Wayanamac Education Trust ®

DON BOSCO INSTITUTE OF TECHNOLOGY

An Autonomous Institution, Affiliated to VTU, Belagavi
Kumbalagodu, Mysore Road, Bengaluru – 560074
Department of Electronic and Communication Engineering
Module-2: CyberOfenses
AGENDA

 Introduction
 Categories of cybercrime
 How criminals plan the attacks
 Reconnaissance
 Passive Attacks
 Active Attacks
 Scanning and Scrutinizing Gathered Information
 Attack(Gaining and Maintaining the System access )
 Social Engineering
 Classification of Social Engineering(Human –Based and Computer Based)
 Cyber Stalking
 Types of Stalkers
 Cases reported on Stalking
 How stalking works
 Real -life incident of Cyber stalking(case study)
 Cyber cafe & cybercrimes.
 Botnets: The fuel for cybercrime
 Botnets
 Attack Vector.
Introduction
• Technology is a double edge sword as it can be used for both good and bad purpose.

• In today’s world of internet and computer networks a criminal activity can be carried
out across national borders with “false sense of anonymity”; without realizing we
seem pass on tremendous amount of information about ourselves.

• Cyber criminal use the world wide web and internet to an optimum level for all illegal
activities to store data, contacts, account information etc.

• The following diagram gives an idea about all those agencies that collect the
information about the individuals(Personally identifiable information such as date
of birth ,personal mail address, bank account details and /or credit card details etc.

• The criminals take advantage of the widespread lack of the awareness about cyber
crimes and cyber laws among the people who are constantly using IT infrastructure
for official and personal purposes.

• People who commit cybercrime are known as “crackers”.

 • An attacker would look to exploit the vulnerabilities in the network, most often so
because the networks are not adequately protected.

Hackers , Crackers and Phreakers

• Hackers: Strong interest in computers who enjoys in learning and experimenting,

very talented and smart people who understands the computer than others.
• Brute Force Hacking : Technique used to find passwords or encryption keys, also
involves trying every possible combination of letters, numbers etc. until the code is
broken.
• Cracker: is a person who break into a computers, Usually connected to the
computer crimes such as vandalism, theft and snooping in unauthorized area
• Cracking: act of breaking into the computers, Many sites are devoted to supplying
crackers with programs that allows them to crack into computers ,program
includes some dictionary for guessing passwords, WARNING MSG:
• Cracker tools: are widely distributed on the internet , includes password crackers ,
Trojans ,Viruses , War dialers and worms.
• Phreaking: Notorious art of breaking into phone or other communication systems
• War Dialer: Program hat automatically dials phone numbers looking for
computers on the other end

• Meaning : Vulnerability(a weakness that can be exploited by cyber criminals to gain

unauthorized access to computer system).
• Categories of the Vulnerabilities that hackers search for:
1. Inadequate Border Protection
2. Remote access Servers with weak access controls
3. Application Servers with well-Known exploits
4. Misconfigured systems and systems with default configurations

Basics Definition:
• Cyber security, being a highly technical practice ,is not something we typically
think of as being associated with colors.
• The community has labelled its functional teams in different colors.
• Traditionally, cybersecurity companies or professionals includes whitelist for
good websites and blacklist for bad websites, users or IP addresses.
• Primary colors: Red , Blue & Yellow
• Secondary colors: Purple, orange &green (combination of primary colors)
• White color
• The concept of colors in the cybersecurity is based on mixing of primary colors
that define different strategies for different teams .
 • For Ex: Mixing Yellow and Blue creates green teams who take up coding,
programming and Developer skills(YELLOW) & Apply Defender strategies
(BLUE).
Cybersecurity color wheel:{Need: improves the security posture of an organization,
strengths the ability of organization to respond and prevent cyber attacks that cannot be
achieved by a single team}
• Was created by April. C Wright in 2017,who wrote a complete paper on color
wheel to expand and high light different fields of cybersecurity.
• Red team: The breakers- The function of this team to break into any system or
network to identify the potential vulnerabilities and risks.
• Blue team: The defenders- responsible for defending and protecting the digital
assets of organizations.
• Yellow team : The builders-they build and make sure the system, networks,
websites and apps are secure before the red and blue team hack or defend or
carry out their function.{made up of security testers, systems admins and
architects
• Purple team: is a amalgamation(it’s the combination of two or more
companies) of offensive and defensive cybersecurity teams who works on their
responsibilities as a single unit.
• Green team: ensures applications are deployed and integrated securely also
ensures longevity and security of the software development life cycle.
• Orange Team: the primary responsibility of the team is to educate and
facilitate interaction between red and yellow teams {educates the builders on
the findings of the breakers discovered
• White team: represents neutrality, responsible for management, compliance
and policy making of the organization. It manages security departments,
monitors their progress and organizes teams

