Java Reference
In-Depth Information
2.3.3 The 1990s
he 1990s saw a great rise in Internet security incidents. New attacks and new exploits were being
discovered. Hack tools and information became easy to procure. he spread of the Internet was
also greater during this period. he emerging trend in the 1990s saw the coming of attacks aimed
at monetary gain and inancial theft. he 1990s saw the coming of email viruses, Internet worms,
and a phenomenon we know as
phishing
. One famous phishing attack was the Kevin Mitnick
attack, where the attacker, Kevin Mitnick, broke into systems using IP spooing and insecure
services to steal 20,000 credit card numbers. Mitnick was arrested and jailed for his acts, but his
supporters ended up defacing several popular Web sites in protest. Russian hackers broke into
Citibank's systems to transfer more than $10 million from customer accounts.
2.3.4 The 2000s-Present Day
he 2000s have seen more than its fair share of simple and sophisticated attacks, each caus-
ing serious damages to organizations in terms of resources and reputation. Yahoo, Amazon, and
Microsoft were forced to go oline because of
Denial of Service attacks
*
caused by a group of attack-
ers planning a concentrated attack on these Web sites. he 2000s also saw the rise of the phishing
phenomenon, where bogus emails that faked legitimate Web sites like PayPal, eBay, and Amazon
were sent out to several unsuspecting email recipients who, upon clicking the link in the emails
or providing their data based on what was speciied in the email, had their account information
stolen, giving attackers access to inancial and other sensitive information. Phishing was also car-
ried out in ways where the attackers sent emails to unsuspecting email recipients, imitating a bank
or a lending institution, and managed to capture credit card information and account informa-
tion. Over the past few years we have also seen the rise of
bots
.
Worms
†
and
viruses
‡
were much
more stealthy and sophisticated at this time.
Sobig
§
was one of the most pernicious email worms
out there; it was a mass-emailing, network-aware worm that mailed itself to all emails found
*
A Denial of Service attack is an attempt by an attacker to exploit a vulnerability that renders the system unus-
able to the legitimate users of the system. A Denial of Service attack afects the availability of the system to its
legitimate users.
†
A worm is a self-replicating computer program that spreads over a network. A worm essentially is exploit code
designed to exploit vulnerability in an operating system or a software platform like a Web server, an application
server, or a database. A worm difers from a virus in that it can run all by itself without having the parasitic
characteristics of a virus (which needs a parent ile to infect and run). he best defense against worms is updat-
ing patches regularly provided by application and operating system vendors.
‡
A virus is a computer program that spreads from one ile to another on a computer. A virus attaches itself
to an executable ile and then spreads over all the iles in the computer. A virus requires a larger amount of
human interaction to spread. A virus usually spreads across networks with emails, USB drives, and infected
media like CDs or loppies. he best defense against viruses is the use of antivirus software with updated virus
signatures.
§
Sobig is a mass emailing worm, which had self-replicating code in email attachments. Once the worm down-
loaded into the computer, it searched for emails in the hard drive from speciic iles and emailed each and every
one of them. he virus was polymorphic in nature to avoid being detected by antivirus software. One of the
variants of the Sobig worm even installed proxy software on the computer, allowing the computer to be used as
a backdoor for spammers to operate. Sobig's targets were Windows users.
Search WWH ::
Custom Search