A bot is the payload to infect computers into a botnet, and can also mean a single botnet infected computer. A botnet is made up of all the computers infected by the bot payload to perform its intentions - mass spam, infection, illegal software disgtribution, DDoS (Distributed Denial of Service) extortion, ID Thefts, more. These can infect with the world's best defense products in place - simply disabling them etc. There have been several break throughs in defenses such as original Symantec AntiBot. Botnet infection has replaced ALL threats as the worst plague to the internet and computer users currently since approximately year 2005-6. Their entry is common like clicking something warned against like virus attachments. The best defense is up to date antivirus and antispyware - as a bot payload can be built in pieces at a time as the system defense may be spied on by Botmaster / Botherder Command And Control employed for picking attacks against known weak products installed in the computer user machine. A botnet infection can be built by several installations secretly by viruses, worms, trojans and downloader trojans, rootkits, spyware kits, virus kits, backdoor threats, safe mode with networking, etc - and various other instant full payload infections via reverse engineering of many security devices/wares/appliances etc.
SEE Forensics (reverse engineered malicious encapsulation example - full payload delivered instantly past top defense products).
How can I reset the Hosts file back to the default?
MICROSOFT FIX IT TOOL ***** HOSTS FILES….
How to reset Internet Protocol (TCP/IP)
SPYWARE CATAGORY THREATS / Glossary
Emsisoft Malware Library
a-squared Process List
CA Spyware Encyclopedia
F-Secure Malware Code Glossary
Glossary of Malware
Security Threat Glossary
The Difference Between Adware & Spyware
SPYWARE CATAGORY THREATS
(antispyware products used to detect/remove)
Malware (malware means all)
Browser Hi-Jackers BHO
Keyloggers - Introduction to Spyware Keyloggers
data miner (spyware)
The Web Bug FAQ
Web Bug Report
E-mail web bugs
Web Beacons - Opt Out at Yahoo
Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on ...
NOTE TROJANS ARE BLOCKED - DETECTED - REMOVED BY BOTH
Typical back door capabilities may allow a remote attacker to:
* Collect information (system and personal) from the computer and
any storage device attached to it
* Terminate tasks and processes
* Run tasks and processes
* Download additional files
* Upload files and other content
* Report on status
* Open remote command line shells
* Perform denial of service attacks on other computers
* Change computer settings
* Shut down or restart the computer
Backdoor.Trojan | Symantec
Trojan Downloader Featured Articles
Trojan-Downloader.Zlob.Media-Codec (fs) Information and Removal
List of Trojan Downloader Parasites:
Detection deficit – Time it takes to discover a breach from the time of compromise.
RAM-scraping malware – Memory-scraping malware that helps attackers find sensitive data that isn’t available through other processes.
CVE – Common Vulnerabilities and Exposures is a dictionary of publicly known information about security vulnerabilities and exposures.
CVSS – Common Vulnerability Scoring System is designed to provide an open and standardized method for rating IT vulnerabilities.
JBOH – Java-Script-Binding-Over-HTTP, which enables an attacker to execute code remotely on Android devices that have affected apps.
IDS or IPS – Intrusion Detection Systems or Intrusion Prevention Systems may come in the form of a software application or device used to monitor a specific system or network for signs of malicious activities.
VERIS – Vocabulary for Event Recording and Incident Sharing is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.
POS intrusions – Point-of-sale intrusions are attacks that occur on the device transacting a sale. The device may be various forms of digital cash registers used across many industries.
Payment Card Skimmers – Malicious card readers that cybercriminals place on payment terminals, ATM’s or anywhere a credit card swipe occurs to copy the data from the magnetic strip on the card.
Web App Attack – A web-based cyberattack that can take various forms but is commonly defined by its use of the https or http protocol. The attack typically targets the website’s security or performance and, in some cases, can take the entire site down.
Cyberespionage – The act of stealing confidential information digitally stored on computers or networks within a government or organisation.
PAYLOAD ACTIVITES / PLOYS
DNS cache poisoning
TCP reset attack
Tunneling to circumvent firewall policy
What is script kiddie?
Toxic blogs: Uploading links to malicious Web sites, or when blogs support HTML or scripts, uploading malicious code or using iFrames.