What color is your hat in the security world?

Hats: exploit computer systems or networks to identify their security flaws so they can
make recommendations for improvement.
 When Edward De Bono wrote his epoch making the book the six thinking Hats m ost successful
did he know that the hats would follow suit in other domains too

Brown Hat: hacker is the one who thinks before acting or committing a malice or
non malice deed[malice-a complete solution to such increased risk of cyber threat
and designed to help learn to anticipate, detect and respond tactically (in a way that
relates to actions carefully planned to gain a specific end)to a cyber attack
Grey Hat: hacker who realizes information about any exploits or security holes he
/she finds openly to the public.

Categorized based on the following

a. The target of the crime
b. Whether the crime occurs as a single event or series of events
1. Crimes targeted at individuals:
• Exploit human weakness such as greed and naivety.

• Includes- financial frauds, sale of non existent or stolen item , child pornography,
copyright violation, harassment with the development in the IT and the internet.

2. Crimes targeted at property:

 • Includes stealing mobile devices such as cell phone , laptops , personal digital assistant
and removable medias such as CD or Pen drive , transmitting harmful programs that
can disrupt functions of the system or wipe out data from hard disk and also create
malfunctioning of the attached devices such as modem , CD drive.

3. Crimes targeted at organizations :

• Cyberterrorism is one of the distinct crime against Organizations/Governments.

• Attackers use computers and internet to usually terrorize the citizens by stealing
there personal information , also damage the programs and files to get control of the
network or system

4. Single event of cybercrime:

• It is the single event from the perspective of the victim.

• For example- Unknowingly open an attachment that may contain virus that will
infect the system (PC/Laptop).this is known as Hacking or fraud.

5. Series of Events:
• This involves attacker interacting with the victims respectively

• For example: Attacker interacts with the victim on the phone and /or via chat rooms
to establish relationship first and exploit that relationship to commit sexual assault.

Patriot hacking
• Patriot hacking also known as digital warfare
• Is a form of Vigilante computer systems cracking done by individuals or
groups against a real or perceived threat
• Although patriot hacking is declared as illegal in the US it is reserved only
for government agencies: Central Intelligence Agency[CIA] and National
security agency[NSA] as a legitimate form of attack and defense
• Federal bureau of investigation[FBI] raised the concern about rise in cyber
attacks like website defacements and Denial of service attacks [DoS] which
adds as fuel into increase in international tension and gets mirrored it into
online world
 • After the war in Iraq [2003],its getting popular in North America, Western
Europe and Israel-has an greatest threat on Islamic terrorism and its
aforementioned digital version.
• The peoples republic of China is allegedly making attacks upon the
computer networks of US and UK

Basic Definition:
• Vulnerabilities: A vulnerability is a weakness that can be exploited by
cybercriminals to gain unauthorized access to a computer system.
• Availability: Refers to timely and reliable access to the resources.
[Ex: Service attacks ,ICMP(Internet control message protocol) flood attacks.
• Integrity : Ensures consistency, trust worthiness and accuracy of data(prevents
modification of data by unauthorized people).
Ex: Man in the middle attacks, Salami attacks
• Authenticity: Ensures data authenticity and non repudiation
• Breaches: A data breach is an incident where information is stolen or taken from
a system without the knowledge or authorization of the system's owner
• Confidentiality (Privacy):Ensures that information is accessed by authorized
personnel
Ex: Credit card frauds, identity theft, wire tapping, phishing.

