|
Mebroot
Mebroot is a master boot record based rootkit used by botnets including Torpig. It is a sophisticated Trojan horse that uses stealth techniques to hide itself from the user. The Trojan opens a back door on the victim's computer which allows the attacker complete control over the computer. Payload The Trojan infects the MBR to allow itself to start even before the operating system starts. This allows it to bypass some safeguards and embed itself deep within the operating system. It is known that the Trojan can intercept read/write operations, embed itself deep within network drivers. This allows it the ability to bypass some firewalls and communicate securely, using a custom encrypted tunnel, to the command and control server. This allows the attacker to install other malware, viruses, or other applications. The Trojan most commonly steals information from the victim's computer, in an attempt for small financial gain. Mebroot is linked to Anserin, which is another Trojan that log ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Torpig
Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks. By November 2008, it was estimated that Torpig had stolen the details of about 500,000 online bank accounts and credit and debit cards and was described as "one of the most advanced pieces of crimeware ever created". History Torpig reportedly began development in 2005, evolving from that point to more ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Master Boot Record
A master boot record (MBR) is a type of boot sector in the first block of disk partitioning, partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond. The concept of MBRs was publicly introduced in 1983 with PC DOS 2.0. The MBR holds the information on how the disc's sectors (A.K.A. "blocks") are divided into partitions, each partition notionally containing a file system. The MBR also contains executable code to function as a loader for the installed operating system—usually by passing control over to the loader's second stage, or in conjunction with each partition's volume boot record (VBR). This MBR code is usually referred to as a boot loader. The organization of the partition table in the MBR limits the maximum addressable storage space of a partitioned disk to 2 Tebibyte, TiB . Approaches to slightly raise this limit utilizing 32-bit arithmetic or 4096-byte sectors are not officially s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Keystroke Logging
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware. While the programs themselves are legal, with many designed to allow employers to oversee the use of their computers, keyloggers are most often used for stealing passwords and other confidential information. Keystroke logging can also be utilized to monitor activities of children in schools or at home and by law enforcement officials to investigate malicious usage. Keylogging can also be used to study keystroke dynamics or human-computer interaction. Numerous keylogging methods exist, ranging from hardware and software-based approaches to acoustic cryptanalysis. History In the mid-1970s, t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Exploit (computer Security)
An exploit is a method or piece of code that takes advantage of Vulnerability (computer security), vulnerabilities in software, Application software, applications, Computer network, networks, operating systems, or Computer hardware, hardware, typically for malicious purposes. The term "exploit" derives from the English verb "to exploit," meaning "to use something to one’s own advantage." Exploits are designed to identify flaws, bypass security measures, gain unauthorized access to systems, take control of systems, install malware, or data breach, steal sensitive data. While an exploit by itself may not be a malware, it serves as a vehicle for delivering malicious software by breaching security controls. Researchers estimate that malicious exploits cost the global economy over US$450 billion annually. In response to this threat, organizations are increasingly utilizing cyber threat intelligence to identify vulnerabilities and prevent hacks before they occur. Description Expl ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Application Software
Application software is any computer program that is intended for end-user use not operating, administering or programming the computer. An application (app, application program, software application) is any program that can be categorized as application software. Common types of applications include word processor, media player and accounting software. The term ''application software'' refers to all applications collectively and can be used to differentiate from system and utility software. Applications may be bundled with the computer and its system software or published separately. Applications may be proprietary or open-source. The short term ''app'' (coined in 1981 or earlier) became popular with the 2008 introduction of the iOS App Store, to refer to applications for mobile devices such as smartphones and tablets. Later, with introduction of the Mac App Store (in 2010) and Windows Store (in 2011), the term was extended in popular use to include desktop a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Drive-by Download
In computer security, a drive-by download is the unintended download of software, typically Malware, malicious software. The term "drive-by download" usually refers to a download which was authorized by a user without understanding what is being downloaded, such as in the case of a Trojan horse (computing), Trojan horse. In other cases, the term may simply refer to a download which occurs without a user's knowledge. Common types of files distributed in drive-by download attacks include Computer virus, computer viruses, spyware, or crimeware. Drive-by downloads may happen when visiting a website, opening an Email attachment, e-mail attachment, clicking a link in an email, or clicking on a deceptive pop-up window. Users often click on a pop-up window in the mistaken belief that, for example, an error message from the computer's operating system is being acknowledged or a seemingly innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the us ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hard Drive
