//
you're reading...
Vulnerability Assessment

Glossary computer security threats

Adware – form of threat where your computer will start popping out a lot of advertisement. Not really harmful threat but can be pretty annoying.

Backdoor – a form of method where once a system is vulnerable to this method, attacker will be able to bypass all the regular authentication service. Usually it is installed before any virus or Trojan infection.

Botnet – installed by a BotMaster to take control of all the computer bots via the Botnet infection. It mostly infects through drive-by downloads or even Trojan infection. The victim’s computer, becomes the bot and can be used for a large scale attack like DDoS.

Bluesnarfing – unauthorized access to a specific mobile phones, laptop, or PDA via Bluetooth connection revealing personal stuff such as photos, calender, contacts and SMS will .

Bluejacking – also uses the Bluetooth technology but it is not as serious as Bluesnarfing. Used to send some messages to another Bluetooth device.

Boot Sector Virus – a virus that places its own codes into computer DOS boot sector or also known as the Master Boot Record. It will only start if there it is injected during the boot up period where the damage is high but difficult to infect. All the victim need to do if they realize there is a boot sector virus is to remove all the bootable drive so that this particular virus will not be able to boot.

Browser Hijackers – uses the Trojan Malware to take control of the victim’s web browsing session. It is extremely dangerous especially when the victim is trying to send some money via online banking because that is the best time for the hijacker to alter the destination of the bank account and even amount.

Chain Letters – send chain letter such as Facebook account delete letter. It usually says if you don’t forward that particular message or email to 20 people or more, your account will be deleted and people really believe that.

Cookies – used by most websites to store something into your computer. It is here because it has the ability to store things into your computer and track your activities within the site. If you really don’t like the existence of cookies, you can choose to reject using cookies for some of the sites which you do not know.

Crimeware – a form of Malware where it takes control of your computer to commit a computer crime instead of the hacker himself committing the crime, it plants a Trojan or whatever the Malware is called to order you to commit a crime instead. This will make the hacker himself clean from whatever crime that he had done.

DDoS – Distributed Denial of Service sends millions of traffic to a single server to cause the system to down with certain security feature disable so that they can do their data stealing.

Dialer – archaic system to use of your internet modem to dial international numbers which are pretty costly. Today, this type of threat is more popular on Android because it can make use of the phone call to send SMS to premium numbers.

Dropper – drops into a computer and install something useful to the attacker such as Malware or Backdoor. There are two types of Dropper where one is to immediately drop and install to avoid Antivirus detection. Another type of Dropper is it will only drop a small file where this small file will auto trigger a download process to download the Malware.

Fake AV – Fake Antivirus threat is a very popular threat among Mac users. Due to the reason that Mac user seldom faces a virus infection, scaring them with message which tells them that their computer is infected with virus is pretty useful where it results them into purchasing a bogus antivirus which does nothing.

Exploit – a form of software which is programmed specifically to attack certain vulnerability. For instance if your web browser is vulnerable to some out-dated vulnerable flash plugin, an exploit will work only on your web browser and plugin. The way to avoid hitting into exploit is to always patch your stuff because software patches are there to fix vulnerabilities.

Keylogger – keeps a record of every keystroke you made on your keyboard. Keylogger is a very powerful threat to steal people’s login credential such as username and password.

Mousetrapping – it will trap your web browser to a particular website only. If you try to type another website, it will automatically redirect you back.

Obfuscated Spam – a spam mail. It is obfuscated in the way that it does not look like any spamming message so that it can trick the potential victim into clicking it.
* Example: ” Disclaimer: We are not responsible for any financial loss, data loss, downgrade in search engine rankings, missed customers, undeliverable email or any other damages that you may suffer upon the expiration of http://www.somedomain.com. For more information please refer to section 17.c.1a of our User Agreement.

This is your final notice to renew http://www.somedomain.com:

https://dnscorp.org/?n=www.somedomain.com&r=c

In the event that http://www.somedomain.com expires, we reserve the right to offer your listing to competing businesses in the same niche and region after 3 business days on an auction basis.
This is the final communication that we are required to send out regarding the expiration of http://www.somedomain.com
All services will be automatically restored on http://www.somedomain.com if payment is received in full before expiration. Thank you for your cooperation. ”

Pharming – DNS poisoning where your DNS is being compromised and all your traffic will be redirected to the attacker’s DNS. The other type of pharming is to edit your HOST file where it will redirect you to a attackers site.

Phishing – usually fake website which is designed to look almost like the actual website is a form of phishing attack.
* Example: https://dnscorp.org/?n=www.somedomain.com&r=c

Spyware – a Malware which is designed to spy on the victim’s computer.

Scareware – plants into your system and immediately inform you that you have hundreds of infections which you don’t have. The idea here is to trick you into purchasing a bogus anti-malware where it claims to remove those threats.

SQL Injection – does not infect the end users directly. It is more towards infecting a website which is vulnerable to this attack. What it does is it will gain unauthorized access to the database and the attacker can retrieve all the valuable information stored in the database.

Trojan – one of the most complicated threats among all. Most of the popular banking threats come from the Trojan family such as Zeus and SpyEye. It has the ability to hide itself from antivirus detection and steal important banking data to compromise your bank account. If the Trojan is really powerful, it can take over your entire security system as well. As a result, a Trojan can cause many types of damage starting from your own computer to your online account.

Virus – a malicious program where it replicates itself and aim to only destroy a computer. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all.

Virus Document – today VIRUS can be spread through document file as well especially PDF documents.

Wabbits – a self-replicating threat but it does not work like a Virus or Worms. It does not harm your system like a Virus and it does not replicate via your LAN network like a Worms. An example of Wabbit’s attack is the fork bomb, a form of DDoS attack.

Worms – One of the most harmless threats where it is program designed only to spread. It does not alter your system to cause you to have a nightmare with your computer, but it can spread from one computer to another computer within a network or even the internet. The computer security risk here is, it will use up your computer hard disk space due to the replication and took up most of your bandwidth due to the spread.

Advertisements

About Data Solutions Labs

Data Recovery | Software Development | Marine Electronics

Discussion

Comments are closed.

%d bloggers like this: