Cách hack máy tính, hack cho người mới bắt đầu, kiểm tra thâm nhập, hack dummies, bảo mật máy tính, hack máy tính, kỹ thuật hack, quét mạng
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (679.17 KB, 138 trang )
Contents
Contents
Chapter1–Introduction
WhatitTakestoBecomeaGoodHacker
Chapter2-AnOverviewofHacking
Chapter3–AttackTypesandFamousViruses
1.CodeRed
2.Sasser
3.Zeus
4.TheILoveYouAttack
5.Melissa
6.TheConfickerWorm
7.MyDoom
8.Stuxnet
9.CryptoLocker
10.Flashback
InSummary
Chapter4–EthicalConsiderationsandWarnings
Chapter5–NetworkingFundamentals
UnderstandingtheOSIModelandNetworkingTerminology
IPAddressingEssentials
SubnetMasks
TwoSpecialNetworkAddresses
MACAddresses
ARP(AddressResolutionProtocol)
PortsandFirewalls
InSummary
Chapter6-TheHacker’sToolBelt
VulnerabilityScanners
PortScanners
Layer4Scanners
PacketSniffers
PasswordCrackingUtilities
Chapter7–UtilizingVMWare
Chapter8–IntroductiontoPingSweeps,PortScanning,andNMAP
PingSweeps
OperatingSystemIdentification
PortScanning
NMAPFootprintingProcedures:InstallingNMAP
NMAPFootprintingProcedures:PingSweeps
NMAPFootprintingProcedures:PortScanning
NMAPFootprintingProcedures:OperatingSystemIdentification
InSummary
Chapter9–UsingMetasploittoHackDevices
BasicMetasploitCommands
Chapter10–WirelessPasswordHacking
VMWareWirelessPasswordCrackingCaveats
DockerDemonstration
UsingReavertoCrackPasswords
InSummary
Chapter11–Web-BasedVulnerabilities
SQLandSQLiAttacks
Cross-SiteScriptingTechniques(XSS)
XSSDetailsandWebBrowsers
WaystoPreventSQLiandXSS
InSummary
Chapter12–OpenVAS
InstallingOpenVAS
UserandPortConfiguration
Chapter13–SocialEngineering
TypesofSocialEngineeringAttacks
AnEmailfromaTrustedParty
AFalseRequestforHelp
BaitingTargets
HowtoProtectYourselffromSocialEngineering
Chapter14–Man-In-The-MiddleAttacks
HowtoPerformaMan-In-The-MiddleAttack
Chapter15:CrackingPasswords
PasswordCracking
PasswordCrackingUtilities
JohntheRipper
Ophcrack
L0phtcrack
Cain&Abel
InSummary
Chapter16–ProtectingYourselffromHackers
SoftwareUpdates
ChangeDefaultUsernamesandPasswords
UseStrongPasswords
ProperlyConfigureYourFirewalls
AntivirusandAntimalwareSoftwareSolutions
UsingVPNs
BackingUpYourData
WebBrowserSecurity
FinalThoughts
HowtoHackComputers
AGuidetoHackingComputersfor
Beginners
JoelTope
Copyright©2015JoelTope
Allrightsreserved.
Chapter1–Introduction
Thegeneralpublicusuallyhastwocompetingviewpointsofhackers.Some
peoplereverethemasbrilliantlymindedindividualswhileotherslookdownon
themaspettycriminals.Whilebothperceptionscouldbetrueformanyexpert
hackers,thepublic’sperceptionhasbeentwistedandcontortedbywhattheysee
ontelevisiondramasandinthemovies.Becauseyouraverageuserdoesn’t
understandhowacomputerortheInternetworksfromatechnicalperspective,
theycan’thopetobegintounderstandwhathackersactuallydo.
Infact,theterm‘hacker’usuallycarriesanegativeconnotationtoit.Askany
non-technicalpersonwhatahackeris,andthey’llgiveyouaresponsesuchas,
“They’rethebadguysthatstealpeople’screditcards,listentomyphonecalls,
andworkwithterroristorganizations.”Forsomereason–likelyaccreditedto
entertainmentmedia–hackersgetabadrapandmostpeoplewouldinstantly
assumethattheirbehaviorsareillegal.Thesestigmascouldn’tbefurtherfrom
thetruth,becausetherealityisthattherearemanytypesofhackers.Someof
themaregood,someofthemarebad,andsomeliesomewhereinbetween.