Categories of cyber crimes

• Criminals use many methods and tools to locate the vulnerabilities of their
targets(individual /organization)

• Criminals plan for active and passive attacks

• Active attacks are usually used to alter the system

• Passive attacks attempt to gain information about the target

• Active attacks may affect the availability, integrity and authenticity of data
 • Passive attacks lead to breaches of confidentiality.

• Attacks can be categorized as inside or outside.

• An attack originating and /or attempted within security perimeter of an organization

is an inside attack(insider-who gains access to more resources than expected)

• An attack attempted by the source from outside the security perimeter(indirectly

associated with organization i.e, Internet or remote access connection

Security Perimeter: refers to the process of defending a company’s network boundaries from
hackers, intruders, and other unwelcome individuals.
The Following phases are involved in planning cyber crime
1. Reconnaissance(information gathering) is the first phase and is treated as passive
attacks.
2. Scanning and scrutinizing the gathered information for the validity of the
information as well as to identify the existing vulnerabilities.
3. Launching an attack

Reconnaissance
• Is an act of reconnoitering- explore, often with the goal of finding something or
somebody(especially to gain information about an enemy or potential enemy).

• Reconnaissance phase begins with foot printing.

• This is the preparation towards preattack phase , involves accumulating data about
the targets environment and computer architecture to find ways to intrude[to thrust
 or force in or upon someone or something especially without permission, welcome, or
fitness into that environment]

• Foot printing- gives an overview about system vulnerabilities and provides a

judgement about exploitation of those vulnerabilities.

• Objective of this phase is to understand the system, its networking ports and services
and any other aspects of its security that are needful for launching the attack.

Passive Attack
• Involves gathering information about a target without owners knowledge.

• Example : it is simple as watching the building to identify at what time employees

enter the building premises.

• Usually done using internet search or googling( searching the required information
with the help of search engine google ) an individual or company to gain information.

1. Google or Yahoo search(locate information)

2. Surfing online community groups like Facebook/Orkut (gain information about an

individual)

3. Organization website may provide a personnel directory about key employees ,Ex:
contact details, Email address etc.

4. Blogs ,News group, Press releases ,etc are generally used as the mediums to gain
information about the company or employees

5. Going through the job postings in particular job profiles for technical persons can
provide information about type of technology, i.e., servers or infrastructure devices
a company maybe using on its network.

• Network Sniffing is another means of passive attack to yield useful information such
as internet protocol IP address ranges, hidden servers or networks.
• Network traffic is sniffed for monitoring the traffic on the network-attacker
watches the flow of data to see what time certain transactions take place and where
the traffic is going.

• Along with the google search, various other tools are also used for gathering
information about the target.
Tips for Effective Search with GOOGLE search engine
The following commands can be used effectively in the google search engine.
http://groups.google.com- This site can be used to search the google newsgroups.
Site- If this is included in query, google will restrict the results to those websites in the
given domain.Ex:[help site:www.google.com]- google will start finding the pages about
help within .com URLs( uniform resources locator).
File type: this will search within the text of a particular type of file
Link: will list the webpages that have links to the specified webpage.
Ex:[ link: www.google.com- will list webpages that have links pointing to the google
homepage.
Inurl: google will restrict the results to documents containing that word in the URL.
Cache: if you include other words in the query, google will highlight those words within
the cached document
Related: will list webpages that are similar to specified webpage
Info : will present some information that google has about that webpage.
Define : will provide a definition of the word /phrase you enter after it,gathered from
various online sources.
Stocks: if u begin a query with [Stocks] operator, google will treat rest of the query terms
as stock ticker symbols and will link to a page showing stock information for those symbols
Ex:[stocks: intc yhoo] will show the information about intel and yahoo.
Allintitle: if you start a query with [Allintitle].google will restrict the results to those with
all of the query words in the tittle.
Intittle : if you include in your query, google will restrict the results to documents
containing that word in the title.
Allinurl: if you start a query with ,google will restrict the results to those with all of the
query words in the URL.

Active attack
• An active attack involves probing the network to discover individual Hosts to confirm
the information(IP addresses, operating system type ,version and service on the
network) gathered in the passive attack phase.

• It involves the risk of detection and is also called Rattling the doorknobs or active
reconnaissance.

• Active reconnaissance can provide confirmation to an attacker about the security

measures in place(Ex: whether the front door is locked?).

