Adware is any type of advertising-supported software that will play, display, or download advertisements automatically on a user’s computer once the software has been installed on it or while the application is in use. Some adware can also be spyware due to its privacy-invasive characteristics.
A backdoor in a computer system (or cryptosystem or algorithm) is a means of circumventing regular authentication, securing remote computer access, accessing plaintext, etc., while remaining to be undetected. A backdoor may appear to be an installed program or a modification to a program or hardware device that’s already installed.
Baiting uses tangible media and relies on the curiosity or greed of the victim. Baiting involves an attacker leaving a malware infected media such as a CD ROM or USB flash drive in a public place where it is likely to be found, appearing to be legitimate and appealing, and waits to be used by the victim. Baiting is easy to perform as in this example where an attacker might create a malware loaded CD with a company logo on it, and the words “Company Reorganization Plan” on the front. The media is left on the lobby floor of the targeted company. An employee could find it and then insert it into a computer to satisfy their curiosity. By inserting the CD into a computer to view its contents, the user unknowingly installs malware on it, allowing the attacker access to his computer and possibly, the company’s computer network. If there is no mechanism to block the malware, then computers set to “auto-run” inserted media could be immediately compromised when the CD is inserted.
Botnet is a collection of software robots, or bots, that are automatic and self-directed. Botnet is often associated with malware but can refer to the network of computers using distributed computing software.
Botnet generally refers to a group of compromised computers called zombie computers running software that is usually installed via worms, trojans or backdoors, under a common command-and-control infrastructure.
A browser plugin is a software program that extends the capabilities of your Internet browser in a specific way. Not all browser plugins are harmful and some may be helpful. This category contains mostly dubious browser plugins such as “Search Assistant”, toolbars, etc. that have been known to transmit user data to their creators or have been installed using covert means.
A commercial network management tool is mostly used in (large) corporations. It can log the network traffic passively (sniffing) or examine the logs of proxies, etc. Nothing is installed on the individual computers, the software runs on a central server. They can only log items that pass through the network, but not local items such as the entered passwords, keystrokes or screenshots.
Crimeware is a distinct type of malware designed to automate financial crime by performing identity theft to access online accounts of users at financial institutions and online retailers for the express purpose of stealing funds from those accounts or performing unauthorized transactions to the benefit of the thief controlling the crimeware. Crimeware is often used to export private information from a network for financial exploitation. Crimeware is viewed as a growing concern in network security as this type of threat seeks to steal confidential information.
A computer virus is computer software that has the ability to replicate itself and infect a computer without the informed consent or knowledge of the computer user. Certain malware, adware and spyware have been incorrectly termed as a “virus” because they lack the ability to copy themselves. A real virus spreads from one system to another through an executable code when its host is transferred to a target computer; such as being sent over a network or the Internet, email or transported via removable media such as a CD, DVD or USB drive. Infected files residing in a network file system or any instance where a computer can be accessed by another one increases the chances of spreading a virus infection.
The term “computer virus” is considered to be malware, a much broader term which also encompasses several types of malicious software including worms, trojans, and others. Although technically different, viruses are often confused with computer worms and trojans. Unlike a virus, a worm can take advantage of security holes in order to spread itself among other systems, while a trojan appears to be harmless but has an underlying plan. A worm, trojan or virus, once executed, can endanger a computer’s data, operation, or network ability. User awareness of some computer viruses and other malware may be readily apparent while many other types go unnoticed.
The increasing number of computers being connected to local area networks and the Internet is creating an environment for computer viruses to spread. Increased use of email and instant messaging are additional ways computer viruses spread.
A computer worm is a self-replicating computer program that sends copies of itself within a computer network and it can do so without any involvement by the user. A worm doesn’t need to attach itself to an existing program in order to spread. Worms typically cause some harm to the network, most notably by consuming bandwidth.
A data miner’s primary function is to gather data about an end user. Some adware applications may employ data mining abilities.
An email bomb is a form of network abuse by sending enormous amounts of emails to an address in an attempt to overflow the mailbox or overwhelm the mail server where the email address is hosted in what is called a denial-of-service attack.
Email spoofing is a fraudulent email activity in which parts of the email header and the sender address are modified, appearing as if the email was sent from another source. This technique is commonly used for spamming and phishing to conceal the origin of an email message. By altering certain properties of the email header, such as the From, Return-Path and Reply-To fields, fraudulent users can make the email appear to have been sent from someone other than the real sender.
