Who Attacked your PCs & Solution by Antivirus Software

     

Who Attacked your PCs & Solution by Antivirus Software

Below you will find a list of the most common attacks that we face daily on the Internet, ordered by types:

Scan (Search):

Scanning, as a method of discovering potentially exploitable communication channels, has been in use for a long time. The idea is to scan as many listening ports as possible, and save information on those that are receptive or useful for each particular need.
There are different types of Scanning according to the techniques, ports and protocols exploited:

 

·         TCP connect scanning - Basic way to scan TCP ports to find open ports to enter.

·    TCP SYN scanning: simulates a client-server connection in which a SYN packet is sent, if it receives a response, communication is cut and that port is registered as open. 

·    TCP FIN Scanning- Stealth Port Scanning: similar to the previous one but more clandestine.

·    Fragmentation scanning: modification of the previous ones, but fragmenting the packages.

·  Eavesdropping-packet sniffing: intercepts packets from the network without modifying them to, for example, find out passwords.

·  Snooping downloading: same as above, but also intercepts files that can be downloaded.

 

Authentication attacks:

This type of attack aims to deceive the victim's system to enter it, for this the attacker makes identity theft. Generally, this deception is carried out by taking the sessions already established by the victim or by obtaining their username and password.

 

·     Spoofing-Looping: consists of impersonating someone else and then taking actions on their behalf. There are several types such as IP spoofing, DNS, WEB etc.

·      Web Spoofing (Phishing): the attacker creates a fake website similar to the original, allowing to find out from the victim's data to bank codes.

·     IP Splicing-Hijacking: consists of impersonating an authorized user when he identifies himself.

·         Using Back Doors: allows you to bypass normal authentication methods.

·    Use of Exploits: they take advantage of hardware or software failures to enter the system.

·    Obtaining Passwords: obtaining passwords by trial and error or through programs that use dictionaries with millions of keys that they try to find the correct key. 

Denial of service (DOS):

The current protocols were designed to be used in an open community and with a relationship of mutual trust. Reality indicates that it is easier to disorganize the functioning of a system than to access it; Thus, Denial of Service attacks aim to saturate the victim's resources in such a way that the services provided by the victim are disabled.

·         Jamming or Flooding: disable or saturate system resources, such as memory, disk, etc.

·         Syn Flood: A "half-way" connection is established, so that the computer is awaiting a response from the hostile computer, thus slowing down the system.

·         Connection Flood: causes the connection limits to be exceeded, leaving the Internet server hanging.

·         Net Flood: saturates the line with malicious traffic, preventing useful network traffic.

·       Land Attack: consists of sending a packet with the source address and port the same as the destination one, causing the system to crash.

·       Super nuke or Win nuke: sending manipulated packets to port range 137-139 that causes the computer to hang.

·         Teardrop I and II-Newtear-Bonk-Boink: prevents the fragments that form a package from being correctly assembled, causing the system to saturate.

·       E-Mail Bombing-Spamming: the first consists of saturating an email account by mass sending the same message, and what spamming does is a mass sending of an email to thousands of users without their consent.

 

Mod-Damage Attacks:

 

·   Tampering or Data Diddling: unauthorized modification of the data or software installed on the victim system, including deletion of files.

·         Fingerprint Removal: consists of eliminating all the tasks that the intruder performed on the system to prevent it from being located.

·    Attacks Using Java Applets: Take advantage of security flaws in ?? java virtual machines ?? to launch attacks.

·      Attacks through JavaScript and VBscript: used to, for example, send emails without the user's knowledge, read directories, files, view the history of visited pages, etc.

·      Attacks Using ActiveX: manipulate the code of certain browsers, so that it does not ask the user for confirmation when downloading another active control from the Internet, thus they can introduce malicious code.

·      Vulnerability Attacks in Browsers: allows access to the computer's buffer and run programs such as format.com.

 

Exploitation of design, implementation and operation errors:

Many systems are exposed to security "holes" that are exploited to access files, passwords, or gain privileges. These vulnerabilities are caused by programming flaws in operating systems, software applications, network protocols, Internet browsers, email, etc.

Recommendations to avoid the spread of viruses and spyware

1) Always have an antivirus and antispyware program active; It is advisable not to trust just one, but using more than one does not mean that we must have them all installed, we simply run those antivirus and antispyware in their scanning option, on the folder that contains the files to review.

2) Just as important as having the antivirus installed is having it fully updated. Currently, updates are daily in most programs, or at least weekly, so if the antivirus we have is not updated with a maximum frequency of one week, it would be best to change to another that had daily updates or several weekly. The same happens with an antispyware program, we must keep it as up-to-date as possible, since this way security holes are corrected that can put our security at risk. Many worms nowadays are successful due to the laziness of users to update their programs, so an awareness of continuous renewal of the programs on our computers, especially those more delicate such as browsers, operating systems, P2P clients and others, is basic to be sure.

3) Do not open any message or file received via email from unknown or very little known sources. In the case of familiar persons, the corresponding precautions must also be taken. Make sure with that person of the shipment, and never execute them before passing the updated antivirus to these files. When in doubt, simply choose to delete the message and the attached files.

4) Do not download anything from websites that you do not have serious references to, or that are not fairly well known. And if files are downloaded, we must do as with the attached files; examine them with the antivirus before executing or downloading them.

5) Test several antivirus, firewalls, antispyware, etc., downloading its trial version (trial version) that usually lasts between 15 and 30 days, with which we can try several before deciding to buy the one that best suits our needs. Tell us about its ease of use and configuration, after-sales support, features, and performance. Find users of those programs who provide us with their opinion about this or other similar programs. The best we can do is navigated in a forum dedicated to security or in those of the program's company, where we can read important details of the operation of the people who use it. They will even answer the questions we ask them, and we will see the advantages and disadvantages of the users themselves.