reputable security company
acknowledges that money is the motivation behind the vast majority of online threats.
Viruses, compromised websites hosting malicious exploits, fraudulent emails and
phishing websites have all been designed to steal or generate money.
  As we ponder the future of malware and other threats, we need to look at the matter
in the context of criminal endeavour, rather than seeing online threats as a result of
vandalism and other types of low-level dysfunctional behaviour.
  Over the years it has became clear that a new underground economy has evolved in
which our personal details are traded for cash on the internet. This situation not only
continues today, but the illegal information gathering and trading systems have grown
even more sophisticated. Criminal organisations provide services to others much like
legitimate business. They sell hacking tools in a web-based arms market and operate
escrow systems to ensure that the thieves don't rip each other off. Much of the
criminal activity is based around malware, which forms the front line in the criminals'
activity.
  Some people create malware, others sell it, while underground services offer to
check the latest viruses to ensure that they aren't detected by the software produced by
anti-virus companies. It's a sophisticated arrangement, both in terms of business and
technology. AV companies, spend a lot of time monitoring and interacting with
criminals as they go about their online business. They have something like an
underground version of VirusTotal ( a website that scans URL's for bugs ), to check
that their malware can avoid detection, as well as services to monitor botnets. Botnets
are potentially vast networks of compromised computers - PCs owned by regular
internet users. They are part of the cybercriminal's IT infrastructure and are the
equivalent of a traditional gangsters Muscle. Botnets provide masses of computing
power as well as the ability to bring down the websites and internet connections of
large companies. They can be used to send out billions of spam emails, infect
websites on masse and even host transient infected websites that come and go, making
them very hard to take down. In the worst cases (for the individual visitor), it might
try to load malware on to their computer. Once malware is loaded on a system, the
computer can be used as a tool to spy on its user. This means that usernames,
passwords, bank account details and other sensitive data can be siphoned off and sent
to the attacker.
  Although you might think that this is the end of the story, the criminals who install
the malware may not have a direct use for your data. I have read Symantec's latest
internet threat report. In it the company discloses that criminals compile lists of credit
card numbers and bank details, which they sell off in huge lists. However, the
availability of cards has dropped since last year, while demand remains high. This has
increased the cost of buying the information. The report also notes a disturbing new
development whereby criminals are trading 鈥榙 ump tracks' - the whole information
found in the magnetic stripe on a credit card. This data can not only be sold for a
higher price than basic information, but it's also more usable as it can be used to
create a physical replica of the card. Criminals are now advertising personal services
and, in a perverse version of online business networking, researchers have found
recommendations for people involved in money laundering and even for 鈥榤 ules'.
According to Symantec: "Mules are unsuspecting members of the public who have
been duped into accepting funds into their accounts, or accepting stolen goods.
  Like any other commodity, these people are traded on net forums by
cybercriminals." At some stage a criminal will end up using these details to commit a
fraudulent act, but it's likely that the data will pass through a number of hands first. lf
and when your personal data is stolen online, it will often be passed from criminal to
criminal before being used. Once in possession of a card, criminals may try to use it to
buy goods. Alternatively, a criminal may leverage the services of a 鈥榗 ash-out'
criminal. These people may charge nothing for their services 鈥?that is the service of
emptying your bank account- but take a commission on the transaction instead. The
online criminals have a large number of potential targets to consider. Although their
primary objective is to make money, there are a number of ways to do so, some of
which are more subtle than others. criminals put a value on personal details for the
purposes of ID theft, selling the data to ID thieves and even pilfering online games
login details for financial gain.
  WHO ARE THE TOMORROWS VICTIMS? Tomorrow's victims will be the same
as today's. The only difference is that the criminals need to stay ahead of the game in
order to compete with each other and remain profitable. Criminals will always go for
the easiest targets first, looking for low-risk, high-return opportunities. This means
creating a widespread threat that has the potential to affect millions of people. The
hackers aren't going to single out an individual, but instead hope to catch as many
random people as possible, collect their data and use or sell it for financial gain.
  These regular people will likely have bank accounts and credit cards that can be
stolen. Gamers often have online accounts that carry a high value 鈥?there has been a
thriving market in hijacking or emptying games accounts for years. Criminals might
also try a targeted approach, where a specific (very rich) individual, company or
group of people are faced with a highly convincing, customised attack.
