4. The Need for Cybersecurity: Cyber Attacks 71 cess the victim’s computer. Other phishing attacks are used to steal credentials by getting the victim to login to a spoofed website (more on this below). Table 4.3 A social engineering attack example. Users can also be deceived into running malware that provides hackers with direct access to their machine. Malware is an abbreviation for “malicious software,” and it encompasses a wide variety of nefarious software used by hackers. Trojan horse malware is malware that appears to be and functions like a normal program, but it comes bundled with malware that creates a backdoor into the victim’s machine. A wrapper program is software that binds two different programs together and is useful for creating trojan horse malware. For example, a calculator application can be bundled with malware. When the victim uses the calculator in the foreground, the malware is silently activated in the background. Trojan horse malware is named after the famous Greek story of the Trojan attack on the city of Troy. 4.1.2.2 Exploiting Technical Vulnerabilities “On many C implementations it is possible to corrupt the execution stack by writing past the end of an array declared auto in a routine. Code that does this is said to smash the stack, and can cause return from the routine to jump to a random address. This can produce some of the most insidious data-dependent bugs known to mankind.” - from “Smashing the Stack for Fun and Profit” by Aleph One in Phrack Hackers may also gain unauthorized access to target systems by exploiting technical vulnerabilities. A hack is an action that is allowed by the system but that undermines the
RkJQdWJsaXNoZXIy MTM4ODY=