Glossary Of Computer Threat TermsIn order to help you understand the minefield of techno-babble and jargon out there, we’veput together this helpful guide for you to download and refer to whenever the need arises.So let’s get started…BotThe word “Bot” is a shortened version of the word “Robot” – a computer program that has beenwritten in order to perform tasks automatically.Bots become negative when they are used maliciously to allow a remote attacker to control avictim’s PC.They can be used to send spam, download and store illegal or questionable content files, such assome types of pornography, or to make computers participate in attacks on other computers.A bot can also be made to search the victim’s hard drive and send confidential information to aremote site on the internet in order to perform identity theft!Computers that are infected with bots are often called “Drones” or “Zombies”.BotnetA botnet is a group of bot infected PCs that are all controlled by the same "command and controlcentre".HoaxesComputer Virus hoaxes are there to try and generate fear, uncertainty and doubt (FUD) in therecipients, bringing them to believe there’s some kind of undetectable virus on their computer.Other hoaxes include the promise of receiving good luck by passing on the email to 20 of yourfriends. Othersare of malicious intent, where the objective is to coax the recipient into deletingimport files from their computer unnecessarily. In all cases they should simply be deleted. A quick way to check if the email is a hoax, is to do a search for the subject line of the email on the Internet – invariably the first few results will come back indicating it is indeed a hoax.
MalwareThe term “Malware” is derived from the combination of the 2 words - “Malicious” & “Software”, andis a generic term that refers to all software of ill-intent, e.g. Viruses, Trojans, Worms, etc.PhishingPhishing (pronounced in the same way as fishing) is a fraud strategy where the sender attemptstoacquire sensitive personal information by deception, such as bank or credit card details.The standard phishing method is to send an email claiming to be from an important person, yourbank or other such business, containing an apparently legitimate request for information.Often they will stipulate you either have an inheritance/other such money to claim and that youneed to reply to person X with your financial details, or they appear to come from a bank and areasking you to update your password or undertake a specific action, which if ignored, will result indiscontinuation of the banking service.Regarding the financial institution emails, they tend to look very genuine and contain branding andcontent which may have originally come from the source that it is impersonating. Usually there willbe a link in the mail that will take the recipient to a website (which also may look very much like thelegitimate site), and this site will be used to capture the details being phished.The tell-tale sign of a phishing email is that they are asking for personal information to be suppliedvia email. Banks and other legitimate companies like Ebay or PayPal will never request usernamesand passwords in unsolicited email.In the event of receiving such an email we recommend contacting your bank, who may ask for you toforward it on, so they can look into the matter further.PayloadThe additional functionality or content, e.g. data stealing, file deletion, disk overwriting or messagedelivered, etc. that may be included in a virus,worm or Trojan.Spyware Spyware is specific software that is used in 1 of 2 main ways… In the 1st way, it used as tracking software that’s deployed without adequate notice, consent, or control for the user. Often the tracking is done by reporting specific information, e.g. browsing history, key stroke tracking, credit card or personal details, to a third party.
The 2nd use of spyware is where it’s delivered as part of another program (much the same way as aTrojan Horse), but some is delivered as a payload to a worm, or via websites which exploitvulnerabilities in browsers to silently install the programs in the background.In addition, there are also many programs which pretend to be Anti-Spyware programs, but arethemselves Spyware – check www.spywarewarrior.org for a list of such rogue programs.Trojan HorseAs the name suggests, a“Trojan Horse” or “Trojan”, is a program which purports to do one thing, butactually does another.Trojans are not always damaging or malicious, but they are often associated with things like deletingfiles, overwriting hard-drives, or being used to provide remote access to a system for an attacker.Classic Trojans include keyloggers (a program that records keyboard strokes) being delivered asgame files, or file deleters masquerading as useful utilities. Trojans can be used for many purposesincluding Remote Access (sometimes called Remote Access Tools or RATs, or Backdoors) Keylogging and password stealing (Most spyware falls into this category)VirusA virus is a program which replicates by copying itself, either exactly or in modified form, intoanother piece of executable code.Viruses can use many types of hosts, some of the most common are: Executable files (such as the programs on your computer) Boot sectors (the parts of code that tell your computer where to find the instructions it uses to boot or turn on) Scripting files (such as Windows Scripting, or Visual Basic script) Macros within documents (this is much less common now, as macros in, for instance Microsoft Word, will not execute by default)When a virus inserts itself into other executable code, this ensures it’s run when the other code isrun and the virus spreads by searching for other clean hosts every time it is run. Some viruses overwrite the original files effectively destroying them, but many simply insert themselves in a way that they become part of the host program, so that both survive. Depending on the way they’re coded, viruses can spread across many files in the system, across networks via file shares, in documents and in the boot sectors of disks.
WormIn computer terms, worms are really a subset of viruses, but they have the ability to replicate bythemselves, they do not require a host file.Simply put, viruses infect hosts, and worms infest systems. Often worms exploit vulnerability inservices in network facing services. Such worms can spread very quickly across networks ofvulnerable systems, as they do not require any intervention from users to run.However, the commonest type of worms are carried in emails (it is important to note that it is notthe email which is infected, but that they carry the worm files). In the case of the email borne worm,the recipient of the email is the vulnerability that is exploited, usually with an enticing subject ormessage.Usually worms are much easier to remove from a system than viruses, because they do not infectfiles. Worms often try to add themselves to the start-up folder, or modify registry keys to ensurethat they are loaded every time the system starts. Again, worms do not necessarily have to do anydamage (See payload).If you’ve ever experienced the pain of losing hours of work or having infected files and documents,you can avoid this by simply ensuring your computer remains malware free. Discover how ESET, oneof the leading providers of Anti Virus Software, can help safeguard your computer from maliciousdamage.