1 / 19

ITIS 1210 Introduction to Web-Based Information Systems

ITIS 1210 Introduction to Web-Based Information Systems. Chapter 45 How Hackers can Cripple the Internet and Attack Your PC. Introduction. Hackers attack targets of opportunity Individuals Corporate Web sites ISPs Why? Might want to shut down a site Revenge Prove they can.

nyla
Download Presentation

ITIS 1210 Introduction to Web-Based Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ITIS 1210Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC

  2. Introduction • Hackers attack targets of opportunity • Individuals • Corporate Web sites • ISPs • Why? • Might want to shut down a site • Revenge • Prove they can

  3. Denial of Service • DOS attacks attempt to shut down a site • DDOS – Distributed Denial of Service • Incapacitates a network by flooding it with extraneous traffic • Might be requests for service

  4. Denial of Service • Smurf attack • Uses ICMP – Internet Control Message Protocol • Fraggle attack • Re-write of a Smurf attack using UDP – User Datagram Protocol

  5. How Hackers Can Attack Your Computer • Example uses SubSeven • Installed via a virus onto your computer • Opens port 7374 • Hacker can query your computer to see if port 27374 is open • If so, they have access as if they were sitting at your keyboard

  6. How Hackers Can Attack Your Computer • Hacker can • Copy or delete files or programs • Examine and use personal data, credit card information, for example • Access your passwords • Upload files to your computer • Store illegal files on your computer and direct others to access them from you • Use your computer to launch attacks

  7. How Email Viruses Travel in Your Email • Malware authors are often good social engineers • They know what kinds of things we will respond to • Cute • Greed • “Personal” • Hidden with the email could be any of a number of types of viruses

  8. How Email Viruses Travel in Your Email • Attachment virus • Pretends to be something like a photo, sound, or movie file • May be able to determine based on file name of attachment • Example: Melissa virus • HTML virus might be active content • Used in processing forms, other interactivity

  9. How Email Viruses Travel in Your Email • MIME virus • Mul.ti-Purpose Internet Mail Extension • Takes advantage of security vulnerabilities in Outlook Express and Internet Explorer • Forms in the email header contain more content than will fit in buffer • Overflow content spills into another holding area from which the processor talkes its instructions • Virus is then executed as if it were legitimate code

  10. How Email Viruses Travel in Your Email • Viruses attack in different ways • Attachment virus launches when attachment is run, usually by double-clicking the attachment • HTML viruses run when the user opens the message to read it • Might run when viewed in the preview window • MIME viruses can run without the user doing anything

  11. How Email Viruses Travel in Your Email • Typical virus first propagates itself • Searches address book, old email, even documents • Identifies names and addresses • Sends duplicates of itself to those addresses • This process repeats itself on all those destination computers

  12. How Email Viruses Travel in Your Email • Results might be just an irritating message or something much more serious • Deleted files • Slow processing

  13. How Zombies and Bot Networks Work • A zombie or a bot is a computer that can be controlled by someone remotely • A single controller might have a network of thousands of infected computers • A typical zombie connects to an IRC (Internet Relay Chat) channel • Lets controller know it is available

  14. How Zombies and Bot Networks Work • Controller sends commands telling all his/her zombies to perform a certain command • Send out a spam or phishing attack • Because attacks are carried out by the zombies, the actual attacker is insulated • Attacks can’t be traced back to him/her

  15. How Zombies and Bot Networks Work • After the attacks, the zombies can be placed into hibernation until needed again • Attackers look for computers with constant network cnnections (DSL or RoadRunner) and fairly high-speed connections

  16. How Hackers Exploit Browsers • Browser attacks take advantage of security vulnerabilities in certain commonly-used browsers • Internet Explorer • Firefox • Buffer overflow attack • Buffers are areas of memory used to hold data

  17. How Hackers Exploit Browsers • Buffer overflow attack (cont.) • If too much data is placed into the buffer it overflows into adjacent areas of memory • That data might be malicious code that can executed as if it were a normal program • Malicious code can damage computers in numerous ways • Allows a hacker to gain control

  18. How Hackers Exploit Browsers • Drive-by downloads often occur without the user’s knowledge • Might be spyware or a Trojan • Often infects a computer as a result of clicking a pop-up generated by a Web site you’re visiting.

  19. How Hackers Exploit Browsers • ActiveX is often used • A way to allow software to be downloaded and run inside the browser • Can be used to steal information, install spyware, run Trojans, etc.

More Related