Direct internet attacks
Sometimes your computer is in attacked directly instead of using automated attacks like viruses, Trojans, worms etc. These attacks may be personal by someone in your neighbourhood and is attacking your system specifically or either someone just wants to add another zombie to his/her fleet.
These attacks may be of many types, like exploiting the defects of your operating system, which the attacker may already know or in internet applications that you use like an IRC (internet relay chat) system.
The first method is logon attack.
When you forgot your password of a internet web site you used to log on to it, you will be asked to try again to get it right as you may have mistyped it.
Few websites will block the login page at you system after too many unsuccessful attempts, but most of the websites will let you try until you have entered the right password. There are several programs that are written to crack the user’s passwords. They will use most known user account names and try a large number of commonly used passwords until they have got the right one. When they find the right one, they try to gain access to the user’s account. These attacks are also called dictionary attacks because they can use all the possible words listed in the dictionary to crack the passwords. These attacks usually tries to guess the passwords by using all possible keystroke combinations to get the password until it is finally cracked.
The second method is Buffer overflow attack.
Buffer Overflow Attacks
Badly written applications don’t know what to do when they are overloaded with too much data or badly formatted data thus most of the time the program simply breaks down and leaves an opening through which a properly written exploit program can insert commands or small programs into the host operating system.
These commands or programs can then perform actions such as opening a back door into the system, thus allowing the user of the command to completely control it. They can then install software that logs keystrokes to capture passwords, e-mail addresses, credit card numbers, or other sensitive information. They can use the victim system as a zombie to launch attacks against other systems.