MODULE 2

CYBER OFFENSES
 Module Outcomes
After reading this Module, the student will be able to:
o Understand the different types of Cyber attacks.
o Get an overview of the steps involved in planning Cybercrime.
o Understand the tools used for gathering information about the target.
o Get an overview of Social engineering-What and how?
o Learn about the role of cybercafés in cybercrime.
o Understand what cyberstalking Is?
o Learn about Botnets and attack vectors.

Chapter 2: Cyber Offenses: How Criminals Plan Them (TB1: Page 45-75)
The topics to be covered in this module are
2.1 Introduction
2.2 How do criminals plan the attacks?
2.3 Social Engineering
2.4 Cyber Stalking
2.5 Cybercafe & cybercrimes
2.6 Botnets: The fuel for cybercrime
2.7 Attack Vector

2.1 Introduction:
o Technology is a “double-edged sword” as it can be used for both good
and bad purposes.
o People with the tendency to cause damage or carry out illegal activities
will use it for bad purposes.
o Computers and tools available in IT are also used as either targets of
offence or means for committing an offence.
o The Criminals take advantage of the widespread lack of awareness
about cyber crimes and cyber laws among the people who are
constantly using the IT infrastructure for official and personal purposes.

o Some more terminologies related to Cybercrime.***

(1). Hacker (2). Brute Force Hacking (3). Cracker (4).Cracking
(5). Cracker tools (6). Phreaking (7). War dialer
(1). Hacker
o A hacker is a person skilled in information technology who achieves goals
by non-standard means.
o Hackers are very talented, smart people who understand computers better
than others.
o A hacker is a person with a strong interest in computers who enjoys
learning and experimenting with them.
o The reasons for hacking can be many: installing malware, stealing or
destroying data, disrupting service, and more.
o Hacking can also be done for ethical reasons, such as trying to find
software vulnerabilities so they can be fixed.

(2). Brute Force Hacking

o A brute force attack is a hacking method that uses trial and error to crack
passwords, login credentials, and encryption keys.
o It is a technique used to find passwords or encryption keys.
o Brute force hacking involves trying every possible combination of letters,
numbers, etc. until the code is broken.
o It is a simple yet reliable tactic for gaining unauthorised access to
individual accounts and organisations’ systems and networks.

(3). Cracker
o A Cracker is a person who breaks into computers. Crackers should not be
confused with hackers.
o The main difference between a hacker and a cracker is their motivations
and intentions.
o The term "cracker” is usually connected to computer criminals. Some of
their crimes include vandalism, theft and snooping in unauthorised areas.

(4). Cracking
o It is the act of breaking into computers.
o Many sites are devoted to supplying crackers with programs that allow
them to crack computers.
o Some of these programs contain dictionaries for guessing passwords.
These sites usually display warnings such as “These files are illegal; we
are not responsible for what you do with them.”
(5). Cracker tools
o These are programs that’ break into a computer.
o These are widely distributed on the internet. Like password crackers,
Trojans, Viruses, war dialers and worms
(6). Phreaking:
o This is the notorious art of breaking into phones or other communication
systems.
o Phreaking is a type of hacking that involves manipulating telephone
networks to make free calls or gain unauthorized access to systems.
o Phreaking sites on the Internet are popular among crackers and other
criminals.

(7). War dialer:

o It is a program that automatically dials phone numbers looking for
computers on the other end.
o It is a technique to automatically scan a list of telephone numbers, usually
dialling every number in a local area code.
o It catalogues numbers that the hackers can call back and try to break in.

