Selasa, 12 Oktober 2010

Common methods for “hacking Gmail/ Yahoo Password

2. email phishing campaign
3. RAT
4. Keyloggers
5. cookie grabber
6. spyware
7. fake programs (rat/kl)
8. Social engineering
This method is generally used on public terminals, and can be quite effective for gathering large numbers of Ids. The way it works is documented in another tutorial I have written, but basically its just a matter of someone making a replication of Gmail or Yahoo site, by copying and making minor modifications to their source code and setting their page as the home page. They then set the input fields to send the information to an email address or database. I personally believe the level of success using this method depends on the system, and the amount of creativity involved in making the page look as authentic as possible. To avoid falling victim to this, type the address of the page you are logging into directly into the browser, including the prefix “http://“
2. Email phishing campaign:
Phishing has unfortunately become a household word, though some people associate it with SPAM. Phishing is really just spamming and using deception and trickery to gain information to exploit a service, system, etc. Phishers have posed as banks, email services, law enforcement agents, online contests, teachers, automated services, Nigerians in need of a way to transfer millions in cash, software firms, friends, acquaintances, even the targets themselves. Anyone and anything that you can impersonate, expect a phisher to try. Their emails generally come with an attachment that contains a program like a trojan, RAT or keylogger or virus that either exploits your system searches for PWs and banking info and sends it to the phisher or simply infects or destroys your PC. Some of these scams can be EXTREMELY well done, and almost indistinguishable from a real email (provided by for example, a company they are impersonating). It’s always best to contact the company by phone or mail to confirm anything suspicious.
3. RATs:
Remote administration tools or remote access tools. These programs allow an attacker varying degrees of control over the PC that has the SW installed. The level of access depends on the RAT. Control over the PC allows installation of other malicious software that can be used to track keystrokes, web sites visited, programs accessed, and even take screenshots of the infected computer and send them to an email address covertly. It is also capable of allowing the attacker to make any changes to the system they would like. Obviously, this isn’t good.
Most antivirus and spybot removal SW will detect and remove these types of programs. It’s also a good idea to not only use, but check the logs, settings, permissions and outgoing/incoming traffic of your firewall to prevent this type of thing from happening to you.
4. Keyloggers:
Keyloggers can track keystrokes, web sites visited, programs accessed, and even take screenshots of the infected computer and send them to an email address covertly. Again, most antivirus and spybot removal SW will detect these. If you fear your pc has been comprimised, you can take steps to ensure your PW isnt logged until you can scan for and remove it. Open a word document and write out a list of the UN’s you’ll be using and the a list of the PWs. then cut and paste them accordingly into the fields if you fear a KL or other monitoring device may be in use so that while the SW will pick up the keystrokes, it will not know what PWs match the UNs. If you’d like to take that a step farther, write several random letters and numbers around your PW in the word file and cut out the extra letters until you come out with the UN or PW desired.
5. Cookie grabber:
This method depends on whether or not the target has opted to save or have the computer remember their PW. The information is saved in the cookies and can be used to exploit some mail services. The information can be gained through a website or email containing a script that ‘grabs’ the information. Deleting or not allowing the use of cookies can stop this method.
This method is most common using in many Orkut Communities named by :”FREE RECHARGE OF RS. 500″ Etc…………..
6. Spyware:
Spyware / adware are small programs installed and executed on a target PC for use as tracking tools generally for advertising purposes. These programs generally rely on web browser vulnerabilities to install and run on your system. However, as previously mentioned, any program that is installed on your PC without your knowledge isn’t good. Some attackers have taken this technology and created spybots particularly designed to send sensitive information about your system to a predetermined mail address or database. This can generally be avoided by updating and patching your browser as often as possible. I personally suggest using Mozilla Firefox as a browser, as it is not as vulnerable as internet explorer and operates in much the same way, and has a similar interface. There are literally THOUSANDS of anti spyware programs available, two that I find work exceptionlly, especially in conjuction with each other is Spybot Search and Destroy and Adaware SE personal. Before you get a spyware removal program, research it and see what the general concensus is as some programs touted as spyware removers actually install spyware on your system.
7. Fake programs:
I mentioned this earlier in this article in the dispelling rumors section. There are programs like booters, Gmail and yahoo hackers, point and click trojans, keyloggers, audio and video SW, etc that contain RATs and other malicious programs. The obvious way to minimize the chances of becoming a victim of this method of exploitation is not to DL ‘shady’ programs (ie. programs that do illegal things). The general rule is “If something sounds too good to be true, it probably is.” When DLing programs, make sure that you have researched them, and the company/website it came from. Keep a record of this as well, and check your system often for signs of exploitation.
8. Social engineering:
This can, and often is combined with any of the above methods. Social engineering is really just exploiting people instead of SW. Social engineers use a variety of ways to trick someone into giving them the information they desire. These cons can be amazingly ingenious, professional and complex, or they can be ridiculously crude and almost laughable. Again, if you have doubts about the legitamacy of something or someone or something just seems strange don’t do it. Don’t give out sensitive information, period. You can always check up on a story or website later.
Be aware that these methods are simply the most common. These are not the only way for someone to get your PW. Unfortunatly, if someone wants something bad enough, they’re probably going to get it. At least by familiarizing yourself with these methods, you can recognize scams and potential attempts to steal your information and avoid it.




to get all latest hacking tips n tricks  directly to ur inbox

0 komentar:

Posting Komentar