|
Fileless Malware
Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM. It does not write any part of its activity to the computer's hard drive, thus increasing its ability to evade antivirus software that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaving very little evidence that could be used by digital forensic investigators to identify illegitimate activity. Malware of this type is designed to work in-memory, so its existence on the system lasts only until the system is rebooted. Definition Fileless malware is sometimes considered synonymous with ''in-memory'' malware as both perform their core functionalities without writing data to disk during the lifetime of their operation. This has led some commentators to claim that this variant strain is nothing new and simply a “redefinition of the well-known term, memory resident ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Malicious Software
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. By contrast, software that causes harm due to some deficiency is typically described as a software bug. Malware poses serious problems to individuals and businesses on the Internet. According to Symantec's 2018 Internet Security Threat Report (ISTR), malware variants number has increased to 669,947,865 in 2017, which is twice as many malware variants as in 2016. Cybercrime, which includes malware attacks as well as other crimes committed by computer, was predicted to cost the world economy $6 trillion USD in 2021, and is increasing at a rate of 15% per year. Many types of malware exist, including computer viruses, worms, Trojan horses, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Dark Avenger
Dark Avenger was the pseudonym of a computer virus writer from Sofia, Bulgaria. He gained considerable popularity during the early 1990s, as some of his viruses spread not only nationwide but across Europe as well, even reaching the United States and Australia. Background and origins In the 1980s and 1990s, Bulgaria had a blooming computer hardware industry specialized in providing large numbers of PCs for educational purposes. Thus, many schools and universities were provided with computers and computer science was a commonly studied subject. This helped foster a certain attitude about computers among that generation. In April 1988, Bulgaria's trade magazine for computers, ''Компютър за Вас'' (''Computer for You''), issued an article explaining in detail the nature of computer viruses and even methods for writing them. A few months after that, Bulgaria was "visited" by several foreign viruses, namely "Vienna", "Ping Pong", and "Cascade". The interest spawned by ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mistaken Identity
Mistaken identity is a defense in criminal law which claims the actual innocence of the criminal defendant, and attempts to undermine evidence of guilt by asserting that any eyewitness to the crime incorrectly thought that they saw the defendant, when in fact the person seen by the witness was someone else. The defendant may question both the memory of the witness (suggesting, for example, that the identification is the result of a false memory), and the perception of the witness (suggesting, for example, that the witness had poor eyesight, or that the crime occurred in a poorly lit place). Because the prosecution in a criminal case must prove the guilt of the accused beyond a reasonable doubt, the defendant must convince the jury that there is reasonable doubt about whether the witness actually saw what they claim to have seen, or recalls having seen. Although scientific studies have shown that mistaken identity is a common phenomenon, jurors give very strong credence to eyewit ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Trojan Horse Defense
The Trojan horse defense is a technologically based take on the classic SODDI defense, believed to have surfaced in the UK in 2003. The defense typically involves defendant denial of responsibility for (i) the presence of cyber contraband on the defendant's computer system; or (ii) commission of a cybercrime via the defendant's computer, on the basis that a malware (such as a Trojan horse, virus, worm, Internet bot or other program)Steel, C.M.S, "Technical SODDI Defences: the Trojan Horse Defence Revisited", DFSL V9N4 (http://ojs.jdfsl.org/index.php/jdfsl/article/viewFile/258/236) or on some other perpetrator using such malware, was responsible for the commission of the offence in question. A modified use of the defense involves a defendant charged with a non-cyber crime admitting that whilst technically speaking the defendant may be responsible for the commission of the offence, he or she lacked the necessary criminal intent or knowledge on account of malware involvement.Brenne ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Chain Of Custody
Chain of custody (CoC), in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Of particular importance in criminal cases, the concept is also applied in civil litigation and more broadly in drug testing of athletes and in supply chain management, e.g. to improve the traceability of food products, or to provide assurances that wood products originate from sustainably managed forests. It is often a tedious process that has been required for evidence to be shown legally in court. Now, however, with new portable technology that allows accurate laboratory quality results from the scene of the crime, the chain of custody is often much shorter which means evidence can be processed for court much faster. The term is also sometimes used in the fields of history, art history, and archives as a synonym for provenance (meaning the chronolo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Trend Micro
is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and North America. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform. Eva Chen, who is the founder, currently serves as Trend Micro's chief executive officer, a position she has held since 2005. She succeeded founding CEO Steve Chang, who now serves as chairman. History 1988–1999 The company was founded in 1988 in Los Angeles by Steve Chang, his wife, Jenny Chang, and her sister, Eva Chen (陳怡樺). The company was established with proceeds from Steve Chang's previous sale of a copy protection dongle to ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mimikatz
Mimikatz is both an Exploit (computer security), exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit. It was created by France, French programmer Benjamin Delpy and is French slang for "cute cats". History Benjamin Delpy discovered a flaw in Microsoft Windows that holds both an encrypted copy of a password and a key that can be used to decipher it in memory at the same time. He contacted Microsoft in 2011 to point out the flaw, but Microsoft replied that it would require the machine to be already compromised. Delpy realised that the flaw could be used to gain access to non-compromised machines on a network from a compromised machine. He released the first version of the software in May 2011 as Proprietary software, closed source software. In September 2011, the exploit was used in the DigiNotar hack. Russian conference He spoke about the software at a conference in 2012. Once during the conference, he returned to his room t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Metasploit Project
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system. History Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby. On October 21, 2009, the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability ma ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PowerShell
PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell (computing), shell and the associated scripting language. Initially a Windows component only, known as Windows PowerShell, it was made open-source software, open-source and cross-platform on 18 August 2016 with the introduction of PowerShell Core. The former is built on the .NET Framework, the latter on .NET Core. In PowerShell, administrative tasks are generally performed via ''cmdlets'' (pronounced ''command-lets''), which are specialized .NET Class (computer programming), classes implementing a particular operation. These work by accessing data in different data stores, like the file system or Windows Registry, which are made available to PowerShell via ''providers''. Third-party developers can add cmdlets and providers to PowerShell. Cmdlets may be used by scripts, which may in turn be packaged into modules. Cmdlets work in tandem with the .NET Application pr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Duqu
Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's Zero day vulnerability, zero-day vulnerability. The Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates. Nomenclature The term Duqu is used in a variety of ways: * Duqu malware is a variety of software components that together provide services to the attackers. Currently this includes information stealing capabilities and in the background, kernel drivers and injection tools. Part of this malware is written in unknown high-level programming language, dubbed "Duqu framework". It is not C++, Python, Ada, Lua and many other chec ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Stuxnet
Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition ( SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including gas centrifuges for separating nuclear material. Exploiting four zero-day flaws, Stuxnet functions by targeting machines using the Microsoft Windows o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SQL Slammer
SQL Slammer is a 2003 computer worm that caused a denial of service on some Internet hosts and dramatically slowed general Internet traffic. It spread rapidly, infecting most of its 75,000 victims within ten minutes. The program exploited a buffer overflow bug in Microsoft's SQL Server and Desktop Engine database products. Although thMS02-039patch had been released six months earlier, many organizations had not yet applied it. The most infected regions were Europe, North America, and Asia (including East Asia and India). Technical details The worm was based on proof of concept code demonstrated at the Black Hat Briefings by David Litchfield, who had initially discovered the buffer overflow vulnerability that the worm exploited. It is a small piece of code that does little other than generate random IP addresses and send itself out to those addresses. If a selected address happens to belong to a host that is running an unpatched copy of Microsoft SQL Server Resolution Service lis ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
