UNIT-3 TOOLS AND METHODS USED IN CYBERCRIME

1. What do you understand by tools and methods used in cybercrime?

 Tools and methods used in cybercrime refer to the wide array of software, hardware, techniques, and tactics
employed by individuals or groups with malicious intent to carry out illegal activities within the digital realm.
 These tools and methods are utilized to exploit vulnerabilities, gain unauthorized access to computer systems,
steal sensitive data, disrupt digital services, or otherwise engage in harmful activities online.
 Examples of such tools and methods include malware, phishing emails, hacking software, denial-of-service attacks,
social engineering tactics, and more.
 Cybercriminals use these tools and methods to perpetrate various types of cybercrimes, such as identity theft,
financial fraud, data breaches, and system intrusions.

The stages of an attack include:

1) Initial Uncovering: Gathering information about the target, both from public sources and internal network details.
2) Network Probe: Using invasive techniques to scan the network for devices and services running on the target
system.
3) Crossing the Line to E-Crime: Exploiting vulnerabilities to gain access, often escalating privileges to gain full control.
4) Capturing the Network: Establishing control over the network, often by compromising low-priority systems and
removing evidence of the attack.
5) Grabbing the Data: Stealing confidential information, altering processes, or launching further attacks.
6) Covering Tracks: Undertaking activities to avoid detection, like clearing event logs or deleting traces.

Tools used to cover attacks include:

1) EL Save: A tool to save or clear NT event logs.
2) Win Zapper: Erases event records selectively from the security log in Windows NT 4.0 and Windows 2000.
3) Evidence Eliminator: A professional PC cleaning program to defeat investigative efforts.
4) Traceless: A privacy cleaner for Internet Explorer, deleting common Internet tracks.
5) Tracks Eraser Pro: Deletes browsing history, cookies, and cache files from various browsers.

2. What are Proxy Servers and Anonymizers? Discuss different type of Types of Proxy Server.
Proxy servers act as middlemen between your device and the internet, hiding your IP address. They help you access
websites by sending your request to the server and then passing the response back to you. Attackers sometimes use
proxies to hide their identity when connecting to other computers. Proxies come in different types, helping keep your IP
address private.
The mechanism of a proxy server involves:
1. Client Request: Your device sends a request to access a web resource.
2. Proxy Server Interception: The proxy server intercepts your request.
3. Processing and Caching: The proxy server may process the request, cache content, filter content, require
authentication, or log requests.
4. Forwarding the Request: The proxy server forwards the request to the destination server.
5. Destination Server Response: The destination server responds to the request.
6. Proxy Server Response to Client: The proxy server sends the response to your device.
7. End-User Experience: You receive the response as if it came directly from the proxy server.
8. Network Traffic Routing: The proxy server continues to route traffic between clients and destination servers.
Proxy servers are needed for:
1. Enhanced Privacy and Anonymity 8. Monitoring and Logging
2. Bypassing Internet Restrictions 9. Bandwidth Savings
3. Improved Security 10. Anonymised Web Scraping
4. Network Performance Optimization 11. Secure Remote Access
5. Content Filtering and Parental Controls 12. Compliance with Organisational Policies
6. Load Balancing and Redundancy 13. Defeating Hackers
7. Accessing Geo-Restricted Content 14. Examining Packet Headers and Payloads
Understanding these needs helps individuals and organisations make informed decisions about using proxy servers to
improve internet security and performance.

Types of Proxy Servers:

1. Reverse Proxy Server: Acts as an intermediary for requests from clients to specific web servers. It hides the
identity of internal servers and can limit client access to sensitive data.
 2. Open or Forward Proxy Server: Intermediary between the internet and user devices. It collects data from
websites on behalf of clients, bypassing authorities' firewalls.
3. Web Proxy Server: Forwards HTTP requests, commonly used by servers like Apache or HAProxy.
4. Anonymous Proxy: Hides the original IP address of the client device, providing some level of anonymity.
5. High Anonymity Proxy: Doesn't allow the original IP address to be detected, providing strong anonymity.
6. Transparent Proxy: Doesn't provide anonymity; easily detects the original IP address. Often used as a cache for
websites.
7. CGI Proxy: Makes websites more accessible by accepting requests through a web form and returning results to
the browser.
8. Suffix Proxy: Appends the proxy's name to the requested URL but doesn't provide high anonymity.
9. Distorting Proxy: Generates incorrect original IP addresses of clients, using HTTP headers to maintain
confidentiality.
10. TOR Onion Proxy: Routes traffic through various networks worldwide to provide online anonymity, using onion
routing for encryption.
11. Invisible Internet Project (I2P) Anonymous Proxy: Uses encryption and distributed network routers to hide
communications and resist censorship.
12. DNS Proxy: Takes DNS queries and forwards them to domain servers, allowing caching and redirection of
requests.

Anonymiser
An anonymiser is like a secret agent for your internet browsing. It hides your identity and keeps your online activities
private. Here's how it works:
1. Hides Your IP Address: It disguises your computer's IP address so websites can't track you.
2. Encrypts Your Data: It scrambles your internet traffic to keep it safe from prying eyes.
3. Adds a Layer of Anonymity: It covers up your real identity and makes it hard for anyone to trace you.
4. Access Blocked Content: It lets you visit websites that might be blocked in your area.
5. Protects Against Attacks: It helps defend you from online scams and phishing attempts.
6. Bypasses Restrictions: It can get around firewalls or restrictions set by your school or workplace.

