OWASP - User contributions [en]

Spyware

2008-07-03T16:58:18Z

Y2h4ck: /* Description */

Spyware

2008-07-03T16:57:27Z

Y2h4ck: /* References */

{{Template:Attack}}

==Description==

The spyware is a program that captures statistic information from user´s computer and sends it over internet without user acceptance. This information is usually obtained from cookies and web browser’s history. The spyware can also install other software, display advertisement, or redirect the web browser activity.
A spyware differs from virus, worm and adware from various ways. The spyware does not self-replicate and distribute like virus and worm, and not necessarily displays advertisements like adware. The common characteristics between spyware and virus, worm, and adware are:

1. exploitation of infected computer for commercial purposes

2. the display, in some cases, of advertisements

The spyware is usually masqueraded or presented as an utility software like P2P client, optimization tool, web accelerator, download accelerator, and even as security software like antispyware. In this case the user infects the computer by installing this kind of software without being aware of the danger. The spyware can also be bundled in media and shareware, being additionally installed with the software or autorun. The infection can occurs through fake Windows warning, when the fake message appears warning the user about some security issue or offering performance optimizing.
The computer infected presents symptoms like poor performance due to high memory and processor usage, unwanted behavior, system crash, high internet bandwidth usage, large number of popup, and many other symptoms.
The biggest problem is that the infected computer becomes extremely vulnerable to many other spywares, which install themselves into the computer.

== Risk Factor ==

High

Some Spywares are very dificult to remove because they can hide they-selfs into Browser Cookies and Offline HTML Content in Temporary files.

==Example ==

<center>

https://www.owasp.org/images/6/68/Figura2.jpg

Figure 1. A lot of toolbars added by spyware, and some working as spyware
</center>

==References==

*http://cwe.mitre.org/data/definitions/506.html - Malicious
*http://en.wikipedia.org/wiki/Spyware - Spyware

==Related Threats==

*[[:Category:Client-side Attacks]]

==Related Attacks==

* [[Trojan Horse]]
* [[Phishing]]
* [[:Category:Malicious Code Attack]]

==Related Vulnerabilities==

TBD

==Related Countermeasures==

TBD

[[Category:Resource Manipulation]]

[[Category:Attack]]

Spyware

2008-07-03T16:55:23Z

Y2h4ck:

{{Template:Attack}}

==Description==

The spyware is a program that captures statistic information from user´s computer and sends it over internet without user acceptance. This information is usually obtained from cookies and web browser’s history. The spyware can also install other software, display advertisement, or redirect the web browser activity.
A spyware differs from virus, worm and adware from various ways. The spyware does not self-replicate and distribute like virus and worm, and not necessarily displays advertisements like adware. The common characteristics between spyware and virus, worm, and adware are:

1. exploitation of infected computer for commercial purposes

2. the display, in some cases, of advertisements

The spyware is usually masqueraded or presented as an utility software like P2P client, optimization tool, web accelerator, download accelerator, and even as security software like antispyware. In this case the user infects the computer by installing this kind of software without being aware of the danger. The spyware can also be bundled in media and shareware, being additionally installed with the software or autorun. The infection can occurs through fake Windows warning, when the fake message appears warning the user about some security issue or offering performance optimizing.
The computer infected presents symptoms like poor performance due to high memory and processor usage, unwanted behavior, system crash, high internet bandwidth usage, large number of popup, and many other symptoms.
The biggest problem is that the infected computer becomes extremely vulnerable to many other spywares, which install themselves into the computer.

== Risk Factor ==

High

Some Spywares are very dificult to remove because they can hide they-selfs into Browser Cookies and Offline HTML Content in Temporary files.

