Anatomy of an Attack: Persist

• SubSeven/Nimda/NetBus/SSH/Storm – trojan• NetCat – general TCP/UDP tool• John the Ripper/L0phtCrack – password cracker

# pseudo code for brute password cracker

while ($temp not equal $hash) {

increment ($password);

$temp=digest ($password);

}

print ($password);

Anatomy of an Attack: Propagate

• Worms• Spyware/Trojans• Email/IRC virii• Boot sector (esp. floppy) virii• Zombies

Worm structure:

Anatomy of an Attack: Paralyze

• Slow/Stop services• Steal/Modify important data• Vandalize (“tag”) hosts• Destroy hardware• Damage reputation

• Abuse users

• Take a network hostage• Frame an entity for harming another entity