Uses of Anonymisers:
1. Privacy: Keeps your browsing private unless you give out personal info.
2. Access Restricted Content: Helps you view websites blocked by governments.
3. Security: Shields you from online attacks and scams.
4. Bypassing Firewalls: Lets you get past internet restrictions set by organizations.

Types of Anonymisers:
1. Networked Anonymisers: Routes your data through multiple computers to confuse trackers.
2. Single-Point Anonymisers: Directs your data through a specific website to hide your identity.
Some popular anonymisers include Tunnelbear, Psiphon, and Orbot for mobile devices. They work like a cloak for your
online adventures, keeping you safe and anonymous.

3. What is Phishing Attack? Discuss different types of phishing attacks.

A phishing attack is a malicious tactic used by cybercriminals to trick individuals into divulging sensitive information,
such as passwords, credit card numbers, and personal details. Attackers typically impersonate trusted entities like
banks or legitimate websites to deceive victims. Phishing attacks commonly occur via email, where victims are enticed
to click on links or open attachments that lead to fake websites or install malware.

Types of phishing attacks include:

1. Email Phishing: Attackers send fraudulent emails posing as legitimate entities, encouraging recipients to click
on malicious links or provide personal information.
2. Spear Phishing: Targeted phishing attacks directed at specific individuals or organizations, often using
personalized information to increase credibility and success rates.
3. Whaling: Similar to spear phishing, but targets high-profile individuals like CEOs or executives to obtain sensitive
corporate information.
4. Smishing: Phishing attacks conducted via SMS or text messages, enticing recipients to click on links or disclose
personal information.
5. Vishing: Voice phishing, where attackers use phone calls to deceive victims into providing sensitive information
or downloading malware.
 6. Clone Phishing: Attackers create exact replicas of legitimate emails, but with malicious links or attachments
added, aiming to deceive recipients into disclosing information.
Each type of phishing attack aims to exploit human vulnerability and deceive victims into unwittingly providing sensitive
information, leading to financial loss, identity theft, and other harmful consequences.

4. How to Defend Against Password Cracking Attack? Discuss some common password attack methods.
Password cracking:
Password cracking is the process of trying to uncover or guess a password, usually by using various methods such as
guessing common passwords, trying different combinations of characters, or exploiting vulnerabilities in security
systems. The goal of password cracking can vary, from legitimate attempts to recover forgotten passwords to malicious
efforts to gain unauthorized access to systems or accounts.

Types of password attacks:

1. Non-Electronic Attacks: These don't need technical skills. Hackers might use social tricks like looking through
trash or watching over someone's shoulder to get passwords.
2. Active Online Attacks: Hackers try to get into systems by guessing or cracking passwords. They might use
methods like trying common passwords, guessing, or tricking people into giving their passwords.
3. Passive Online Attacks: Hackers watch the information going to and from a system to steal passwords. They
don't change anything, just quietly gather data to break in. Techniques include watching network traffic or
intercepting messages.
4. Offline Attacks: Here, hackers try to figure out passwords from saved data without needing to be connected to
the system. They might use special tables of passwords to speed up the process. These attacks can take time
but can be very effective.

Common Password Attack Methods:

1. Password Guessing:
 Attackers try to guess passwords based on known information about the target, such as their name, birthdate, or
common words associated with them.
 For example, if a person's name is John and his birthdate is 1985, attackers might try passwords like "john1985"
or "johnny85".
2. Dictionary Attacks:
 Automated tools systematically try a list of common words, phrases, or dictionary terms to guess passwords.
 For example, a dictionary attack might try common passwords like "password", "123456", or "letmein" against
a target account.
3. Brute Force:
 Brute force attacks involve trying every possible combination of characters until the correct password is found.
 For example, if a password is eight characters long and consists of only lowercase letters, a brute force attack
would start with "aaaaaaaa" and go through all possible combinations until it reaches "zzzzzzzz".
4. Credential Stuffing:
 Attackers use stolen usernames and passwords from one data breach to try to access other accounts where
users have reused the same credentials.
 For example, if a hacker obtains a list of usernames and passwords from a breach of Site A, they might try
using those same credentials to access accounts on Site B, C, and so on.
5. Password Spraying:
 In a password spraying attack, attackers try a few common passwords (such as "password" or "123456") across
many accounts.
 For example, an attacker might try the password "password" against thousands of different accounts to see if
any of them work, before moving on to another common password like "123456".

Defending against password cracking attacks is crucial for ensuring the security of your systems and accounts. Here
are some strategies to help defend against such attacks:
 Keep an eye on data security regularly to catch password attacks early.
 Don't reuse passwords for different accounts.
 Never share passwords with anyone.
 Avoid using common words or phrases as passwords.
 Use strong encryption for passwords, not weak methods.
 Make users change passwords regularly, like every month.
  Store passwords securely to prevent unauthorized access.
 Change default passwords on devices to unique ones.
 Keep computer systems updated to fix vulnerabilities.
 Set up account lockout policies to stop repeated login attempts.
 Use automated systems for managing passwords efficiently.
 Encrypt BIOS passwords on important devices like mainframes.