 Network vulnerabilities for Cyber Attack***(June/July 24-10M)

o A network vulnerability is a weakness or flaw in software, hardware, or
organizational processes, which when compromised by a threat, can result
in a security breach.
o An attacker would look to exploit the vulnerabilities in the networks, most
often so because the networks are not adequately protected.
o Categories of vulnerabilities that hackers typically search for are

1. Inadequate network border protection: Many workstations are

connected together and employees install the PC without a password. The
poor password allows the guessing of passwords easily.
2. Remote Access Servers (RASs) with weak access controls: These
devices are all connected to the network. A firewall protects the PC by
reporting suspicious activity when the administrator fails to monitor the
Intrusion Detection System (IDS) alerts. The IDS is a system that
monitors network traffic for unusual activity and alerts administrators
when such activity is detected.
 3. Application servers with well-known exploits: Administrator fails
to install a patch to fix the BIND Vulnerability. Web admins tarator fails to
install patch to fix IIS Unicode vulnerability
4. Misconfigured systems and systems with default configurations:
The router that is misconfigured is highly vulnerable to DoS attack.
o Following Fig 2.1 explains the network vulnerabilities. It consists of many
workstations. These workstations are connected by a switch. The intern
switch is connected to the Citrix server and applications servers.
o The clinical data is analyzed and intern connected to the switch.
• BIND: Berkely Internet Name Domain
• IDS: Intrusion Detection System
• IIS: Internet Information Service
• DNS: Domain Name Service

Fig 2.1: Network vulnerabilities-Sample network

 Hat concept in cyber security:*** There are FOUR different hat concepts
used in cyber security
1. Black Hat:
o A black hat is also called a cracker. These are the bad guys.
o Black hats may also share information about the “break-in” with other black hat
crackers so they can exploit the same vulnerabilities before the victim becomes
aware and takes appropriate measures.
 2. White Hat:
o White black hats use their skill for malicious purposes, white hats are ethical
hackers.
o They use their knowledge and skill to thwart the black hats and secure the
integrity of computer systems or networks.
o If a black hat decides to target you, it’s a great thing to have a white hat around.
White hat focuses on securing IT systems.
o Whereas black hat would like to break into them. It's like a thief and police game.
3. Brown Hat:
o A hacker thinks before acting or committing a malice or non-malice deed.
4. A Grey Hat:
o Commonly refers to a hacker who releases information about any exploits or
security holes he/she finds openly to the public.

 Categories of Cybercrime: Cybercrime can be categorized based on the following:

1. The target of the crime
2. Whether the crime occurs as a single event or as a series of events.
1. The target of the crime: It includes
a. Crimes targeted at Individuals
o The goal is to exploit human weakness such as greed and naivety.
o These crimes include financial fraud, sale of non-existent or stolen items, child
pornography, copyright violation, harassment, etc.
o These crimes difficult to trace and apprehend the criminals
b. Crimes targeted at Property:
o These include staling mobile devices such as cell phones, laptops, personal
digital assistants (PDAs), and removable media (CDs and pen drives).
o Transmitting harmful programs that can disrupt functions of the systems
and/or can wipe out data from hard disk.
o It can create the malfunctioning of the attached devices in the system such as
a modem, CD drive etc.,
c. Crimes targeted at Organizations
o Cyberterrorism is one of the distinct crimes against organizations/governments.
o Attackers (individuals or groups of individuals) use computer tools and the
Internet to usually terrorize the citizens of a particular country by stealing the
private information and also to damage the program files
o They plant programs to get control of the network system.
 2. Whether the crime occurs as a single event or as a series of events.
a. Single event of Cybercrime:
o It is also called hacking or fraud.
o It is a single event from the perspective of the victim.
o Ex. Unknowingly open an attachment that may contain a virus that will infect
the system (PC/Laptop). It is known as hacking or fraud.
b. Series of events of Cybercrime:
o It is also referred to as Cyberstalking.
o This involves the attacker interacting with the victims repetitively.
o Example, attacker interacts with the victim on the phone and/or via chat
rooms to establish relationship first and then exploit that relationship to
commit sexual assault. Ex. Cyberstalking

2.2 How Criminals Plan the Attacks ***

o Criminals use many methods and tools to locate the vulnerabilities of their target.
o The target can be an individual and/or an organization.
o Criminals plan passive and active attacks
o Active attacks are usually used to alter the system (i.e., computer network) whereas
passive attacks attempt to gain information about the target.
o Active attacks may affect the availability, integrity and authenticity of data whereas
passive attacks lead to violation of confidentiality

 Phases involved in planning Cybercrime: (Jan-2024-10M)

Phase 1: Reconnaissance (Information gathering), Phase 1 is treated as a passive
attack.
Phase 2: Scanning and scrutinizing the gathered information, for validity of the
information as well as to identify the existing vulnerabilities
Phase 3: Launching an attack and Gaining and maintaining the system access.