Invisible frames capable of executing malware.
Pretending to be a legitimate entity to lure people to malicious sites.
Social engineering (security) / Pretexting
"SEO Search Engine Poisening"
Search Engine Optimization (SEO)
Cyber criminals pump up search engines all ways they can to bump up their malicious sites to top results in search engines (SEO) for key phrases, news events, celebrity, etc etc etc.
Typosquatting is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser address bar or search engine for example. Should a user accidentally enter an incorrect website address, they may be led to that alternative website owned by a cybersquatter which may infect the computer or lead to ID Theft or capture passwords or any data typed at the site in forms etc.
EXAMPLE - instead of http : // MSN.Com -- the mistake = MSM.Com , which for the example is owned by cyber criminals. Logging into email, financial accounts, etc. would have been intercepted and abused by them.
Disposable email addresses
ADVANCED / FROM OUR FORENSICS PAGE
APPARENT ATTEMPT TO INFECT PLASMA SERVERS....
There is incidence of data files or .DAT translated into media image files to hide by crimeware files. Infected Media Players....
REFERENCE (Symantec above)
User Datagram Protocol
UDP uses a simple transmission model without implicit hand-shaking dialogues for guaranteeing reliability, ordering, or data integrity. Thus, UDP provides an unreliable service and datagrams may arrive out of order, appear duplicated, or go missing without notice. UDP assumes that error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level.
Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option
in a real-time system. If error correction facilities are needed at the network interface level, an application may use the Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) which are designed for this purpose.
NEW THREAT..... 'TABNAPPING"
BBB Consumer News and Opinion blog (Tab napping)
Tab napping is more sophisticated than phishing scams and it doesn’t rely on persuading you to click on a link to a scammers Web page. Instead it targets
internet users who open lots of tabs on their browser at the same time. How does it work? By replacing an inactive browser tab with a fake page set up
specifically to obtain your personal data - without you even realizing it has happened....
Mozilla warns of new phishing scam (Tab napping)
Internet Explorer 8 helps protect against “tabnabbing”
Most of us know that we should keep our passwords and other credentials a secret. However, it’s easy for cybercriminals to create a "spoof", a copy of a familiar website. You might think you’re entering your credentials into your web-based email accounts, social networking sites, or bank websites, but you’re really typing them into a phishing website that was created to steal this information. Cybercriminals have been using this ploy on websites and in pop-up windows for some time, but there are reports of a new phishing technique that takes \advantage of the increased use of browser tabs.
Read more | Open in browser
SCAM, HOAX, CYBER URBAN LEGENDS ....
snopes.com: Urban Legends Reference Pages
The definitive Internet reference source for urban legends, folklore, myths, rumors, and misinformation.
"Internet Scams, Identity Theft, and Urban Legends: Are You at Risk?"
Mission Statement: The goal of the Hoax-Slayer Website is to help make the Internet a safer, more pleasant and more productive environment by: Debunking email and Internet hoaxes, Thwarting Internet scammers, Combating spam, Educating web users about email and Internet security issues.
FBI Computer Scam
What does it mean?
ROOTKITS WORST THREAT TO COMPUTERS BEFORE BOTNETS
Rootkit FAQ's (chkrootkit -- locally checks for signs of a rootkit)
WORLD WIDE WEB CRIMEWARE / CYBER CRIME EVENTS
FTC.Gov- Phishing Scams and How to Spot Them
Rogue security software
E-mail address harvesting
E-mail harvesting is the process of obtaining lists of e-mail addresses for use in bulk mail or other purposes
usually grouped as spam. Methods range from purchasing lists of e-mail addresses from other spammers to
the more common use of special software, known as "harvesting software", "harvesting bots" or "harvesters",
which scan web pages, postings on Usenet, mailing list archives and other online sources to obtain e-mail addresses.
Malicious Active Content
Scams and Hoaxes
Avoiding Online Job Scams | Privacy Rights Clearinghouse
Avoid Work at Home Scams - Job Searching - About.com
BOTNETS / ZOMBIE COMPUETERS / ZOMBIE NETWORKS
BOT = payload of infection or single infected computer - BOTNET = network of infected computers controlled by botmaster,
botherder, Comand and Control. (NOTE a botnet infection can be built by several installations secretly by viruses, worms, trojans
and downloader trojans, rootkits, spyware kits, virus kits, etc and various other probable instant full payload infections via reverse
engineering of many security devices/wares/appliances etc.