5. What is Keylogger? Discuss different types of Keylogger. Also discuss the methods to prevent from key-loggers.
Keylogger
A keylogger, also known as keystroke logger or keystroke recorder, is a type of software, hardware, or a combination
of both that secretly records every keystroke you make on your computer or phone. It's like a spy that keeps track of
everything you type, including passwords and other sensitive information, without you knowing. Keyloggers can be
software installed on your device or hardware plugged into it. They've been around since the 1970s and have gotten
more advanced over time, making them a big threat to your privacy and security.

Types of keyloggers:
1. Software-based Keyloggers: These are programs installed on devices to secretly record keystrokes. Example:
Spyrix Personal Monitor.
2. Hardware-based Keyloggers: Physical devices placed between keyboards and computers to capture keystrokes.
Example: Keyllama USB Keylogger.
3. Wireless Keyloggers: Intercept keystrokes from wireless keyboards. Example: KeyGrabber Wi-Fi Premium.
4. Kernel or Rootkit-based Keyloggers: Operate at a deep level within the system, making them hard to detect.
Example: DarkComet RAT.
5. Remote Keyloggers: Send captured keystrokes to a remote server controlled by attackers. Example: Ardamax
Keylogger.
6. Form-grabbing Keyloggers: Capture data entered into online forms. Example: Zeus Trojan.
7. Memory Injection Keyloggers: Inject malicious code into system memory to record keystrokes. Example: Poison
Ivy RAT.
8. Script-based Keyloggers: Use scripts embedded in websites to capture keystrokes. Example: Predator Pain.
9. Time-based Keyloggers: Record keystrokes at specific time intervals. Example: Perfect Keylogger.
10. SMS-based Keyloggers: Intercept text messages and keystrokes on mobile devices. Example: mSpy.
11. Remote Administration Tool (RAT) Keyloggers: Part of remote administration tools, providing control over a
victim's computer. Example: NetWire RAT.

Prevention from Keyloggers

1. Anti-Keyloggers: Software designed to detect and remove keyloggers from your computer. Example: Zemana
AntiLogger.
2. Anti-virus: Anti-virus software can detect and remove keyloggers from your system. Example: Norton Antivirus.
3. Automatic form filler: Use tools that automatically fill forms, so you don't need to type. Example: LastPass.
4. One-Time-Passwords (OTPs): Use unique passwords generated each time you log in. Example: Google
Authenticator.
5. Patterns or mouse-recognition: On mobile, use patterns instead of typing passwords. On PC, use mouse gestures.
Example: Android pattern lock.
6. Voice to Text Converter: Use software that converts voice commands to text instead of typing. Example: Dragon
NaturallySpeaking.

6. What is Spyware? Discuss different type of Spyware.

Spyware
Spyware is malicious software that gets into your computer without permission, secretly collects your personal data,
and sends it to others. Hackers use it to track your activities, steal your information, and even damage your computer.
What Spyware Does:
 Spies on your activities like browsing history, passwords, and more.
 Installs additional software or makes changes to your device.
 Sends stolen data to attackers or sells it to others.
How Spyware Gets In:
 Hides in legitimate downloads or websites.
 Bundled with other software you download.
  Exploits weaknesses in software or hardware.
 Sneaks in through compromised or fake websites.
 Can infect devices through public Wi-Fi networks.
Problems Caused by Spyware:
 Steals personal data, leading to identity theft.
 Damages your device's performance and can cause crashes.
 Interrupts your browsing with unwanted ads or redirects.
Protecting Against Spyware:
 Use reputable antivirus software and keep it updated.
 Be cautious of downloads, especially from unknown sources.
 Avoid clicking on suspicious links or attachments.
 Use secure networks and avoid public Wi-Fi.
 Regularly update your device's software and use secure passwords.
 Be cautious with app permissions and only download from official app stores.
 Practice safe browsing habits and be skeptical of unexpected messages or warnings.

Types of Spyware
1. Adware: It monitors your activities and shows you targeted ads. Example: Superfish.
2. Info Stealer: Collects specific data from your device, like passwords or instant messaging conversations. Example:
Zeus Trojan.
3. Keyloggers: Records everything you type, including passwords and messages. Example: Spyrix Keylogger.
4. Rootkits: Allows attackers to gain deep access to your device, making them hard to detect. Example: Sony Rootkit.
5. Red Shell: Installs during game installations and monitors your online activities. Example: Red Shell spyware in PC
games.
6. System Monitors: Tracks your computer usage, including emails, social media, and keystrokes. Example: Family
Orbit.
7. Tracking Cookies: Placed by websites to track your online activity. Example: DoubleClick.
8. Trojan Horse Virus: Delivers spyware to your device through disguised malware. Example: Emotet Trojan.
Spyware can target various devices, including:
 Apple Devices: Spyware targeting Mac computers, stealing passwords and capturing screenshots. Example:
OSX/CrescentCore.
 Mobile Devices: Steals data like call logs, messages, and tracks location. Example: Pegasus spyware.

7. What do you understand by Virus and Worms?

Virus:
 A virus is a harmful computer program that can copy itself and infect other computers without permission.
 It can corrupt or delete files, slow down your computer, or steal personal information.
 Viruses spread when infected files or software are transferred between devices, often through email
attachments or downloads.
 Types of viruses include file viruses (attach to files), boot sector viruses (infect boot disks), macro viruses
(infect macros in documents), and more.

Prevention from Viruses:

 Use antivirus software and keep it updated.
 Update your operating system and software regularly.
 Be cautious with email attachments and links.
 Use a firewall and strong passwords.
 Backup your important files regularly.
 Stay informed about cybersecurity threats and educate yourself and others about safe online practices.