==Example ==

<center>

https://www.owasp.org/images/6/68/Figura2.jpg

Figure 1. A lot of toolbars added by spyware, and some working as spyware
</center>

==External References==

*http://cwe.mitre.org/data/definitions/506.html - Malicious

==Related Threats==

*[[:Category:Client-side Attacks]]

==Related Attacks==

* [[Trojan Horse]]
* [[Phishing]]
* [[:Category:Malicious Code Attack]]

==Related Vulnerabilities==

TBD

==Related Countermeasures==

TBD

[[Category:Resource Manipulation]]

[[Category:Attack]]

Spyware

2008-07-03T16:55:08Z

Y2h4ck: /* Severity */

{{Template:Attack}}

==Description==

The spyware is a program that captures statistic information from user´s computer and sends it over internet without user acceptance. This information is usually obtained from cookies and web browser’s history. The spyware can also install other software, display advertisement, or redirect the web browser activity.
A spyware differs from virus, worm and adware from various ways. The spyware does not self-replicate and distribute like virus and worm, and not necessarily displays advertisements like adware. The common characteristics between spyware and virus, worm, and adware are:

1. exploitation of infected computer for commercial purposes

2. the display, in some cases, of advertisements

The spyware is usually masqueraded or presented as an utility software like P2P client, optimization tool, web accelerator, download accelerator, and even as security software like antispyware. In this case the user infects the computer by installing this kind of software without being aware of the danger. The spyware can also be bundled in media and shareware, being additionally installed with the software or autorun. The infection can occurs through fake Windows warning, when the fake message appears warning the user about some security issue or offering performance optimizing.
The computer infected presents symptoms like poor performance due to high memory and processor usage, unwanted behavior, system crash, high internet bandwidth usage, large number of popup, and many other symptoms.
The biggest problem is that the infected computer becomes extremely vulnerable to many other spywares, which install themselves into the computer.

== Risk Factor ==

High

Some Spywares are very dificult to remove because they can hide they-selfs into Browser Cookies and Offline HTML Content in Temporary files.

== Likelihood of exploitation ==

Very High

==Example ==

<center>

https://www.owasp.org/images/6/68/Figura2.jpg

Figure 1. A lot of toolbars added by spyware, and some working as spyware
</center>

==External References==

*http://cwe.mitre.org/data/definitions/506.html - Malicious

==Related Threats==

*[[:Category:Client-side Attacks]]

==Related Attacks==

* [[Trojan Horse]]
* [[Phishing]]
* [[:Category:Malicious Code Attack]]

==Related Vulnerabilities==

TBD

==Related Countermeasures==

TBD

[[Category:Resource Manipulation]]

[[Category:Attack]]

Trojan Horse

2008-07-03T16:48:22Z

Y2h4ck: /* References */

{{Template:Attack}}

==Description==

A Trojan Horse is a program that uses malicious code masqueraded as a trusted applications. The malicious code can be injected on benign applications, masqueraded in e-mails links or sometimes hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers.

Other details can be found on [[Man-in-the-browser attack]].

'''The 7 main types of Trojan Horse'''

1.Remote Access Trojan (RAT)

Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility.

2.Data Sending Trojan

Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, IM messages, and send back to attacker.

3.Destructive Trojan

Trojan horse designed to destroy data stored on victim’s computer.

4.Proxy Trojan

Trojan horse that uses the victim´s computer as a proxy server, providing attacker opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.

5.FTP Trojan

This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim´s computer using File Transfer Protocol.

6.Security software disabler Trojan

The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim´s computer, and even to infect more the computer.

7.Denial-of-Service attack Trojan

Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim´s computer.

'''Symptoms'''

A list of common symptoms is described in this section.

•Wallpaper and other background settings auto changing

•Mouse pointer disappear

•Programs auto loading and unloading

•Strange windows warnings, messages and question box, and options being displayed constantly

•e-mail client auto sending messages to all user´s contacts list

•Windows auto closing

•System auto rebooting

•Internet accounts information changing

•High internet bandwidth being used without user action

•Computer´s high resources consumption (computer slows down)

•Ctrl + Alt + Del stops working

== Risk Factor ==

High

A Trojan horse can break througt all the security polices in a network, because a attacker can
get access to a WorkStation that can have network credentials stored in. With this credentials a
attacker can compromise all the network.