• But the process can also increase the chance of being caught or raise a suspicion.
Scanning and Scrutinizing gathered information
Scanning is a key step to examine intelligently while gathering information about the target.

Objectives:

1. Port Scanning: identify open /close ports and services.

2. Network scanning: understand IP addresses and related information about the

computer network systems

3. Vulnerability Scanning: Understand the existing weakness in the system

Scrutinizing phase is always called “enumeration” in the hacking world.

Objectives:

1. The valid user accounts or groups

2. Network resources and/or shared resources

3. OS and different application that are running on the OS

Attack(Gaining and Maintaining the system access).

After scanning and enumeration, the attack is launched using the following steps:
1. Crack the password.
2. Exploit the privileges.
3. Execute the malicious commands / applications
4. Hide the files(if required).
5. Cover the tracks- Delete the access logs, so there is no trail illicit activity

Social Engineering
Social engineering is the technique to influence and persuasion to deceive people to obtain
the information or perform some action.

 Exploits the natural tendency of a person to trust social engineers word rather than
exploiting computer security holes.

 It is generally agreed that people are the weak link in security and this principle
makes social engineering possible

 A social engineer usually uses telecommunication (telephone or cell phone) or internet

to get them do something that is against the security practices or policies of the
organization.

 Social engineering involves gaining sensitive information or unauthorized access

privileges by building inappropriate trust relationship with insiders

 The goal of a social engineer is to fool someone into providing valuable information
or access to that information.

 Example: calling a user and pretending to be someone from the service desk working
on a network issue; the attacker then proceeds to ask questions about the user
working on, what files he/she uses, what his/her password is and so on.

Classification of Social Engineering

1. Human-Based Social Engineering
2. Computer-Based Social Engineering

Human-Based Social Engineering

  Refers to person to person interaction to get the required/desired information
Ex: calling the help desk and trying to find out a password
1. Impersonating an Employee or valid user : Impersonation is the perhaps the greatest
technique used by social engineers to deceive people(ex: posing oneself as an employee of
the same organization).

2. Posing as an important user : The attacker pretends to an important user –ex: a chief
executive officer(CEO) or high level manager who needs immediate assistance to gain
access to a system.

3. Using a third Person: an attacker pretends to have permissions from an authorized

source to use a system(ex: authorized personnel is on vacation or cannot be contacted for
verification)

4. Calling technical support: for a assistance is a classical Social engineering (ex: Help
desk and Technical support personnel are trained to help users ,which makes them good
prey for social engineering attacks.

5. Shoulder surfing : It is a technique of gathering information such as usernames and

passwords by watching over a person’s shoulder while he/she logs into the system,
thereby helping an attacker to gain access to the system.

6. Dumpster diving: It involves looking in the trash for the information written on
pieces of paper or computer printouts

Computer-Based Social Engineering

Refers to an attempt made to get the required/Desired information by using computer
software/ Internet.
Example: sending a fake E-mail to the user and asking him/her to re-enter a password
in a webpage to confirm it.
1. Fake E-mails:

 The attacker sends fake E-mails to numerous users in such that the user finds it as
a legitimate mail this activity is also called phishing.

 It is an attempt to entice the internet users to reveal their sensitive personal

information such as user-names, passwords and credit card details by impersonating
as a trustworthy and legitimate the organization and /or an individual ,banks,
financial institutes and payment gateways are the common targets.

2.E-mail Attachments: Are used to send Malicious code to a victim’s system, which will
automatically get executed( ex: Key logger utility to capture passwords)

• Viruses, Trojans and worms can be included cleverly into the attachments to entice a
victim to open the attachment.

3. Pop-up windows: are also used , in a similar manner to Email attachments

Ex: pop up windows with special offers or free stuff can encourage a user to
unintentionally install malicious software .
Social Engineering indeed is a serious concern as revealed by the following past statistics
on numbers:
1. As per Microsoft corporation recent(October 2007) research, there is an increase in the
number of security attacks designed to steal personal information .

According to FBI survey ,on average 41% of security related losses are the direct result
of employees stealing information from there companies.

2. The federal trade commission report of 2005 shows that more than one million
consumer fraud and ID theft complaints have been filed with federal ,state and local law
enforcement agencies and private organizations.