Famous Computer Viruses:

 Examples include ILOVEYOU, Melissa, Wanna Cry, Code Red, Conficker, Blaster, and more.
 These viruses caused significant damage by infecting millions of computers worldwide.

Worm:
 A computer worm is a type of malware that can spread itself to other computers without human intervention.
 It replicates and infects computers by exploiting vulnerabilities in operating systems and software.
  Worms can spread through email attachments, file-sharing networks, instant messaging, and websites.
 Types of worms include email worms, file-sharing worms, crypto worms, internet worms, and worms that
spread via instant messaging.

Prevention from Worms:

 Keep software up-to-date.
 Use a firewall and antivirus software.
 Exercise caution with email and downloads.
 Implement network segmentation.
 Educate users about safe browsing habits.
 Regularly backup critical data.
 Monitor network traffic for unusual activity.
 Conduct security audits and penetration testing.

Difference between Worms and Viruses

Basis of Worms Viruses
Comparison
Definition A type of malware that spreads to different Malicious code attached to executable files,
computers via networks. which can modify or delete data.
Objective Consumes system resources, making systems slow Modifies information on infected systems.
or unresponsive.
Host Does not need a host to replicate. Requires a host to spread.
Harmfulness Less harmful compared to viruses. More harmful.
Detection & Detected by antivirus software and firewalls. Antivirus software is used for protection.
Protection
Controlled by Can be controlled remotely. Cannot be controlled remotely.
Execution Exploits system weaknesses. Executed via executable files.
Source Often comes from downloaded files or network Often comes from shared or downloaded files.
connections.
Symptoms Slows down computer, automatic program Pop-up windows, changed passwords, unknown
running, sending emails without permission. programs running.
Prevention Keep systems updated, avoid clicking on Use antivirus software, avoid opening unknown
suspicious links or emails. email attachments.
Types Internet worms, email worms, file-sharing worms, Boot sector virus, polymorphic virus, macro
etc. virus, etc.
Speed Spreads faster. Spreads slower compared to worms.
Examples Morris worm, Storm worm, etc. Creeper, Blaster, Slammer, etc.

8. What is Steganography? Discuss different types of Steganography.

 The term 'Steganography' originates from the combination of two Greek words: 'stegos,' which translates to 'to
cover', and 'graphia', meaning 'writing". This results in the interpretation of 'covered writing' or 'hidden writing.'
 Steganography is like a secret way of hiding messages within files like images, videos, or even text. Instead of
making the message unreadable like cryptography does, steganography focuses on keeping the existence of the
message a secret. It's like hiding a secret message in plain sight.
 Imagine steganography as hiding a note inside a painting. To anyone casually looking at the painting, it just looks
like a regular piece of art. But if you know where to look or how to decode it, you can find the hidden message.
So, steganography is all about concealing information in a way that only the sender and intended receiver know
how to uncover it.

Basic Steganographic Model

In the basic steganographic model, a cover file (X) and a secret message (M) are fed into a steganographic encoder. This
encoder function, represented as f(X, M, K), hides the secret message within the cover file. The resulting stego object looks
almost identical to the original cover file, showing no obvious changes. To retrieve the secret message, the stego object is
processed by a steganographic decoder.
Difference between Cryptography and Steganography

Aspect Cryptography Steganography

Objective Makes messages unreadable to unauthorized Conceals the existence of a message.
users.
Visibility Encrypted message is visible but unreadable Hidden message is typically invisible or
without decryption key. inconspicuous.
Method Uses mathematical algorithms to scramble the Embeds the message within seemingly unrelated
message into ciphertext. data or media.

Detection Algorithms can be detected, but breaking Detection is difficult without specific tools due to
encryption is challenging. intentional concealment.
Security vs. Focuses on securing data from unauthorized Focuses on hiding the fact that a message is being
Concealment access. sent.
Usage Used for secure communication, data privacy, Used in covert communication, watermarking,
authentication, etc. digital forensics, etc.

Types of Steganography
Steganography encompasses various techniques for concealing information within seemingly innocuous carriers, such as
images, text, audio, or video.

1. Image Steganography:
 This form of steganography involves hiding data within digital images. The technique exploits the redundancy in
image files, allowing for the embedding of secret messages without significantly altering the visual appearance of
the image.
 For example, the least significant bits of the pixels can be modified to encode the hidden data, making it
imperceptible to the human eye. Image steganography is commonly used for covert communication,
watermarking, and digital forensics.

2. Text Steganography:
 Text steganography hides information within text documents or messages. Unlike encryption, which scrambles the
content of a message, text steganography aims to conceal the existence of the message itself. Techniques include
altering the formatting, word choice, or syntax of the text to embed hidden data.
 For instance, certain words or letters may be used to convey a hidden message within an otherwise normal text
document.

3. Audio Steganography:
 Audio steganography involves embedding secret information within audio files. This technique modifies the audio
signal in a way that is imperceptible to the human ear but allows for the concealment of data. Hidden messages
can be encoded within the frequency spectrum, amplitude modulation, or phase modulation of the audio signal.
Audio steganography is used for secure communication, copyright protection, and digital watermarking.
 For example, you might have a song that sounds like any other song, but hidden within the audio signal are bits
of information. To the listener, the song would sound no different from any other, but specialized software could
extract the hidden message from the audio file.
4. Video Steganography:
 Video steganography conceals information within video files. Similar to image steganography, this technique
exploits the redundancy in video data to embed hidden messages without noticeable changes to the visual
content. Hidden data can be encoded within individual frames, color channels, or motion vectors of the video
stream. Video steganography is employed in applications such as covert surveillance, forensic analysis, and
copyright protection.
 For example, you could hide a secret message by adjusting the brightness or color of certain frames in the video.
To someone watching the video, it would look like any other video, but there would be a hidden message encoded
within it.
 Example: A video of a landscape with subtle changes in color representing hidden text, such as timestamps or
coordinates.