2.2.1 : Reconnaissance (Information Gathering):(June/July-2024-10M)

o The literal meaning of “Reconnaissance” is an act of finding something or somebody
(gaining information about the enemy or potential enemy)

o In the world of "hacking," the reconnaissance phase begins with footprinting - this is
the preparation toward the preattack phase, and involves accumulating data about
the target environment and computer architecture to find ways to intrude into that
environment.
 o The objective of this preparatory phase is to understand the system footprint, its
networking ports and services, and any other aspects of its security that are needed
for launching the attack.

o Footprinting gives an overview of system vulnerabilities and provides a judgment

about possible exploitation of those vulnerabilities.

o Attackers gather the information in phases: Passive and Active attacks.

2.2.2 Passive attack (June/July-2024-10M)

o Passive attack involves gathering information about the target without his/her (either
individuals or companies) knowledge. It can be as simple as watching a building to
identify what time employees enter the building premises.
o Passive Attacks are the type of attacks in which, the attacker observes the content of
messages or copies the content of messages.
o Passive Attack is a danger to Confidentiality. Due to passive attack, there is no harm
to the system.
o Surfing online community groups to gain information about an individual or
organization website for personal direction or information about the key employees.

o Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain
information about the company or employees.

2.2.3 Active Attacks: (June/July-2024-10M)

o Active attacks are the type of attacks in which, The attacker efforts to change or
modify the content of messages.

o Active Attack is dangerous to Integrity as well as availability. Due to active attack

system is always damaged and System resources can be changed.

o The key point is that in an active attack, the victim is informed about the attack.
o An active attack involves probing the network to discover individual hosts to confirm
the information (IP address, OS type etc) gathered in the passive attack phase.
 o It can provide confirmation to an attacker about security measures in place (Whether
the front door is locked?)

 Difference between passive and active attacks with examples:

(June/July-2024-10M, Jan-24-10M, Feb-2023-10M)

Active Attacks Passive Attacks

In an active attack, Modification in While in a passive attack, Modification in the

information takes place. information does not take place.
Active Attack is a danger
Passive Attack is a danger to Confidentiality.
to Integrity as well as availability.
In an active attack, attention is on
While in passive attack attention is on detection.
prevention.
Due to active attacks, the execution Due to passive attack, there is no harm to the
system is always damaged. system.
In an active attack, Victim gets In a passive attack, the Victim does not get
informed about the attack. informed about the attack.
In an active attack, System resources While in passive attack, System resources are
can be changed. not changing.
While in a passive attack, information and
Active attack influences the services of
messages in the system or network are
the system.
acquired.
In an active attack, information While passive attacks are performed by
collected through passive attacks is collecting information such as passwords, and
used during execution. messages by themselves.
An active attack is tough to restrict from Passive Attack is easy to prohibit in comparison to
entering systems or networks. active attack.
Can be easily detected. Very difficult to detect.
The purpose of an active attack is to The purpose of a passive attack is to learn about
harm the ecosystem. the ecosystem.
In an active attack, the original In passive attack original information is
information is modified. Unaffected.
The duration of an active attack is
The duration of a passive attack is long.
short.
The prevention possibility of active The prevention possibility of passive attack is
attack is High low.
The purpose of an active attack is to The purpose of a passive attack is to learn about
harm the ecosystem. the ecosystem.
In an active attack, the original In passive attack original information is
information is modified. Unaffected.