3. According to a 2003 survey released on 2 april 2006 by united states of department of

justice estimated 3.6 million or 3.1 % of American households became victims of ID theft
in 2004. can conclude that individuals are at high risk of having their PI stolen and used
by criminals for their own personal gain.

Cyberstalking
 Cyberstalking has defined as the use of information and communication technology,
particularly the internet by an individual or group of individuals to harass another
individual , group of individuals or organization.

 The behavior includes false accusations, monitoring , transmission of threats, ID theft

, damage to data or equipment, solicitation of minors for sexual purposes and
gathering information for harassment purpose.

 Cyberstalking refers to the use of internet and /or other electronic communication
devices to stalk another person.

 Ex: following a person, visiting a person’s home and /or at business place, making
phone calls, leaving written messages or vandalizing against the person’s property.

Types of stalkers

There are primarily two types of stalkers

1. Online Stalkers:
 They aim to start the interaction with the victim directly with the help of the internet.

 E-mail and chat rooms are the most popular communication medium to get
connected with the victim, rather than using traditional instrumentation like
telephone/cellphone.

 The Stalker make sure that victim recognizes the attack attempted on him/her.

 The stalker can make use of a third party to harass the victim.

2. Offline Stalkers:

 The stalkers may begin the attack using traditional methods such as following the
victim, watching daily routine of the victim etc.

 Searching on message boards/newsgroup, personal websites , and people finding

services or

Websites are most common ways to gather information about the victim using internet.

 The victim is unaware that internet been used to perpetuate an against them.

Cases reported on cyberstalking

 The majority of cyber stalkers are men and majority of their victims are women.

 Some cases also have been reported where women act as stalkers and men as the
victims as well as cases of same sex cyberstalking.

 In many cases, the cyberstalker and victim hold a prior relationship and the
cyberstalking begins when the victims attempts to break off the relationship.

 Ex: ex-lover, ex-spouse, boss/subordinate , and neighbor.

 There also have been many instances of cyberstalking by strangers.

How Cyberstalking Works

It is seen that stalking works in the following ways:

1. Personal information gathering about the victim:

 Name ,family background, contact details such as cellphone and telephone numbers,
address of the residence as well as of the office, e-mail address, date of birth etc.

2. Establish a contact with the victim through telephone/cellphone:

 Once the contact is established , the stalker may make calls to the victim to threaten
/harass.

3. Stalkers will almost always establish a contact with the victim through E-mail:

 The letters may have the tone of loving , threatening or can be sexually explicit.

 The stalker may use multiple names while contacting the victim.

4. Some stalkers keep on sending repeated E-mails asking for various kind of favors or
threaten the victim

5. The stalkers will use bad and/or offensive/attractive language to invite the interested
persons:

 The stalkers may post the victims personal information on any website related to illicit
services such as Sex workers services or dating services, posting as if the victim has
the posted the information and invite the people to call the victim on the given contact
details to have sexual services

6. Whosoever comes across the information ,start calling the victim on the given contact
details, asking for sexual services or relationships.

7. victim will start receiving some kind of unsolicited E-mails:

 Some stalkers subscribe/ register the e-mail account of the victim to innumerable
pornographic and sex sites.

Real life Incident of Cyberstalking

The Indian police have registered first case of cyberstalking in Delhi- the brief account
of the case has been mentioned here.

 Mrs. joshi received almost 40 calls in 3 days mostly at odd hours fro a far away as
Kuwait, Cochin, Bombay, and Ahmadabad.
 The said calls created havoc in the personal life destroying mental peace of Mrs.
Joshi who decided to register a complaint with Delhi police.

 A person was using her ID to chat over the internet at the website www.mirc.com,
mostly in the Delhi channel for four consecutive days.

 This person was chatting on the internet, using her name and giving her address,
talking in obscene language.

 The same person was also deliberately giving her telephone numbers to other chatters

Encouraging them to call Mrs. Joshi at odd hours

 This was the first time when a case of cyber stalking was registered.

 Cyberstalking does not have a standard definition but it can be defined to mean
threatening, unwanted behavior, or advances directed by one person toward another
person using internet and other forms of online communication channel as medium.