Thereisnosinglemotivationthatdriveseveryhackerandnoblanketstatement
thatyoucanusetoaccuratelydescribeeveryhackerintheworld.Alsoconsider
thathackingisn’taninherentlyevilpracticeandyoucandoitlegally.Some
peopleevenliketodoitforahobby.Morepractically,however,somepeople
getpaidbigbucksasconsultantstotrytohackintoacorporatenetworkinan
efforttofindsecurityholes.Beforewarned,though.Ifyoustartabusingyour
knowledgeitisaslipperyslopetothedarkside,andnothinggoodeverhappens
onceyou’rethere.
Ifyourcuriosityhasgottenthebetterofyou,ifyoujustwanttobeableto
understandwhat’sgoingoninthemoviesandthenews,oryouhaveagoalof
becomingacompetenthacker,Iwanttopersonallyintroduceyoutohackingand
guideyoutoachievingyourgoals.Theproblemmostpeoplehavewhenthey
wanttostarthackingisthattheyfindmaterialthatisn’twrittenfornovitiates.
Onceyougetthebasicsunderyourbeltandyoucanactuallyapplythe
knowledgeyouwilllearninthisbook,you’llfindthatyouaremuchmore
educatedthanyourpeersandthattechnologyisactuallyprettyexciting.Asthe
toolshackersusehavechangedoverthelastcoupledecades,peoplethattakean
interestanddevelopapassionforhackinghavechangedaswell.Though
technologyisonlygettingmorecomplexwitheachpassingyear,thetools
hackersutilizearebecomingmoresophisticated–makingthelearningcurve
muchlesssteepfornewbies.
Inthisguide,Iamgoingtoteachyoualotofvaluableinformationabout
hackingsuchas:
-Whathackingisandwhathackingisn’t.
-Hackingterminologyandhackerculture.
-Typesofattacksandthemostfamoushacksofalltime.
-Ethicalconsiderationsandfairwarningsaboutbecomingahacker.
-Fundamentalconceptsthatwillserveasafoundationtobuildhackingskills.
-HowtoinstallLinuxoperatingsystemsusingVMWaretosetuphackingtools.
-Step-by-stepguidesforpingsweepsandportscanning.
-Howtomapnetworktopologiesandperformreconnaissancetechniques.
-Howtouseadvancedsoftwaretofindsecurityholes.
Thisisdesignedtobeanall-inclusiveguidethatwillnotonlygiveyouan
understandingofthebasictechnicalconceptsyouwillneedtobecomeahacker,
butalsointroduceyoutosomefascinatingsoftwareandshowyoustep-by-step
howtouseit.I’msuremostofyouwanttogetstartedhackingrightaway,butI
urgeyoutospendtimelearningthebasicsbeforemovingontosomeofthemore
challengingattacksdiscussedinthisbook.
WhatitTakestoBecomeaGoodHacker
Oneofthereasonssomehackersbecomesosuccessfulisbecausetheyhavea
passionforwhattheyaredoing.Theirpersonalitydrivesthemtotackle
extremelydifficultchallenges,whichiswhysomehackersbreaksystemsjustto
seeiftheycan.Ifyouaregoingtowanttobecomeaprolifichacker,ittakesthe
sametwothingsasanyotherskillyouwanttobuild:timeandpractice.Ifyou
can’tfiguresomethingoutinthefirsttwominutes,don’tgiveup.Someofthe
proswillspendweeksorevenmonthsplanningandexecutingtheirattacks.And
onceyougetthebasicsunderyourbelt,you’regoingtobeabletoimplement
thesetechniquesinamatterofminutes.Arguably,Iwouldsaythehardestpart
foranewbieisgettingtheirenvironmentsetup.Pastthat,thingsstarttoget
easierandyoucanreallystarttosinkyourteethintohowthetechnologyworks.