2.2.4 Scanning and scrutinizing the gathered information

o Scanning is a key step to examine intelligently while gathering information about the
target.
o The objectives of scanning are as follows:
1. Port scanning: Identify open/closed ports and services.
2. Network scanning: Understand IP Addresses and related information about the
computer network systems.
3. Vulnerability scanning: Understand the existing weaknesses in the system
  Port and Port scanning:
o Port is an interface on a computer in which one can connect a device. A Port is a
path where the data communicates between network and devices. Three types of
ports are used in the internet for data communication
(1). Well-known ports (Ports No. 1 to 1023)
(2). Registered ports
(3). Dynamic and/or private ports

o Port scanning is an act of systematically scanning a computer port. A Port is a

place where information goes into and out of a computer port scanning identifies
open doors to a computer. It is similar to a test going through your
neighbourhood and checking every door and window in each house to see which
ones are open and which ones are locked. There is no way to stop someone from
port scanning your computer while you are on the Internet because accessing
Internet servers opens support which opens the door to your computer.

 Scrutinizing Phase
o It is also called as enumeration in the hacking world. The object behind the step is
to identify the following

1. The valid user accounts or groups

2. Network resources and/or shared resources

3. Operating System (OS) and different applications that are running on the OS.
o In this phase validate the information as well as identify the existing
vulnerabilities. After collecting the data on the victim, validate the acquired
information and also identify the vulnerabilities.

2.2.5 Attack (Gaining and maintaining the system access ).

o After scanning and scrutinizing (enumeration) the attack is launched using the
following steps.
1. Crack the password

2. Exploit the privileges

3. Execute the malicious command or application

4. Hide the files

5. Cover the tracks- delete access logs, so that there is no trial illicit activity
2.3 Social Engineering (June/July-2024-10M, Feb-2023-10M)
o Social engineering is a cybersecurity tactic that involves manipulating people into
sharing sensitive information or taking actions that compromise their security.

o Attackers use psychological manipulation and human behaviour, rather than technical
know-how, to gain the victim's trust

o Social engineers exploit the natural tendency of a person to trust social engineers’
word, rather than exploiting computer security holes.
o The goal of a social engineer is to fool someone into providing valuable information or
access to that information.
o Social engineer studies human behaviour so that people will help because of the
desire to be helpful, the attitude to trust people, and the fear of getting into trouble
o A social engineer usually uses telecommunication (i.e., telephone and/or cell phone)
or the Internet to get them to do something that is against the security practices
and/or policies of the organization.
o An example is calling a user and pretending to be someone from the service desk
working on a network issue; the attacker then proceeds to ask a question about what
the user is working on, what file shares he/she uses, what his/her password is and so
on.

o Example: Talking to an employee of a company, in the name of technical support

from the same office. While talking with the employee the attacker will collect
confidential information such as the name of the company, username and password

2.3.1 Classification of Social Engineering*** (Feb-2023-10M)

Classification of Social Engineering

Human-Based Social Engineering Computer-Based Social Engineering

A. Human-Based Social Engineering:Human-based social engineering refers to

person-to-person interaction to get the required/desired information. An example is
calling the help desk and trying to find out a password.
1. Impersonating an employee or valid user:
o Impersonation" (e.g.... posing oneself as an employee of the same
organization) is perhaps the greatest technique used by social engineering
(SE) to deceive people.
 o SE takes advantage of the fact that most people are helpful, so they are
harmless to tell someone who appears to be lost where the computer room is
located. Or pretending someone is as employee or a valid user on the system.
2. Posing as an important user:
o The attacker pretends to be an important user for example a chief Executive
Officer (CEO) or high-level manager who needs immediate assistance to gain
access to a system.
o They think that low-level employees don’t ask about the proof or questions to
the higher level employees.
3. Using a third person:
o An attacker pretends to have permission from an authorized source to use a
system.
o This trick is useful when the supposed authorized personnel is on vacation or
cannot be contacted for verification.
4. Calling technical support:
o Calling technical support for assistance is a classic social engineering example.
o Help-desk and technical support personnel are trained to help users, which
makes them good prey for Social Engineering attacks.
5. Shoulder surfing:
o It is a technique of gathering information such as usernames and passwords by
watching over a person's shoulder while he/she logs into the system, thereby
helping an attacker to gain access to the system.
6. Dumpster diving:
o it is used to describe the practice of rummaging through commercial or
residential trash to find useful free items that have been discarded.
o It is also called dumpstering, binning, trashing garbing or garbage gleaning
"Scavenging is another term to describe these habits.
o Example: gong through someone's trash for to recover documentation of
his/her critical data [ e.g., social security number (SSN) in the US, PAN/AADHAR
number in India, credit card identity (ID) numbers, etc.].

