ITIS 1210ITIS 1210Introduction to Web-Based Introduction to Web-Based

Information SystemsInformation Systems

Chapter 45Chapter 45 How Hackers can Cripple the Internet and Attack How Hackers can Cripple the Internet and Attack

Your PCYour PC

IntroductionIntroduction

Hackers attack targets of opportunityHackers attack targets of opportunity IndividualsIndividuals Corporate Web sitesCorporate Web sites ISPsISPs

Why?Why? Might want to shut down a siteMight want to shut down a site RevengeRevenge Prove they canProve they can

Denial of ServiceDenial of Service

DOS attacks attempt to shut down a siteDOS attacks attempt to shut down a site DDOS – Distributed Denial of ServiceDDOS – Distributed Denial of Service

Incapacitates a network by flooding it with Incapacitates a network by flooding it with extraneous trafficextraneous traffic Might be requests for serviceMight be requests for service

Denial of ServiceDenial of Service

Smurf attackSmurf attack Uses ICMP – Internet Control Message Uses ICMP – Internet Control Message

ProtocolProtocol

Fraggle attackFraggle attack Re-write of a Smurf attack using UDP – User Re-write of a Smurf attack using UDP – User

Datagram ProtocolDatagram Protocol

Example uses SubSevenExample uses SubSeven Installed via a virus onto your computerInstalled via a virus onto your computer Opens port 7374Opens port 7374 Hacker can query your computer to see if port Hacker can query your computer to see if port

27374 is open27374 is open If so, they have access as if they were sitting If so, they have access as if they were sitting

at your keyboardat your keyboard

How Hackers Can Attack Your How Hackers Can Attack Your ComputerComputer

Hacker canHacker can Copy or delete files or programsCopy or delete files or programs Examine and use personal data, credit card Examine and use personal data, credit card

information, for exampleinformation, for example Access your passwordsAccess your passwords Upload files to your computerUpload files to your computer

Store illegal files on your computer and direct Store illegal files on your computer and direct others to access them from youothers to access them from you

Use your computer to launch attacksUse your computer to launch attacks

How Hackers Can Attack Your How Hackers Can Attack Your ComputerComputer

How Email Viruses Travel in Your EmailHow Email Viruses Travel in Your Email

Malware authors are often good social Malware authors are often good social engineersengineers They know what kinds of things we will They know what kinds of things we will

respond torespond to CuteCute GreedGreed ““Personal”Personal”

Hidden with the email could be any of a Hidden with the email could be any of a number of types of virusesnumber of types of viruses

How Email Viruses Travel in Your EmailHow Email Viruses Travel in Your Email

Attachment virusAttachment virus Pretends to be something like a photo, sound, Pretends to be something like a photo, sound,

or movie fileor movie file May be able to determine based on file name May be able to determine based on file name

of attachmentof attachment Example: Melissa virusExample: Melissa virus

HTML virus might be active contentHTML virus might be active content Used in processing forms, other interactivityUsed in processing forms, other interactivity

How Email Viruses Travel in Your EmailHow Email Viruses Travel in Your Email

MIME virus MIME virus Mul.ti-Purpose Internet Mail ExtensionMul.ti-Purpose Internet Mail Extension Takes advantage of security vulnerabilities in Takes advantage of security vulnerabilities in

Outlook Express and Internet ExplorerOutlook Express and Internet Explorer Forms in the email header contain more Forms in the email header contain more

content than will fit in buffercontent than will fit in buffer Overflow content spills into another holding Overflow content spills into another holding

area from which the processor talkes its area from which the processor talkes its instructionsinstructions

Virus is then executed as if it were legitimate Virus is then executed as if it were legitimate codecode

How Email Viruses Travel in Your EmailHow Email Viruses Travel in Your Email

Viruses attack in different waysViruses attack in different ways Attachment virus launches when attachment Attachment virus launches when attachment

is run, usually by double-clicking the is run, usually by double-clicking the attachmentattachment