Beforewegettothejuicydetails,weshouldbeginwithanoverviewofhacking
soyouunderstandsomerudimentaryconceptsandperceptionsabouthacking.
Chapter2-AnOverviewofHacking
Toyouraveragecomputeruserwhodoesn’tunderstandmuchaboutInternetand
networksecurity,hackersareshroudedinacloudofmystery.Mostpeopledon’t
understandwhattheydoorhowtheydoit.Andthemoviesdon’thelpto
demystifythem,either.Countlessactionmoviesportrayacharacterthattakes
theroleofahackerthatcanbreakintotopsecretcomputersystemstosavethe
world.Whenthecamerapansovertheircomputerscreens,youseethemtyping
strangelettersandnumbersintoacommandpromptthat,forallyouknow,isa
foreignlanguage.Humorouslyenough,thehackersinthemoviesfrequentlyuse
atoolcalledNMAP,whichIwillshowyouhowtouselaterinthisbook.If
you’veseenTheMatrixReloaded,Dredd,FantasticFour,BourneUltimatum,
DieHard4,orTheGirlWithTheDragonTattoo(amongcountlessothers),you
havealreadyseenactorsusingNMAPtofacilitatetheirhackingendeavorsinthe
movies.
Butwhatexactlyishacking?Hackingmeansalotofdifferentthingstoalotof
differentpeople.Itisanumbrellatermusedtodescribehundreds,ifnot
thousands,ofvarioustechniquesthatcanbeutilizedtousecomputersand
informationsystemsinunintendedways.Atitscore,hackingmeansusinga
computertogainunauthorizedaccesstoanothercomputersystemordatathatis
protectedorrestricted.Thisisthemostconventionalmeaningoftheword
hacking.Onceahackerhasgainedaccesstoanunauthorizedsystem,heorshe
thenhastheabilitytostealinformation,changeconfigurations,alter
information,deleteinformation,andinstallfurthermaliciouscodetocapture
evengreatercontroloverthetargetsystem.Thelistgoesonandtheskyisthe
limitregardingwhatanexperiencedhackercandooncetheyfindawayintoa
computersystem.
However,thereisalotmoretohackingthanclickingabuttontoattacka
computer.Youwillneedtousetoolsandscannerstomapthelocalnetwork
topologyandusereconnaissancetechniquestogatherinformationandlookfor
vulnerabilities.Thegoodnewsfornewbiesisthatthesetoolsarehighly
automatedtoday.Inthepast,hackingsoftwarehadn’tbeencreatedthat
aggregatedvastamountsofcodeandtoolsintosimpleandeasytouse
commands.Assuch,hackersinthepastneededhighlyintimateunderstandings
ofthetechnologiestheyweretryingtobreakanditwasdifficulttodoso.
Havinganextremelydeepunderstandingoftechnologytodaywillcertainlyhelp
youbecomeabetterhacker,butmypointisthatthesetoolsarebecoming
increasinglyeasytouse.Infact,thereareyoungkidsandteenagersthataretoo
curiousfortheirowngoodandtakeadvantageofhighlysophisticatedtoolsto
breakintosystemstheyhavenobusinessaccessing.Understandthatthesetools
simplifythehackingprocessconsiderably.Ifateenagercanhackintoasystem
usingsimpletools,guesswhat?Youcantoo!
Butwhatdoesittaketoexcelasahacker?Well,mosthackershaveseveral
thingsincommon.Firstofall,theyareexperiencedsoftwaredevelopersandcan
craftmaliciousprogramsandvirusesthatfurthertheircause.Furthermore,most
hackersarecompetentLinuxusers.Linuxoperatingsystemsareextremely
secureandprovidevirtuallylimitlessaccesstothelatestpenetrationandsecurity
tools–forfree!Inaddition,someLinuxoperatingsystemssuchasKaliLinux
weredesignedforthesolepurposeofhackingandnetworkpenetration.Linux
canbescaryfornewbies,butIwillshowyouhowtorunLinuxandusesome
specialtoolslaterinthisbookinasimplifiedandeasytounderstandmanner.