Cybercafe and Cybercrimes

 In February 2009,Nielsen survey on the profile of cybercafes users in India, it was found
that 90% of the audience across eight cities and 3500 cafes ,were male and in the age group
of 15-35 years(52% were graduates and postgraduates and 50% were students).

 Hence extremely important to understand the IT security and governance practiced in the
cybercafes.

 Many cases are reported in India on cybercafes which are known to be real or false terrorist
communication

 Cybercrimes such as stealing of bank passwords and subsequent fraudulent withdrawal of

money have also happened through cybercafes.

 Cybercafes have also been used regularly for sending obscene mails to harass people

 Public computers ,usually referred to the systems, available in cybercafes hold two types
of risk
• First: we do not know what programs are installed on the computer i.e., risk of malicious
program such as keyloggers or spyware which may be running at the background that can
capture the keystrokes to know the password and other confidential information and/or
monitor the browsing behavior.

• Second: Over the shoulder peeping(i.e., shoulder surfing) can enable others to find out your
passwords.

 One has to be extremely careful about protecting his/her privacy on such systems as one
does not know who will use the computer after him/her.

 Indian information technology act (ITA) 2000 does not define cybercafes and interprets
cybercafes as “network service provider” referred under the section 79,which imposed on
them a responsibility for “due diligence” failing which they would be liable for the offenses
committed in their network.

 Cybercriminals prefer cybercafes to carryout their activity using one particular PC so that
they can visit these cafes at a particular time and on the prescribed frequency ,may be
alternate days or twice a week.

 A recent survey conducted in one of the metropolitan cities in India reveals the
following fact:

1. Pirated Software such as OS, browser, office automation software(ex; Microsoft Office) are
installed in all the computers.

2. Antivirus software is found to be not updated to the latest patch/or antivirus signature.

3. Several cybercafes had installed the software called “Deep freeze” for protecting the
computers from prospective malware attacks.

4. Annual maintenance contract (AMC) found to be not in a place for servicing the computer;

hence hard disk for all the computers are not formatted unless the computer is down.

5. Pornographic websites and other similar websites with indecent contents are not blocked .

6. Cybercafe owners have very less awareness about IT security and IT governance.
7. Goverment/IPS/State police do not seem to provide IT governance guidelines to cybercafe
owners.

8. Cybercafe association or state police do not seem to conduct periodic visits to cybercafes so
one of the cybercafe owner was interviewed and stated that police does not visit any cybercafes
until criminal activity is registered and filled an FIR(first information report) hence owners
conclude that police either have a very little knowledge about the technical aspects involved
in the cybercrimes and /or about conceptual understanding of IT security.

Here are few tips for safety and security while using the computer in a cybercafe:

1. Always logout: While checking E-mails or logging into chatting services such as instant
messaging or using any other service that requires a username and a password, always click
“Logout” or “Signout” before living the system.

2. Stay with the computer: While surfing/browsing ,one should not leave the system
unattended for any period of time(if one has to go out ,logout and close all browsing window).

3. Clear history and temporary files:

 Internet explorer saves the pages that you have visited in the history folder and in
temporary Internet files.

 Your password may also be stored in the browser if that option is enabled on the system
that you have used.

 Do the following steps before you begin browsing in the browser inter explore:

• Go to tools--- Internet options----click the content tab ---- click auto complete.

If the checkboxes for password are selected, deselect them. click OK twice

After you have finished browsing, you should clear the history and temporary internet files
folders

• Go to tools----internet options again-----click the general tab------ go to Temporary internet

files----click delete files and then click delete cookies.
• Then under history, click clear history. wait for the process to finish before leaving the
computer

4. Be alert: one should have to stay alert and aware of surroundings while using a public
computer.

5. Avoid online financial transactions:

Ideally one should avoid online banking ,shopping or other transactions that require one to
provide personal, confidential and sensitive information such as credit card or bank account
details.

6.Change password: the

screen shot displayed in the
below figure by ICICI bank
about changing the bank
account/transaction passwords
is the best practice to be
followed

.7Virtual Keyboard:
• Nowadays almost
every bank has
provided the virtual
keyboard on their
website.
• The advantages of
utilizing virtual
keyboard and its
function are displayed
 in the screenshot shown
in this figure

8. Security warnings:
• one should take utmost
care while accessing the
websites of any
banks/financial
institution
• The screenshot below
displays the security
warnings clearly
(marked in a bold
rectangle) and should
be followed while
accessing these
financial accounts from
cybercafe.