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating hard disk drive platter, platters coated with magnetic material. The platters are paired with disk read-and-write head, magnetic heads, usually arranged on a moving actuator arm, which read and write data to the platter surfaces. Data is accessed in a random-access manner, meaning that individual Block (data storage), blocks of data can be stored and retrieved in any order. HDDs are a type of non-volatile storage, retaining stored data when powered off. Modern HDDs are typically in the form of a small disk enclosure, rectangular box. Hard disk drives were introduced by IBM in 1956, and were the dominant secondary storage device for History of general-purpose CPUs, general-purpose computers beginning in the early 1960s. HDDs maintained this position into the modern er ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Antivirus
Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other malware, antivirus software started to protect against other computer threats. Some products also include protection from malicious URLs, Spam (electronic), spam, and phishing. History 1971–1980 period (pre-antivirus days) The first known computer virus appeared in 1971 and was dubbed the "Creeper (program), Creeper virus". This computer virus infected Digital Equipment Corporation's (Digital Equipment Corporation, DEC) PDP-10 mainframe computers running the TENEX (operating system), TENEX operating system. [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows Registry
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance. In other words, the registry or Windows Registry contains information, settings, options, and other values for programs and hardware installed on all versions of Microsoft Windows operating systems. For example, when a program is installed, a new subkey containing settings such as a program's location, its version, and how to start the program, are all added to the Windows Registry. When introduced with Windows 3.1, the Windows Registry primarily stored configuration information for COM-based components. Windows 95 and Windows NT extended its use to rationalize and centralize the information in the profusion of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ntoskrnl
ntoskrnl.exe (short for Windows NT operating system kernel executable), also known as the kernel image, contains the kernel and executive layers of the Microsoft Windows NT kernel, and is responsible for hardware abstraction, process handling, and memory management. In addition to the kernel and executive layers, it contains the cache manager, security reference monitor, memory manager, scheduler (Dispatcher), and blue screen of death (the prose and portions of the code).Russinovich, MSystems Internals Tips and Trivia ''SysInternals Information'' Overview x86 versions of ntoskrnl.exe depend on bootvid.dll, hal.dll and kdcom.dll (x64 variants of ntoskrnl.exe have these DLLs embedded in the kernel to improve performance). However, it is not a native application thus it is not linked against ntdll.dll. Instead, ntoskrnl.exe has its own entry point "KiSystemStartup" that calls the architecture-independent kernel initialization function. Because it requires a static copy of the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ATA Packet Interface
ATAPI (ATA Packet Interface) is a protocol used with the Parallel ATA (IDE) and Serial ATA standards so that a greater variety of devices can be connected to a computer than with the ATA command set alone. It carries SCSI commands and responses through the ATA interface. ATAPI devices include CD-ROM and DVD-ROM drives, tape drives, magneto-optical drives, CompactFlash, CompactFlash drives, and large-capacity floppy disk, floppy drives such as the Zip drive and SuperDisk drive. History ATA was originally designed for, and worked only with, hard disks and devices that could emulate them. A group called the Small Form Factor committee (SFF) introduced ATAPI to be used for a variety of other devices that require functions beyond those necessary for hard disks. For example, any removable media device needs a "media eject" command, and a way for the host to determine whether the media is present, and these were not provided in the ATA protocol. The Small Form Factor committee appr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Broadcom
Broadcom Inc. is an American multinational corporation, multinational designer, developer, manufacturer, and global supplier of a wide range of semiconductor and infrastructure software products. Broadcom's product offerings serve the data center, networking, software, broadband, wireless, storage, and industrial markets. As of 2024, some 58 percent of Broadcom's revenue came from its semiconductor-based products and 42 percent from its infrastructure software products and services. Tan Hock Eng is the company's president and chief executive officer, CEO. The company is headquartered in Palo Alto, California. Avago Technologies Limited was changing its name to ''Broadcom'' to acquire Broadcom Corporation in January 2016. Avago's ticker symbol AVGO now represents the merged entity. The Broadcom Corporation ticker symbol BRCM was retired. Initially the merged entity was known as ''Broadcom Limited'', before assuming the current name in November 2017. In October 2019, the Europe ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
