Hacking tricks toward curity on network environments Tzer-Shyong Chen1, Fuh-Gwo Jeng 2, and Yu-Chia Liu 1
1 Department of Information Management, Tunghai University, Taiwan
2 Department of Applied Mathematics, National Chiayi University, Taiwan
E-Mail:****************.edu.tw
Abstract
Mounting popularity of the Internet has led to the birth of Instant Messaging, an up-and-coming form of Internet communication. Instant Messaging is very popular with business and individuals since it has instant communication ability. As a result, Internet curity has become a pressing and important topic for discussion. Therefore, in recent years, a lot of attention has been drawn towards Internet curity and the various attacks carried out by hackers over the Internet. People today often handle affairs via the Internet. For instance, instead of the conventional letter, they communicate with others by e-mails; they chat with friends through an instant mesnger; find information by browsing websites instead of going to the library; perform e-commerce transactions through the Internet, etc. Although the convenien
ce of the Internet makes our life easier, it is also a threat to Internet curity. For instance, a business email intercepted during its transmission may let slip business confidentiality; file transfers via instant mesngers may also be intercepted, and then implanted with backdoor malwares; conversations via instant mesngers could be eavesdropped. Furthermore, ID and password theft may lo us money when using Internet bank rvice. Attackers on the Internet u hacking tricks to damage systems while urs are connected to the Internet. The threats along with possible careless disclosure of business information make Instant Messaging a very unsafe method of communication for business. The paper divides hacking tricks into three categories: (1) Trojan programs that share files via instant mesnger. (2) Phishing or fraud via e-mails. (3) Fake Websites. Keywords:Hacking tricks, Trojan programs, Phishing, Firewall, Intrusion detection system.中华人民共和国证券法
1. Introduction
Increasingly more people are using instant mesngers such as MSN Mesnger, Yahoo! Mesnger, ICQ, etc as the media of communication. The instant mesngers transmit alphanumeric message as well as permit file sharing. During transfer, a file may be intercepted by a hacker and implanted with backdoor malware. Moreover, the e-mails urs receive every day may include Spam, advertiments, and fraudulent mail intended to trick uninformed urs. Fake website
s too are prevalent. Websites which we often visit could be counterfeited by imitating the interface and the URL of the original, tricking urs. The paper classifies hacking tricks into three categories which are explained in the following ctions.
2. Hacking Tricks
The paper divides hacking tricks into three categories: (1) Trojan programs that share files via instant mesnger. (2) Phishing (3) Fake Websites.
2.1 Trojan programs that share files via instant mesnger
Instant messaging allows file-sharing on a computer [9]. All prent popular instant mesngers have file sharing abilities, or allow urs to have the above functionality by installing patches or plug-ins; this is also a major threat to prent information curity. The communication softwares also make
it difficult for existing hack prevention methods to prevent and control information curity. Therefore, we shall discuss how to control the flow of instant messages and how to identify dangerous ur behavior.
Hackers u instant communication capability to plant Trojan program into an unsuspected program; the planted program is a kind of remotely controlled hacking tool that can conceal itlf and is unauthorized. The Trojan program is unknowingly executed, controlling the infected computer; it can read, delete, move and execute any file on the computer. The advantages of a hacker replacing remotely installed backdoor Trojan programs [1] with instant mesngers to access files are:
When the victim gets online, the hacker will be informed. Thus, a hacker can track and access the infected computer, and incessantly steal ur information.
经营时装店A hacker need not open a new port to perform transmissions; he can perform his operations through the already opened instant mesnger port.
Even if a computer us dynamic IP address, its screen name doesn’t change.
Certain Trojan programs are designed especially for instant mesngers. The Trojans can change group ttings and share all files on the hard disk of the infected computer. They can also destroy or modify data, causing data disarray. This kind of program allows a hacker access to all files on an infected computer, and thus pos a great threat to urs. The Trojan program takes up a large amount of the resources of the computer causing it to become very slow and often crashes without a
reason.