==Examples==

A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar .

An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567

== References==

*[[http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html | Ajax Sniffer]]

*[[http://hacker-eliminator.com/trojansymptoms.html | Trojan Infection Symptoms]]

*[[http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp | The Difference Between a Virus, Worm and Trojan Horse]]

==Related Threats==

*[[:Category:Client-side Attacks]]

==Related Attacks==

* [[Spyware]]
* [[Phishing]]

==Related Vulnerabilities==

TBD

==Related Countermeasures==

TBD

[[Category:Malicious Code Attack]]

[[Category:Attack]]

Trojan Horse

2008-07-03T16:47:17Z

Y2h4ck:

{{Template:Attack}}

==Description==

A Trojan Horse is a program that uses malicious code masqueraded as a trusted applications. The malicious code can be injected on benign applications, masqueraded in e-mails links or sometimes hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers.

Other details can be found on [[Man-in-the-browser attack]].

'''The 7 main types of Trojan Horse'''

1.Remote Access Trojan (RAT)

Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility.

2.Data Sending Trojan

Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, IM messages, and send back to attacker.

3.Destructive Trojan

Trojan horse designed to destroy data stored on victim’s computer.

4.Proxy Trojan

Trojan horse that uses the victim´s computer as a proxy server, providing attacker opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.

5.FTP Trojan

This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim´s computer using File Transfer Protocol.

6.Security software disabler Trojan

The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim´s computer, and even to infect more the computer.

7.Denial-of-Service attack Trojan

Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim´s computer.

'''Symptoms'''

A list of common symptoms is described in this section.

•Wallpaper and other background settings auto changing

•Mouse pointer disappear

•Programs auto loading and unloading

•Strange windows warnings, messages and question box, and options being displayed constantly

•e-mail client auto sending messages to all user´s contacts list

•Windows auto closing

•System auto rebooting

•Internet accounts information changing

•High internet bandwidth being used without user action

•Computer´s high resources consumption (computer slows down)

•Ctrl + Alt + Del stops working

== Risk Factor ==

High

A Trojan horse can break througt all the security polices in a network, because a attacker can
get access to a WorkStation that can have network credentials stored in. With this credentials a
attacker can compromise all the network.

==Examples==

A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar .

An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567

== External References==

*[[http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html | Ajax Sniffer]]

*[[http://hacker-eliminator.com/trojansymptoms.html | Trojan Infection Symptoms]]

*[[http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp | The Difference Between a Virus, Worm and Trojan Horse]]

==Related Threats==

*[[:Category:Client-side Attacks]]

==Related Attacks==

* [[Spyware]]
* [[Phishing]]

==Related Vulnerabilities==

TBD

==Related Countermeasures==

TBD

[[Category:Malicious Code Attack]]

[[Category:Attack]]

Trojan Horse

2008-07-03T16:45:59Z

Y2h4ck: /* Description */

{{Template:Attack}}

==Description==

A Trojan Horse is a program that uses malicious code masqueraded as a trusted applications. The malicious code can be injected on benign applications, masqueraded in e-mails links or sometimes hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers.

Other details can be found on [[Man-in-the-browser attack]].

'''The 7 main types of Trojan Horse'''

1.Remote Access Trojan (RAT)

Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility.

2.Data Sending Trojan

Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, IM messages, and send back to attacker.

3.Destructive Trojan

Trojan horse designed to destroy data stored on victim’s computer.

4.Proxy Trojan

Trojan horse that uses the victim´s computer as a proxy server, providing attacker opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.

5.FTP Trojan

This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim´s computer using File Transfer Protocol.

6.Security software disabler Trojan

The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim´s computer, and even to infect more the computer.

7.Denial-of-Service attack Trojan

Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim´s computer.

'''Symptoms'''

A list of common symptoms is described in this section.

