Hacking

**Hacking**

 * threats || Nasty stuff that's out there ||
 * malware || general term for malicious software, includes viruses, worms, trojans--the payload. ||
 * virus || self-copying program, overwrites storage ||
 * worm || spreads across networks, automated ||
 * trojan || malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system ||
 * boot sector virus || virus that infects the master boot record ||
 * key logger || program that records keystrokes ||
 * backdoor || logon not using normal program ||
 * zombie || remote control of victim PC ||
 * botnet || zombies linked together for the same purpose ||
 * phishing || getting secure data by asking for it, usually by email ||
 * social engineering || talking people into giving away info ||
 * whaling || phishing heavy hitters (CISO) ||
 * DoS/DDoS || Denial of Service/Distributed Denial of Service, single PC flooding or botnets using zombies to flood a victim with pings ||
 * logic bomb || executes under a given condition (malware) ||
 * time bomb || triggered by date (malware) ||
 * rootkits || change system software, makes attacks invisible ||
 * assets || SW: processing resources; data: SS#s, CC#s; bandwidth ||
 * Threats2 || data theft, identity theft, vandalism, network intrusion ||
 * vulnerabilities || Open ports on a computer that could be exploited ||
 * signatures || code that AV uses to identify threats ||
 * Zero Day Exploit || A new version of a threat that has not been identified by AV or anti-malware software ||
 * Rootkit || Conceals the compromise of a system's security. ||
 * fuzzing || sending bits of data to software to make it have a bug that stops it ||
 * main-in-the-middle attack || intercepts packets that are being transmitted ||
 * privilege escalation || finding a way to increase privileges for a user ||
 * IDS || Intrusion Detection System ||
 * distributed attacks || used by organized crime for extortion, ID theft; state sponsored attacks ||
 * honey pot || dummy system used to collect information about hackers, appears as something worth hacking ||
 * packet sniffer || software that monitors packets being transmitted and received between two computers. ||
 * rainbow table attack || a password hacking technique using a predetermined table of hashes that are possible passwords ||
 * dictionary attack || password guessing by using words out of the dictionary ||
 * DEP || Data Execution Prevention ||

How a Zero Day Exploit Works:

Anti-malware companies constantly update their databases that define what software is malicious. A new piece of malware or new version of malware would not be in that database yet. It is known as 0-day because it is 0 days old. The public is vulnerable until the malware is caught and logged.