BOTNETS: THE Fuel for Cybercrime

• Botnet is a term used for collection of software robots or Bots, that run autonomously and
automatically.

• The term is often associated with malicious software but can also refer to the network of
computers using distributed computing software.

• In simple terms, a Bot is simply an automated computer program.

• Botnets are used to conduct a range of activities, from distributing Spam and viruses to
conducting denial-of –service (DOS) attacks.
• One can gain the control of your computer by infecting them with a virus or other Malicious
Code that give the access.

• Your computer system may be a part of a Botnet even though it appears to be operating
normally.

• A Botnet (also called as zombie network) is a network of computers infected with a

malicious program that allows cybercriminals to control the infected machines remotely
without the user’s knowledge.

• “Zombie networks” have become a source of income for entire groups of cybercriminals.

• The invariably low cost of maintaining a Botnet and ever diminishing degree of knowledge
required to manage one are conductive to the growth in popularity and consequently the
number of Botnets.

• If someone wants to start a “business” and has no programming skills, there are plenty of
“Bot for sale” offers on forums.

• Obfuscation (the action of making someone obscure or unintelligible) and encryption of

these programs code can also be ordered in same way to protect them from detection by
antivirus tools.

• Another option is to steal an existing Botnet.

• Figure explains how Botnets create business.

One can ensure the following steps to secure the system from becoming a part of Bot:

1. Use antivirus and anti-Spyware software and keep it up-to-date: The settings of these
software's should be done during the installations so that these softwares get updated
automatically on a dialy basis.
2. Set the OS to download and install security patches automatically: OS companies issue
the security patches for flaws that are found in these systems.

3. Use a Firewall to protect the system from hacking attacks while it is connected on the
Internet: Firewall is a software or hardware device configured to permit, deny, encrypt,
decrypt or proxy all computer traffic based on set of rules and other criteria.

4. Disconnect from the Internet when you are away from your computer:

5. Downloading the freeware only from websites that are known and

trustworthy:

6. Check regularly the folders in the mail box-sent items or outgoing- for those messages
you did not send

7. Take an immediate action if your system is infected:

If found infected from virus, disconnect it from internet immediately, scan the entire system
with fully updated antivirus and anti-spyware software. Report the unauthorized accesses to
ISP and to legal authorities. There is a possibility that your passwords may have been
compromised in such cases, so change all the passwords immediately

Attack Vector:
• An “attack vector” is a path or means by which an attacker can gain access to a computer
or to a network server to deliver a payload or malicious outcome.

• Attack Vectors enable attackers to exploit system vulnerabilities, includes human element.

• Attack Vectors include viruses, E-Mail attachments, webpages, pop-up windows, instant
messages, chat rooms and deception. All these methods involve programming except
deception.

• To some extent, firewalls and antivirus software can block attack vectors but not totally
attack proof.

• The most common payloads are viruses, Trojan Horses, worms and Spyware.
 • The Attack Vectors are launched by described here:

1. Attack by E-Mail:
2. Attachments or Other Files: Malicious attachments install malicious computer code.

3. Attack by deception: Deception is aimed at user/operator as a vulnerable entry point.

Not only viruses, worms to monitor but also social engineering and hoaxes are other
forms of deception.

4. Hackers: Hackers use variety of hacking tools, heuristics & social engineering to gain
access to computers and online accounts.

5. Headless guests(attack by webpage): counterfeit and pop-up webpages may install

Spyware, trojan, etc

6. Attack by worms: Worms are delivered as e-mail attachments. It propogated rapidly

as “zombie computers”

7. Malicious macros: Microsoft word and Microsoft Excel allow macros. A macro does
something like automating a spreadsheet. Macros can also be used for malicious
purposes.

8. Foistware (sneakware): It is the software that adds hidden components to the system
on the sly. Ex: Spyware. Sneak software often hijacks your browser and diverts you to
some “revenue opportunity” that the foistware has setup.

