Page 331 -
P. 331
330 Part Two Information Technology Infrastructure
wooden horse used by the Greeks to trick the Trojans into opening the gates
to their fortified city during the Trojan War. Once inside the city walls, Greek
soldiers hidden in the horse revealed themselves and captured the city.
An example of a modern-day Trojan horse is the MMarketPay.A Trojan for
Android phones. This Trojan is hidden in several apps that appear to be legiti-
mate, including travel and weather apps. It places orders for applications and
movies automatically without the user’s permission, potentially causing users
to be hit with unexpectedly high phone bills. MMarketPay.A has been detected
in multiple app stores and has spread to more than 100,000 devices.
SQL injection attacks have become a major malware threat. SQL injection
attacks take advantage of vulnerabilities in poorly coded Web application
software to introduce malicious program code into a company’s systems and
networks. These vulnerabilities occur when a Web application fails to properly
validate or filter data entered by a user on a Web page, which might occur when
ordering something online. An attacker uses this input validation error to send
a rogue SQL query to the underlying database to access the database, plant
malicious code, or access other systems on the network. Large Web applica-
tions have hundreds of places for inputting user data, each of which creates an
opportunity for an SQL injection attack.
A large number of Web-facing applications are believed to have SQL injection
vulnerabilities, and tools are available for hackers to check Web applications for
these vulnerabilities. Such tools are able to locate a data entry field on a Web
page form, enter data into it, and check the response to see if shows vulnerabil-
ity to a SQL injection.
Some types of spyware also act as malicious software. These small programs
install themselves surreptitiously on computers to monitor user Web surfing
activity and serve up advertising. Thousands of forms of spyware have been
documented.
Many users find such spyware annoying, and some critics worry about
its infringement on computer users’ privacy. Some forms of spyware are
especially nefarious. Keyloggers record every keystroke made on a computer
to steal serial numbers for software, to launch Internet attacks, to gain access
to e-mail accounts, to obtain passwords to protected computer systems, or to
pick up personal information such as credit card numbers. For example, the
Zeus Trojan stole financial and personal data from online banking and social
networking sites by surreptitiously tracking users' keystrokes as they entered
data into their computers. Other spyware programs reset Web browser home
pages, redirect search requests, or slow performance by taking up too much
memory.
HACKERS AND COMPUTER CRIME
A hacker is an individual who intends to gain unauthorized access to a
computer system. Within the hacking community, the term cracker is typically
used to denote a hacker with criminal intent, although in the public press,
the terms hacker and cracker are used interchangeably. Hackers and crackers
gain unauthorized access by finding weaknesses in the security protections
employed by Web sites and computer systems, often taking advantage of various
features of the Internet that make it an open system and easy to use.
Hacker activities have broadened beyond mere system intrusion to include
theft of goods and information, as well as system damage and cybervandal-
ism, the intentional disruption, defacement, or even destruction of a Web site
or corporate information system. For example, cybervandals have turned many
MIS_13_Ch_08 Global.indd 330 1/17/2013 3:10:20 PM
