There are many Network threats which we simply know as viruses. Here is a list of viruses and their behaviors.
|Malware||Malware is a type of software designed to take over or damage a computer without the user’s knowledge or approval.|
|DoS and DDoS||Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks impact system availability by flooding the target system with traffic or requests or by exploiting a system or software flaw.|
|Permanent denial of service|
|A permanent denial of service (PDoS) is an attack that damages a system so badly that it requires the replacement or re-installation of hardware.|
|Virus||A virus is a program that attempts to damage a computer system and replicate itself to other computer systems.|
|Worm||A worm is a self-replicating program.|
A Trojan horse is a malicious program that is disguised as legitimate or desirable software.
|Zombie||A zombie is a computer that is infected with malware that allows remote software updates and control through a command-and-control center called a zombie master.|
|Botnet||A botnet refers to a group of zombie computers that are commanded from a central control infrastructure.|
|Rootkit||A rootkit is a set of programs that allow attackers to maintain permanent and hidden administrator-level access to a computer.|
|Logic bomb||A logic bomb is designed to execute only under predefined conditions and lies dormant until the predefined condition is met.|
|Spyware||Spyware is software that is installed without the user’s consent or knowledge. Spyware is designed to intercept or take partial control of the user’s interaction with the computer.|
Adware monitors actions that denote personal preferences and then sends pop-ups and ads that match those preferences.
Ransomware denies access to a computer system until the user pays a ransom.
Scareware is a scam that fools users into thinking they have some form of malware on their system. The intent of the scam is to sell the user fake antivirus software to remove malware they don’t have.
|Crimeware||Crimeware is designed to facilitate identity theft by gaining access to a user’s online financial accounts, such as banks and online retailers.|
|Ping flood||A ping flood is a simple DoS attack where the attacker overwhelms the victim with ICMP Echo Request (ping) packets.|
|Ping of death||The ping of death is a DoS attack that uses the ping utility to send oversized ICMP packets.|
A smurf attack is a form of DrDoS attack that spoofs the source address in ICMP packets. A smurf attack requires an attacker system, an amplification network, and a victim computer or network.
|SYN flood||The SYN flood exploits the TCP three-way handshake. So many resources are allocated that the victim cannot process a legitimate inbound request for a TCP/IP session.|
|LAND||A LAND attack is when an attacker floods the victim’s system with packets that have forged headers.|
|Christmas (Xmas) tree||A Christmas (Xmas) tree attack (also known as Christmas tree scan, nastygram, kamikaze, or lamp test segment) uses an IP packet with every option turned on for the protocol being used. Christmas tree packets can be used to conduct reconnaissance by scanning for open ports and a DoS attack if sent in large numbers.|
An on-path attack is used to intercept information between two communication partners.
|TCP/IP (session) hijacking||TCP/IP hijacking is an extension of an on-path attack where the attacker steals an open and active communication session from a legitimate user.|
|HTTP (session) hijacking||HTTP (session) hijacking is a real-time attack in which the attacker hijacks a legitimate user’s cookies and uses the cookies to take over the HTTP session.|
|Replay attack||In a replay attack, the attacker uses a protocol analyzer or sniffer to capture authentication information going from the client to the server. The attacker then uses this information to connect at a later time and pretend to be the client.|
|IP spoofing||IP spoofing changes the IP address information within a packet. It can be used to hide the origin of the attack by spoofing the source address. It can also amplify attacks by sending a message to a broadcast address and then redirecting responses to a victim who is overwhelmed with responses.|
|MAC spoofing||MAC spoofing is when an attacking device spoofs the MAC address of a valid host in the MAC address table of the switch. The switch then forwards frames destined for that valid host to the attacking device.|
|ARP spoofing||ARP spoofing (also known as ARP poisoning) uses spoofed ARP messages to associate a different MAC address with an IP address. ARP spoofing can also be used to perform denial-of-service (DoS) attacks by redirecting communications to fake or nonexistent MAC addresses.|
|DNS spoofing||DNS spoofing (also known as DNS poisoning or pharming) takes advantage of the DNS server’s ability to resolve a domain into its respective IP address. This attack exploits DNS vulnerabilities, resolving a domain typed on a browser into a fake IP address. It also redirects connections to a potentially malicious server.|