9. Viruses: these are malicious computer codes that hitch a ride and make the payload,
include e-mail attachments, downloaded files, worms, etc.

BOTNETS: THE Fuel for Cybercrime

• Botnet is a term used for collection of software robots or Bots, that run
autonomously and automatically.

• The term is often associated with malicious software but can also refer to the
network of computers using distributed computing software.

• In simple terms, a Bot is simply an automated computer program.

 • Botnets are used to conduct a range of activities, from distributing Spam and
viruses to conducting denial-of –service (DOS) attacks.

• One can gain the control of your computer by infecting them with a virus or other
Malicious Code that give the access.

• Your computer system may be a part of a Botnet even though it appears to be

operating normally.

• A Botnet (also called as zombie network) is a network of computers infected with a

malicious program that allows cybercriminals to control the infected machines
remotely without the user’s knowledge.

• “Zombie networks” have become a source of income for entire groups of

cybercriminals.

• The invariably low cost of maintaining a Botnet and ever diminishing degree of
knowledge required to manage one are conductive to the growth in popularity and
consequently the number of Botnets.

• If someone wants to start a “business” and has no programming skills, there are
plenty of “Bot for sale” offers on forums.

• Obfuscation (the action of making someone obscure or unintelligible) and

encryption of these programs code can also be ordered in same way to protect them
from detection by antivirus tools.

• Another option is to steal an existing Botnet.

Figure explains how Botnets create business.

One can ensure the following steps to secure the system from becoming a part of Bot:

1. Use antivirus and anti-Spyware software and keep it up-to-date: The settings of these
software's should be done during the installations so that these softwares get updated
automatically on a daily basis.

2. Set the OS to download and install security patches automatically: OS companies

issue the security patches for flaws that are found in these systems.

3. Use a Firewall to protect the system from hacking attacks while it is connected on
 the Internet: Firewall is a software or hardware device configured to permit, deny,
encrypt, decrypt or proxy all computer traffic based on set of rules and other criteria.

4. Disconnect from the Internet when you are away from your computer:

5. Downloading the freeware only from websites that are known and

trustworthy:

6. Check regularly the folders in the mail box-sent items or outgoing- for those messages
you did not send

7. Take an immediate action if your system is infected:

If found infected from virus, disconnect it from internet immediately, scan the entire system with
fully updated antivirus and anti-spyware software. Report the unauthorized accesses to ISP and
to legal authorities. There is a possibility that your passwords may have been compromised in
such cases, so change all the passwords immediately.

Attack Vector

• An “attack vetor” is a path or means by which an attacker can gain access to a computer
or to a network server to deliver a payload or malicious outcome.

• Attack Vectors enable attackers to exploit system vulnerabilities, includes human

element.

• Attack Vectors include viruses, E-Mail attachments, webpages, pop-up windows, instant
messages, chat rooms and deception. All these methods involve programming except
deception.

• To some extent, firewalls and antivirus software can block attack vectors but not totally
attack proof.

• The most common payloads are viruses, Trojan Horses, worms and Spyware.

• The Attack Vectors are launched by described here:

1. Attack by E-Mail:

2. Attachments or Other Files: Malicious attachments install malicious computer

code.

3. Attack by deception: Deception is aimed at user/operator as a vulnerable entry point.

 Not only viruses, worms to monitor but also social engineering and hoaxes are other
forms of deception.

4. Hackers: Hackers use variety of hacking tools, heuristics & social engineering to
gain access to computers and online accounts.

5. Headless guests(attack by webpage): counterfeit and pop-up webpages may install

Spyware, trojan, etc.

6. Attack by worms: Worms are delivered as e-mail attachments. It propogated rapidly

as “zombie computers” .

7. Malicious macros: Microsoft word and Microsoft Excel allow macros. A macro does
something like automating a spreadsheet. Macros can also be used for malicious
purposes.

• 8. Foistware (sneakware): It is the software that adds hidden components to the system
on the sly. Ex: Spyware. Sneak software often hijacks your browser and diverts you to
some “revenue opportunity” that the foistware has setup.

• 9. Viruses: these are malicious computer codes that hitch a ride and make the payload,
include e-mail attachments, downloaded files, worms, etc.