Lastly,hackersalmostalwayshaveaworkingknowledgeofnetworkingtopics
suchasIPaddresses,ports,andthedirtydetailsofhowdifferentnetworking
protocolsoperate.Sometoolsevenexploitvulnerabilitiesinthesenetwork
protocols,andtheknowledgeoftheseexploitscombinedwiththeabilitytocraft
computerprogramsiswhatmakessomehackerstrulyformidable.
Someofthesetechniquesareoutsidethescopeofthisbooksincethisguidewas
createdforbeginners,butifyoureallywanttoexcelasahackeryouwoulddo
welltostudyandpracticetheseconcepts.Thoughwewon’ttouchonsoftware
developmentinthisguide,Iwillcertainlyshowyoustep-by-stephowtoinstall
andusesomevarioushackingtoolsthattheprostakeadvantageofandteachyou
thebasicsofnetworkingaddressesandprotocols.
Chapter3–AttackTypesandFamousViruses
Mostofyouhaveprobablyheardofviruses,worms,malware,keyloggers,
rootkits,andTrojansbefore,butwhattheheckarethesethingsandhowto
hackersutilizethemtostealpeople’sdataanddisrupttheircomputersystems?
Eachofthesetoolsarealittlebitdifferentfromeachother,buttheyallhaveone
similargoal:toenteratarget’ssystemtoprovidetheattackerwithinformation
heorshedoesn’talreadyhaveaccessto.No,I’mnotgoingtoshowyouhowto
craftnefariouscomputersoftware,butyoushouldhaveawell-rounded
understandingofthesetopicsifyouhaveanyhopeofcallingyourselfahacker.
Firstandforemost,youneedtounderstandtheconceptofcomputerviruses
becausetheyareoneofthemostpopulartermsthrownaroundindiscussions
aboutcybersecurityandhacking.Acomputervirusisapieceofmaliciouscode
orsoftwareprogramthatisabletoinfectatargetsystemandthenmakecopies
ofitselfonotherlocalcomputers.Theyareaptlynamedbecausetheyreproduce
muchlikeavirusinreallife,andtheyfacilitatetheiroperationsbyattaching
themselvestocomputerprograms.Typicallytheyeitherrenderacomputing
systemcompletelyuselessortheyseektodestroydata.Again,you’llhearabout
computervirusesinthemoviesalot,sowe’lltakealookatsomeofthemost
famouscomputervirusesofalltimeafterdefiningtheotherterminology.
Awormisverysimilartoavirus,andit’struethatthelinebetweenavirusand
wormgetsmuddiedandblurred.Thelargestdifferenceisthatwormsarenot
attachedtoacomputerprogram.Theyexistindependentlyonthehostsystem,
andtheyoftentakeadvantageofnetworkresourcestospreadtootherhostson
thenetworktheyhavecompromised.Sometimeswormsarealsoclassifiedas
malware,becausethereareonlyminutedifferencesintheterminology.
Colloquially,thesetermsareinterchangeablebuttheirmeaningsvaryslightlyin
academicsettings.
Perhapsyouhavealreadyexperiencedthenegativeconsequencesofmalware.
Oneofthemostpopularwaysthatmalwareisdistributedisthroughthemedium
ofonlinedownloads,wherebyadownloadablefilehasbeencorruptedwith
malwarethattheuserthendownloadsandinstalls.You’llseethisfrequently
withmostfileshostedwithP2P(Peer-to-Peer)filesharingprogramssuchasBit
Torrent.Malwaregetsitsnamebycombingtwootherterms:MALicious
softWARE.Itcanalsobeusedasanumbrellatermusedtodescribemany
differenttypesofattacks,anditcouldmeananysoftwarethatisusedbyan
attackertocreateaccesstoatarget’sdata,blockthemfromtheirdata,orchange
informationontheircomputer.