•Wallpaper and other background settings auto changing

•Mouse pointer disappear

•Programs auto loading and unloading

•Strange windows warnings, messages and question box, and options being displayed constantly

•e-mail client auto sending messages to all user´s contacts list

•Windows auto closing

•System auto rebooting

•Internet accounts information changing

•High internet bandwidth being used without user action

•Computer´s high resources consumption (computer slows down)

•Ctrl + Alt + Del stops working

== Risk Factor ==

High

A Trojan horse can break througt all the security polices in a network, because a attacker can
get access to a WorkStation that can have network credentials stored in. With this credentials a
attacker can compromise all the network.

== Likelihood of exploitation ==

Medium to High

==Examples==

A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar .

An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567

== External References==

*[[http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html | Ajax Sniffer]]

*[[http://hacker-eliminator.com/trojansymptoms.html | Trojan Infection Symptoms]]

*[[http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp | The Difference Between a Virus, Worm and Trojan Horse]]

==Related Threats==

*[[:Category:Client-side Attacks]]

==Related Attacks==

* [[Spyware]]
* [[Phishing]]

==Related Vulnerabilities==

TBD

==Related Countermeasures==

TBD

[[Category:Malicious Code Attack]]

[[Category:Attack]]

Trojan Horse

2008-05-22T20:47:50Z

Y2h4ck: /* Severity */

{{Template:Attack}}

==Description==

A Trojan Horse is a program that uses malicious code masqueraded as a trusted applications. The malicious code can be injected on benign applications, masqueraded in e-mails links or sometimes hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers.

A Trojan horse is a program that uses malicious code masqueraded as a benign application. The term derives from the myth of the Greek Trojan Horse on the Trojan War. The malicious code can be injected on legitimate software to be installed by victim, or the supposed benign program itself can be the Trojan horse. The victim is usually tricked to open the Trojan horse because it appears to be received from a legitimate source.
This kind of malware looks and acts like a virus, but the difference resides on the fact that Trojan horse does not self-replicate. The infected computer experience many different symptoms similar to virus, as background configuration auto changing, mouse buttons function reversing, system crashes, the famous blue screen, computer reboots itself, Ctrl + Alt + Del stops working, and many other symptoms described later in this document.
The ultimate Trojan horse uses javascript to make furtive attack, free of antimalware intervention and users interception, normally used on attacks against internet banking transactions on-the-fly, resulting victim´s financial loss.

Other details can be found on [[Man-in-the-browser attack]].

'''The 7 main types of Trojan Horse'''

1.Remote Access Trojan (RAT)

Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility.

2.Data Sending Trojan

Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, IM messages, and send back to attacker.

3.Destructive Trojan

Trojan horse designed to destroy data stored on victim’s computer.

4.Proxy Trojan

Trojan horse that uses the victim´s computer as a proxy server, providing attacker opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.

5.FTP Trojan

This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim´s computer using File Transfer Protocol.

6.Security software disabler Trojan

The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim´s computer, and even to infect more the computer.

7.Denial-of-Service attack Trojan

Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim´s computer.

'''Symptoms'''

A list of common symptoms is described in this section.

•Wallpaper and other background settings auto changing

•Mouse pointer disappear

•Programs auto loading and unloading

•Strange windows warnings, messages and question box, and options being displayed constantly

•e-mail client auto sending messages to all user´s contacts list

•Windows auto closing

•System auto rebooting

•Internet accounts information changing

•High internet bandwidth being used without user action

•Computer´s high resources consumption (computer slows down)

•Ctrl + Alt + Del stops working

== Risk Factor ==

High

A Trojan horse can break througt all the security polices in a network, because a attacker can
get access to a WorkStation that can have network credentials stored in. With this credentials a
attacker can compromise all the network.

== Likelihood of exploitation ==

Medium to High

==Examples==

A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar .

