Antikino
It implies a private cinema, usually designed for two people. The essence of fraud is the reincarnation of a girl in the network and the search for potential lovers in VK, other social networks. social networks or dating services. After finding the victim (male), the fraudster, using the skills of SI, invites her to the same antikino-fake. If successful, the victim orders tickets for the session through a fake website ("script"), thereby giving their money to someone else's pocket.
In the antikino scheme, there is a short hierarchy — the owner of antikino (manages one or several sites at the same time, accepts victims ' money) and fraudsters-spammers (they receive most of Antikino's income and perform all the "dirty" work — finding victims, spending money on buying tickets).
Advertising service
A fraud method in which an attacker presents malicious files to the victim under the guise of the target of an advertising (commercial) offer.
Scammers are looking for victims who have a certain popularity, who accept commercial offers to monetize their creativity on various platforms (for example, on YouTube), and then contact them on behalf of PR managers (and not only) of "developing" companies and projects, offering advertising of their digital product (antivirus, cloud gaming service, etc. After accepting the offer, the victim uploads malware to their PC under the guise of the advertised product, thereby sending their logs (usernames, passwords, sessions, etc.) to the attacker.
Brutus
Search for accounts from the corresponding databases in order to find and re-link accounts of games, social networks, etc., usually for subsequent sale on trading platforms or directly to buyers.
Bruters use a special set of software for processing databases (files .txt with login details for email accounts ...
Password '— 1 account per line):
- brutus checkers (for automating the brutus process);
- normalizers (for formatting databases);
- software for quick (using IMAP/POP3 protocols) login to email accounts;
- anti-templates (for checking databases for uniqueness).
Brute Force
A method for hacking accounts or other types of password-protected information images by brute-forcing passwords. There are 2 possible scenarios: brute-force passwords from the database of the most popular ones or use appropriate algorithms to issue each of the possible options in turn (example: 0000, 0010, 0100, 1000, 1001 and so on).
At the moment, brute force is the least effective method of hacking accounts, since its implementation requires an irrational amount of time (even a fairly weak password for our time can take several hours, days, years, or even decades). In addition, it should be noted that almost all services that require password entry easily recognize such attacks (often even regarded as DoS or DDoS) and prevent attackers from intercepting access to the account by restricting access to it, or using verification systems such as reCAPTCHA.
Phishing
One of the ways to intercept data from accounts based on victims ' inattention. Phishing involves uploading a duplicate page of the target site or a script (a full-fledged site) to the hosting service under the guise of a child site with a form for entering a username and password.
After downloading the script, the fraudster finds victims and uses C to force them to click on a link to this site, where they are likely to enter their valid login details. As a rule, phishing sites have a redirect (redirection to another page), which allows you to slip the victim a real site after clicking the "Log in" button on the phishing site, without focusing on the site address.
It should also be noted that phishing sites try to duplicate the domains of the target sites in every possible way. For example, a phishing site that duplicates facebook.com it can take up a domain fecabook.co, facebok.de or any similar one.
Shipping service
The process of ordering certain products in online stores in order to sell funds on hacked accounts. If a fraudster gets his hands on a trading platform account with a certain balance, and at the same time he does not have the opportunity to transfer these funds directly to the card, he orders one or more products that fully cover the target balance.
In this way, the attacker receives material items instead of money, which he can either use for his own purposes or resell. Now shipping is a fairly popular practice, so finding shippers who are willing to withdraw funds from your (or someone else's) account through such frauds for a specific fee or percentage will not be difficult.
Substitution of offers
A type of fraud that consists of sending fake trading offers (usually exchange offers within the Steam service) in order to deceive the victim for game items or currency.
To do this, scammers track the trade offers sent by special bots of trusted services (for example, trading or gaming platforms) and immediately send an identical offer (in their favor) from an account that exactly repeats the type of the same bot (including the name, avatar, profile data). Thus, the substitution of offers is aimed at inattentiveness of victims, so SI skills are often used to conduct this type of fraud (for example, when searching for potential victims).
DoS and DDoS
There are two types of attacks that are used to disable Internet resources by sending multiple data packets to target servers.
The differences between them are simple — DoS performs the task using only 1 device, DDoS-a lot. At the moment, DoS attacks are considered obsolete and unable to "put" (disable) the average website. DDoS attacks require more systems with Internet access, but they can pose a real threat even to large Internet resources, loading their servers with a continuous stream of data.
To use DDoS, special software or web services-stressors-are used. They allow you to control dangerous traffic and regulate its capacity (the more requests and the more data sent to the target server, the higher the probability of a successful attack).
Although DDoS remains quite dangerous to this day, there are a number of services that can resist it, the most popular of them is CloudFlare, which takes all the traffic flow directed to the destination server on itself. All the necessary DDoS capacities are either purchased on hosting sites (servers, etc.). network devices), or use PCs and smartphones connected to Botnet networks.
Spoofing
The process of intercepting and spoofing the data stream.
Spoofing attacks are popular in public places with Internet access (such as cafes). In the case of a Wi-Fi network, the attacker uses a laptop or smartphone, connects to the Wi-Fi network and "tells" all devices on the network that they are supposedly a router, thereby redirecting all traffic to themselves.
So, an attacker can view packets of unencrypted data coming from victims and replace both them and the packets returned from the server (for example, he can embed the miner in a regular HTML page or change the returned images to his own).
Spoofing is an effective, simple (from the point of view of implementation) and quite spectacular attack that is still relevant today.
Carding
A type of fraud involving the use of other people's payment cards. As a rule, it implies theft and withdrawal of funds from the card in tangible money.
Carding has a high degree of danger, so attackers often use drops (people who perform illegal actions instead of the fraudster himself, who remains in the shadows, for a certain fee or a percentage of income).
Carding has several sublevels, one of which is skimming (theft of a payment card by copying its basic identification data). For skimming, attackers use special devices — skimmers that can read the magnetic tracks of cards, and surveillance tools such as hidden video cameras to read the data entered by the victim (in particular, the PIN code).
Stealer
A malicious program used by attackers to quickly collect data from the victim's device and then send it to the appropriate database.
It is customary to disguise stealers as ordinary programs by changing the icon and file name, sewing them into vulnerable documents using exploits, gluing them together with target programs and "crypting" them (changing and protecting the contents of a malicious file so that it does not fall under the definition of malware when checked by antivirus programs). It should also be noted that stealers are small in size and are often used in conjunction with loader programs that download them independently, causing less suspicion.
Stealers can steal any data from a PC and even decrypt it. After collecting the necessary logs (cookies, session files, payment card data) and creating the corresponding databases, Stiller usually archives them and sends them to the final destination point — to the hands of an attacker (or more specifically, to the web dashboard, email, or FTP server).
Stiller is one of the most effective ways to hack accounts due to its stealth and speed of operation. By running it, you are unlikely to be able to get your data back. The only way to prevent sending logs is to immediately turn off your PC before it starts.
RAT
Malware designed to take control of the PC of its victims.
RAT operates under special protocols (for example, VNC) that allow an attacker to see the victim's screen, upload, download and run files, connect to external media and devices such as a webcam, microphone, disk drive, etc. (thereby creating the effect of a remote desktop).
In some cases, RAT can be used as a stiller, but this may take some time. Despite their extensive functionality, warriors have a fairly low weight and disguise themselves in the same way as stealers or miners.
Miner
Malicious program that extracts cryptocurrency using the computing power of the victim's PC.
Miners usually adapt to the PC's diagnostic data, adding or subtracting power to reduce the chance of being detected by the victim. Miners disguise themselves in the same way as stealers or warriors. They are attached to the attacker's cryptocurrency wallet and "mine" BTC, ETH, etc., using the power of the CPU (processor), GPU (video card) or other computing elements of the PC (less often), such as electrical circuits.
Build
The final malicious file created by the builder.
Since any stiller, warrior, or miner must have at least some contact with the attacker (for example, know the address of a shared server, database, or control panel), there is a concept of a child file — build, and a parent — builder.
The essence of their interaction is as follows: the attacker opens the builder, where he specifies all the binding data (they were listed earlier), as well as local information of the future malware (name, icon, description, etc.), the builder in turn compiles the build (recreates the standard template of the malicious file), while changing the values specified by the attacker. The output is a ready-to-use malware, which, even if made according to a template, but at the same time has unique binding data and appearance.
Loader
Software designed for self-uploading files from the server to the PC.
Loaders are used to infect target PCs with stealers, miners, warriors, etc. Loaders download and run files without going through the firewall, but they are not necessary for attacks.
Loaders are very light in weight and are often glued together with regular programs that the victim will want to download.
Cryptor
A tool that allows attackers to lower the detection rate (chance of antivirus detection) of malicious files.
Cryptographers use different encryption and modification methods to change the signature (file fingerprint) used by antivirus programs to compare already known viruses with those being tested.
Cryptors are usually distributed in private access, since after detecting one file that is encrypted with it, the chance of detecting the rest increases.
Dedic
Remote desktop, used for power distribution and continuous operation of the software.
Dedics are purchased through hosting services and, as a rule, can be used for absolutely any purpose. They use special protocols such as RDP (Remote Desktop Protocol) to communicate with a client device (even a smartphone can act as one).
Dedics completely duplicate the functions of ordinary PCs, but they work on servers and use server operating systems, the most popular of which is Windows Server.
The business card of dedics is the speed of traffic. It is several times higher than the average due to their location near data centers and Internet transmitters, which give out "cosmic" speeds that allow dozens, hundreds, or even thousands of servers to exchange data at once.
Hashing
The mathematical process of converting data into a short (relative to the input stream) string of a certain length.
There are many hashing algorithms (for example, MD5, SHA-1, CRC32), and most of them do not allow you to get a string completely identical to the original from the hash.
The hash function has two characteristics-the speed of calculation and the number of "collisions" (distortions, similarities).
Hash
Identifier (non-compressed content) of information (in particular, a file) defined by the corresponding hash function (hash technology).
The hash string is a fingerprint of a particular file, if the contents of which are changed, the hash will also be changed. Thus, hashes can be used to check the file's integrity, uniqueness, and authenticity (in the case of licenses). It's also worth noting that two different files can't have the same hash sum.
Social Engineering (SE)
A set of methods of influencing a person with the goal of obtaining the necessary result.
SI is used in most cases of fraud to "reveal" the victim and obtain information, personal data. In the case of real life, SI helps people lead their own kind and change their images in order to mitigate all kinds of obstacles and conflicts.
Using SI, a person uses many social skills and selects a suitable image for himself, manipulates and builds his speech in a favorable position for him.
This is the end of it! I hope it was informative!