Furthermore,akeyloggerisyetanothertypeofmaliciousprogram,andasyou
mighthaveguesseditssolepurposeistologthekeystrokesoftheuserwhohas
beeninfected.Thisisabsolutelydisastrousforthetargetuser,becausean
attackerwillbeabletorecordandvieweverysinglekeythatthetargettypeson
theirhostsystem.Thisincludesusernamesandpasswords,Googlesearches,
privateinstantmessagingconversations,andevenpaymentcarddata.Ifan
attackerhassuccessfullyinstalledakeylogger,thetargetisatthemercyofthe
attacker.There’snotellingwhattheattackercoulddonext–theycouldhack
intothetargetsystembyusingtheinformationtheygatheredsuchasusernames
andpasswords,stealmoneyusingtheirpaymentcarddata,orusetheirhost
systemtocarryoutattacksonotherhostsonthesamenetwork.
Next,youshouldalsobefamiliarwiththeideaofarootkit.Rootkitsare
extremelydangerousbecausetheyservetoeditbackgroundprocessesinan
efforttohidethemaliciousactivitiesofanattacker.Thiswillhelpviruses,key
loggers,andothermaliciouscodeexistforextendedperiodsoftimewithout
detectiononthetargetsystem.Theycanevenservetohidesoftwarethatwould
havebeenotherwisedetectedandquarantinedbysecuritysoftware.
LastbutnotleastistheinfamousTrojanhorse,sometimescalledaTrojanvirus
orabackdoorvirus.Theyareextremelyproblematicbecausetheycanbeslipped
intoinnocent-lookingapplicationsandtheyareveryhardtodetectwithoutthe
rightsecuritysoftware.TherecouldevenbeaTrojanhorselurkinginthedepths
ofyourpersonalcomputerrightnow,andtheyarefrequentlyusedtogain
completecontrolofatargetsystem.
Nowthatyouhaveabasicunderstandingofthedifferenttypesofmaliciouscode
hackersemploytodotheirbidding,youshouldknowaboutsomeofthelargest
andmostfamouscomputervirusesofalltime.Someofthemareactuallyother
typesofmaliciouscodesuchasTrojanhorses,butpeoplestillrefertothemas
viruses.Anyexperthackerwillhaveheardofthesefamousattacksbefore,so
youshouldknowthemaswell.
Also,ifyougettheinklingtotryyourhandatusingoneofthesemethodson
yourownbyhuntingaroundontheInternetforfreelydistributablecodethatwill
allowyoutoattackatargetsystem,justknowthatyou’resettingyourselfupfor
adisaster.Humorouslyenough,somehackingnewbiestrytofindrootkitsand
keyloggerstoattackhosts.Buthere’sthecatch–somehackersactually
facilitatetheirattackbytakingadvantageofpeoplewhowantaccesstothese
typesofprograms.
Andtheendresultisn’tpretty.Intheend,thenewbiehackermightactually
installanexperthacker’svirusandunknowinglyinfecttheirownoperating
system!Anddon’tforgetthatthereareethicalandlegalimplicationsaswell.
Many,ifnotall,ofthepeopleresponsibleforthesefamousattackswereseverely
punished.Sodon’ttrytoresearchandimplementthesetypesofvirusesathome!
1.CodeRed
Iknowwhatyoumaybethinking,andno,thishasnothingtodothemovies.
Whenpeoplethinkofhackinginthemovies,theythinkoftopsecretmilitary
basesgettinghackedbyateenagerandraisingtheiralertlevelto‘codered.’
Believeitornot,itisrumoredthatthetwoengineerswhodiscoveredandnamed
thisattackweremerelydrinkingthedisgustingcherry-flavoredsodawhenthey
firstidentifiedthewormbackin2001.Thiswormwasprettydarnnasty,andits
targetswereserversthatwererunningtheMicrosoftIISsoftwareforweb
servers.
Thisattackreliedheavilyonanexploitfoundinthecodethatleftservers
vulnerabletoabufferoverflowissueinanolderversionofcode.However,it
wasahugeproblemandverydifficulttodetectbecauseithadtheabilitytorun
solelyinmemory(RAM,orshorttermstorageasopposedtolongtermstorage
suchasaharddiskdrive).Andthingsgotoutofhandprettyquickly,too.Afterit
hadcompromisedasystem,itwouldthentrytomakehundredsofcopiesto
infectotherwebservers.Notonlythat,butitgobbledupatonoflocalserver
resourcesthatallbutcrippledsomeofthetargetsystems.
