Usually installed by user clicking on malicious file attachments or downloads. Virus - self-replicating program that reproduces by attaching copies of itself into other executable code. Log file can be found at c:\windows\system32\sigverif.txt. SIGVERIF - build into Windows to verify the integrity of the system. Tripwire - integrity verifier that can act as a HIDS in protection against trojans. Msconfig - Windows program that shows all programs set to start on startup. Process Explorer - Microsoft tool that shows you everything about running processes. netstat -b - displays all active connections and the processes using them. netstat -an - shows open ports in numerical order. Offers DNS forwarding, port mapping and forwarding and proxying. Can connect over TCP or UDP, from any port. From attack machine nc -l -p 5555 opens a listening port on 5555. Provides all sorts of control over a remote shell on a target. Covert Channel Tunneling Trojan (CCTT) - a RAT trojan creates data transfer channels in previously authorized data streams. Command Shell Trojan - Provides a backdoor to connect to through command-line access. Trojans are means of delivery whereas a backdoor provides the open access. To hackers, it is a method to gain and maintain access to a system. 
Trojans - software that appears to perform a desirable function but instead performs malicious activity.Exploit Kits - help deliver exploits and payloads.Packers - use compression to pack the executable which helps evage signature based detection.
Crypters - use a combination of encryption and code manipulation to render malware undetectable to security programs.Wrappers - programs that allow you to bind an executable to an innocent file.Covert Channels - used to transport data in unintended ways.Overt Channels - legitimate communication channels used by programs.Most is downloaded from the Internet with or without the user’s knowledge.Malware - software designed to harm or secretly access a computer system without informed consent.
0 kommentar(er)