  In the past, criminals have sent infected CDs and USB keys(To protect your pendrive
from                virus           read            this            article            at
http://freesoftwa.blogspot.com/2010/06/you-can-stop-virus-entering-ur-usb.html) to
workers at banks and other large organisations. Hardware keyloggers can then be used
to record usernames and passwords. There have been fears that last year's attack on
the recruitment website Monster furnished criminals with lots of personal information
that allowed them to target people with powerful employment roles, such as CEOs of
global companies. Targeted attacks can also use information gleaned from
social-networking sites - a technology that has only become very popular in the last
few years. Businesses themselves are another big target, although the scale of the
problem is hard to assess. We only see the tip of the iceberg, There are probably
documents containing zero-day exploits being sent around and so on, but companies
won't go public when they're attacked.
  Social engineering has repeatedly proven to be a useful technique for fooling people
into taking unwise actions. The criminals trick victims into visiting fake or infected
websites, downloading and installing harmful software and even responding to
near-blatant attempts at fraud. This last con trick involves sending emails requesting
your help in some matter, with the promise of delivering millions of dollars for no
work at all. Security companies claim that infected websites constitute the largest
single threat at the moment, The general assumption is that these are legitimate
websites that have been infected without their owners' knowledge. The sites are
hacked and a small piece of infected code, or a special type of (iframe) link to another
infected site, is inserted. When a computer loads the web page, it becomes infected.
  There is also a view that sites being operated by less moral individuals may host
malware on purpose. Porn websites are hosted by those with a flexible ethical
framework, They are more likely than some to host malicious iframes in order to gain
a few dollars per installation of malware.
  Viruses and infected websites that attack consumer electronics as well as computers
are likely to be a feature of future cyber attacks. Currently computers are the main
target for online criminals. The PC and, to a much lesser degree, the Mac are both
attacked because lots of people use them for online banking and other tasks that
involve handling valuable information.
  Tomorrow's targets will be the devices that people use for similar activities. This
means that the PC is going to stay at the top of the hacker's hit list for a long time to
come. If a certain type of mobile phone became a popular way to access online
banking, then you can guarantee that criminals would start to produce malware
designed to target and compromise them. From a criminal's point of view, hardware is
a much less important consideration than software when building an attack
mechanism. For example, a modern Mac is exactly the same as a PC under the hood.
The very same processors, RAM, graphics chips and hard disks are used in both
computers these days. The difference is the operating system. Macs run OS X while
PCs run completely incompatible variations of Windows or Linux.
  As most computers in the world run Windows, criminals concentrate on breaking
into Windows PCs. The more popular Macs become, the more attractive they are as
targets. Mobile phones don't share the same relationship as Macs and PCs. Even
different models from the same company use different combinations of hardware and
software.
  This means that there's such a wide selection in use at any one time that a hacker
would have to write many different viruses, worms or other threats to catch a
significant number of victims. In this situation, variety is a defence. Once people
settle on a specific mobile phone, however, it becomes worth hacking. ( could the
iphone be a target ? ) Many of the best-known anti 鈥攙 irus companies produce an
anti-virus product for one or more types of mobile phone, yet they generally admit
that the threat in this area is either very low or even non-existent. Mobile phone
malware is in its infancy There are millions of viruses and Trojans that target PCs.
Mobile phone viruses number in the few hundreds or maybe early thousands. There is
still such a disparity of environments: iPhones, Windows Mobile, Symbian,
BlackBerry, Android and others. There is too much variety for malware to function.
  Software is much more important than hardware. Today's hackers concentrate on the
underlying operating system (such as Windows XP) and common applications that
they can access. At the moment, attractive applications include web browsers as well
as software that web browsers use, such as Adobe Flash and Reader programs. In
recent months security holes have been found in versions of these programs, as well
as Microsoft's Internet Explorer web browser. When we try to predict the future of
internet threats, we can be sure that these types of programs will be targeted.
  The only variations will be the hardware used to run the web browsers and necessary
plugins. Do you believe that your TV could be hacked? Or your games console? The
latest versions of these domestic home entertainment systems often include the ability
to access the internet, so that they can use BBC iPlayer, YouTube and other popular
services. If your TV has a web browser, then it would be foolish to assume that it was
invulnerable to an attack. Before you ban TV from your household, remember what
we said earlier about attractive targets. Once you and half the popular start banking
online with your TV or PlayStation, only then will the hackers move in. And they will.