9. Discuss different types of attacks on Wireless Networks.

Some common types of attacks on Wireless Networks are:

1. Passive Attacks:
 Packet Sniffing: Attackers capture and analyze data packets transmitted over the wireless network. They
can intercept sensitive information such as login credentials, emails, or financial transactions.
 Eavesdropping: Similar to packet sniffing, eavesdropping involves listening in on wireless communications
to gather sensitive information without the user's knowledge.
2. Active Attacks:
 Man-in-the-Middle (MITM) Attack: In this attack, the attacker intercepts and possibly alters the
communication between two parties without their knowledge. This can lead to unauthorized access, data
theft, or injection of malicious content.
 Replay Attack: Attackers capture data packets transmitted over the network and replay them to gain
unauthorized access or disrupt communication.
 Denial of Service (DoS) Attack: Attackers flood the wireless network with a high volume of traffic, causing
it to become overwhelmed and unavailable to legitimate users. This can result in disruption of services
and network downtime.
 Deauthentication Attack: Attackers send deauthentication packets to wireless clients, forcing them to
disconnect from the network. This can lead to denial of service for legitimate users or enable further
attacks like capturing handshake packets for cracking Wi-Fi passwords.
3. Brute Force Attacks:
 Password Guessing: Attackers attempt to gain unauthorized access to wireless networks by
systematically trying different passwords until the correct one is found. This is often done using
automated tools and dictionaries of commonly used passwords.
 Dictionary Attack: Similar to password guessing, but attackers use a predefined list of words and phrases
(dictionary) to try and guess the password. This method is more efficient than random guessing.
 Rainbow Table Attack: Attackers use precomputed tables of hashed passwords (rainbow tables) to
quickly crack hashed passwords obtained from wireless networks.
4. Security Protocol Exploitation:
 WEP/WPA/WPA2 Cracking: Weaknesses in security protocols like WEP (Wired Equivalent Privacy), WPA
(Wi-Fi Protected Access), and WPA2 can be exploited to gain unauthorized access to wireless networks.
This may involve capturing and analyzing Wi-Fi handshake packets, exploiting protocol vulnerabilities, or
using brute force attacks to crack encryption keys.
 Key Reinstallation Attacks (KRACK): Exploiting vulnerabilities in the WPA2 protocol, attackers can
intercept and manipulate data transmitted between devices on a Wi-Fi network, potentially leading to
data theft or manipulation.

10. Write short notes on DoS and DDoS Attacks

 Denial-of-Service (DoS) attack: A cyber-attack that aims to make a computer or network inaccessible by
overwhelming it with excessive traffic.
 Attack Method: The attacker floods the target with a large volume of traffic or data, causing it to crash or become
inaccessible to legitimate users.
 Exploiting Vulnerabilities: Attackers exploit software weaknesses to exhaust server resources like RAM or CPU,
rendering the system unable to handle normal requests.
  Example: In a DoS attack on a bank website, sending a few fake login requests per second can prevent legitimate
users from accessing the site.
 Ping of Death: A famous DoS technique involving sending special network messages that crash vulnerable servers,
typically by overloading them with ICMP packets.
 Safety Precautions: It's advised to conduct such activities on virtual machines rather than real systems to avoid
disrupting working environments.
 Command Usage: To perform a flood of requests on an IP address, use the command "ping ip_address -t -l 65500"
specifying the target IP and data load.

How Do DoS Attacks Work

 DoS attacks disrupt target systems by flooding them with excessive traffic or exploiting vulnerabilities to exhaust
resources.
 Steps:
1. Attacker selects target.
2. They generate high traffic using flood-based, resource exhaustion, or application layer techniques.
3. Target's resources are overwhelmed, causing slowdowns or unavailability.
4. Impact includes financial loss and service disruption.
 Variations: DDoS involves multiple devices or botnets.
 Protection: Implement network monitoring, traffic filtering, and utilise hardware/software solutions for detection
and mitigation. Regular updates and incident response plans are crucial.

Types of Dos Attack

1. Flooding Attacks:
i. ICMP Flood: Overwhelms with ICMP packets.
ii. UDP Flood: Floods with UDP packets.
iii. SYN Flood: Floods with TCP SYN packets.
2. Amplification Attacks:
i. DNS Amplification: Spoofs DNS queries to amplify traffic.
ii. NTP Amplification: Exploits NTP for amplified responses.
3. Application Layer Attacks:
i. HTTP Flood: Overloads web server with HTTP requests.
ii. Slowloris: Keeps HTTP connections open with incomplete requests.
4. Resource Exhaustion Attacks:
i. Ping of Death: Crashes system with oversized ICMP packets.
ii. Teardrop Attack: Freezes system with fragmented IP packets.
5. Application-Specific Attacks:
i. SQL Injection: Crashes web apps with malicious SQL code.
ii. Buffer Overflow: Freezes system by overflowing memory buffers.