SEE http://bluecollarpc.us/forensics.php (reverese engineered encapsulation example - full payload delivered instantly)
Botnet - Wikipedia, the free encyclopedia
MSNBC: The lowdown on 'Bots'
How big is the botnet problem?
Feature By Julie Bort, Network World, 07/06/07
Types of attacks: Botnets
DNS cache poisoning: Hacking a DNS so that it directs people who enter legitimate URLs to the hacker's malicious Web site.
iFrames: Invisible frames capable of executing malware.
Pharming: Creating an illegitimate copy of a real Web site and redirecting traffic to the phony site to obtain information or
download malicious code.
Pretexting: Pretending to be a legitimate entity to lure people to malicious sites.
Toxic blogs: Uploading links to malicious Web sites, or when blogs support HTML or scripts, uploading malicious code or
VIRUS CATAGORY THREATS
(Antivirus products block, detect, remove)
Virus Encyclopedia Trend Micro
Virus Encyclopedia Search
Microsoft: What is a computer virus?
Microsoft: 5 steps to help avoid instant message viruses
Published: September 15, 2006
Microsoft JPEG Vulnerability
Microsoft JPEG Vulnerability and the Six New Content Security Requirements
In November 2004, a critical Microsoft security vulnerability (MS04-028) was discovered which could allow attackers to embed malicious code inside JPEG image
files. Until that time, JPEG image files were considered immune to attack. To effectively deal with this vulnerability, security and IT professionals need to
incorporate six new and critical content security requirements into their networks.
(One of first Computer Worms)
From Wikipedia, the free encyclopedia
"The Morris worm or Internet worm of November 2, 1988 was one of the first computer worms distributed via the Internet. It is considered the first worm and was certainly the first to gain significant mainstream media attention. It also resulted in the first conviction in the US under the 1986 Computer Fraud and Abuse Act. It was written by a student at Cornell University, Robert Tappan Morris, and launched on November 2, 1988 from MIT. ...."continued
Virus that changes its own code with each infection
"A metamorphic virus is one that is capable of rewriting its own code with each infection, or generation of infections, while maintaining the same functionality. The rewriting process allows each infection to appear different from others, but the changes are not supposed to affect the functionality of the code. This is intended to avoid detection by anti-malware software, but can usually be overcome via emulation or other techniques, and in many cases is deployed in a flawed manner leading to large numbers of misinfections. The complex technology required to do the rewriting is known as a metamorphic engine, and the same such engine may be implemented in several different virus variants.
The term is often used interchangeably with polymorphic virus."
ONE REASON FOR NEED OF REAL TIME PROTECTION ANTIMALWARE PRODUCTS AS OPPOSED TO JUST FREE STAND ALONE SCANNER....
(Real Time Protection products detect/block/quarantine threats)
From Wikipedia, the free encyclopedia
SEE - "Resident viruses"
"....If the virus scanner fails to notice that such a virus is present in memory the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. ...."
Glossary of Malware
Security Threat Glossary:
Socially Engineered Attack
Types of Spyware used in the West Coast Labs Test Suites
Backdoor - A Backdoor is a secret or undocumented way of gaining access to a program, online service, computer or an entire computer network. Most Backdoors
Key Loggers - A Key Logger is a type of surveillance software that has the capability to record every keystroke to a log file (usually encrypted). A Key Logger
Financials - A Financial is a program that has the capability of scanning a PC or network for information relating to financial transactions and then transmitting the
Proxies - Proxies are designed to enable an external user to use a computer for their own purposes, for example, to launch DDoS attacks or send spam, so that
Password Stealers and Crackers - A Password Stealer is a program resident on a computer, which is designed to intercept and report to an external person any
Downloaders - A downloader is a file which when activated, downloads other files on to the system without the knowledge or consent of the user, those other
Hijacker - A Hijacker is a file with the ability to change your default Internet home page and/or to create or alter other Web browser settings such as bookmarks
RATs - A Remote Access Trojan (RAT) is a piece of malware designed to run and gain access to a remote computer across a network or the Internet in order to
A Worm is an insidious program or algorithm that replicates itself over a computer network or by email system and usually performs malicious actions, such as using
up the computer's resources or distributing pornography and possibly shutting the system down. Unlike Viruses, Worms copy themselves as standalone programs
and do not attach themselves to other objects.