Trojan programs that access a ur computer through an instant mesnger are probably harder to detect than classic Trojan hor programs. Although classic Trojan intrudes a computer by opening a listening or outgoing port which is ud to connect to
a remote computer, a desktop firewall can effectively block such Trojans. Alternatively, since it is very difficult for the rver’s firewall to spot intrusion by controlling an instant mesnger’s flow, it is extremely susceptible to intrusion.
Prent Trojan programs have already successfully implemented instant mesngers. Some Trojan programs are Backdoor Trojan, AIMVision, and Backdoor. Sparta.C. Backdoor Trojans u ICQ pager to nd messages to its writer. AIMVision steals AIM related information stored in the Windows registry, enabling a hacker to tup an AIM ur id. Backdoor. Sparta.C us ICQ to communicate with its writer and opens a port on an infected host and nd its IP Address to the hacker, and at the same time attempts to terminate the antivirus program or firewall of the host.
2.1.1 Hijacking and Impersonation
There are various ways through which a hacker can impersonate other urs [7]. The most commonly ud method is eavesdropping on unsuspecting urs to retrieve ur accounts, passwords and other ur related information.
The theft of ur account number and related information is a very rious problem in any instant mesnger. For instance, a hacker after stealing a ur’s information impersonate the ur; the ur’s contacts not knowing that the ur’s account has been hacked believe that the person they’re talking to is the ur, and are persuaded to execute certain programs or reveal confidential information. Hence, theft of ur identity not only endangers a ur but also surrounding urs. Guarding against Internet curity problems is prently the focus of future rearch; becau without good protection, a computer can be easily attacked, causing major loss.
Hackers wishing to obtain ur accounts may do so with the help of Trojans designed to steal passwords. If an instant mesnger client stores his/her password on his/her computer, then a hacker can nd a Trojan program to the unsuspecting ur. When the ur executes the program, the program shall arch for the ur’s password and nd it to the hacker. There are veral ways through which a Trojan program can nd messages back to the hacker. The methods include instant mesnger, IRC, e-mails, etc.
Current four most popular instant mesngers are AIM, Yahoo! Mesnger, ICQ, and MSN Mesnger, none of which encrypts its flow. Therefore, a hacker
can u a man-in-the-middle attack to hijack a connection, then impersonate the hijacked ur and participate in a chat-ssion. Although difficult, a hacker can u the man-in-the-middle attack to hijack the connection entirely. For example, a ur may receive an offline message that rembles that nt by the rver, but this message could have been nt by the hacker. All at once, the ur could also get disconnected to the rver. Furthermore, hackers may also u a Denial of Service (DoS) tool or other unrelated exploits to break the ur’s connection. However, the rver keeps the connection open, and does not know that the ur has been disconnected; thus allowing the hacker to impersonate the ur. Moreover, since the data flow is unencrypted and unauthenticated, a hacker can u man-in-the-middle attacks that are similar to that of ARP fraud to achieve its purpo.
2.1.2 Denial of Service (DoS)
There are many ways through which a hacker can launch a denial of rvice (DoS) attack [2] on an instant mesnger ur. A Partial DoS attack will cau a ur end to hang, or u up a large portion of CPU resources causing the system to become unstable.
Another commonly en attack is the flooding of messages to a particular ur. Most instant mesngers allow the blocking of a particular ur to prevent flood attacks. However, a hacker can u tools that allow him to log in using veral different identities at the same time, or automatically create a large number of new ur ids, thus enabling a flood attack. Once a flood attack begins, even if the ur realizes that his/her computer has been infected, the computer will not be able to respond. Thus, the problem cannot be solved by putting a hacker’s ur id on the ignore list of your instant mesnger.
A DoS attack on an instant mesnger client is only a common hacking tool. The difficulty of taking precautions against it could turn this hacking tool into dangerous DoS type attacks. Moreover, some hacking tools do not just cau an instant mesnger client to hang, but also cau the ur end to consume large amount of CPU time, causing the computer to crash.