Sometimes the source of the spam email is indicated in the Reply-To field. If the initial email is replied to, it will be delivered to the address specified in the Reply-To field, which might be the spammer’s address. But most spam emails, especially malevolent ones carrying a trojan or virus, or those advertising a website, falsify this email address, sending the reply to another potential victim.
An exploit is a portion of software, data, or string of commands that take advantage of a computer bug, glitch or vulnerability disrupting normal behavior on computer software, hardware or other electronic device. Usually this includes seizing control of a user’s computer system or attacks that allow privilege escalation or a denial of service.
Fast flux, DNS technique, is used by botnets to conceal phishing and malware distribution sites behind a continuously changing network of compromised host systems utilized as proxies. Fast flux can also refer to a combined peer-to-peer network, distributed command and control, web-based load balancing and proxy redirection to make malware networks less detectable and more resistant to counter-measures.
Fast flux may be seen by Internet users in phishing attacks linked to crime organizations, including attacks on social networks.
Dialers are used to connect computers to the Internet but fraudulent dialers are designed to connect to premium-rate numbers. Fraudulent dialers are often installed through security holes in a computer’s operating system and will change the computer settings to dial up through the premium-rate number. The additional monies are collected by the provider of the fraudulent number. Some dialers inform the user of benefits for using the special number to access special content which is usually illegal materials or downloads.
Users that have DSLs or other broadband connections are usually not affected since a dial is dependent on regular phone lines. But, if an ISDN adapter or additional analog modem is installed, the dialer may be able to connect.
Malicious dialers can be identified by:
* A download popup opens when a website is opening.
* The website may or may not discreetly display a price.
* The download initiates even if the cancel button has been clicked.
* Without any notice, the dialer installs as a default connection.
* The dialer perpetuates unwanted connections without any user action.
* No notice about the price is presentedbefore dialing in.
* While connected, the high price of the connection is not shown.
* The dialer cannot be easily uninstalled if at all.
A hacker is a someone who breaks into computers. A hacker subculture has evolved and is often referred to as the computer underground. Hackers proclaim to be motivated by artistic and political ends, and apparently have no concern in using criminal means to accomplish them. A hacker could also be unrelated to computer security, such as a computer programmer or home computer hobbyists.
Hijacker is an application that attempts to take control of the user’s homepage and replace it with one that the hijacker chooses. It is a low security threat, but is annoying. Most hijackers use stealth techniques or trick dialog boxes to perform installation.
Browser hijackers commonly do one or more of the following:
* Change your “search” page and passes all searches to a pay-per-search site
* Change your default home page to the company page. Sometimes the software changes them to a portal featuring porn sites.
* May transmit URLs viewed toward the company server
A hoax is an attempt to purposefully dupe an audience into believing something is real, when it actually is not what it appears or claims to be. A hoax can be made by using only true statements but with different context or wording. A hoax is often carried out as a practical joke, to cause embarrassment, or to create awareness to prompt social change. Many hoaxes are motivated to poke fun at, educate or point out the absurdity of the target.
A keylogger is surveillance software capable of recording all the keystrokes a user makes and saving that to a log file, which is usually encrypted. A keylogger recorder captures information entered on a keyboard including instant messages, email and any other type of information. Some keyloggers record email addresses the user uses and URLs that are visited. The log file created by the keylogger can then be sent to a designated receiver.
As a surveillance tool, keyloggers, are often used in the workplace by employers ensuring work computers used by employees are for business purposes only. However, keyloggers can be embedded in spyware allowing the user’s information to be sent to an unauthorized third party.
Loyaltyware is a sub-form of adware. Loyaltyware is a type of software that works around the concept of user loyalty by providing incentives in the form of cash, points, airline miles, or other type of goods while shopping.
Malware, a term meaning “malicious software”, refers to a set of computer instructions created for the express purpose of infiltrating a computer system, and modify, record, damage or transmit data without the permission of its owner. The term “malware” is generally used to describe any form of intrusive, hostile, or bothersome software application or code.
Malware covers a broad range of types, from cookies without consent used for tracking user surfing behavior, to more malevolent types such as viruses, worms, trojans, specific rootkits, spyware, adware, scareware, crimeware and other forms of malicious software. Certain government statutes define malware as a computer contaminant and is written into legal code in many states.
Parasiteware is the term for any adware that by default overwrites certain affiliate tracking links. These tracking links are used by webmasters to sell products and to help fund websites. The controversy is centered on companies like WhenU, eBates, and Top Moxie, popular makers of adware applications. These companies release their software to assist users in getting credit for rebates, cash back shopping, or contributions to funds. To the end user, parasiteware represents little in the way of a security threat.