I reckon we'll see anti-virus software being installed on TV sets within the next five
years. The traditional view of a hacker attack involves a computer system being
manipulated by an unauthorised and external force. So how could your TV could be
hacked if it lacks a hard disk or any internal storage at all? Where would the viruses
be stored, for example? Similarly a games console doesn't seem to provide a very rich
environment for a criminal to exploit. This means that while your PC, TV or console
may not be hacked, the data that flows between it and the computers on the internet
that power the services you use could be stolen or corrupted. This is known as data
cloud hacking.
  IS THERE NO ESCAPE ? The usual way to make money with TV broadcasts is
with advertising. The advertising system itself could be subverted and used either to
make money directly or as part of a blackmail scam. The internet-enabled TV initially
has no financial value, What money can criminals make? They could show you a
commercial that may be clickable. This way, people's identity data can be stolen. If
you don't click the ad you may be threatened with the prospect that pornography will
pop up on screen when your children are watching.
  The term cloud-computing is quite vague. These days it tends to mean running
applications directly on a server. This isn't a new concept for businesses used to
dealing with email and web servers. However, the idea of running an application such
as a word processor in the cloud is novel for most people as we're used to such
programs being software that runs on the computer sitting in front of us.
  When you use Google Docs to create and edit word-processing or spreadsheet
documents, you're experiencing what most people consider to be cloud computing.
You should already be able to see some of the security issues surrounding cloud
computing. First of all, your data is stored on a remote computer under someone else's
control. Every time you access that data you have to authenticate with a remote
system, which means that your username and password probably traverses the internet.
After you log in, parts of any file that you access also moves through the internet.
  This potentially exposes your account and its contents to wrong-doers far more than
if you stored your photos, documents and email on your hard disk. However, it's
convenient to work this way as you can access your data from any computer that you
like (which is also another potential security flaw) and, in some cases, you can use
low 鈥攑 owered computers to run demanding applications because they use the
processing power and memory of the service provider's systems rather than the
resources of your own IT setup.
  The big challenge to companies that provide internet services is to ensure that
customers' data remains safe. Services need to identify where data comes from and
where it should go. They need to protect against man-in-the 鈥攎 iddle attacks, where
attackers intercept data as it passes by. Cloud services are not currently developed in
this way and can be fooled. Tomorrow's internet attackers will be sophisticated and
realistic. They won't spend hours trying to hack your mobile or TV while there are
easier options available.
  As long as we continue to use PCs to access online banks, buy from ecommerce sites
and play complex subscription-based games, so the bad guys will continue to attack
via the home computer. Recent history shows that social engineering, where victims
are fooled into making poor decisions, is a very successful route to separating us from
our cash and personal details. Technical 鈥榮 olutions' such as internet worms and
Trojans embedded in pirated software still exist, but it's those fake emails, infected
websites and even infected email attachments that will continue to pose a real threat
for the foreseeable future.
  We also know that security software is not a cure-all solution. And few security
companies would be brave enough to claim that they were winning the war against
malware. Nevertheless, an anti-virus program will help protect your system. FREE
ANTIVIRUS SOFTWARE If you don't want to spend any money we recommend
Microsoft's latest free anti-virus program, Security Essentials but for better protection
you need to splash out, and currently any of the following are good choices: Norton
Internet Security 2010, AVG Antivirus, AVG Internet Security.
  It is also important to keep your system up to date with the latest security patches.
This means updating Windows, your web browser and plug-ins such as Adobe Flash
and Acrobat Reader. Fail to do this and you can't really blame your anti-virus software
if your PC becomes infected. While the days of safe computing are probably a
nostalgic fantasy (bugs have existed for as long as computers have), it's not
scaremongering to say that today things are far worse than they ever have been, and
the problem isn't going to disappear.
  There is some good news. While the online criminals engage in a virtual arms war
against security companies, sell our data for pennies and cost companies billions in
lost or stolen revenue, the main security hole is our own gullibility. If you become
more suspicious of email requests to change or confirm account details, pop 鈥攗 p
warning messages on websites and too-good-to- be true offers, then you're way ahead
of the herd. And hackers are only interested in the herd.
  By, Hacking Tricks, http://freesoftwa.blogspot.com/By, Hacking Tricks
http://freesoftwa.blogspot.com/

				
DOCUMENT INFO