Contents
Contents
Chapter1–Introduction
WhatitTakestoBecomeaGoodHacker
Chapter2-AnOverviewofHacking
Chapter3–AttackTypesandFamousViruses
1.CodeRed
2.Sasser
3.Zeus
4.TheILoveYouAttack
5.Melissa
6.TheConfickerWorm
7.MyDoom
8.Stuxnet
9.CryptoLocker
10.Flashback
InSummary
Chapter4–EthicalConsiderationsandWarnings
Chapter5–NetworkingFundamentals
UnderstandingtheOSIModelandNetworkingTerminology
IPAddressingEssentials
SubnetMasks
TwoSpecialNetworkAddresses
MACAddresses
ARP(AddressResolutionProtocol)
PortsandFirewalls
InSummary
Chapter6-TheHacker’sToolBelt
VulnerabilityScanners
PortScanners
Layer4Scanners
PacketSniffers
PasswordCrackingUtilities
Chapter7–UtilizingVMWare
Chapter8–IntroductiontoPingSweeps,PortScanning,andNMAP
PingSweeps
OperatingSystemIdentification
PortScanning
NMAPFootprintingProcedures:InstallingNMAP
NMAPFootprintingProcedures:PingSweeps
NMAPFootprintingProcedures:PortScanning
NMAPFootprintingProcedures:OperatingSystemIdentification
InSummary
Chapter9–UsingMetasploittoHackDevices
BasicMetasploitCommands
Chapter10–WirelessPasswordHacking
VMWareWirelessPasswordCrackingCaveats
DockerDemonstration
UsingReavertoCrackPasswords
InSummary
Chapter11–Web-BasedVulnerabilities
SQLandSQLiAttacks
Cross-SiteScriptingTechniques(XSS)
XSSDetailsandWebBrowsers
WaystoPreventSQLiandXSS
InSummary
Chapter12–OpenVAS
InstallingOpenVAS
UserandPortConfiguration
Chapter13–SocialEngineering
TypesofSocialEngineeringAttacks
AnEmailfromaTrustedParty
AFalseRequestforHelp
BaitingTargets
HowtoProtectYourselffromSocialEngineering
Chapter14–Man-In-The-MiddleAttacks
HowtoPerformaMan-In-The-MiddleAttack
Chapter15:CrackingPasswords
PasswordCracking
PasswordCrackingUtilities
JohntheRipper
Ophcrack
L0phtcrack
Cain&Abel
InSummary
Chapter16–ProtectingYourselffromHackers
SoftwareUpdates
ChangeDefaultUsernamesandPasswords
UseStrongPasswords
ProperlyConfigureYourFirewalls
AntivirusandAntimalwareSoftwareSolutions
UsingVPNs
BackingUpYourData
WebBrowserSecurity
FinalThoughts
HowtoHackComputers
AGuidetoHackingComputersfor
Beginners
JoelTope
Copyright©2015JoelTope
Allrightsreserved.
Chapter1–Introduction
Thegeneralpublicusuallyhastwocompetingviewpointsofhackers.Some
peoplereverethemasbrilliantlymindedindividualswhileotherslookdownon
themaspettycriminals.Whilebothperceptionscouldbetrueformanyexpert
hackers,thepublic’sperceptionhasbeentwistedandcontortedbywhattheysee
ontelevisiondramasandinthemovies.Becauseyouraverageuserdoesn’t
understandhowacomputerortheInternetworksfromatechnicalperspective,
theycan’thopetobegintounderstandwhathackersactuallydo.
Infact,theterm‘hacker’usuallycarriesanegativeconnotationtoit.Askany
non-technicalpersonwhatahackeris,andthey’llgiveyouaresponsesuchas,
“They’rethebadguysthatstealpeople’screditcards,listentomyphonecalls,
andworkwithterroristorganizations.”Forsomereason–likelyaccreditedto
entertainmentmedia–hackersgetabadrapandmostpeoplewouldinstantly
assumethattheirbehaviorsareillegal.Thesestigmascouldn’tbefurtherfrom
thetruth,becausetherealityisthattherearemanytypesofhackers.Someof
themaregood,someofthemarebad,andsomeliesomewhereinbetween.