2.1.3 Information Disclosure
Retrieving system information through instant mesnger urs is currently the most commonly ud hacking tool [4]. It can effortlessly collect ur network information like, current IP, port, etc. IP address retriever is an example. IP address retrievers can be ud to many purpos; for instance, a
Trojan when integrated with an IP address retriever allows a hacker to receive all information related to the infected computer’s IP address as soon as the infected computer connects to the internet. Therefore, even if the ur us a dynamic IP address, hackers can still retrieve the IP address.
IP address retrievers and other similar tools can also be ud by hackers to nd data and Trojans to unsuspecting urs. Hackers may also persuade unsuspecting urs to execute files through social engineering or other unrelated exploits. The files when executed arch for information on the ur’s computer and nds them back to the hacker through the instant mesnger network.
Different Trojan programs were designed for different instant messaging clients. For example, with a ur accounts and password stealing Trojans a hacker can have full control of the account once the ur logs out. The hacker can thus perform various tasks like changing the password and nding the Trojan program to all of the ur’s contacts.
Moreover, Trojans is not the only way through which a hacker can cau information disclosure. Since data nt through instant mesngers are unencrypted, hackers can sniff and monitor entire instant messaging transmissions. Suppo an employee of an enterpri nds confidential information of the enterpri through the instant mesnger; a hacker monitoring the instant messagi
ng ssion can retrieve the data nt by the enterpri employee. Thus, we must face up to the verity of the problem.
liquids2.2 Phishing
The word “Phishing” first appeared in 1996. It is a variant of ‘fishing’, and formed by replacing the ‘f’ in ‘fishing’ with ‘ph’ from phone. It means tricking urs of their money through e-mails.
Bad on the statistics of the Internet Crime Complaint Center, loss due to internet scam was as high as $1.256 million USD in 2004. The Internet Crime Complaint Center has listed the above Nigerian internet scam as one of the ten major internet scams.
Bad on the latest report of Anti-Phishing Working Group (APWG) [8], there has been a 28% growth of Phishing scams in the past 4 months, mostly in the US and in Asia. Through social engineering and Trojans, it is very difficult for a common ur to detect the infection.
To avoid exploitation of your compassion, the following should be noted:
(1)When you need to enter confidential
regedit>bksinformation, first make sure that the
information is entered via an entirely cure
mackieand official webpage. There are two ways to
determine the curity of the webpage:
a.The address displayed on the browr
begins with , and not . Pay
attention to if the letter ‘s’ exists.
b.There is a curity lock sign on the lower
right corner of the webpage, and when
your mou points to the sign, a curity
certification sign shall appear.
(2)Consider installing a browr curity software
like SpoofStick which can detect fake websites.
(3)If you suspect the received e-mail is a Phishing
e-mail, do not open attachments attached to the
email. Opening an unknown attachment could
install malicious programs onto your computer.
(4)Do not click on links attached to your emails. It
mba考前培训班is always safer to visit the website through the
official link or to first confirm the authenticity
of the link. Never follow or click on suspicious
hdlc>什么是亚太地区links in an e-mail. It is advisable to enter the
URL at the address bar of the web browr,
and not follow the given link.
Generally speaking, Phishing [3] [5] is a method that exploits people’s sympathy in the form of aid-eking e-mails; the e-mail act as bait. The e-mails usually request their readers to visit a link that emingly links to some charitable organization’s website; but in truth links the readers to a website that will install a Trojan program into the reader’s computer. Therefore, urs should not forward unauthenticated charity mails, or click on unfamiliar links in an e-mail. Sometimes, the link could be a very familiar link or an often frequented website, but still, it would be safer if you’d type in the address yourlf so as to avoid being linked to a fraudulent website. Phisher deludes people by using similar e-mails mailed by well-known enterpris or banks; the e-mails often asks urs to provide personal information, or result in losing their personal rights; they usually contain a counterfeit URL which links to a website where the urs can fill
in the required information. People are often trapped by phishing due to inattention
Besides, you must also be careful when using a arch engine to arch for donations and charitable organizations.