Preventing a DoS Attack

1. Network Security:
 Use firewalls and IDS to monitor traffic.
 Employ rate limiting and traffic shaping.
2. DDoS Protection:
 Use dedicated services for real-time detection.
 Consider CDNs to absorb attack impact.
3. Load Balancing and Redundancy:
 Distribute traffic across multiple servers.
 Ensure backup systems are in place.
4. Network Segmentation:
 Divide networks to limit attack impact.
 Utilize firewalls for protection.
5. Intrusion Prevention and Detection:
 Deploy IPS/IDS to monitor and block suspicious activity.
6. Traffic Analysis and Anomaly Detection:
 Monitor traffic for abnormal patterns.
 Use tools for real-time attack response.
7. IP Blocking:
  Block traffic from known malicious sources.
8. Rate Limiting:
 Limit traffic rate to prevent overwhelming servers.
9. Content Delivery Networks (CDNs):
 Distribute content across multiple locations for resilience.

DDOS (DISTRIBUTED DENIAL OF SERVICE)

 DDoS is a type of DoS attack with multiple sources.
 It overwhelms a target with high traffic from compromised devices.
 Attackers control a network of infected computers or devices.
 The goal is to make the target inaccessible to legitimate users.
 DDoS attacks are harder to stop due to their distributed nature.
 They cause severe disruptions, financial losses, and reputation damage.

Types of DDoS Attacks:

1. Volumetric Attacks: Overwhelm the target with excessive traffic, exceeding its capacity.
2. Protocol Attacks: Exploit vulnerabilities in the TCP connection sequence, causing ports to be unavailable.
3. Application Attacks: Slowly target victim applications, making them unable to respond to legitimate requests.
4. Fragmentation Attacks: Exploit flaws in datagram fragmentation, preventing reassembly of packets.

11. Write a short note on Trojan Horse

 A Trojan horse is a type of malicious software, or malware, that disguises itself as a harmless file or program to
deceive users into installing it.
 The name is derived from the ancient Greek tale of the Trojan War, where a wooden horse was used to infiltrate
the city of Troy. Similarly, Trojan horses infiltrate computer systems, often via email attachments, downloads, or
links, exploiting vulnerabilities in software or user behavior.
 Once installed, a Trojan horse can take control of the compromised computer, allowing attackers to steal sensitive
information, damage data, or even gain unauthorized access to the system.
 Unlike viruses or worms, Trojans do not replicate themselves but rely on user actions for installation. They operate
silently in the background, making it difficult for users to detect their presence.
 Trojan horses come in various forms, each designed for specific malicious purposes, such as remote access, data
theft, or facilitating other malware attacks. To protect against Trojan horses, users should employ reliable antivirus
software, exercise caution when opening email attachments or clicking on links, and keep their operating systems
and software updated with the latest security patches.
Examples:
 Zeus Trojan: Targeted banking credentials by injecting malicious code into banking websites.
 Emotet Trojan: Started as banking malware, evolved into a major threat, spread via email attachments, steals
sensitive information.
 Cryptolocker Ransomware: Encrypts files and demands ransom for decryption, often delivered through Trojan
methods.
 Hancitor Trojan: Used to deliver other malware payloads, spreads via malicious email attachments.
 PoisonIvy RAT: Remote Access Trojan used for unauthorized remote access, steals sensitive information.
 DarkTequila Trojan: Targeted banking and financial information, affected users in Latin America, conducted
fraudulent transactions.
 Gameover Zeus Trojan: Variant of Zeus used for wire fraud, operated through a peer-to-peer botnet.
 SpyEye Trojan: Similar to Zeus, stole financial information, credentials, and personal data for fraud and identity
theft.

Use of Trojan horse:

1. Data Theft: Stealing sensitive information like passwords and credit card details.
2. Financial Fraud: Stealing online banking credentials for fraudulent transactions.
3. Spying: Monitoring user activities, capturing screenshots, and recording keystrokes.
4. Remote Access: Gaining control over infected systems for executing commands or downloading files.
5. DDoS Attacks: Overloading target servers with traffic to disrupt services.
6. Ransomware Delivery: Carrying and delivering ransomware to encrypt files and demand ransom.
7. Malware Downloading: Installing additional malware onto infected systems.
8. Botnet Participation: Joining systems into networks for various malicious activities.
 9. Keylogging: Recording keystrokes to gather sensitive information.
10. Phishing Attacks: Tricking users into installing malicious software through deceptive links or files.
11. Ad Fraud: Generating fraudulent clicks on online advertisements.
12. System Damage: Altering files, modifying settings, or corrupting data to cause harm.

Types of Trojan Horse

1. Remote Access Trojans (RATs): Allow attackers to control devices remotely.
2. Data-stealing Trojans: Steal sensitive information like passwords and financial data.
3. Downloader Trojans: Download and install other malware onto infected systems.
4. Banking Trojans: Target online banking credentials for fraud.
5. Ransomware Trojans: Encrypt files and demand payment for decryption.
6. Keylogging Trojans: Record keystrokes to capture sensitive information.
7. Spyware Trojans: Gather user data for malicious purposes.
8. FakeAV Trojans: Pose as legitimate antivirus software to scam users.
9. SMS Trojans: Send unauthorized premium-rate SMS messages.
10. Rootkit Trojans: Provide stealthy, unauthorized access to systems.
11. Backdoor Trojans: Create hidden entry points for remote access.
12. Dropper Trojans: Deliver and execute malicious payloads.