Thereisnosinglemotivationthatdriveseveryhackerandnoblanketstatement
thatyoucanusetoaccuratelydescribeeveryhackerintheworld.Alsoconsider
thathackingisn’taninherentlyevilpracticeandyoucandoitlegally.Some
peopleevenliketodoitforahobby.Morepractically,however,somepeople
getpaidbigbucksasconsultantstotrytohackintoacorporatenetworkinan
efforttofindsecurityholes.Beforewarned,though.Ifyoustartabusingyour
knowledgeitisaslipperyslopetothedarkside,andnothinggoodeverhappens
onceyou’rethere.
Ifyourcuriosityhasgottenthebetterofyou,ifyoujustwanttobeableto
understandwhat’sgoingoninthemoviesandthenews,oryouhaveagoalof
becomingacompetenthacker,Iwanttopersonallyintroduceyoutohackingand
guideyoutoachievingyourgoals.Theproblemmostpeoplehavewhenthey
wanttostarthackingisthattheyfindmaterialthatisn’twrittenfornovitiates.
Onceyougetthebasicsunderyourbeltandyoucanactuallyapplythe
knowledgeyouwilllearninthisbook,you’llfindthatyouaremuchmore
educatedthanyourpeersandthattechnologyisactuallyprettyexciting.Asthe
toolshackersusehavechangedoverthelastcoupledecades,peoplethattakean
interestanddevelopapassionforhackinghavechangedaswell.Though
technologyisonlygettingmorecomplexwitheachpassingyear,thetools
hackersutilizearebecomingmoresophisticated–makingthelearningcurve
muchlesssteepfornewbies.
Inthisguide,Iamgoingtoteachyoualotofvaluableinformationabout
hackingsuchas:
-Whathackingisandwhathackingisn’t.
-Hackingterminologyandhackerculture.
-Typesofattacksandthemostfamoushacksofalltime.
-Ethicalconsiderationsandfairwarningsaboutbecomingahacker.
-Fundamentalconceptsthatwillserveasafoundationtobuildhackingskills.
-HowtoinstallLinuxoperatingsystemsusingVMWaretosetuphackingtools.
-Step-by-stepguidesforpingsweepsandportscanning.
-Howtomapnetworktopologiesandperformreconnaissancetechniques.
-Howtouseadvancedsoftwaretofindsecurityholes.
Thisisdesignedtobeanall-inclusiveguidethatwillnotonlygiveyouan
understandingofthebasictechnicalconceptsyouwillneedtobecomeahacker,
butalsointroduceyoutosomefascinatingsoftwareandshowyoustep-by-step
howtouseit.I’msuremostofyouwanttogetstartedhackingrightaway,butI
urgeyoutospendtimelearningthebasicsbeforemovingontosomeofthemore
challengingattacksdiscussedinthisbook.
WhatitTakestoBecomeaGoodHacker
Oneofthereasonssomehackersbecomesosuccessfulisbecausetheyhavea
passionforwhattheyaredoing.Theirpersonalitydrivesthemtotackle
extremelydifficultchallenges,whichiswhysomehackersbreaksystemsjustto
seeiftheycan.Ifyouaregoingtowanttobecomeaprolifichacker,ittakesthe
sametwothingsasanyotherskillyouwanttobuild:timeandpractice.Ifyou
can’tfiguresomethingoutinthefirsttwominutes,don’tgiveup.Someofthe
proswillspendweeksorevenmonthsplanningandexecutingtheirattacks.And
onceyougetthebasicsunderyourbelt,you’regoingtobeabletoimplement
thesetechniquesinamatterofminutes.Arguably,Iwouldsaythehardestpart
foranewbieisgettingtheirenvironmentsetup.Pastthat,thingsstarttoget
easierandyoucanreallystarttosinkyourteethintohowthetechnologyworks.
Beforewegettothejuicydetails,weshouldbeginwithanoverviewofhacking
soyouunderstandsomerudimentaryconceptsandperceptionsabouthacking.