2.3 Fake Websites
Fake bank websites stealing account numbers and passwords have become increasingly common with the growth of online financial transactions. Hence, when using online banking, we should take precautions like using a cure encrypted customer’s certificate, surf the net following the correct procedure, etc.
There are countless kinds of phishing baits, for instance, messages that say data expired, data invalid, plea update data, or identity verification intended to steal account ID and matching password. This type
of online scam is difficult for urs to identify. As scam methods become finer, e-mails and forged websites created by the impostor remble their original, and tremendous loss ari from the illegal transactions.
The following are methods commonly ud by fake websites. First, the scammers create a similar website homepage; then they nd out e-mails with
enticing messages to attract visitors. They may also u fake links to link internet surfers to their website. Next, the fake website tricks the visitors into entering their personal information, credit card information or online banking account number and passwords. After obtaining a ur’s information, t
he scammers can u the information to drain the bank accounts, shop online or create fake credit cards and other similar crimes. Usually, there will be a quick arch option on the fake websites, luring urs to enter their account number and password. When a ur enters their account number and password, the website will respond with a message stating that the rver is under maintenance. Hence, we must obrve the following when using online banking:
(1)Obrve the correct procedure for entering a
banking website. Do not u links resulting
合肥会计培训学校
from arches or links on other websites.
(2)Online banking certifications are currently the
most effective curity safeguard measure. (3)Do not easily trust e-mails, phone calls, and
short messages, etc. that asks for your account
number and passwords.
Phishers often impost a well-known enterpri while nding their e-mails, by changing the nder’s e-mail address to that of the well known enterpri, in order to gain people’s trust. The ‘From’ column of an e-mail is t by the mail software and can be easily changed by the web administrator. Then, the Phisher creates a fake information input website, and nd out e-mails containing a link to this fake website to lure e-mail recipients into visiting his fake website.
Most Phishers create imitations of well known enterpris websites to lure urs into using their fake websites. Even so, a ur can easily notice that the URL of the website they’re entering has no relation to the intended enterpri. Hence, Phishers may u different methods to impersonate enterpris and other people. A commonly ud method is hiding the URL. This can easily be done with the help of JavaScript.
Another way is to exploit the loopholes in an internet browr, for instance, displaying a fake URL in the browr’s address bar. The curity loophole causing the address bar of a browr to display a fake URL is a commonly ud trick and has often been ud in the past. For example, an e-mail in HTML format may hold the URL of a website of a well-known enterpri, but in reality, the link connects to a fake website.
The key to successfully u a URL similar to that of the intended website is to trick the visual ns. For example, the nder’s address could be disguid as that of Nikkei BP, and the link t to jp/ which has one k less than the correct URL which is www.nikkeibp.
co.jp/. The two URLs look very similar, and the difference barely noticeable. Hence people are easily tricked into clicking the link.
Besides the above, there are many more scams that exploit the trickery of visual ns. Therefore, you should not easily trust the given nder’s name and a website’s appearance. Never click on unfamiliar and suspicious URLs on a webpage. Also, never enter personal information into a website without careful scrutiny.
3. Conclusions
Business strategy is the most effective form of defen and also the easiest to carry out. Therefore, they should be the first line of defen, and not last. First, determine if instant messaging is esntial in the business; then weigh its pros and cons. Rules and norms must be t on ur ends if it is decided that the business cannot do without instant messaging functionality. The end rver should be able to support functions like centralized logging and encryption. If not, then strict rules must be d
rawn, and carried out by the urs. Especially, business discussions must not be done over an instant mesnger.
The paper categorized hacking tricks into three categories: (1) Trojan programs that share files via instant mesnger. (2) Phishing (3) Fake Websites. Hacking tricks when successfully carried out could cau considerable loss and damage to urs. The first category of hacking tricks can be divided into three types: (1) Hijacking and Impersonation; (2) Denial of Service; (3) Information Disclosure.