Phishing is a criminally fraudulent process of collecting sensitive information such as usernames, passwords and credit card details by pretending to be a trustworthy entity in an electronic communication. Communications supposedly from well known social networks, auction sites, online payment processors or IT administrators are common fronts to bait the unsuspecting computer user. Phishing is commonly performed by email or instant messaging, directing users to enter details at a fake website that mimicks a legitimate one. Even when using server authentication, it may not be apparent that it is a fake website. An example of social engineering techniques, phishing is used to trick users, exploiting the weaknesses of web security technologies. The rising number of phishing scams has prompted and increase of legislation, training for the user, public awareness, and technical security procedures.
Pretexting is the practice of presenting onself as someone else for the purpose of acquiring sensitive information and is usually performed over the telephone. Presenting an invented scenario involves some prior research or using bits of known information such as data of birth or billing address to establish credibility with the targeted victim.
This method is often used in business to disclose customer information. Private investigators use this technique to acquire telephone, utility and bank records, and other information. This gives the investigator factual basis to establish legitimacy with managers of the business for even tougher questioning.
Many U.S. companies continue to use client verification by asking questions whose answers are supposedly known only by the client such as a Social Security Number or mother’s maiden name, thus perpetuating this security problem even more.
Pretexting is also used to impersonate any individual who could be perceived by the targeted victim as have authority or right to know. The pretexter prepares answers that could potentially be asked by the targeted victim and must sound convincing to achieve his goal.
Rogue security software
Rogue security software uses malware or malevolent tools to advertise or install itself or forces computer users to pay to remove nonexistent malware. A trojan is often installed by rogue software when downloading a trial version, or it will run other unwanted actions. Rogue software makers want users to install and purchase their product. A common tactic to install their program, is to display fake Windows dialog boxes or other browser pop-up with messages that entice the user to click on them. Usually a message is displayed such as “WARNING! Your computer is infected with Spyware/Adware/Viruses! Buy [software name] to remove it!”, another message is “Click OK to scan your system” without asking to buy the software. Yet another example is “Computer/Internet Connection/OS is not optimized and to Click Here to scan now”. Once the user clicks the OK button ing the dialog box, he will be directed to a malicious website, which installs the program. Sometimes, clicking close window or X button in an attempt to close the dialog box will have the same effect. (To circumvent that trick, Press Alt+F4 or use Ctrl-Alt-Delete to access the Task Manager). Some rogue software will download the trial version automatically without any user interaction. In addition to rogue programs being installed, many sites now use a technique to install multiple trojans at once by downloading a dropper first, loading various malware to the unsuspecting user’s computer.
A rootkit is a software system containing one or more programs designed to show no indication that a system has been compromised. a rootkit is used to replace essential system executables, which can then conceal processes and files installed by the attacker as well as rootkit itself. A rootkit’s intention is to control the operating system. Rootkits obscure their presence on the system through by evading standard operating system security mechanisms. Rootkits can also be trojans, tricking the user into thinking they can be safely run on their systems. This can be achieved by concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits are also capable of installing a “back door” in a system by changing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, allowing the system to be accessed by an attacker, even if changes are made to the actual accounts on the system.
Originally, rootkits may have been normal applications, designed to take control of a faulty or unresponsive system, but more recently have been produced as malware allowing attackers to gain access to systems undetected. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Linux, Mac OS, and Solaris. Rootkits often install themselves as drivers or kernel modules or modify parts of the operating system, depending on the internal elements of an operating system’s mechanisms.
Smishing is a criminal activity that utilizes social engineering techniques similar to that of phishing. The name originated from “SMs phISHING”. SMS or Short Message Service, is the technology behind text messaging on cell phones. Like phishing, smishing uses text messages on cell phones to lure a user into revealing personal information. The method used to actually “capture” user’s information, or “hook”, in the text message could be a website URL, although it is more typical that a phone number is displayed that connects to an automated voice response system.
The Smurf attack is a means of producing a large amount of traffic on a computer network. This is a type of denial-of-service attack that overwhelms a target system via spoofed broadcast ping messages. In this case, an attacker sends a large volume of ICMP echo requests, or pings, to IP broadcast addresses, all having a spoofed source IP address of the targeted victim. If the routing device that delivers traffic to those broadcast addresses sends the IP broadcast to all the hosts, then many of the hosts on that IP network will take the ICMP echo request and send an echo reply, thus multiplying the traffic by the number of hosts that respond. Hundreds of machines on a multi-access broadcast network could reply to each packet.
