Computer Threats FAQ

FAQ

Couldn't explain the difference between a virus and a worm? Think a 'rootkit' is used in the garden, or a 'botnet' is something out if Star Wars? Read on to brush up on your cybercrime lexicon.



Computer Security FAQ

In the past, PCs were mainly under threat from viruses and worms. The main purpose of these programs was to spread; however, some programs were also designed to cause damage to files and PCs. Such malicious software, or “malware”, could be described as ‘cyber vandalism’.

What is the difference between a virus and a worm?

A virus is a program that replicates, i.e. it spreads from file to file on your system and from PC to PC. In addition, it may be programmed to erase or damage data.

Worms are generally considered to be a subset of viruses, but with certain key differences. A worm is a computer program that replicates, but does not infect other files. Instead, it installs itself once on a computer and then looks for a way to spread to other computers.

In the case of a virus, the longer it goes undetected, the more infected files there will be on the computer. Worms, however, create a single instance of their code. Moreover, unlike a virus, a worm code is stand-alone. In other words, a worm is a separate file while a virus is a set of code which adds itself to existing files.


What is a DoS attack?

A Denial-of-Service (DoS) attack is designed to hinder or stop the normal functioning of a web site, server or other network resource. There are various ways for hackers to achieve this. One common method is to flood a server by sending it more requests than it is able to handle. This will make the server run slower than usual (and web pages will take much longer to open), and may crash the server completely (causing all websites on the server to go down).

A distributed-Denial-of-Service (DDoS) attack differs only in the fact that the attack is conducted using multiple machines. The hacker typically uses one compromised machine as the ‘master’ and co-ordinates the attack across other, so-called ‘zombie’, machines. Both master and zombie machines are typically compromised by exploiting a vulnerability in an application on the computer, to install a Trojan or other piece of malicious code.


What is PHISHING?

Phishing is a very specific type of cybercrime designed to trick you into disclosing personal financial details. Cybercriminals create a fake website that looks just like a bank’s website (or any other web site where online financial transactions are conducted e.g. eBay). They then try to trick you into visiting this site and typing in your confidential data, such as your login, password or PIN. Typically, cybercriminals send out a large numbers of e-mails containing a hyperlink to the fake site.


What is a ROOTKIT?

This term describes a collection of programs used by a hacker to evade detection while trying to gain unauthorized access to a computer. The term originated in the Unix world, although it has since been applied to the techniques used by authors of Trojans that run under Microsoft® Windows® to conceal their actions. Rootkits have been used increasingly as a form of stealth to hide Trojan activity. When installed on the system, rootkits are not only invisible to users, but they are designed to escape detection of security software as well. The fact that many people log into their computers with administrator rights, rather than creating a separate account with restricted access, makes it easier for cybercriminals to install a rootkit.


What is MALWARE?

Malware - short for malicious software - is an umbrella term that refers to any software program deliberately created to perform an unauthorized and often harmful action. Viruses, backdoors, keyloggers, password sealers and other Trojan horse programs, Word and Excel macro viruses, boot sector viruses, script viruses (batch, windows shell, java, etc.) and Trojans, crimeware, spyware and adware are but a few examples of what is considered malware.

It was once sufficient to call something a 'virus' or 'Trojan horse', but infection methods and vectors evolved and the terms virus and Trojan no longer provided a satisfactory definition for all the types of rogue programs that exist.

What is a TROJAN and where did the name come from?

The term Trojan refers to the wooden horse used by the Greeks to sneak inside the city of Troy and capture it. The classic definition of a Trojan is a program that poses as legitimate software but when launched will do something harmful. Trojans can't spread by themselves, which is what distinguishes them from viruses and worms.

Today, Trojans are typically installed secretly and deliver their malicious payload without your knowledge. Much of today’s crimeware is comprised of different types of Trojans, all of which are purpose-built to carry out a specific malicious function. The most common are Backdoor Trojans (often they include a keylogger), Trojan Spies, password stealing Trojans and Trojan Proxies that convert your computer into a spam distribution machine.


What is a “DRIVE-BY DOWNLOAD”?

In a drive-by download, your computer becomes infected just by visiting a website which contains malicious code. Cybercriminals search the Internet looking for vulnerable web servers that can be hacked. On such servers, cybercriminals can inject their malicious code (often in the form of malicious script) onto the web pages. If your operating system or one of your applications is un-patched, a malicious program is downloaded to your computer automatically when you access the infected web page.


What is a KEYLOGGER?

These are programs which record key presses (i.e. what a user types on the keyboard) and can be used by a hacker to obtain confidential data (login details, passwords, credit card numbers, PINs, etc.). Backdoor Trojans typically come with an integrated keylogger.


What is ADWARE?

Adware is the general term applied to programs that either launch advertisements (often pop-up banners) or re-direct search results to promotional web sites. Adware is often built into freeware or shareware programs: if you download a freeware program, the adware is installed on your system without your knowledge or consent. Sometimes a Trojan will secretly download an adware program from a web site and install it on your computer.

Web browsers that aren’t up-to-date often contain vulnerabilities. Such browsers are vulnerable to hackers tools (often referred to as Browser Hijackers) that can download adware to your computer. Browser Hijackers may change browser settings, redirect incorrectly typed or incomplete URLs to a specific site, or change the default homepage. They may also redirect searches to pay-to-view (often pornographic) web sites.

Typically, adware programs do not show themselves in the system in any way: there will be no listing under Start | Programs, no icons in the system tray and nothing in the task list. They seldom come with a de-installation procedure and attempts to remove them manually may cause the original carrier program to malfunction.


What is a BOTNET?

The term used for a network of computers controlled by cybercriminals using a Trojan or other malicious program.


What is SPYWARE?

As the name suggests, this is software that is designed to harvest your data and forward it to a third party without your consent or knowledge. Such programs may monitor key presses ('keyloggers'), collect confidential information (passwords, credit card numbers, PIN numbers, etc.), harvest e-mail addresses or track browsing habits. In addition to all of this, spyware inevitably affects your computer’s performance.