Chapter2-AnOverviewofHacking
Toyouraveragecomputeruserwhodoesn’tunderstandmuchaboutInternetand
networksecurity,hackersareshroudedinacloudofmystery.Mostpeopledon’t
understandwhattheydoorhowtheydoit.Andthemoviesdon’thelpto
demystifythem,either.Countlessactionmoviesportrayacharacterthattakes
theroleofahackerthatcanbreakintotopsecretcomputersystemstosavethe
world.Whenthecamerapansovertheircomputerscreens,youseethemtyping
strangelettersandnumbersintoacommandpromptthat,forallyouknow,isa
foreignlanguage.Humorouslyenough,thehackersinthemoviesfrequentlyuse
atoolcalledNMAP,whichIwillshowyouhowtouselaterinthisbook.If
you’veseenTheMatrixReloaded,Dredd,FantasticFour,BourneUltimatum,
DieHard4,orTheGirlWithTheDragonTattoo(amongcountlessothers),you
havealreadyseenactorsusingNMAPtofacilitatetheirhackingendeavorsinthe
movies.
Butwhatexactlyishacking?Hackingmeansalotofdifferentthingstoalotof
differentpeople.Itisanumbrellatermusedtodescribehundreds,ifnot
thousands,ofvarioustechniquesthatcanbeutilizedtousecomputersand
informationsystemsinunintendedways.Atitscore,hackingmeansusinga
computertogainunauthorizedaccesstoanothercomputersystemordatathatis
protectedorrestricted.Thisisthemostconventionalmeaningoftheword
hacking.Onceahackerhasgainedaccesstoanunauthorizedsystem,heorshe
thenhastheabilitytostealinformation,changeconfigurations,alter
information,deleteinformation,andinstallfurthermaliciouscodetocapture
evengreatercontroloverthetargetsystem.Thelistgoesonandtheskyisthe
limitregardingwhatanexperiencedhackercandooncetheyfindawayintoa
computersystem.
However,thereisalotmoretohackingthanclickingabuttontoattacka
computer.Youwillneedtousetoolsandscannerstomapthelocalnetwork
topologyandusereconnaissancetechniquestogatherinformationandlookfor
vulnerabilities.Thegoodnewsfornewbiesisthatthesetoolsarehighly
automatedtoday.Inthepast,hackingsoftwarehadn’tbeencreatedthat
aggregatedvastamountsofcodeandtoolsintosimpleandeasytouse
commands.Assuch,hackersinthepastneededhighlyintimateunderstandings
ofthetechnologiestheyweretryingtobreakanditwasdifficulttodoso.
Havinganextremelydeepunderstandingoftechnologytodaywillcertainlyhelp
youbecomeabetterhacker,butmypointisthatthesetoolsarebecoming
increasinglyeasytouse.Infact,thereareyoungkidsandteenagersthataretoo
curiousfortheirowngoodandtakeadvantageofhighlysophisticatedtoolsto
breakintosystemstheyhavenobusinessaccessing.Understandthatthesetools
simplifythehackingprocessconsiderably.Ifateenagercanhackintoasystem
usingsimpletools,guesswhat?Youcantoo!
Butwhatdoesittaketoexcelasahacker?Well,mosthackershaveseveral
thingsincommon.Firstofall,theyareexperiencedsoftwaredevelopersandcan
craftmaliciousprogramsandvirusesthatfurthertheircause.Furthermore,most
hackersarecompetentLinuxusers.Linuxoperatingsystemsareextremely
secureandprovidevirtuallylimitlessaccesstothelatestpenetrationandsecurity
tools–forfree!Inaddition,someLinuxoperatingsystemssuchasKaliLinux
weredesignedforthesolepurposeofhackingandnetworkpenetration.Linux
canbescaryfornewbies,butIwillshowyouhowtorunLinuxandusesome
specialtoolslaterinthisbookinasimplifiedandeasytounderstandmanner.
