Code Target

List of Common Malware types:

•  Adware: 

 The least dangerous and most lucrative Malware. Adware displays ads on your computer.

•   Spyware: 

 Spyware is software that spies on you, tracking your internet activities in order to send advertising (Adware) back to your system

• Virus: 

A virus is a contagious program or code that attaches itself to another piece of software, and then reproduces itself when that software is run. Most often this is spread by sharing software or files between computers.

A virus on a computer is a specific type of malware that self-replicates, like the similarly-named infectious agents in humans and animals. Like a living virus, computer viruses attach themselves to hosts in order to move around and reproduce. The term virus indicates the means of replication, not the way the malware acts on a computer. Viruses used to travel on floppy disks and CD-ROMs; now they move around over the Internet, hiding inside files and applications, or spread via infected USB sticks. The term virus is often used as a blanket term, while the word malware is generally more appropriate. And, because historically viruses were the first type of malware that attacked personal computers, the security industry often uses the term "anti-virus" for software that detects and eradicates malware.

• Spam: Spamming is a method of flooding the Internet with copies of the same message. Most spams are commercial advertisements which are sent as an unwanted email to users. Spams are also known as Electronic junk emails or junk newsgroup postings. These spam emails are very annoying as it keeps coming every day and keeps your mailbox full.

•   Worm:

A program that replicates itself and destroys data and files on the computer. Worms work to “eat” the system operating files and data files until the drive is empty.

On a computer, a worm is similar to a virus, in that it replicates itself. But unlike viruses, worms don't need to be attached to other files. They often replicate over networks, rendering them particularly dangerous.

•     Trojan: 

A Trojan horse, or simply Trojan, is a type of malware that is disguised as a useful piece of software or data file. It may actually perform actions on a computer that are or seem legitimate, but will install malware or perform malicious actions. A Trojan horse may also be legitimate software that has been altered to install malware. The name comes from the wooden horse that the Greeks made to attack the city of Troy. Obviously, the people in that city didn't know that they shouldn't open unsolicited attachments. 

• Keyloggers:

Records everything you type on your PC in order to glean your log-in names, passwords, and other sensitive information, and send it on to the source of the keylogging program.

A keylogger is a type of malware that records all keystrokes that a user types on their computer. A keylogger can also be a hardware device, connected somewhere between a keyboard and a computer. Keyloggers can record all sorts of personal information, such as user names, passwords, credit card numbers, and personal documents such as emails and reports. Keyloggers can be useful to obtain information that can be later used to access a user's online accounts, or for espionage.

•    Ransomware: 

Ransomware is a type of malware that locks a computer or hijacks a user's files until a ransom is paid. It can be installed by a Trojan horse, or downloaded when visiting a malicious website. Ransomware is big business, with cyber-criminals making a lot of money from users who need to access their files. These people often have sophisticated fulfillment setups, with call centers and customer support to take payments. The best prevention against ransomware, other than using anti-malware software, is to regularly back up your files, so you always have a copy of them available.

•     Rootkit: 

A rootkit is software that gives a malicious user "root access," or total control over a computer. It can be installed via a Trojan horse, through a phishing attack, or in other ways. A rootkit is a virtual backdoor, and when installed on a computer, malicious users can control the computer and access all its files. Rootkits often mask their presence, or the presence of other malware.

•   Backdoor: 

A backdoor is a way to access a computer or device without authentication. It may provide access to encrypted files without requiring a user's password or passcode, or it may offer a means of accessing all the files on a computer. In some cases, manufacturers or developers create intentional backdoors so they can restore access to users who are locked out of a system, or to reset a device to factory settings.

•  Spyware: 

Spyware is malicious software that spies on a user, recording keystrokes (i.e. keylogger), such as user names and passwords, tracking user activity on the internet, or activating the microphone or camera on a computer to record physical activity.

• Adware

Adware is software that causes advertisements to be displayed on a computer's desktop or in a web browser, in order to generate income from these ads being shown. Some free software displays ads, and is technically not adware; the term is generally used for malicious software, which users cannot remove easily. 

• Botnet:

A botnet is a network of computers whose access has been compromised, and that are controlled remotely. These individual computers are often called bots or zombies. Botnets are generally used to send spam emails, or to launch denial of service attacks, where thousands of computers block a website or server by flooding that server with more requests than it can handle. 

Security, Functionality and Usability Triangle:

 There is an inter dependency between these three attributes. When security goes up, usability and functionality come down. Any organization should balance between these three qualities to arrive at a balanced information system.

Some important terms to consider in hacking are

Threat: Anything that has potential to cause harm. There are various threats available to system threats, Network threats, application threats, cloud threats, malicious files threats etc.

Vulnerability: A weakness or a flaw in the system which an attacker may find and exploit. An updated OS, Default Passwords, Unencrypted protocols are all good examples of vulnerabilities.

Attack: Method followed by a hacker/Individual to break into the system. Denial of service attack, Misconfiguration attacks, Operating system attacks, Virus, and Worms are all example of Attacks.

Attack vectors: Path or means by an attacker gains access to an information system to perform malicious activities.

Types of vulnerabilities : OWASP Top 10

https://www.owasp.org/index.php/Top_10-2017_Top_10

Cross-site scripting (XSS)

Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites.

Cross-site scripting attacks happen when an untrusted source is allowed to inject its own code into a web application, and that malicious code is included with dynamic content delivered to a victim's browser.

Cross-site scripting allows an attacker to execute malicious scripts in another user's browser. However, the attacker doesn't attack the victim directly; rather, the attacker exploits a vulnerability in a website the victim visits and gets the website to deliver the malicious script for the attacker.

XSS can be used in a number of ways to cause serious problems. 

cross site request forgery (CSRF/XSRF)

Cross-site request forgery (XSRF or CSRF) is a method of attacking a Web site in which an intruder masquerades as a legitimate and trusted user. An XSRF attack can be used to modify firewall settings, post unauthorized data on a forum or conduct fraudulent financial transactions.

An XSRF attack can be executed by stealing the identity of an existing user and then hacking into a Web server using that identity. 

Difference between XSS and CSRF

Key Difference: XSS and CSRF are two types of computer security vulnerabilities. XSS stands for Cross-Site Scripting. CSRF stands for Cross-Site Request Forgery. In XSS, the hacker takes advantage of the trust that a user has for a certain website. On the other hand, in CSRF the hacker takes advantage of a website’s trust for a certain user’s browser.

 

	XSS	CSRF
Full Form	Cross-Site Scripting	Cross-Site Request Forgery
Definition	In XSS, a hacker injects a malicious client side script in a website. This script is added to cause some form of vulnerability to a victim.	It takes advantage of the targeted website’s trust in a user. A malicious attack is designed in such a way that a user sends malicious requests to the target website without having knowledge of the attack.
Dependency	Injection of arbitrary data by data that is not validated	On the functionality and features of the browser to retrieve and execute the attack bundle
Requirement of JavaScript	Yes	No
Condition	Acceptance of the malicious code by the sites	Malicious code is located on third party sites
Vulnerability	A site that is vulnerable to XSS attacks is also vulnerable to CSRF attacks	A site that is completely protected from XSS types of attacks is still most likely vulnerable to CSRF attacks.