B. Computer-based Social Engineering: It uses computer software/Internet to get the

required/ desired information.
1. Fake E-Mails:
o An attacker sends emails to numerous users in such that the user finds it as
legitimate mail. This activity is called as Phishing. Free websites are available to
 send fake emails. One can observe here that "To" in the text box is a blank
space.
o Phishing involves false emails, chats or websites designed to impersonate real
systems to capture sensitive data.
o A mail might be sent to victims (Internet users/ Netizens) by an attacker to
reveal their personal information. Phishing is carried through email or instant
messaging.
2. E-Mail attachment:
o E-Mail attachments are used to send malicious code to a victim's system, which
will automatically (e.g. keylogger utility to capture passwords) get executed.
o Viruses. Trojans and worms can be included cleverly into the attachments to
entice a victim to open the attachment.
3. Pop-up windows:
o in a similar manner to e-mail attachments Pop-up
o windows with special offers or tree stuff can encourage a user to unintentionally
install malicious software.

2.4 Cyber Stalking***(Jan-2024-10M, Feb-2023-10M)

o cyberstalking is the use of Internet or other electronics means to stalk or harass an
individual, a group or an organization. It may include false accusation, defamation,
slander and liable.
o It also include monitoring, identity (ID) theft, threats, vandalism, solicitation of
minors for sex, or gathering information that may be used to threaten or harass a
person.
o It refers to the use of Internet or electronic communication such as e-mail or instant
messages to harass the individual.

2.4.1 Types of Stalkers: Basically of two types of stalkers

1. Online stalkers:
o They aim to start the interaction with the victim directly with the help of Internet.
o E-Mail and chat rooms are the most popular communication medium to get
connected with the victim, rather than using traditional instrumentation like
telephone cell phone.
o stalker makes sure that the victim recognises the attack attempted on him/her.
o The stalker can use a third party to harass the victim.
 2. Offline stalkers
o The stalker may begin the attack using traditional methods such as following the
o victim, watching the daily routine of the victim, etc. Searching on message
boards/newsgroups. Personal websites and people finding services or websites are
the most common ways to gather information
o about the victim using the Internet. The victim is unaware that the Internet has
been used to perpetuate an attack against them.

 Both are criminal offences, both are motivated by a desire to control, intimidate or
influence a victim.
 A Stalker may be an online stranger or a person whom the target knows. He may be
anonymous and solicit the involvement of other people online who do not even know
the target.

2.4.2 Cases reported on Cyberstalking

o The majority of cyberstalkers are men and the majority of their victims are women.
o Some cases also have been reported where women act as cyberstalkers and men as
the victims as well as cases of same-sex cyberstalking.
o In many cases, the cyber stalker and victim hold prior relationship, and the
cyberstalking begins, when the victim attempt to breakoff the relationship.ex,
lover,ex-spouses,boss/subordinate and neighbours.

2.4.3 How stalking works ?***(Jan-2024-10M)

o The working of stalking is discussed in the below seven steps
1. Personal information gathering about the victim.

2. Established a contact with the victim through telephone or cell phone start
threatening or harassing.

3. Establish contact with the victim through email.

4. Keep sending repeated emails asking for various kinds of favors or threaten
the victim.

5. Post victim's personal information's on any website related to illicit services.

6. Who so ever comes across the information start calling the victim on the given
contact details asking for sexual services.

