Пропускане към основното съдържание

Malware (malicious software)

Malware:


Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses, and spyware. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission. Even the users that not want that their machines may to be exploited without their permissions they are will be exploited.


Types of malware:


There are different types of malware that contain unique traits and characteristics. A virus is the most common type of malware, and it's defined as a malicious program that can execute itself and spreads by infecting other programs or files. A worm is a type of malware that can self-replicate without a host program; worms typically spread without any human interaction or directives from the malware authors. A Trojan horse is a malicious program that is designed to appear as a legitimate program; once activated following installation, Trojans can execute their malicious functions. Spyware is a kind of malware that is designed to collect information and data on users and observe their activity without users' knowledge. Usually the attacker make his own scripts using information from victim or something else. Other types of malware include functions or features designed for a specific purpose. Ransomware, for example, is designed to infect a user's system and encrypt the data. Cybercriminals then demand a ransom payment from the victim in exchange for decrypting the system's data. A rootkit is a type of malware designed to obtain administrator-level access to the victim's system. Once installed, the program gives threat actors root or privileged access to the system. A backdoor virus or remote access Trojan (RAT) is a malicious program that secretly creates a backdoor into an infected system that allows threat actors to remote access it without alerting the user or the system's security programs.
The term malware was first used by computer scientist and security research Yisrael Radai in 1990. However, malware existed long before this; one of the first known examples of malware was the Creeper virus in 1971, which was created as an experiment by BBN Technologies engineer Robert Thomas. Creeper was designed to infect mainframes on ARPANET. While the program did not alter functions, or steal or delete data, the program moved from one mainframe to another without permission while displaying a teletype message that read, "I'm the creeper: Catch me if you can." Creeper was later altered by computer scientist Ray Tomlinson, who added the ability to self-replicate to the virus and created the first known computer worm. The concept of malware took root in the technology industry, and examples of viruses and worms began to appear on Apple and IBM personal computers in the early 1980s before becoming popularized following the introduction of the World Wide Web and the commercial internet in the 1990s.


How malware works:


On first place the malware was created to controlling the victim computers! Malware authors use a variety of means to spread malware and infect devices and networks. Malicious programs can be delivered physically to a system through a USB drive or other means. Malware can often spread via the internet through drive-by downloads, which automatically download malicious programs to users' systems without their approval or knowledge. These are initiated when a user visits a malicious website, for example. Phishing attacks are another common type of malware delivery; emails disguised as legitimate messages contain malicious links, or attachments can deliver the malware executable to unsuspecting users. Sophisticated malware attacks often feature the use of a command-and-control server that allows threat actors to communicate with the infected systems, exfiltrate sensitive data and even remotely control the compromised device or server. Emerging strains of malware often include new evasion and obfuscation techniques that are designed to not only fool users but security administrators and anti-malware products as well. Some of these evasion techniques rely on simple tactics, such as using web proxies to hide malicious traffic or source IP addresses. More sophisticated threats include polymorphic malware, which can repeatedly change its underlying code to avoid detection from signature-based detection tools; anti-sandbox techniques, which allow the malware to detect when it's being analyzed and delay execution until after it leaves the sandbox; and lifeless malware, which resides only in the system's RAM in order to avoid being discovered.


Similar programs:


So "similar" means manual programs who is almost similar like an official. There are other types of programs that share common traits with malware but are distinctly different. Adware, for example, can have adverse effects on users in terms of annoying users with unwanted ads and degrading the performance of the device or system. However, adware is generally not considered the same as malware, since there isn't a malicious intent to harm users or their systems. However, there are cases where adware can contain harmful threats; web ads can be hijacked by threat actors and turned into malvertising threats. Similarly, some adware can contain spyware-like features that collect information, such as browsing histories and personal information, without users' knowledge or consent. A PUP, or potentially unwanted program, is another example of a program similar to malware. These are typically applications that trick users into installing them on their systems, such as browser toolbars but don't execute any malicious functions once they have been installed. However, there are cases where a PUP may contain spyware-like functionality or other hidden malicious features, in which case the PUP would be classified as malware. .


SCHEMES:


Коментари

Популярни публикации от този блог

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues).


For the final time, let's pretend we do not know any credentials for DVWA.... Let's play dumb and brute force DVWA... once and for all!
TL;DR: Quick copy/paste
1: CSRF=$(curl -s -c dvwa.cookie "192.168.1.44/DVWA/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2) 2: SESSIONID=$(grep PHPSESSID dvwa.cookie | cut -d $'\t' -f7) 3: curl -s -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "192.168.1.44/DVWA/login.php…

List of TCP and UDP port numbers

This is a list of Internet socket port numbers used by protocols of the transport layer of the Internet Protocol Suite for the establishment of host-to-host connectivity. Originally, port numbers were used by the Network Control Program (NCP) in the ARPANET for which two ports were required for half-duplex transmission. Later, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full-duplex, bidirectional traffic. The even-numbered ports were not used, and this resulted in some even numbers in the well-known port number range being unassigned. The Stream Control Transmission Protocol (SCTP) and the Datagram Congestion Control Protocol (DCCP) also use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses. However, many unoff…

Building_kernel_module_example