- A bot is a program
that is ran secretly in the background of a customer’s computer. The
bot connects to an IRC channel usually where a Bot Herder(its creator)
can use a number of commands to control these computers that are now
it’s under control. A zombie computer(a pc under control of a bot
herder) can be manipulated in a number of ways. Some functions of a bot
include stealing customers passwords, Password Recovery
Tool, ddosing a server
to cause it to crash, turning on the webcam and being able to watch the
zombie computer’s users, visiting a website(to gain money + traffic for
a bot herder), clicking ads, making ads appear randomly, destroying
itself(the pc), and sending spam to email contacts.serverNET
– A bunch of bot’s connected to a server (usually IRC or web) that can be controlled and manipulated by its owner.
Administration Tool) – Sort of like a serverNET in regards that you can
gain acess to the customers computer and do stuff like look at their
files, webcam, etc. Only this malware connects back to you, apposed to
– A crypter is used to make well known hacker’s viruses (such as keyloggers and botnets) undetectable by anti-virus software
by changing the virus program signatures that anti virus programs have in their databases to make them easier to spread.Binder
– A binder is used to bind a virus(such as a Password Recovery Tool,etc) to another program
making it undetechtable and able to fool users into thinking its
something else. (IE a customer will click an installPhotoshop.exe and
it will install photoshop
as well as your virus secretly.)
– Term for fully undetectable virus. (made by either coding your own virus or by crypting and binding an existing virus) Use http://novirusthanks.com
(uncheck distribute sample) to check if your virus is undetectable.
Database – Used by most websites to store things such as User names, Passwords, Email, etc of an entire website or community.
– A way of manipulating a website’s forms as a way of retrieving it’s
databases. This can be used to find users and passwords as well as
obtaining admin on a website in order to deface it.
XSS (Cross Site
Scripting) – a type of computer security vulnerability typically found
in web applications which allow code injection by malicious web users
into the web pages viewed by other users. An exploited cross-site
scripting vulnerability can be used by attackers to bypass access
controls such as the same origin policy. Vulnerabilities of this kind
have been exploited to craft powerful phishing attacks and browser
exploits. Password Recovery Tool
– A Password Recovery Tool is a program,
usualy ran secretly in the background that records what users type,
then the typed output is usually sent via email or uploaded by thePassword Recovery
Tool somewhere to the web in secret. These can be attached to other
executables so you never even know you ran them in the first place,
once you click it once it often is started at startup from their on.
– Used to fool a customer into clicking a link that will steal their
cookies to websites which you can then use to have their privileges to
various parts of a website or forum.
BruteForcer – Program used to crack passwords by trying every password/password list on various forms.
- How passwords
are usually stored, this is a way of crypting a password so it is not
plain text, harder passwords are very hard to crack but simple ones
have often been cracked and can be found on online databases. Some
common password hashes include MD5 and SHA.
– Tricking a customer into doing something you want them to do by disguising or enticing them into doing what you want.
- Creating a
fake login page to a well known website (IE Facebook) and then fooling
a customer into entering their information on the fake login page
through social engineering.