7. Some stalkers may Subscribe/Register email account of the victim to

innumerable pornographic and sex sites, because of which victim will start
receiving such kinds of unsolicited e-mails.
2.4.4 Real life incident on cyberstalking: Casestudy : The Indian police have
registered first case of cyberstalking in Delhi- the brief account of the case has
been mentioned here. To maintain the confidentiality and privacy of the entities
involved, we have changed their names.
o Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours from as far away
as Kuwait, Cochin, Bombay, and Ahmadabad.
o The said calls created havoc in the personal life destroying mental peace of Mrs.
Joshi who decided to register a complaint with Delhi Police.
o A person was using her ID to chat over the Internet at the website
www.mirc.com, mostly in the Delhi channel for four consecutive days.
o This person was chatting on the Internet, using her name and giving her address,
talking in obscene language.
o The same person was also deliberately giving her telephone number to other
chatters encouraging them to call Mrs. Joshi at odd hours.
o This was the first time when a case of cyberstalking was registered.
o Cyberstalking does not have a standard definition but it can be defined to mean
threatening, unwarranted behaviour, or advances directed by one person toward
another person using Internet and other forms of online communication channels
as medium.

2.5 Cybercafe and Cybercrimes

o An Internet café or Cybercafé is a place that provides internet access to the public
usually for a fee.
o According to Nielsen Survey on the profile of Cybercafe users in India:
1. 37% of the total population uses cybercafes
2. 90% of this word is male in the age group of 15 to 35 years
3. 52% of graduates and postgraduates
4. > than 50% were students
o Hence it is extremely important to understand the IT security and governance
practice in the cyber café. In the past several years, many instances have been
reported in India, where cybercafes are known to be used for either real or false
terrorist communication and stealing bank passwords and subsequently fraudulent
withdrawal of money also happened through cybercafes. Cybercafes have also been
used regularly for sending obscene emails to harass people.
o Public computers, usually referred to as the systems, available in cybercafes, hold
TWO types of risk
 - First, we do not know what programs are installed on the computer – that is, risk of
malicious programs such as keyloggers or Spyware, which may be running in the
background that can capture the keystrokes to know the passwords and other
confidential information and/or monitor the browsing behaviour.
- Second, over-the-shoulder surfing can enable others to find out your passwords.
Therefore, one has to be extremely careful about protecting his/her privacy on such
systems, as one does not know who will use the computer after him/her.

 Illegal activities observed in cybercafes.


 o As per the survey done in the metropolitan cities' cybercafes, the following facts
have been observed.
1. Pirated software's operating system used to browse the internet.

2. Anti-virus software not updated.

3. Cybercafes have installed deep freeze software to protect computers from

prospective malware attacks. This software clears all the activities carried out
details when then press the restart button, hence the problem for police or crime
investigators to search the victim.