Prevention from Trojan Horse

 Install reliable antivirus and antimalware software and keep them updated.
 Regularly update your operating system, applications, and antivirus software.
 Be cautious with email attachments and links, especially from unknown sources.
 Enable and configure firewalls on your devices.
 Download software and files only from reputable sources.
 Educate yourself and others about safe browsing practices and phishing attempts.
 Use network security measures like intrusion detection systems and access controls.
 Back up important data regularly to external storage or secure cloud services.
 Limit user access to critical systems and information.
 Disable autorun/autoplay features to prevent automatic execution of programs.
 Use a VPN, especially on public Wi-Fi networks, to encrypt your connection.
 Monitor system activity for unusual behavior or unauthorized access.
 Conduct regular security audits to identify and address vulnerabilities promptly.

Backdoor Trojans
 Backdoor Trojans: Allow unauthorized remote access, giving hackers full control.
 They sneak into systems, dodging detection by bypassing authentication.
 Once installed, they become part of the system's startup routine for persistence.
 Also known as Trojan horses, they create secret entry points for malware propagation.
 Like the Greek myth, they lead to unexpected and harmful consequences.
 Function as trap doors, providing covert access, hence the term "back door."

How Does a Backdoor Trojan Affect a System?

 Backdoor Trojans create hidden entry points, allowing unauthorized access.
 Attackers gain remote control, executing commands and manipulating the system.
 They steal sensitive data, install additional malware, and form botnets.
 Evasion techniques like encryption are used to avoid detection.
 They can launch DDoS attacks, degrade system performance, and cause damage to organizations.

12. Write a short note on Buffer Overflow

 Buffer overflow is a software vulnerability where a program attempts to store more data in a buffer than it can
hold, leading to the overflow of excess data into adjacent memory locations.
 A buffer is like a temporary storage area for data. If too much data is placed into this storage by a program, it
overflows, leaking into other areas and potentially causing problems.
 Sometimes, hackers can use this overflow to insert their own instructions, which can harm files, change data, or
reveal private information.
Types of Buffer Overflow:
 Stack-based Buffer Overflow: Occurs when the buffer overflow happens in the stack memory region, usually due
to unchecked input data.
 Example: In this type of buffer overflow, an attacker exploits a buffer allocated on the stack to overwrite
the return address of a function, redirecting the program's execution flow to malicious code.

 Heap-based Buffer Overflow: Happens when the buffer overflow occurs in the heap memory region, often due
to mismanagement of dynamically allocated memory.
 Example: Attackers exploit buffers allocated on the heap, often in dynamically allocated memory, to
overwrite adjacent data structures or function pointers, potentially leading to arbitrary code execution.

 Integer Overflow: While not strictly a buffer overflow, integer overflow occurs when the result of an arithmetic
operation exceeds the maximum value that can be represented by the data type, leading to unexpected behavior
or memory corruption.

Consequences:
 Data Corruption: Too much data can mess up important stuff, like instructions or stored information, causing the
system to act weird or crash.
 Code Execution: Attackers can send sneaky data to a program with overflow problems, making it run harmful
code and giving them control over the system.
 Denial of Service (DoS): Overflowing data can crash or freeze the system, making it unusable for regular users.
 System Crashes: Overflowing data can make programs crash or get stuck, causing everything to stop working.
 Access Control Loss: Hackers might get more control over the system than they should, letting them do things
they're not supposed to.
 Further Security Issues: Finding one problem might lead to uncovering more ways for hackers to mess with the
system, making things even worse.

Prevention Techniques:
 Bounds Checking: Check data to ensure it doesn't go beyond its designated space.
 Safe Coding: Use secure coding practices and avoid risky functions.
 Address Space Layout Randomization (ASLR): Mix up memory layout to make it harder for attackers to predict
where code or data is stored.
 Input Validation: Always check and clean up data from users to remove any harmful elements.
 Keep Software Updated: Regularly update software to fix known issues and vulnerabilities.
 Security Testing: Test regularly for vulnerabilities and fix them promptly.
 Runtime Protection: Use tools to catch and stop buffer overflow attacks in real-time.

Importance: Buffer overflow vulnerabilities pose significant security risks, allowing attackers to compromise systems,
steal sensitive data, or disrupt operations. Therefore, it is crucial for developers to understand and mitigate these
vulnerabilities to ensure the security and integrity of their software applications.

13. Write a short note on Identity Theft

Identity theft is when someone steals your personal information to use it for their own gain without your
permission. This can lead to serious problems like financial losses and emotional distress.

There are different ways identity thieves can use your information:
 They might open credit cards or loans in your name and leave you responsible for the charges.
 They could pretend to be you to get government benefits or jobs, causing legal trouble for you.
 Sometimes they use your identity to get medical services, which can mess up your medical records.
 Thieves may even file fake tax returns using your information to get refunds, putting you in financial trouble.
 They might trick you into giving them more personal information through emails or calls.

To protect yourself:
 Keep your personal information safe and only share it when necessary.
 Use strong passwords and be careful online.
  Check your financial accounts regularly for any suspicious activity.
 Make sure your devices are secure and update them regularly.
 Shred any documents with personal information before throwing them away.