2.Sasser
SasserisanotherwormdesignedtotargetWindows(noticingapatternhere?).It
firstfounditswayintothespotlightbackin2004andwascreatedbya
legendaryandinfamoushackernamedSvenJaschanwhowasalsoresponsible
foranotherfamouswormnamedNetsky.OnereasonthiswormmadeInternet
securityheadlineswasthatithadaffectedmorethanamilliontargets!Yetagain,
thiswormtookadvantageofabufferoverflowvulnerabilitythatcausedtarget
systemstocrash.
Italsomadeitnearlyimpossibletorebootyourcomputerwithoutremovingthe
powercableanditcausedmanycomputerstocrashcompletely.Tobefair,most
peoplesawthiswormasanuisanceasopposedtoaseriousthreat.Butitcannot
bedeniedthatitcausedmassiveandwidespreaddisruption.Iteveninfected
criticalinfrastructuredevicesthatcausednetworkstoperformverypoorly.Like
othertypesofworms,ituseditstargetcomputerstopropagateandmultiply
itselftoothercomputers.
Butoneofthebiggestproblemswiththiswormisthatusersdidn’tupgradetheir
operatingsystemsafterapatchhadbeencreated.Bothpublicandprivatesector
organizationswereaffectedlikenewsstations,transportationsystems,healthcare
organizations,andevensomeairlinecompanies.Butwhatwastheendresult?
Thedamageswerecollectivelychalkeduptobeapproximately$18billion
dollars!WhathappenedtotheinfamousJaschan,youask?Fortunatelyforhim,
hewasstillyoungsohereceivedaslaponthewristconsideringhowmuch
damagehedid.Heendedupwithasuspendedsentencelasting21months.
3.Zeus
TheZeusviruswasreallyaTrojanhorsecreatedtoinfect(canyouguesswhich
operatingsystem?)Windowsmachinesinanefforttoforcethemtocarryout
varyingproceduresthatweredeemedtobecriminalactivity.Mosttypically,it
wouldbeusedtocarryoutkeyloggingactivitiesandman-in-the-middleattacks
thatwouldallowanattackertofirstsiftthroughwebbrowsinginformation
beforesendingittotheintendedwebserver.Itmostfrequentlyinfectedhostsby
utilizinginnocent-lookingapplicationsasatransportmediumintotheintended
targets,buttheattackalsoemployedphishingtechniques.
Afterithadbeendiscoveredin2009,ithadruinedthousandsofindividualfile
downloadandFTPaccountsfromthelargestbanksandcorporations.Those
involvedincludeAmazon,BankofAmerica,Oracle,andevenCisco.Theattack
alsoallowedthehackerstostealusernamesandpasswordstosocialmediasites,
emailaccounts,andbankinginformation.
4.TheILoveYouAttack
The‘ILoveYou’attackissoimpressiveandreveredinhackercommunities
becauseitcreatedawhopping$10billiondollarsinestimateddamages.What’s
moreimpressiveisthatresearchersbelievethat10%ofeverycomputer
connectedtotheInternetatthetimewasinfectedwiththisvirus.Infecting10%
oftheInternetwithacomputervirusisstaggeringtosaytheleast.Thingsstarted
becomingsoterriblethatsomeofthelargerorganizationsaswellas
governmentalagenciesaroundtheworldstartedshuttingdowntheirmailing
systemsinanefforttoavoidbecominginfected.
5.Melissa
Thisnaughtyviruswassupposedlynamedafteranexoticdancerthecreator,
DavidL.Smith,hadonceknown.Supposedly,theveryrootoftheviruswasan
infectedtextdocumentthatwasuploadedtothealt.sexUsenetgroupwiththe
appearanceofbeingacollectionofusernamesandpasswordsforsubscription
andmembership-onlypornographicwebsites.Butonceauserdownloadedthis
Worddocument,allhellwouldbreaklooseandtheviruswouldactivate.
Tostart,theviruswouldlookatthefirst50addressesintheinfectedhost’s
emailaddressbookandstartsendingthoseaddressesemails.Inturn,thiswould
severelydisruptemailservicesoflargeenterprisesandgovernmentalbodies.