4. Annual Maintenance Contract (AMC) found to be not in place for serving

computers.
5. Cybercriminals can install malicious code for criminal activities.
6. Pornographic websites and similar websites with indecent content are not blocked.
7. Cybercafe Owners have less awareness about IT security and IT Governance.
8. Government /ISPs/State Police (cyber-Cell wing) do not provide IT Governance
guidelines to cybercafé owners
9. No periodic visits to Cyber Cafe by the cyber-cell wing (state Police) or Cybercafe
Association.
 Safety and security measures while using the computer in a cybercafe
1. Always logout do not save login information.
o While checking E-Mails or logging into chatting services such as instant messaging or
using any other service that requires a username and a password, always click
"logout or sign out" before leaving the system.
o Simply closing the browser window is not enough, because if some body uses the
same service after you then one can get an easy access to your account.
o However, do not save your login information through options that allow automatic
login. Disable such options before logon
2. Stay with the computer
o While surfing/browsing, one should not leave the system unattended for any period.
If one has to go out, log in and close all browser windows.
3. Clear history and temporary files
o Internet Explorer saves pages that you have visited in the history folder and
temporary Internet files.
o Your passwords may also be stored in the browser if that option has been enabled on
the computer that you have used. Therefore, before you begin browsing, do the
following in case of the browser Internet Explorer: Go to Tools> Internet options
click the Content tab > click AutoComplete. If the checkboxes for passwords are
selected, deselect them. Click OK twice.
o After you have finished browsing, you should clear the history and temporary
Internet files folders.
o For this, go to Tools > Internet options again> click the General tab go to Temporary
Internet Files > click Delete Files and then click Delete Cookies
4. Be alert don't be a victim of Shoulder Surfing
o One should have to stay alert and aware of the surroundings while using a public
computer.
o Snooping over the shoulder is an easy way of getting your username and password.
5. Avoid online financial transaction
o Ideally one should avoid online banking, shopping or other transactions that require
one to provide personal, confidential and sensitive information such as credit card or
bank account details. In case of urgency, one has to do it; however, one should take
the precaution of changing all the passwords as soon as possible.
o One should change the passwords using a more trusted computer, such as at home
and/or in the office.
6. Change password
o ICICI Bank/SBI about changing the bank account/transaction passwords is the best
practice to be followed by everyone who does online net banking.
7. Virtual Keyboard
o Nowadays almost every bank has provided the virtual keyboard on their website.
o The advantage of utilizing a virtual keyboard is we can avoid the keylogger attack.
8. Security warnings
o One should take utmost care while accessing the websites of any banks/financial
institution.
2.6 Botnets: The Fuel for Cybercrime *** (Jan-2024-10M)

 Botnet
o The dictionary meaning of Bot is “(computing) an automated program for doing
some particular task, often over a network.”
o Botnet is a term used for the collection of software robots, or Bots, that run
autonomously and automatically.
o The term is often associated with malicious software but can also refer to the
network of computers using distributed computing software.
o In simple terms, a Bot is simply an automated computer program One can gain
control of a computer by infecting it with a virus or other Malicious Code that
gives access.
o Botnets are often used to conduct a range of activities, from distributing Spam
and viruses to conducting denial-of-service (DoS) attacks.

 Botnets create business and are used for gainful purposes. (Jan-2024-10M)

Figure 2.2 Botnets used for gainful purpose

 Terminologies related to botnet:

1. Malware: It is malicious software. designed to damage a computer system without
the owners informed consent. Viruses and worms are examples of malware.
2. Adware: It is advertising-supported software. which automatically plays, displays, or
downloads advertisements to a computer after the software is installed on it or while
the application is being used. Few spywares are classified as adware.
3. Spam: It means unsolicited or undesired E-Mail messages
 4. Spamdexing: It is also known as search Spam or search engine Spam. It involves
several methods. such as repeating unrelated phrases, to manipulate the relevancy
or prominence of resources indexed by a search engine in a manner inconsistent with
the purpose of the indexing system
5. DDoS: A distributed denial-of-service attack (DDoS) occurs when multiple systems
flood the bandwidth of resources of a targeted system, usually one or more web
servers. These systems are by attackers using a variety of methods.

 Steps to secure the computer system***


 1. Use antivirus and anti-spyware and keep it up-to-date
o lt is important to remove and/or quarantine the viruses. The settings of this
software should be done during the installations so that this software gets
updated automatically daily.
2. Set the OS to download and install security patches automatically
o OS companies issue security patches for flaws that are found in these systems.
3. Use firewall to protect the system from hacking attacks, while it is connected
to the Internet.
o A firewall is software and/or hardware that is designed to block unauthorized access
while permitting authorized communications. It is a device or set of devices
configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer
traffic between different security domains based upon a set of rules and other
criteria. A firewall is different from antivirus protection.
4. Disconnect the internet when not in use
o Attackers cannot get into the system when the system is disconnected from the
Internet. Firewall, antivirus, and anti-spyware software are not foolproof mechanisms
to get access to the system
5. Don’t trust free downloads, download freeware from trustworthy websites.
o It is always appealing to download free software(s) such as games, file-sharing
programs, customised toolbars, etc. However, one should remember that many free
software(s) contain other software, which may include Spyware
6. Check your inbox and sent items regularly for those messages you did not
send.
o If you do find such messages in your outbox, it is a sign that your system may have
been infected with Spyware, and maybe a part of a Botnet. This is not foolproof;
many spammers have learned to hide their unauthorised access.
 7. Take immediate action if the system is infected.
o If your system is found to be infected by a virus, disconnect it from the Internet
immediately. Then scan the entire system with fully updated antivirus and anti-
spyware software. Report the unauthorized accesses to ISP and to the legal
authorities. There is a possibility that your passwords may have been compromised in
such cases, so change all the passwords immediately.