An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567

== External References==

*[[http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html | Ajax Sniffer]]

*[[http://hacker-eliminator.com/trojansymptoms.html | Trojan Infection Symptoms]]

*[[http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp | The Difference Between a Virus, Worm and Trojan Horse]]

==Related Threats==

*[[:Category:Client-side Attacks]]

==Related Attacks==

* [[Spyware]]
* [[Phishing]]

==Related Vulnerabilities==

TBD

==Related Countermeasures==

TBD

[[Category:Malicious Code Attack]]

[[Category:Attack]]

Trojan Horse

2008-05-22T20:40:27Z

Y2h4ck: /* Description */

{{Template:Attack}}

==Description==

A Trojan Horse is a program that uses malicious code masqueraded as a trusted applications. The malicious code can be injected on benign applications, masqueraded in e-mails links or sometimes hidden in JavaScript pages to make furtive attacks against vulnerable internet Browsers.

A Trojan horse is a program that uses malicious code masqueraded as a benign application. The term derives from the myth of the Greek Trojan Horse on the Trojan War. The malicious code can be injected on legitimate software to be installed by victim, or the supposed benign program itself can be the Trojan horse. The victim is usually tricked to open the Trojan horse because it appears to be received from a legitimate source.
This kind of malware looks and acts like a virus, but the difference resides on the fact that Trojan horse does not self-replicate. The infected computer experience many different symptoms similar to virus, as background configuration auto changing, mouse buttons function reversing, system crashes, the famous blue screen, computer reboots itself, Ctrl + Alt + Del stops working, and many other symptoms described later in this document.
The ultimate Trojan horse uses javascript to make furtive attack, free of antimalware intervention and users interception, normally used on attacks against internet banking transactions on-the-fly, resulting victim´s financial loss.

Other details can be found on [[Man-in-the-browser attack]].

'''The 7 main types of Trojan Horse'''

1.Remote Access Trojan (RAT)

Designed to provide the attacker full control of the infected machine. Trojan horse usually masqueraded as a utility.

2.Data Sending Trojan

Trojan horse that uses keylogger technology to capture sensitive data like passwords, credit card and banking information, IM messages, and send back to attacker.

3.Destructive Trojan

Trojan horse designed to destroy data stored on victim’s computer.

4.Proxy Trojan

Trojan horse that uses the victim´s computer as a proxy server, providing attacker opportunity to execute illicit acts from the infected computer, like banking fraud, and even malicious attacks over the internet.

5.FTP Trojan

This type of Trojan horse uses the port 21 to enable the attackers to connect to the victim´s computer using File Transfer Protocol.

6.Security software disabler Trojan

The Trojan horse is designed to disable security software like firewall and antivirus, enabling the attacker to use many invasion techniques to invade the victim´s computer, and even to infect more the computer.

7.Denial-of-Service attack Trojan

Trojan horse designed to give the attacker opportunity to realize Denial-of-Service attacks from victim´s computer.

'''Symptoms'''

A list of common symptoms is described in this section.

•Wallpaper and other background settings auto changing

•Mouse pointer disappear

•Programs auto loading and unloading

•Strange windows warnings, messages and question box, and options being displayed constantly

•e-mail client auto sending messages to all user´s contacts list

•Windows auto closing

•System auto rebooting

•Internet accounts information changing

•High internet bandwidth being used without user action

•Computer´s high resources consumption (computer slows down)

•Ctrl + Alt + Del stops working

== Severity ==

High

== Likelihood of exploitation ==

Medium to High

==Examples==

A Javascript Trojan Horse example can be found on: http://www.attacklabs.com/download/sniffer.rar .

An iframe pointing to a javascript which downloads malware: http://isc.sans.org/diary.html?storyid=2923&dshield=4c501ba0d99f5168ce114d3a3feab567

== External References==

*[[http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html | Ajax Sniffer]]

*[[http://hacker-eliminator.com/trojansymptoms.html | Trojan Infection Symptoms]]

*[[http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp | The Difference Between a Virus, Worm and Trojan Horse]]

==Related Threats==

*[[:Category:Client-side Attacks]]

==Related Attacks==

* [[Spyware]]
* [[Phishing]]

==Related Vulnerabilities==

TBD

==Related Countermeasures==

TBD

[[Category:Malicious Code Attack]]

[[Category:Attack]]