Common Types of Network Attacks
Eavesdropping, Data Modification, Identity Spoofing (IP Address Spoofing), Password-Based Attacks, Denial-of-Service Attack, Man-in-the-Middle Attack, Compromised-Key Attack, Sniffer Attack, Application-Layer Attack
FULL DESCRIPTIONS: http://technet.microsoft.com/en-us/library/cc959354.aspx
Unbelievable! - Windows 8 Boot Security Cracked already before released (Bootkit malware)
November 18, 2011 - bluecollarpc
Unbelievable! - Windows 8 Boot Security Cracked already before released (Bootkit malware)....
Windows 8 Boot Security Cracked
By Antone Gonsalves, CRN
An Austrian security analyst has built the first known bootkit that bypasses Windows 8â€²s defenses against installing malware while the operating system is booting.
Peter Kleissner, an independent programmer and recognized ...
( HATE TO BE I TOLD YOU SO BUT THE BLUECOLLARPC.US PREDICTED THIS THAT WINDOWS 8 BOOT UP SECURITY FEATURE WILL BE CRACKED AS FAST AS IT HITS THE STREETS..... LOOKS LIKE WE WERE A LITTLE OFF - IT HAS BEEN CRACKED EVEN BEFORE IT HIT THE STREETS ! ! ! .....LOL / This was not product bashing but based on security experience. The changes to BIOS will prove disastorous... read : )
We can expect Windows 8 to be launched sometime in mid-late 2012, however, it's too early to predict the Windows 8 release date, since it is still under development. Nevertheless, the only question that haunts each and every one of us - Will Windows 8 win the battle against Apple which it had lost several years back?
A kernel-mode rootkit variant called a bootkit is used predominantly to attack full disk encryption systems, for example as in the "Evil Maid Attack", in which a bootkit replaces the legitimate boot loader with one controlled by an attacker; typically the malware loader persists through the transition to protected mode when the kernel has loaded. For example, the "Stoned Bootkit" subverts the system by using a compromised boot loader to intercept encryption keys and passwords. More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.
The only known defenses against bootkit attacks are the prevention of unauthorized physical access to the system-a problem for portable computers-or the use of a Trusted Platform Module configured to protect the boot path.
HISTORY TO DATE.....
Windows 8 Spells Trouble for Linux, Hackintosh Users and Malware Victims
Windows 8 won't dual-boot Linux?
Microsoft, Red Hat Spar Over Secure Boot-loading Tech
Windows 8 Dual Boot Possible If 'Secure Boot' Disabled
How to change the boot order of a dual-boot Linux PC
Linux Licensing in Conflict with Secure Boot Support
FSF warns of Windows 8 Secure Boot (Sign Petition)
Linux Foundation, Canonical and Red Hat Weigh In On Secure Boot
The right to dual-boot: Linux groups plead case prior to Windows 8
Linux Foundation: Secure Boot Need Not Be a Problem
Linux Community Offers Secure Boot Ideas
Leading PC makers confirm: no Windows 8 plot to lock out Linux
Linux Advocates protest 'Designed for Windows 8â€² secure boot policy
Linux Community Counters Microsoft's Windows 8 Secure Boot Mandate
Posted in BlueCollarPC WordPress Blog. Tags: antispyware, antivirus, BIOS, bluecollarpc, bluecollarpc blog, bluecollarpc.us, boot sector malware, bootkit, botnet, computer maintenance, crimeware, Forensics, Linux, mobile security, novice user, security products, zombie. Leave a Comment Â»
New Windows 8 Security Items
Unified Extensible Firmware Interface
Hardware Design and Development for Windows 8
Unified Extensible Firmware Interface
Windows 8 "Secure Boot"
|Selection||File type icon||File name||Description||Size||Revision||Time||User|