There are different types of identity theft, like:

1. Criminal Identity Theft: Someone uses your identity to commit crimes, leading to wrongful charges against you.
2. Senior Identity Theft: Thieves target seniors by tricking them into giving personal information for fraud.
3. Driver's License ID Identity Theft: Thieves use your driver's license info to get loans or open accounts in your name.
4. Medical Identity Theft: Your health info is stolen for fake medical services, leaving you with false bills or records.
5. Tax Identity Theft: Thieves use your tax info to file fake returns and claim refunds, which you might discover later.
6. Social Security Identity Theft: Thieves aim to get your Social Security Number to access your personal info.
7. Synthetic Identity Theft: Thieves create new identities by combining info from different sources, affecting multiple
victims.
8. Financial Identity Theft: Your financial credentials are stolen for monetary gain, often noticed when checking
account balances.

Techniques of Identity Theft:

1. Pretext Calling: Thieves pretend to be company employees on the phone, asking for financial info.
2. Mail Theft: Thieves steal credit card details from public mailboxes.
3. Phishing: Thieves send fake emails pretending to be banks to trick people into sharing personal info or
downloading malware.
4. Internet Exploitation: Attackers use spyware on public networks to gather personal info from users.
5. Dumpster Diving: Thieves look through trash for documents like bank statements containing personal info.
6. CVV Code Requests: Attackers pose as bank officials and ask for the security code on debit cards for supposed
transaction security.

Steps to Prevent Identity Theft:

 Use strong passwords and don't share PINs.
 Enable two-factor authentication for email.
 Secure devices with passwords or biometrics.
 Only download software from trusted sources.
 Keep sensitive info off social media.
 Confirm payment gateway authenticity before entering passwords.
 Carry minimal personal info daily.
 Change PINs and passwords regularly.
 Avoid giving personal info over the phone.
 Be cautious sharing info while traveling.
 Don't share Aadhaar/PAN/SSN with strangers.
 Limit personal info on social media.
 Never share Aadhaar OTPs via phone.
 Be wary of suspicious Aadhaar OTP SMS.
 Avoid sharing personal data for promised benefits.
 Stay informed on security practices.

14. Write a short note on SQL Injection.

 What is it?: SQL Injection is a sneaky way hackers mess with web applications by putting bad code into the
database commands.
 What they do: If successful, hackers can change data, get secret info, do admin stuff, or even grab files from the
system.
 Why it's bad: It lets hackers mess with databases without permission, which can lead to big problems like data
breaches or taking control of applications.
 How it works: Hackers send special database commands through web forms or URLs to trick the system into
doing what they want.
 What they target: Any website using databases like MySQL or Oracle can be at risk, letting hackers get into
sensitive data.
  Why they do it: Hackers want to get their hands on valuable info like customer data or secrets, making SQL
Injection a big danger for websites.

Performing an SQL Injection Attack:

 Step 1: Find Weak Spots: Hackers look for places on a website where they can sneak in their own commands, like
forms or website addresses.
 Step 2: Make a Tricky Message: They create a special message with sneaky code inside, designed to mess with
the website's database.
 Step 3: Send the Tricky Message: They send their sneaky message through the website's vulnerable spots.
 Step 4: Database Does the Trick: The website doesn't check the message properly, so it runs the hacker's code
right along with everything else.
 Step 5: Hackers Do Bad Stuff: If it works, hackers can grab secret info, mess up data, or even take control of the
whole website.

Reasons for SQL Injection Attacks:

1. Get Secret Data: Hackers use SQL Injection to sneak past security and grab valuable info like personal details or
financial data.
2. Mess with Data: They can change, delete, or add data in the database, messing up records or account balances.
3. Get More Power: SQL Injection lets hackers boost their access level within a website or database, giving them
admin privileges they shouldn't have.
4. Cause Chaos: Hackers can use SQL Injection to crash websites, corrupt data, or make systems unusable, causing
chaos for users.
5. Break into Networks: In some cases, SQL Injection can be just the start. Hackers use it to get into other parts of a
network and launch even more attacks.

Some notable SQL injection vulnerabilities:

1. Tesla (2014): Hackers breached Tesla's website using SQL injection, gaining admin privileges and stealing user data.
2. Cisco (2018): A SQL injection vulnerability in Cisco Prime License Manager allowed attackers to gain shell access
to systems. Cisco has since fixed the issue.
3. Fortnite (2019): An SQL injection vulnerability was found in Fortnite, potentially allowing attackers to access user
accounts. The vulnerability has been patched.

To prevent SQL Injection attacks:

1. Input Validation and Sanitization: Always check and clean user input before using it in SQL queries. Use
parameterized queries or prepared statements to separate user input from SQL logic, stopping malicious code
from executing.
2. Use Parameterized Queries: Instead of directly inserting user input into SQL queries, use parameterized queries
provided by your programming language or framework. This ensures user input is treated as data, not executable
code.
3. Least Privilege Principle: Limit database accounts' privileges to the minimum required for each task. This reduces
potential damage if an SQL Injection vulnerability is exploited.
4. Secure Coding Practices: Follow secure coding guidelines, avoiding dynamic SQL queries. Update your application
regularly to patch security vulnerabilities.
5. Web Application Firewall (WAF): Use a WAF to detect and block SQL Injection attempts before they reach the
database.
6. Limit Database Error Messages: Configure your database server to show generic error messages instead of
detailed ones, which could reveal sensitive information.
7. Regular Security Audits: Conduct security audits and penetration testing to find and fix SQL Injection
vulnerabilities.
8. Keep Software Updated: Regularly update your application's software and libraries to benefit from the latest
security patches.