Bill Williams (IT): Support Site
[home]
|
[profile]
|
[register]
|
[help]
|
[Contact Us]
Revise:
Note: You must be registered in order to post a Topic or Comment.
To register,
click here
.
Note: Only the poster of this message, and the moderator can edit the message.
Your UserName:
Your Passkey:
Forgot your passkey?
[Click Here]
Byline:
for Staff use.
Body Text:
For a guide to
embellishing
the text,
click
here
The first objective of the cyber-crim is to get a trojan into the victim's computer, There are many ways of doing this. A trojan is (usually) a program that permits the cyber-crim to install any programs that he wishes onto the victim's computer by remote control over the Internet. A self-propagating virus could have an invisible trojan program as its payload. The virus might be started on one computer of a network and then copy itself to other insecure computers on a network. The trojan will then end up on all the insecure computers. A trojan might be inserted by the same technique as its name obviously come from, i.e a harmless looking gift which contains the trojan. These are most often propagated by spam emails of many many kinds, which have links to 'something good' to attract the victim. Or it might for instance have been inserted into a copy of a legitimate shareware program and then uploaded to one of the many shareware distribution sites. Or it might have a fake name and appear to be a harmless picture or text file from its name, but is actually an executable program, which possibly disguises its action, by installing the trojan and then performing the apparent action of displaying a picture or text file. A trojan might be inserted via an EXPLOIT. An exploit is generally an insecure bit of programming in standard legitimate programs, which can be 'exploited' to insert external coding into that legitimate program, sufficient to fetch and install a trojan. The most frequent type of exploit that you will see is a 'buffer overflow'. Within some programs instructions and data are mixed together and a buffer overflow might occur as in this example. Suppose a program is inputing some stuff from a user in a typical input box on the screen, say the users name or email address. The legitimate programmer assumed that the name would not be longer than 60 characters, so he assigns a buffer 60 characters long. The compiler might allocate 60 bytes for that buffer and then carry on compiling more instructions. Now if the original programmer is careless and does not check or restrict the size of the incoming information before it is written into the buffer, it might jam a large input into the small buffer and would overflow. The incoming stuff would then overwrite the following instructions. Now if this happens by accident the incoming characters considered as instructions will be nonsense and the most likely result is that the computer crashes or hangs. But if a cyber-crim (ex-hacker) knows of a particular buffer-overflow insecurity he can carefully craft characters in the overflow portion so that they are not nonsense but are a loader of trojans instead. So it loads the trojan and then crashes. After the re-boot the trojan is in place. Cyber-crims learn of insecurities in various ways, by their own investigations, by publications on hidden criminal forums, etc or by buying them from each other. There's plenty of victims out there so they probably don't mind selling their second best exploits to each other. Dark-hackers might actually develop the whole exploit and sell it as an injection tool. Most of the patches issued by Microsoft on it's monthly updates are to fix insecurities by re-writes which perform the checking or restricting that the original programmer should have put in in the first place, thus closing the exploit. How do they get the bloated data into a relevant buffer on the victim's computer? Well usually it is from stuff output by a dodgy or compromised website. Within an internet browser program (Internet Explorer, Firefox etc) many actions take place when a page is received from a website. Internally some of these use buffers and some of the programming is insecure. Firefox is generally considered to have less such insecurities than Internet Explorer, mainly because the program is open-source so many many people read the actual programming and report insecurities. Unfortunately it also means that dark-hackers can also read the programming looking for new insecurities on which they can write exploits. Where the buffer overflow insecurity is in the programming of a legitimate website itself, it is somewhat easier for the cyber crim as they can merely (?) compose the exploit and then feed it directly to the website. So they can get a hidden program onto the website itself. This can then be used to rework legitimate web pages so that they contain exploits which will then infect users computers. Bill.
Check here to include your profile signature.
Check here Remember Details.
Go to Home Page