Virus Trojan Worm Adware Spyware Spam Phishing Key loggers Access Points Malicious software Software written to damage or disrupt a computer, such as a virus or a trojan horse. http://www.hpenterprisesecurity.com/co llateral/infographics/HP_Ponemon_Infogr aphic.pdf A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria: › It must execute itself. It will often place its own code in the path of execution of another program. › It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike. Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. › Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss. Trojan horses are impostors--files that claim to be something desirable but, in fact, are malicious. A very important distinction from true viruses is that they do not replicate themselves, as viruses do. Trojans contain malicious code, that, when triggered, cause loss, or even theft, of data. In order for a Trojan horse to spread, you must, in effect, invite these programs onto your computers--for example, by opening an email attachment. The main objective of this type of malware is to install other applications on the infected computer, so it can be controlled from other computers. Additionally, they can capture keystrokes or record passwords entered by users. Given all these characteristics, they are frequently used by cyber-crooks, for example, to steal confidential banking information. http://www.pandasecurity.com Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. In contrast to viruses, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of filetransport or information-transport features on the system, allowing it to travel unaided. Worms have also been adapted to fit the new malware dynamic. Previously, worms were designed largely to achieve notoriety for the creators, and were therefore programmed to spread massively and infect computers around the world. Now, however, worms are more geared towards generating financial gain. They are used to create botnets which control thousands of computers around the world. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or "botnet." With a botnet, attackers can launch broad-based, "remotecontrol," flood-type attacks against their target(s). In addition to the worm-like ability to self-propagate, bots can include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host. Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. Characteristics of blended threats include the following: Causes harm Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan horse programs for later execution. Propagates by multiple methods Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment. Attacks from multiple points Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files. Spreads without human intervention Continuously scans the Internet for vulnerable servers to attack. Exploits vulnerabilities Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access. Greyware is malicious software. Considered to fall in the "grey area" between normal software and a virus. Greyware is a term for which all other malicious or annoying software such as adware, spyware, trackware, and other malicious code and malicious shareware fall under. Any software that covertly gathers user information through the user's Internet connection without his or her knowledge. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns. Some do this with your knowledge. The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. How can you recognize a phishing website? What should you do if you are or think you have been a victim of a phishing website? Source http://www.webopedia.com "Spam" is unsolicited email sent in massive quantities simultaneously to numerous users, generally trying to advertise or publicize certain products or services. This junk mail is also often used as a bridgehead for other types of cyber-crime, such as phishing or email scams. Spam can be classified into different groups, largely in accordance with the content of the messages: I. Advertising spam. This is really the pioneer of all the other types. It involves advertising products or services, normally at knockdown prices. The advertising itself and the products advertised (fake designer products, pharmaceuticals, music, etc.) often infringe intellectual property rights, patents or health and safety legislation. Hoaxes. These are simply false or trick messages. They are often ‘chain emails’, asking the recipient to forward the message to a certain number of contacts. They contain unlikely stories of social injustice or formulas to achieve success. The real aim of the hoax is to collect email addresses (accumulated as the message is forwarded) which are then used for other types of spam. Sending of these messages is not a crime in itself, as they have no apparent commercial aim, but the relation with cybercrime is evident, and they are exploiting a legal loophole. III. Fraudulent spam. As mentioned above, spam is also often used to launch phishing attacks, scams and other types of fraud through email messages sent massively to millions of users. II. Drive by download- If your computer has a bug in the OS or program your PC may become infected with malware simply by visiting a malicious website. You do not even have to download anything, but just visit the page. Denial of Service (DOS)- Attack that can crash a vulnerable program or computer (denies the service). Remote code execution- Allows an attacker to run any command on a computer such as installing remote control software. Holes of this nature are very dangerous. Zero Day- refers to a flaw that surfaces before a fix is available. Proof of concept- A flaw or attack that researchers have discovered but has yet been used to exploit computers. Some never get used to exploit computers. In the wild- Opposite of proof of concept. When an exploit is in the wild it is being used to attack vulnerable computers. No one thing will make computers and networks completely safe. Instead users and administrators must apply a variety of methods to decrease the risk to threats. