Keylogger - A keylogger is a program, usualy ran secretly in the background that records what users type, then the typed output is usually sent via email or uploaded by the keylogger somewhere to the web in secret. These can be attached to other executables so you never even know you ran them in the first place, once you click it once it often is started at startup from their on.
Bot - A bot is a program that is ran secretly in the background of a victim's computer. The bot connects to an IRC channel usually where a Bot Herder(its creator) can use a number of commands to control these computers that are now it's under control. A zombie computer(a pc under control of a bot herder) can be manipulated in a number of ways. Some functions of a bot include stealing victims passwords, keylogging, ddosing a server to cause it to crash, turning on the webcam and being able to watch the zombie computer's users, visiting a website(to gain money + traffic for a bot herder), clicking ads, making ads appear randomly, destroying itself(the pc), and sending spam to email contacts.
Botnet - A bunch of bot's connected to a server (usually IRC or web) that can be controlled and manipulated by its owner.
RAT (Remote Administration Tool) - Sort of like a botnet in regards that you can gain acess to the victims computer and do stuff like look at their files, webcam, etc. Only this malware connects back to you, apposed to a server.
Crypter - A crypter is used to make well known hacker's viruses (such as keyloggers and botnets) undetectable by anti-virus software by changing the virus program signatures that anti virus programs have in their databases to make them easier to spread.
Binder - A binder is used to bind a virus(such as a keylogger,etc) to another program making it undetechtable and able to fool users into thinking its something else. (IE a victim will click an installPhotoshop.exe and it will install photoshop as well as your virus secretly.)
FUD - Term for fully undetectable virus. (made by either coding your own virus or by crypting and binding an existing virus) Use http://novirusthanks.com (uncheck distribute sample) to check if your virus is undetectable.
Database - Used by most websites to store things such as User names, Passwords, Email, etc of an entire website or community.
SQL Injection - A way of manipulating a website's forms as a way of retrieving it's databases. This can be used to find users and passwords as well as obtaining admin on a website in order to deface it.
XSS (Cross Site Scripting) - a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. (From Wikipedia)
LFI (Local File Inclusion) - http://www.x83.net/wiki/index.php?title=Local_File_Inclusion
Cookie Stealing/Spoofing - Used to fool a victim into clicking a link that will steal their cookies to websites which you can then use to have their privileges to various parts of a website or forum.
BruteForcer - Program used to crack passwords by trying every password/password list on various forms.
Hashes - How passwords are usually stored, this is a way of crypting a password so it is not plain text, harder passwords are very hard to crack but simple ones have often been cracked and can be found on online databases. Some common password hashes include MD5 and SHA.
Social Engineering - Tricking a victim into doing something you want them to do by disguising or enticing them into doing what you want.
Phishing - Creating a fake login page to a well known website (IE Facebook) and then fooling a victim into entering their information on the fake login page through social engineering.
0 comments:
Post a Comment