Lastly,hackersalmostalwayshaveaworkingknowledgeofnetworkingtopics
suchasIPaddresses,ports,andthedirtydetailsofhowdifferentnetworking
protocolsoperate.Sometoolsevenexploitvulnerabilitiesinthesenetwork
protocols,andtheknowledgeoftheseexploitscombinedwiththeabilitytocraft
computerprogramsiswhatmakessomehackerstrulyformidable.
Someofthesetechniquesareoutsidethescopeofthisbooksincethisguidewas
createdforbeginners,butifyoureallywanttoexcelasahackeryouwoulddo
welltostudyandpracticetheseconcepts.Thoughwewon’ttouchonsoftware
developmentinthisguide,Iwillcertainlyshowyoustep-by-stephowtoinstall
andusesomevarioushackingtoolsthattheprostakeadvantageofandteachyou
thebasicsofnetworkingaddressesandprotocols.
Chapter3–AttackTypesandFamousViruses
Mostofyouhaveprobablyheardofviruses,worms,malware,keyloggers,
rootkits,andTrojansbefore,butwhattheheckarethesethingsandhowto
hackersutilizethemtostealpeople’sdataanddisrupttheircomputersystems?
Eachofthesetoolsarealittlebitdifferentfromeachother,buttheyallhaveone
similargoal:toenteratarget’ssystemtoprovidetheattackerwithinformation
heorshedoesn’talreadyhaveaccessto.No,I’mnotgoingtoshowyouhowto
craftnefariouscomputersoftware,butyoushouldhaveawell-rounded
understandingofthesetopicsifyouhaveanyhopeofcallingyourselfahacker.
Firstandforemost,youneedtounderstandtheconceptofcomputerviruses
becausetheyareoneofthemostpopulartermsthrownaroundindiscussions
aboutcybersecurityandhacking.Acomputervirusisapieceofmaliciouscode
orsoftwareprogramthatisabletoinfectatargetsystemandthenmakecopies
ofitselfonotherlocalcomputers.Theyareaptlynamedbecausetheyreproduce
muchlikeavirusinreallife,andtheyfacilitatetheiroperationsbyattaching
themselvestocomputerprograms.Typicallytheyeitherrenderacomputing
systemcompletelyuselessortheyseektodestroydata.Again,you’llhearabout
computervirusesinthemoviesalot,sowe’lltakealookatsomeofthemost
famouscomputervirusesofalltimeafterdefiningtheotherterminology.
Awormisverysimilartoavirus,andit’struethatthelinebetweenavirusand
wormgetsmuddiedandblurred.Thelargestdifferenceisthatwormsarenot
attachedtoacomputerprogram.Theyexistindependentlyonthehostsystem,
andtheyoftentakeadvantageofnetworkresourcestospreadtootherhostson
thenetworktheyhavecompromised.Sometimeswormsarealsoclassifiedas
malware,becausethereareonlyminutedifferencesintheterminology.
Colloquially,thesetermsareinterchangeablebuttheirmeaningsvaryslightlyin
academicsettings.
Perhapsyouhavealreadyexperiencedthenegativeconsequencesofmalware.
Oneofthemostpopularwaysthatmalwareisdistributedisthroughthemedium
ofonlinedownloads,wherebyadownloadablefilehasbeencorruptedwith
malwarethattheuserthendownloadsandinstalls.You’llseethisfrequently
withmostfileshostedwithP2P(Peer-to-Peer)filesharingprogramssuchasBit
Torrent.Malwaregetsitsnamebycombingtwootherterms:MALicious
softWARE.Itcanalsobeusedasanumbrellatermusedtodescribemany
differenttypesofattacks,anditcouldmeananysoftwarethatisusedbyan
attackertocreateaccesstoatarget’sdata,blockthemfromtheirdata,orchange
informationontheircomputer.
Furthermore,akeyloggerisyetanothertypeofmaliciousprogram,andasyou
mighthaveguesseditssolepurposeistologthekeystrokesoftheuserwhohas
beeninfected.Thisisabsolutelydisastrousforthetargetuser,becausean
attackerwillbeabletorecordandvieweverysinglekeythatthetargettypeson
theirhostsystem.Thisincludesusernamesandpasswords,Googlesearches,
privateinstantmessagingconversations,andevenpaymentcarddata.Ifan
attackerhassuccessfullyinstalledakeylogger,thetargetisatthemercyofthe
attacker.There’snotellingwhattheattackercoulddonext–theycouldhack
intothetargetsystembyusingtheinformationtheygatheredsuchasusernames
andpasswords,stealmoneyusingtheirpaymentcarddata,orusetheirhost
systemtocarryoutattacksonotherhostsonthesamenetwork.
