Beruflich Dokumente
Kultur Dokumente
Them
There are technical differences between each of these, but all of them attempt to run on your computer without your knowledge.
Malware
The most general name for a malicious computer program is malware. You may have heard computer programs called software. The word malware comes from MALicious softWARE.
Through email attachments By clicking on a web link when surfing the web By downloading a program that claims to be a game or cool picture Others?
What do many of these attacks (through email, web browsing or downloads) have in common?
They all require the actions of a legitimate user.
They can be considered front door attacks because a user is tricked into opening the door for the attack through their action.
The key to understanding front door attacks is that when you run a program it runs with *all* your rights and privileges.
If you can delete one file, any program you run can delete all your files. If you can send one email, any program you run could send thousands of spam emails.
This includes any program you run even accidentally by opening an email attachment or clicking on web link.
Server Software
Basically server software receives a request over the network, examines the request and decides if it can satisfy the request
Legitimate requests do not cause an attack. Most illegitimate requests do not cause attacks either because the server simply answers that it does not understand or cannot satisfy a request.
When programmers write server software, they write it to listen for requests that come in over the network. They might assume that no request will ever be longer than 1000 letters long. This might be a perfectly valid assumption for all reasonable requests, but an attacker might send a request that is 100,000 letters long.
If the server only left room for 1000 letters, then the rest of the letters may get copied over the legitimate program instructions. Thus, the request sent by the attacker takes the place of the legitimate program instructions and the server starts to execute the attackers code instead.
Sometimes programmers neglect to do that and this is what produces the weakness or flaw that is exploited by the attacker. If you are learning to program, you should know that you can prevent many viruses by following good programming practices.
If the attacker sends the wrong data, the server might crash instead of running the attackers instructions.
Exploiting a weakness
If an attacker crafts an attack that works on their local machine then chances are that it will work on many other machines. Attackers tend to target the most common computing platform Windows so that their attacks will impact the most machines.
Some attackers just want to see if they can make an attack succeed.
The malware they write may simply displaying something to the user or announce its presence in another way.
Still others try to write malware that steals information from the victim.
The malware they write might search for credit card numbers or other personal information and send it back to the attacker. Spyware might watch for victims passwords or otherwise spy on their online activity.
Still others write malware that uses the victims computer for their own purposes.
Use it to store files (often illegal) and make them available to others shifting liability away from the attackers. Use it to attack other computers making it harder to trace the attack to its real source.
Self-replicating
Regardless of its other goals, a large percentage of malware tries to spread itself automatically. Malware programs may try to spread by
Sending out email with infected attachments. Send out carefully-requests back door attack packets.
Consequences of Attacks
If you have ever been attacked by a computer virus, you know the damage it can cause
Your computer can begin to run very slowly and constantly pop-up annoying messages that make it difficult to do anything productive. Having the virus removed by a technician can be expensive and time-consuming. The virus itself may destroy irreplaceable files like family pictures or videos. Even if the virus itself does not cause data loss, often the process of removing the virus can require reinstalling the operating system and all the programs. Your credit card or other private information can be stolen.
Costs come from restoring damaged systems, replacing lost information, steps taken to prevent attacks and steps taken to prepare to recover from attacks.
Case
Jason, a 16 year old honor student, wrote a computer virus that causes 4 billion dollars of damage and impacted countless home and business computers. The authorities traced the virus to him. Jason says that he is very sorry and didnt mean for it to get so out of hand. He said he was just fooling around to see if he could do it.
Discussion
How would you feel if you were a friend of Jasons? How would you feel if you had lost your entire MP3 collection or a book report you had worked on for 3 weeks? What type of punishment would recommend in this case?
Blackhat vs Whitehat
Blackhat computer hackers look for flaws in software to exploit them or break into computer for malicious purposes. Whitehat computer hackers look for flaws in software to fix them or attempt to break into computers to audit their security.
Defenses
Even if you are not whitehat hacker there is a lot you can do to defend your computer against attack Defending against front door attacks means being careful about what programs you run and what attachments and links you open Defending against back door attacks means knowing what services are running on your machine and keeping them patched
1) Be careful opening email attachments even from friends. 2) Be careful clicking on web links found on less reputable web sites. 3) Beware of free downloads that seem too good to be true. 4) Use a good virus scanner and keep your virus signatures up-to-date. 5) Consider using less popular email readers and web browser software.( Attackers target the most popular software.) There are excellent and free open source options.
No matter how careful you are it is still wise to prepare to recover from an attack if one does occur.
1) Back up your personal data such as digital pictures, letter and papers youve written, your address book, etc. 2) Keep track of the software youve installed on your computer including where you got it and any activation keys you paid for.
Review Questions
What is a front door attack? What are some examples? What is a back door attack? What are some examples? Give some examples of what malware tries to accomplish. Describe ways that whitehat hackers try to make systems more secure. Describe things you can do to secure your computer against attack.
Conclusion
Knowing the different kinds of attacks and the goals of attackers can help you understand how better to defend yourself.