New Cell Phone and Computer Attacks
Hello Friends, today i will explain the newest methods of attacks on computers and cell phones. These new attacks focus on bluetooth, SMS and even ipods! They are not only the usual trojans, malware, and phishing attacks. To learn more, read the definitions below;
Smishing or "SMS phishing":
In computing, Smishing is a form of criminal activity using social engineering techniques similar to phishing.Similarly smishing targets cellular phones.Victim receive an SMS message with a hyperlink wherein a malware automatically finds its way to the cellular phone, or leads the victim to a phishing site formatted for cellular phones.
Example of a smishing message: "Notice - this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####."
In many cases, the smishing message will show that it came from "5***" instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.
This information is then used to create duplicate credit/debit/ATM cards that was used halfway around the world, within 30 minutes.
Botnet:
A botnet is a collection of software agents, or robots, that run autonomously and automatically. A Botnet uses any number of internet connected computers that inconspicuously forward e-mails (which include spam, malware, or viruses) to other computers on the internet. These infected computers, also known as "zombies" deliver DoS attacks (Denial of Service) and often rely on thousands of zombie PCs.
Pod Slurping:
It is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large amounts of confidential data by directly plugging it into a computer where the data is held. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies. Access is gained while the computer is unattended.
BlueBugging:
It allows a skilled person to illegally access a cellular phone via Bluetooth wireless technology. More often than not, going unnoticed to the phone's owner. A vulnerability such as this allows phone calls, and SMS messages to be read and sent, phonebook contacts to be erased, phone conversations to be tapped, and other malicious activities. Fortunately, widespread impact is minimized because of the range of bluethooth technology. Access is only attainable within a 10 meter range of the phone.
Ransomware:
It makes a computer unusable, then demands payment in order for the user to regain full access. Ransomware is also commonly referred to as a "cryptovirus" or "cryptotrojan." First it will disable an essential system service or lock the display at system startup and encrypt some of the user's personal files. Then prompts the user to enter a code obtainable only after wiring payment to the attacker or urging the user to buy a decryption or removal tool. Ransomware was originally with a trojan called PC Cyborg.
Scareware:
It is a software that tricks computer users into downloading or purchasing it, under the guise of fixing their computer. Scareware programs often run a fictitious virus and malware scan, and then present the user with a list of malicious programs or problems that must be corrected. The scareware informs the computer user that in order to fix these "problems" it will require the user to pay a fee for a "full" or "registered" version of the software. Examples of scareware include: System Security, Anti-Virus 2010, and Registry Cleaner XP.
Sidejacking:
Sidejacking is a hacking technique used to gain access to your website specific accounts. Websites typically encrypt your password so it cannot be stolen, but then send you an unencrypted "session-id". The session-id is either some random data in the URL, or more often, random data in a HTTP cookie. A hacker who finds the session-id can then use it to gain access to the respective account. Thus enabling the hacker ability to read your email, look at what you've bought online, or control your social network account, and so on.
Smishing or "SMS phishing":
In computing, Smishing is a form of criminal activity using social engineering techniques similar to phishing.Similarly smishing targets cellular phones.Victim receive an SMS message with a hyperlink wherein a malware automatically finds its way to the cellular phone, or leads the victim to a phishing site formatted for cellular phones.
Example of a smishing message: "Notice - this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####."
In many cases, the smishing message will show that it came from "5***" instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.
This information is then used to create duplicate credit/debit/ATM cards that was used halfway around the world, within 30 minutes.
Botnet:
A botnet is a collection of software agents, or robots, that run autonomously and automatically. A Botnet uses any number of internet connected computers that inconspicuously forward e-mails (which include spam, malware, or viruses) to other computers on the internet. These infected computers, also known as "zombies" deliver DoS attacks (Denial of Service) and often rely on thousands of zombie PCs.
Pod Slurping:
It is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large amounts of confidential data by directly plugging it into a computer where the data is held. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies. Access is gained while the computer is unattended.
BlueBugging:
It allows a skilled person to illegally access a cellular phone via Bluetooth wireless technology. More often than not, going unnoticed to the phone's owner. A vulnerability such as this allows phone calls, and SMS messages to be read and sent, phonebook contacts to be erased, phone conversations to be tapped, and other malicious activities. Fortunately, widespread impact is minimized because of the range of bluethooth technology. Access is only attainable within a 10 meter range of the phone.
Ransomware:
It makes a computer unusable, then demands payment in order for the user to regain full access. Ransomware is also commonly referred to as a "cryptovirus" or "cryptotrojan." First it will disable an essential system service or lock the display at system startup and encrypt some of the user's personal files. Then prompts the user to enter a code obtainable only after wiring payment to the attacker or urging the user to buy a decryption or removal tool. Ransomware was originally with a trojan called PC Cyborg.
Scareware:
It is a software that tricks computer users into downloading or purchasing it, under the guise of fixing their computer. Scareware programs often run a fictitious virus and malware scan, and then present the user with a list of malicious programs or problems that must be corrected. The scareware informs the computer user that in order to fix these "problems" it will require the user to pay a fee for a "full" or "registered" version of the software. Examples of scareware include: System Security, Anti-Virus 2010, and Registry Cleaner XP.
Sidejacking:
Sidejacking is a hacking technique used to gain access to your website specific accounts. Websites typically encrypt your password so it cannot be stolen, but then send you an unencrypted "session-id". The session-id is either some random data in the URL, or more often, random data in a HTTP cookie. A hacker who finds the session-id can then use it to gain access to the respective account. Thus enabling the hacker ability to read your email, look at what you've bought online, or control your social network account, and so on.
Comments
Post a Comment