Skip to content

Latest commit

 

History

History
49 lines (35 loc) · 1.78 KB

computer_network_exploits.md

File metadata and controls

49 lines (35 loc) · 1.78 KB

Computer and Network Hacker Exploits

General Trends

How to make money on malicious code

  • Sell the code for backdoors/bots
  • Spam and web-based advertising
  • Pump and dump stock schemes
  • Phishing: e-mail, phone, and targeted (spear) phishing
  • Denial of Service extortion
  • Keystroke loggers stealing financial information
  • Rent out armies of infected systems for all of the above
  • RAM scrapers pulling CC numbers of POS terminals

Software Distro-Site Attacks

  • Hack into web and FTP sites and alter software to include backdoor ==> Everyone who downloads and uses the tool is impacted

  • Another approach is embodied in ISR-Evilgrade tool

    • Listens for software to request update
    • Sends response with malware
    • Currently includes modules for Java browser plug-ins, Winzip, WinAmp, MacOS X, OpenOffice, iTunes, Linkedln toolbar, and more More than 6o software packages in total whose Internet updates can be subverted this way

Software Distro-Site Defenses

  • Check hashes across multiple mirrors
    • Check both MD5 and SHA-1 at least
    • Md5sum and sha1sum are built into Linux
    • Md5summer is available for free for Windows (md5summer.org)
    • Md5deep is another good project at http //md5deepsourceforge.net/
      • Calculates MD5, SHA-;, SHA-256, Tiger, and Whirlpool hashes
      • Available for Win and Linux/UNIX
    • RIPEMD-160
  • Check PGP signatures if available
    • Make sure you check against a trustworthy key
  • Don’t put new software directly into production; test first

Reconnaissance

DNS and nslookup

  • The Domain Name System is full of useful information about a target • The attacker?s goal is to discover as many IP addresses associated with the target domain as possible • The nslookup command can be used to interact with a DNS server to get this data