Social engineering is a means of manipulating individuals to perform actions or reveal their private information. Although similar to a confidence trick or simple fraud, social engineering usually applies deceptive methods for the intention of gathering information, performing fraud or accessing a computer system.
Software cracking is the alteration of software to remove protective mechanisms such as copy protection, trial or demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware.
In nearly every developed country, the distribution and use of cracked software copies is illegal. Many court cases have been held regarding software cracking, most dealing with the distribution of the copied product rather than overcoming the protection. In the United States, the Digital Millennium Copyright Act (DMCA) legislation was passed making software cracking illegal, including the distribution of information enabling software cracking. The law has been barely tested in the U.S. with only court cases of reverse engineering for personal use. In Europe, the European Union Copyright Directive was passed, making software copyright infringement illegal in member states.
Spamware is software designed by or for use by spammers. Spamware can include the capability to import thousands of email addresses, generate random email addresses, insert fraudulent headers into messages, use multiple mail servers at once, and use open relays. Spamware can also be used to locate email addresses to build lists for spamming or to sell to spammers.
Spyware is computer software that is installed on a user’s computer without the user’s express consent with the purpose of collecting information about the user, their computer or browsing habits.
As the term implies, spyware is software capable of secretly monitoring the user’s behavior, but can also collect various types of personal information, including web surfing habits and websites visited. Spyware can also impede the user’s control of his computer by installing additional software, and redirecting web browser activity. Spyware is known to cause other interference by changing computer settings that slow connection speeds, load different home pages, and lose Internet connectivity or program functionality.
With the proliferation of spyware, an antispyware industry has sprung up. Use of antispyware software is now a widely accepted practice for the security of Microsoft Windows and desktop computers. A number of anti-spyware laws have been passed, targeting any software that is surreptitiously installed with the intent to control a user’s computer. Due to its privacy-invasive characteristics, the US Federal Trade Commission has placed a page on their website advising consumers on how to lower the risk of being infected by spyware.
The Trojan horse, or trojan, is a type of malware that appears to have a normal function but actually conceals malicious functions that it performs without authorized access to the host system. A Trojan can allow the ability to save their files on the user’s computer or monitor the user’s screen and control his computer.
A trojan is not technically a virus but can be easily and unknowingly downloaded by the computer user. One example might be a computer game, when executed by the computer user, allows a hacker to control the user’s computer. In this case the computer game is a trojan.
Vishing is the unlawful practice of utilizing social engineering over the telephone system, using features of Voice over IP (VoIP) to access confidential personal and financial information from the public for financial reward. The term “vishing” is a combined form of “voice” and “phishing”. Vishing takes advantage of the public’s trust in using landline telephone systems that end in physical locations recognized by the telephone company, and associated with a paying customer. VoIP makes previously anti-abuse tools or features of caller ID spoofing, complex automated systems (IVR), low cost, and anonymity for the paying customer widely available. Typically, vishing is used to capture credit card numbers or other sensitive information to be used in identity theft schemes by perpetrators. Legal authorities find it difficult to monitor or trace vishing scams, although technology is used to monitor all PSTN based traffic, identifying vishing attempts as a result of patterns and anomalies in call activities. Consumers are advised to be suspicious when they receive messages prompting them to call and give their credit card or bank numbers. Usually, the consumer is directed to contact their bank or credit card company to verify the message.
VoIP spam, is the proliferation of unwanted phone calls that are automatically-dialed with pre-recorded messages using Voice over Internet Protocol (VoIP). Some even call it SPIT which stands for “Spam over Internet Telephony”. Email, Internet applications and other Voice over IP systems are vulnerable to abuse by attackers who instigate unsolicited and unwanted communications. Telemarketers, prank callers, and other telephone system abusers are increasingly targeting VoIP. The technology behind this threat is SIP (Session Initiation Protocol, IETF – Internet Engineering Task Force, RFC 3261) which has has been supported by major telecommunication vendors, and could become the industry standard for voice, video and other types of interactive communication including instant messaging and gaming.
A zombie computer, or zombie, is a computer connected to the Internet that has been infiltrated and compromised by a hacker, virus, or trojan. A zombie is only one of many in a botnet, used to perform malicious tasks under remote control. Most zombie owners are unaware that their computer is being used in this manner.