Next,youshouldalsobefamiliarwiththeideaofarootkit.Rootkitsare
extremelydangerousbecausetheyservetoeditbackgroundprocessesinan
efforttohidethemaliciousactivitiesofanattacker.Thiswillhelpviruses,key
loggers,andothermaliciouscodeexistforextendedperiodsoftimewithout
detectiononthetargetsystem.Theycanevenservetohidesoftwarethatwould
havebeenotherwisedetectedandquarantinedbysecuritysoftware.
LastbutnotleastistheinfamousTrojanhorse,sometimescalledaTrojanvirus
orabackdoorvirus.Theyareextremelyproblematicbecausetheycanbeslipped
intoinnocent-lookingapplicationsandtheyareveryhardtodetectwithoutthe
rightsecuritysoftware.TherecouldevenbeaTrojanhorselurkinginthedepths
ofyourpersonalcomputerrightnow,andtheyarefrequentlyusedtogain
completecontrolofatargetsystem.
Nowthatyouhaveabasicunderstandingofthedifferenttypesofmaliciouscode
hackersemploytodotheirbidding,youshouldknowaboutsomeofthelargest
andmostfamouscomputervirusesofalltime.Someofthemareactuallyother
typesofmaliciouscodesuchasTrojanhorses,butpeoplestillrefertothemas
viruses.Anyexperthackerwillhaveheardofthesefamousattacksbefore,so
youshouldknowthemaswell.
Also,ifyougettheinklingtotryyourhandatusingoneofthesemethodson
yourownbyhuntingaroundontheInternetforfreelydistributablecodethatwill
allowyoutoattackatargetsystem,justknowthatyou’resettingyourselfupfor
adisaster.Humorouslyenough,somehackingnewbiestrytofindrootkitsand
keyloggerstoattackhosts.Buthere’sthecatch–somehackersactually
facilitatetheirattackbytakingadvantageofpeoplewhowantaccesstothese
typesofprograms.
Andtheendresultisn’tpretty.Intheend,thenewbiehackermightactually
installanexperthacker’svirusandunknowinglyinfecttheirownoperating
system!Anddon’tforgetthatthereareethicalandlegalimplicationsaswell.
Many,ifnotall,ofthepeopleresponsibleforthesefamousattackswereseverely
punished.Sodon’ttrytoresearchandimplementthesetypesofvirusesathome!
1.CodeRed
Iknowwhatyoumaybethinking,andno,thishasnothingtodothemovies.
Whenpeoplethinkofhackinginthemovies,theythinkoftopsecretmilitary
basesgettinghackedbyateenagerandraisingtheiralertlevelto‘codered.’
Believeitornot,itisrumoredthatthetwoengineerswhodiscoveredandnamed
thisattackweremerelydrinkingthedisgustingcherry-flavoredsodawhenthey
firstidentifiedthewormbackin2001.Thiswormwasprettydarnnasty,andits
targetswereserversthatwererunningtheMicrosoftIISsoftwareforweb
servers.
Thisattackreliedheavilyonanexploitfoundinthecodethatleftservers
vulnerabletoabufferoverflowissueinanolderversionofcode.However,it
wasahugeproblemandverydifficulttodetectbecauseithadtheabilitytorun
solelyinmemory(RAM,orshorttermstorageasopposedtolongtermstorage
suchasaharddiskdrive).Andthingsgotoutofhandprettyquickly,too.Afterit
hadcompromisedasystem,itwouldthentrytomakehundredsofcopiesto
infectotherwebservers.Notonlythat,butitgobbledupatonoflocalserver
resourcesthatallbutcrippledsomeofthetargetsystems.