HTML viruses run when the user opens the HTML viruses run when the user opens the message to read itmessage to read it Might run when viewed in the preview windowMight run when viewed in the preview window

MIME viruses can run without the user doing MIME viruses can run without the user doing anythinganything

How Email Viruses Travel in Your EmailHow Email Viruses Travel in Your Email

Typical virus first propagates itselfTypical virus first propagates itself Searches address book, old email, even Searches address book, old email, even

documentsdocuments Identifies names and addressesIdentifies names and addresses Sends duplicates of itself to those addressesSends duplicates of itself to those addresses

This process repeats itself on all those This process repeats itself on all those destination computersdestination computers

How Email Viruses Travel in Your EmailHow Email Viruses Travel in Your Email

Results might be just an irritating message Results might be just an irritating message or something much more seriousor something much more serious Deleted filesDeleted files Slow processingSlow processing

How Zombies and Bot Networks WorkHow Zombies and Bot Networks Work

A A zombiezombie or a or a botbot is a computer that can is a computer that can be controlled by someone remotelybe controlled by someone remotely

A single controller might have a network of A single controller might have a network of thousands of infected computersthousands of infected computers

A typical zombie connects to an IRC A typical zombie connects to an IRC (Internet Relay Chat) channel(Internet Relay Chat) channel Lets controller know it is availableLets controller know it is available

How Zombies and Bot Networks WorkHow Zombies and Bot Networks Work

Controller sends commands telling all Controller sends commands telling all his/her zombies to perform a certain his/her zombies to perform a certain commandcommand Send out a spam or phishing attackSend out a spam or phishing attack

Because attacks are carried out by the Because attacks are carried out by the zombies, the actual attacker is insulatedzombies, the actual attacker is insulated Attacks can’t be traced back to him/herAttacks can’t be traced back to him/her

How Zombies and Bot Networks WorkHow Zombies and Bot Networks Work

After the attacks, the zombies can be After the attacks, the zombies can be placed into hibernation until needed againplaced into hibernation until needed again

Attackers look for computers with constant Attackers look for computers with constant network cnnections (DSL or RoadRunner) network cnnections (DSL or RoadRunner) and fairly high-speed connectionsand fairly high-speed connections

How Hackers Exploit BrowsersHow Hackers Exploit Browsers

Browser attacks take advantage of Browser attacks take advantage of security vulnerabilities in certain security vulnerabilities in certain commonly-used browserscommonly-used browsers Internet ExplorerInternet Explorer FirefoxFirefox

Buffer overflow attackBuffer overflow attack Buffers are areas of memory used to hold Buffers are areas of memory used to hold

datadata

How Hackers Exploit BrowsersHow Hackers Exploit Browsers

Buffer overflow attack (cont.)Buffer overflow attack (cont.) If too much data is placed into the buffer it If too much data is placed into the buffer it

overflows into adjacent areas of memoryoverflows into adjacent areas of memory That data might be malicious code that can That data might be malicious code that can

executed as if it were a normal programexecuted as if it were a normal program

Malicious code can damage computers in Malicious code can damage computers in numerous waysnumerous ways Allows a hacker to gain controlAllows a hacker to gain control

How Hackers Exploit BrowsersHow Hackers Exploit Browsers

Drive-by downloads often occur without Drive-by downloads often occur without the user’s knowledgethe user’s knowledge Might be spyware or a Trojan Might be spyware or a Trojan

Often infects a computer as a result of Often infects a computer as a result of clicking a pop-up generated by a Web site clicking a pop-up generated by a Web site you’re visiting.you’re visiting.

How Hackers Exploit BrowsersHow Hackers Exploit Browsers

ActiveX is often usedActiveX is often used A way to allow software to be downloaded A way to allow software to be downloaded

and run inside the browserand run inside the browser

Can be used to steal information, install Can be used to steal information, install spyware, run Trojans, etc.spyware, run Trojans, etc.