Furthermore,theviruswouldevencorruptdocumentsbyaddingreferencesto
thetelevisionshowTheSimpsons.However,theoriginalWorddocumentwas
eventuallytracedbacktoSmithandhewasarrestedwithinaweekofthevirus’s
propagation.AlthoughSmithonlyendedupserving20monthsofprisontime
anda$5,000fine(heoriginallyhada10yearsentence)becauseheturnedsnitch
onotherhackersandhelpedtheFBImakemorearrests.Totopitalloff,itwas
estimatedthatthedamagesfromhisvirustotaledapproximately$80million
dollars.
6.TheConfickerWorm
TheConfickerwormfirstappearedin2008anditcomesfromanunknown
origin.Thiswormwasespeciallytroublesomebecauseitcreatedabotnet(a
groupofinfectedcomputersnetworkedtogether)ofmorethan9million
differenthoststhatharmedgovernmentalagencies,largeenterprises,andsimple
individualusersalike.Thiswormmakesthetop10listbecauseitcaused
damagesestimatedatastaggering9billiondollars.Itwasabletoinfect
Windowsmachinesduetoanunpatchedvulnerabilitydealingwithbackground
networkservices.
Afterahosthadbeeninfectedwiththeworm,thewormwouldwreakhavocby
preventingaccesstoWindowsupdatesandantivirusupdates,anditcouldeven
lockuseraccountstopreventpeoplefromlogginginandcleaninguptheworm.
Ifthatweren’tbadenough,thewormwouldthencontinueitsattackbyinstalling
maliciouscodethatwouldmakethetargetcomputerpartofthebotnetandscam
usersintosendingtheattackermoneybyholdingtheircomputerransom.
Microsoftandthirdpartyantivirussoftwareproviderseventuallyreleased
updatestocombatandpatchthisworm,butitdidmassiveamountsofdamage
beforeasolutioncouldbereached.
7.MyDoom
MyDoomwasfirstseenbackin2004,anditwasoneofthefastestemailworms
toinfectmassesofcomputerssincetheILoveYouattack.Thecreatorofthis
attackisstillunknown,butitisrumoredthatthecreatorwaspaidbigmoneyto
carryoutthisattackduetothemessageincludedinthevirusthatread,“Andy,
I’mjustdoingmyjob.Nothingpersonal,sorry.”
Thiswormwasincrediblyslybecauseittookontheappearanceofanemail
error.Afterauserhadclickedonthe“error”toviewtheproblemtheworm
wouldsendcopiesofitselftopeoplefoundintheemailaddressbookofthe
infectedsystem.Furthermore,itwouldcopyitselfintopeer-to-peerdirectories
ontheinfectedhoststospreadthroughoutthenetwork.Itisalsobelievedthat
thewormisstilllurkingontheInternettothisday,anditcausedapproximately
$38billiondollars’worthofdamages.
8.Stuxnet
Thisattackhasasomewhatpoliticalbackgroundasitisthoughttohavebeen
createdbytheIsraeliDefenseForceinconjunctionwiththeAmerican
government.Whilesomeofthepastviruseswerecreatedoutofmalice,
contempt,orthecuriositytoseejusthowmuchdamageaprolifichackercould
create,thisviruswascreatedforthepurposeofcyberwarfare.Thegoalwasto
stymytheinitiativesoftheIranianstocreatenuclearweapons,andalmosttwo
thirdsofhostsinfectedbythisviruswerelocatedinIran.
Infact,itisestimatedthattheviruswassuccessfulindamaging20%ofthe
nuclearcentrifugesinIran.Morespecifically,thisvirustargetedPLC
(ProgrammingLogicControllers)componentswhicharecentraltoautomating
largemachineryandindustrialstrengthequipment.Itactuallytargeteddevices
manufacturedbySiemens,butifitinfectedahostthatdidn’thaveaccessto
Siemensproductsitwouldlurkonthehostsysteminadormantstate.
Essentially,itwouldinfectthePLCcontrollersandcausethemachineryto
operatefartoofast–whichwouldultimatelybreakthemachinery.