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Physical Security Passwords Windows Updates Antivirus, adware spyware Software Firewalls Wireless access points Attachments and downloads Storage of sensitive data. Proper disposal of old hard drives, CD’s, DVD’S and other mediums. Turn off Your Computer Backup of data Store computer(s) in a private location that limits who has physical access to it. Servers are in a locked temperature controlled room. http://www.cbc.ca/news/canada/otta wa/story/2013/01/25/ottawa-free-creditchecks-after-student-loans-data-loss.html Make sure that the computer is password protected. Just having a password set is not enough. Passwords should consist of at least three of the following traits: 1. Upper case letters Lower case letters Alphanumeric characters (numbers) Special characters (!@#%&* and so on) 2. 3. 4. It is also a good idea for passwords to be 6-8 characters in length A good Example of this would be WPG05!uw or Pass##99. It is also a good idea to use different passwords for different accounts. If one password is compromised then all of your accounts will not be vulnerable (school account, bank account, email, web mail, and so on). Password aging- Change your password often. Use different passwords for account sign ups. Microsoft releases patches/fixes to problems and vulnerabilities that are discovered. http://v4.windowsupdate.microsoft.com /en/default.asp In it recommended to check for security updates as often as possible, or set your computer to accept automatic updates (inside control panel). Have antivirus software installed. › Have it running. › Be sure to have its virus definitions updated. › Protect system startups. Make sure to configure anti-virus software to launch automatically and run constantly, ensuring that you’re always protected. The primary method for keeping a computer secure from intruders. A firewall allows or blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a company's public Web server from its internal network. Windows XP service pack 2 and up (XP-7) comes with a software firewall http://www.microsoft.com/windowsxp/using/security/internet/sp 2_wfintro.mspx Use Encryption › Limit Access to Your Network › › Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router, and other equipment must use the same encryption. WPA2 is strongest; use it if you have a choice. It should protect you against most hackers. Allow only specific computers to access your wireless network. Every computer that is able to communicate with a network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses to access to the network. Some hackers have mimicked MAC addresses, so don't rely on this step alone For home networks be sure to secure all wireless access points via a password. Change the name of your router from the default. The name of your router (often called the service set identifier or SSID) is likely to be a standard, default ID assigned by the manufacturer. Change the name to something unique that only you know. Change your router's pre-set password. The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something only you know. Use passwords that are at least 10 characters long: the longer the password, the tougher it is to crack. Store Sensitive data offline. Eliminate the threat by storing the data on a computer isolated from the Internet or on a external hard drive/usb drive. Don’t open email attachments unless you know who they are from. When disposing of old hard drives be sure to either dispose by physically destroying or erase the hard drive. It is possible to recover old information that you may have though was “gone” either because you deleted it or the computer is “broken”. Deploy wiping software If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in. Don’t Assume a Wi-Fi Hotspot is Secure Most Wi-Fi hotspots don’t encrypt the information you send over the internet and are not secure. If you use an unsecured network to log in to an unencrypted site – or a site that uses encryption only on the sign-in page – other users on the network can see what you see and what you send. They could hijack your session and log in as you. › New hacking tools – available for free online – make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs. So what can you do to protect your information? Here are a few tips: › When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. To be secure, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away. › Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out. › Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts. Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-todate. Installing browser add-ons or plug-ins can help, too. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don’t protect you on all websites – look for https in the URL to know a site is secure. It is a god idea of backup all data in case you need to restore it. http://www.onguardonline.gov http://www.pandasecurity.com http://www.webopedia.com http://www.symantec.com/business/s upport/index?page=content&id=TEC H98539 http://www.hpenterprisesecurity.com/co llateral/infographics/HP_Ponemon_Infogr aphic.pdf