2.7 Attack Vector***(June/July-2024-10M, Feb-2023-10M)

o An “attack vector” is a path, in which an attacker can gain access to a computer or to
a network server to deliver a payload or malicious outcome.
o Attack vectors enable attackers to exploit system vulnerabilities, including the human
element.
o Attack vectors include viruses, E-Mail attachments, webpages, pop-up windows,
instant messages, chat rooms, and deception.
o To some extent, firewalls and antivirus software can block attack vectors. However,
no protection method is attack-proof

 Different attacks launched with attack vector***: (Feb-2023-10M)

The attack vectors described here are how most of them are launched.
1. Attack by E-Mail: Hostile content can be included in the message or link, and
sometimes both methods are used. If a message doesn’t affect you, the attachment
might. Any link that seems enticing is suspicious.
2. Attachments (and other files): Malicious attachments install malicious computer
code. The code could be a virus, Trojan Horse, Spyware, or any other kind of
malware. Attachments attempt to install their payload as soon as you open them.
3. Attack by deception: Deception targets users as vulnerable entry points. Alongside
malicious code, social engineering and hoaxes are key attack vectors.
4. Hackers: Hackers/crackers are a formidable attack vector because, unlike ordinary
Malicious Code, people are flexible and they can improvise. They have hacking tools,
heuristics, and social engineering to gain access to computers and online accounts.
They often install Trojan Horse to commandeer the computer for their use.
5. Heedless guests (attack by webpage): Counterfeit websites imitate legitimate
ones to steal personal information. Users may unknowingly give away sensitive
details like their address and credit card information. These sites often accompany
spam, which directs users to them. Pop-up windows may also install spyware or other
malicious software.
6. Attack of the worms: Worms can be sent as email attachments or exploit
vulnerabilities in network protocols directly. Remote access services, like file sharing,
are often vulnerable. While firewalls typically block these worms, many still manage
to install Trojan Horses.
7. Malicious macros: Microsoft Word and Microsoft Excel are some of the examples
that allow macros. A macro does something like automating a spreadsheet, for
example. Macros can also be used for malicious purposes. All Internet services like
instant messaging, Internet Relay Chart (IRC), and P2P file-sharing are more
vulnerable to hostile exploits
8. Foistware (sneakware): Foistware is deceptive software that secretly adds hidden
components to a system. The most common type is spyware, which is usually
bundled with attractive applications. It can also hijack your browser, redirecting you
to unwanted "revenue opportunities.
9. Viruses: These are malicious computer codes that hitch a ride and make the
payload. Nowadays, virus vectors include E-Mail attachments, downloaded files,
worms, etc

 A zero-day attack
o A zero-day attack or threat is an attack that exploits a previously unknown
vulnerability in a computer application or operating system, one that developers
have not had time to address and patch.
o Software vulnerabilities may be discovered by hackers security companies or
researchers, by the software vendors themselves or by users.
o If discovered by hackers, an exploit will be kept secret for as long as possible and
will circulate only through the ranks of hackers, until software or security
companies become aware of it or the attacks targeting it.
o Zero-day emergency response team (ZERT): This is a group of software engineers
who work to release non-vendor patches for zero-day exploits. Nevada is
attempting to provide support with the Zero-day Project at
www.zerodayproject.com, which purports to provide information on upcoming
attacks and support to vulnerable systems
 MODEL 2: VTU SEE QUESTIONS

 June/July-2024

 Dec 2023/Jan-2024

 Jan/Feb 2023