2.Sasser
SasserisanotherwormdesignedtotargetWindows(noticingapatternhere?).It
firstfounditswayintothespotlightbackin2004andwascreatedbya
legendaryandinfamoushackernamedSvenJaschanwhowasalsoresponsible
foranotherfamouswormnamedNetsky.OnereasonthiswormmadeInternet
securityheadlineswasthatithadaffectedmorethanamilliontargets!Yetagain,
thiswormtookadvantageofabufferoverflowvulnerabilitythatcausedtarget
systemstocrash.
Italsomadeitnearlyimpossibletorebootyourcomputerwithoutremovingthe
powercableanditcausedmanycomputerstocrashcompletely.Tobefair,most
peoplesawthiswormasanuisanceasopposedtoaseriousthreat.Butitcannot
bedeniedthatitcausedmassiveandwidespreaddisruption.Iteveninfected
criticalinfrastructuredevicesthatcausednetworkstoperformverypoorly.Like
othertypesofworms,ituseditstargetcomputerstopropagateandmultiply
itselftoothercomputers.
Butoneofthebiggestproblemswiththiswormisthatusersdidn’tupgradetheir
operatingsystemsafterapatchhadbeencreated.Bothpublicandprivatesector
organizationswereaffectedlikenewsstations,transportationsystems,healthcare
organizations,andevensomeairlinecompanies.Butwhatwastheendresult?
Thedamageswerecollectivelychalkeduptobeapproximately$18billion
dollars!WhathappenedtotheinfamousJaschan,youask?Fortunatelyforhim,
hewasstillyoungsohereceivedaslaponthewristconsideringhowmuch
damagehedid.Heendedupwithasuspendedsentencelasting21months.
3.Zeus
TheZeusviruswasreallyaTrojanhorsecreatedtoinfect(canyouguesswhich
operatingsystem?)Windowsmachinesinanefforttoforcethemtocarryout
varyingproceduresthatweredeemedtobecriminalactivity.Mosttypically,it
wouldbeusedtocarryoutkeyloggingactivitiesandman-in-the-middleattacks
thatwouldallowanattackertofirstsiftthroughwebbrowsinginformation
beforesendingittotheintendedwebserver.Itmostfrequentlyinfectedhostsby
utilizinginnocent-lookingapplicationsasatransportmediumintotheintended
targets,buttheattackalsoemployedphishingtechniques.
Afterithadbeendiscoveredin2009,ithadruinedthousandsofindividualfile
downloadandFTPaccountsfromthelargestbanksandcorporations.Those
involvedincludeAmazon,BankofAmerica,Oracle,andevenCisco.Theattack
alsoallowedthehackerstostealusernamesandpasswordstosocialmediasites,
emailaccounts,andbankinginformation.
4.TheILoveYouAttack
The‘ILoveYou’attackissoimpressiveandreveredinhackercommunities
becauseitcreatedawhopping$10billiondollarsinestimateddamages.What’s
moreimpressiveisthatresearchersbelievethat10%ofeverycomputer
connectedtotheInternetatthetimewasinfectedwiththisvirus.Infecting10%
oftheInternetwithacomputervirusisstaggeringtosaytheleast.Thingsstarted
becomingsoterriblethatsomeofthelargerorganizationsaswellas
governmentalagenciesaroundtheworldstartedshuttingdowntheirmailing
systemsinanefforttoavoidbecominginfected.
5.Melissa
Thisnaughtyviruswassupposedlynamedafteranexoticdancerthecreator,
DavidL.Smith,hadonceknown.Supposedly,theveryrootoftheviruswasan
infectedtextdocumentthatwasuploadedtothealt.sexUsenetgroupwiththe
appearanceofbeingacollectionofusernamesandpasswordsforsubscription
andmembership-onlypornographicwebsites.Butonceauserdownloadedthis
Worddocument,allhellwouldbreaklooseandtheviruswouldactivate.
Tostart,theviruswouldlookatthefirst50addressesintheinfectedhost’s
emailaddressbookandstartsendingthoseaddressesemails.Inturn,thiswould
severelydisruptemailservicesoflargeenterprisesandgovernmentalbodies.
