Zeus Trojan

What does Zeus Trojan (Zbot) mean?

The Zeus Trojan is a kind of Trojan that infects Windows-based computers and steals banking and financial information. When it infects a computer, it looks for personal data such as email usernames and passwords as well as online financial and banking records associated with the personal information. The data are then sent to remote servers and then collected by the hacker who can then proceed to commit financial fraud by using the stolen information.

The Zeus Trojan is also known as Zbot.

The Zeus Trojan is used by hackers to steal information relating to online banking. The stolen information is then sent to remote servers controlled by the hackers, who then use it to log on to the victims’ accounts to make unauthorized (however, in this case, the system sees the transaction as authorized because of correct log-in information) money transfers to various hidden accounts and “money mules” to hide the electronic trail and make it hard for authorities to determine exactly where the money went.

Continue reading

Advertisements

4 calamitous truth of WAP

Is WAP really a secure protocol?

You’re using a wireless access point that has encryption so you’re safe, right? Wrong! Hackers want you to believe that you are protected so you will remain vulnerable to their attacks. Here are 4 things that wireless hackers hope you won’t find out, otherwise they might not be able to break into your network and/or computer:

1. WEP encryption is useless for protecting your wireless network. WEP is easily cracked within minutes and only provides users with a false sense of security.

Even a mediocre hacker can defeat Wired Equivalent Privacy (WEP)-based security in a matter of minutes, making it essentially useless as a protection mechanism. Many people set their wireless routers up years ago and have never bothered to change their wireless encryption from WEP to the newer and stronger WPA2 security. Updating your router to WPA2 is a fairly simple process. Visit your wireless router manufacturer’s website for instructions.

2. Using your wireless router’s MAC filter to prevent unauthorized devices from joining your network is ineffective and easily defeated.

Every piece of IP-based hardware, whether it’s a computer, game system, printer, etc, has a unique hard-coded MAC address in its network interface. Many routers will allow you to permit or deny network access based on a device’s MAC address. The wireless router inspects the MAC address of the network device requesting access and compares it your list of permitted or denied MACs. This sounds like a great security mechanism but the problem is that hackers can “spoof” or forge a fake MAC address that matches an approved one. All they need to do is use a wireless packet capture program to sniff (eavesdrop) on the wireless traffic and see which MAC addresses are traversing the network. They can then set their MAC address to match one of that is allowed and join the network.

Continue reading

Armored Virus

What does Armored Virus mean?

A computer virus’s primary goal is to spread as far as possible without being noticed. A computer virus which is coded specifically using different mechanisms to make it undetectable or very difficult to decrypt is known as Armored Virus. Other 2 types of virus that came in this category are Stealth viruses and Polymorphic viruses. An example of an armored virus is Whale.

This can be done using many methods, one of those is fooling the anti-virus about the real location of the virus which makes it difficult to detect and remove the virus another method is to code the virus in such a confusing way that it becomes hard for the virus researcher to reverse engineer the code. We can say that an armored virus protects itself from anti-virus programs.

Below are the 5 section describes basic methods of armored viruses:

Continue reading

XSS Hole

What does XSS Hole mean?

An XSS hole is a Web application that renders dynamic content to users with a computer security vulnerability. This application is cross-site scripting (XSS), and it enables an attacker to exploit a user’s confidential data without passing an access control mechanism such as a same-origin policy. This defect is more appropriately known as an XSS hole.

For example, the user may come across a hyperlink in a Web application pointing to some malicious content. The user may click the link and be led to another page containing some advertisement or email bulletin. This page gathers user information in the form of a password. It also generates a malicious output page that indicates some fake response tailored to appear as genuine to the user. Either the data entered by the user can be misused or the user’s session can be hijacked by cookie theft. Based on the sensitivity of the data collected, cross-site scripting can range from a mere vulnerability to a serious security loophole. After exploitation of the XSS vulnerability, the attacker may bypass the organization’s access control policies.

The concept of cross-site scripting is based on the same original policy. Same original policies state that a Web browser using JavaScript can access different properties and methods belonging to the same site without any restrictions. Malicious attackers can exploit the concept of the same original policy by injecting malicious code into a website using JavaScript. When the Web pages are viewed by users, attackers may gather some useful user information such as a username or password.

Continue reading

Vulcan Nerve Pinch

What does Vulcan Nerve Pinch mean?

The Vulcan Nerve Pinch is a keyboard combination that hinders a user’s ability to complete complicated command functions with a single-hand or accidental keypress.

The Vulcan Nerve Pinch is also known as Control-Alt-Delete (Ctrl-Alt-Del) or a three-finger salute, which refers to the original “Star Trek” series and Bill Gates’ famed hand expression, respectively.

David Bradley, an IBM engineer, developed the Vulcan Nerve Pinch concept in the early 1980s as a means of allowing a reboot from the keyboard without the risk of accidentally causing a system restart.

The Vulcan Nerve Pinch enables user termination of hanging applications or operating systems. Accidental system reboots are rare because of specified actions, speed and key combinations.

Continue reading

Dropper

What does Dropper mean?

A dropper is a type of malware developed to launch viruses by “dropping” (installing) them. Dropper viruses may go undetected because they are hidden, difficult to pinpoint and relatively uncommon. Droppers are also a relatively new type of virus that many anti-virus programs are not equipped to detect.

Droppers are programs that contain viruses that impede the functioning of targeted computers. They can install themselves onto a disk or a hard drive. They typically do not duplicate themselves as worms do. Instead, droppers launch their payloads while disguising themselves within computer systems and directories. The code of the virus is contained within the dropper. Usually, dropper viruses are Trojans, and the virus installation takes place in the form of a payload, which is the malicious activity of the virus.

This term is also known as a dropper program or a virus dropper.

Continue reading

Encryption Key

What does Encryption Key mean?

An encryption key is a random string of bits created explicitly for scrambling and unscrambling data. Encryption keys are designed with algorithms intended to ensure that every key is unpredictable and unique.

The longer the key built in this manner, the harder it is to crack the encryption code. An encryption key is used to encrypt, decrypt, or carry out both functions, based on the sort of encryption software used.

Encryption is a type of security that converts data, programs, images, or other information into unreadable cipher. This is done by using a collection of complex algorithms to the original content meant for encryption.

Symmetric forms of encryption systems make use of a single password to serve as both decryptor and encryptor. Symmetric types use algorithms that are very safe. One of such type was adopted by the US Government as Advanced Encryption Standard (AES) to store classified information.

Continue reading