Furthermore,theviruswouldevencorruptdocumentsbyaddingreferencesto
thetelevisionshowTheSimpsons.However,theoriginalWorddocumentwas
eventuallytracedbacktoSmithandhewasarrestedwithinaweekofthevirus’s
propagation.AlthoughSmithonlyendedupserving20monthsofprisontime
anda$5,000fine(heoriginallyhada10yearsentence)becauseheturnedsnitch
onotherhackersandhelpedtheFBImakemorearrests.Totopitalloff,itwas
estimatedthatthedamagesfromhisvirustotaledapproximately$80million
dollars.
6.TheConfickerWorm
TheConfickerwormfirstappearedin2008anditcomesfromanunknown
origin.Thiswormwasespeciallytroublesomebecauseitcreatedabotnet(a
groupofinfectedcomputersnetworkedtogether)ofmorethan9million
differenthoststhatharmedgovernmentalagencies,largeenterprises,andsimple
individualusersalike.Thiswormmakesthetop10listbecauseitcaused
damagesestimatedatastaggering9billiondollars.Itwasabletoinfect
Windowsmachinesduetoanunpatchedvulnerabilitydealingwithbackground
networkservices.
Afterahosthadbeeninfectedwiththeworm,thewormwouldwreakhavocby
preventingaccesstoWindowsupdatesandantivirusupdates,anditcouldeven
lockuseraccountstopreventpeoplefromlogginginandcleaninguptheworm.
Ifthatweren’tbadenough,thewormwouldthencontinueitsattackbyinstalling
maliciouscodethatwouldmakethetargetcomputerpartofthebotnetandscam
usersintosendingtheattackermoneybyholdingtheircomputerransom.
Microsoftandthirdpartyantivirussoftwareproviderseventuallyreleased
updatestocombatandpatchthisworm,butitdidmassiveamountsofdamage
beforeasolutioncouldbereached.
7.MyDoom
MyDoomwasfirstseenbackin2004,anditwasoneofthefastestemailworms
toinfectmassesofcomputerssincetheILoveYouattack.Thecreatorofthis
attackisstillunknown,butitisrumoredthatthecreatorwaspaidbigmoneyto
carryoutthisattackduetothemessageincludedinthevirusthatread,“Andy,
I’mjustdoingmyjob.Nothingpersonal,sorry.”
Thiswormwasincrediblyslybecauseittookontheappearanceofanemail
error.Afterauserhadclickedonthe“error”toviewtheproblemtheworm
wouldsendcopiesofitselftopeoplefoundintheemailaddressbookofthe
infectedsystem.Furthermore,itwouldcopyitselfintopeer-to-peerdirectories
ontheinfectedhoststospreadthroughoutthenetwork.Itisalsobelievedthat
thewormisstilllurkingontheInternettothisday,anditcausedapproximately
$38billiondollars’worthofdamages.
8.Stuxnet
Thisattackhasasomewhatpoliticalbackgroundasitisthoughttohavebeen
createdbytheIsraeliDefenseForceinconjunctionwiththeAmerican
government.Whilesomeofthepastviruseswerecreatedoutofmalice,
contempt,orthecuriositytoseejusthowmuchdamageaprolifichackercould
create,thisviruswascreatedforthepurposeofcyberwarfare.Thegoalwasto
stymytheinitiativesoftheIranianstocreatenuclearweapons,andalmosttwo
thirdsofhostsinfectedbythisviruswerelocatedinIran.
Infact,itisestimatedthattheviruswassuccessfulindamaging20%ofthe
nuclearcentrifugesinIran.Morespecifically,thisvirustargetedPLC
(ProgrammingLogicControllers)componentswhicharecentraltoautomating
largemachineryandindustrialstrengthequipment.Itactuallytargeteddevices
manufacturedbySiemens,butifitinfectedahostthatdidn’thaveaccessto
Siemensproductsitwouldlurkonthehostsysteminadormantstate.
Essentially,itwouldinfectthePLCcontrollersandcausethemachineryto
operatefartoofast–whichwouldultimatelybreakthemachinery.