To understand the potential risks, a good place to start is to become familiar with some technological terminology:
An attempt to obtain ‘others’ information such as usernames and passwords, including credit card details. Phishers disguise themselves as a trustworthy body alleging to be from popular social web sites and auction sites in an electronic communication. Online payment procedures are frequently used to bait the unsuspecting victim.
Also known as HTTP Cookie, Web Cookie or Browser Cookie. A cookie is typically a small piece of data sent from a website and stored in the user’s browser. They were designed to be a reliable mechanism for websites to remember the user’s previous activity. When the user revisits the same website, the data (including logging in details or pages visited) is stored in the cookie and can be retrieved, from even months or years ago.
A computer programme that can duplicate itself. Viruses are able to reproduce themselves and spread from one computer to another, almost always corrupting or modifying files on the targeted computer, and are most likely to be extremely destructive. Viruses should not be confused with other types of malware programmes as these do not have a reproductive ability. Many viruses attach themselves to files that are part of genuine programmes. They do this is order to replicate themselves by translating codes and writing to memory. Viruses are able to infect files on a network file system thus increasing their chances of spreading to other computers and mobile devices. They can also send a web address link as an instant message to all contacts on an infected device. If the recipient believes the link to be from a trusted source, e.g. a friend, the likelihood is that they’ll follow the link to a web site. This also enables the virus hosted at the site to infect the new computer and continue spreading. Viruses can be divided into two types:
- Non-resident - these viruses search for other hosts to infect and transfer control to the computer software
- Resident – these do not search for hosts, instead they load themselves into the computer memory on completion and then transfer control. The virus stays active in the background and infects new hosts when those files are accessed by other programmes or the operating system itself.
A malicious file or programme that often disguises itself as a legitimate one. It does not attempt to inject itself into other files like a virus. Often appearing as helpful programmes Trojans can make copies of themselves, steal information, or harm the target computer system. Others rely on ‘drive-by downloads’. These are downloads that may happen when visiting a website, viewing an e-mail or by clicking on a deceptive pop-up window that appears to be genuine and presents themselves as harmless in the form of ‘social engineering’. The victim mistakenly authorises the installation on their computer without understanding the consequences, such as; giving a hacker remote access to the computer system which then allows them to execute all kinds of operations in an attempt to defraud the victim/s of personal data or money. Operations may include and are not restricted to:
- Electronic money theft Data theft (passwords or credit card information)
- Malware from third-party sources
- Downloading or uploading of files including modification or deletion of existing files
- Watching the user’s screen
- Crashing the computer
The term used to mean a variety of forms of hostile, intrusive or annoying software or code. Whichever form it occurs in it comes with malicious content that helps hackers to gather sensitive information, gain unauthorised access to a computer system or disrupt computer operations. Malware should not to be confused with defective software. Defective software has a legitimate purpose but contains harmful bugs that were not noticed before release. Malware are blended threats and sometimes appears as a scrip or code, which may include; masquerading as genuine software and may come from an official company, e.g., tracking software to gather statistics for advertising purposes.
A computer worm is an individual computer programme that duplicates itself with the purpose of spreading to other computers. It usually does this through a network system which is often as a result of inadequate security protection on the target computer. Unlike a virus worms do not need to attach themselves to an existing programme. They almost always cause at least some harm to the network, even if only by consuming bandwidth. (In computer networks, bandwidth is often used as a substitute term for ‘data transfer rate’, i.e., the amount of data that can be carried from one point to another in a given time period (usually a second).
A type of malware that is often secretly installed and typically hidden on a personal computer and can be difficult to detect. They collect information about user’s data and monitor activity without their knowledge. Spyware has more functions than simply monitoring a user’s activity. They can collect almost any type of data including user logins, bank or credit account information and also personal information like Internet surfing. Spyware is able to install additional software, redirect web browsers, and change computer settings that interfere with connections speeds, browser settings or performance of other software. (Some spyware such as ‘keyloggers’ may be installed by the owner of a shared, corporate, or public computer on purposed in order to intentionally monitor users.)
Software that employs surreptitious abilities that are designed to conceal the presence of certain processes or programmes, e.g. malware aiming to avoid detection by antivirus software. They do this by destabilising the software that is intended to find it. Removal of a rootkit can be complicated or practically impossible, particularly when it is located in the ‘kernel’. (The kernel is the main element of a computer operating system, acting as the bridge between data processing and applications. It also manages the communication between hardware and software mechanisms). Reinstallation of the operating system may be the only available solution to the problem.
The term derives from ‘robots’. A ‘bot’ is a type of malware that acts as an agent allowing the attacker to gain complete control over the affected computer. They can do this by hiding in the shadows of a computer, using file or process names that are either similar or identical so that they are not noticed. Once infected with a ‘bot’ a computer is then generally referred to as ‘zombie’. Attackers are able to access lists of ‘zombie’ PCs and activate them to carry out ‘Denial of Service’ attacks again websites, host phishing attack websites or send out thousands of spam e-mail messages. A ‘Denial of Service’ attacks floods a network with overwhelming amount of traffic, slowing its response time for legitimate traffic or grinding it to a halt completely. If the attack could be traced back to its source all that would be found is an unsuspecting victim (agent) rather than the true attacker!
A network of virus-infected computers that are used to send about 80% of spam.
The use of electronic messaging systems to send unwanted bulk messages usually with commercial content and often in large quantities to indiscriminate number of recipients. E-mail spam is the most common although the term spam can be applied to other similar abuse in other forms of electronic media; instant messaging, web search engine, blogs, online classified ads, mobile phone messaging, social networking and file sharing network spam to name but a few. Over time e-mail spam has increased to infecting ‘zombie networks’ (see ‘bots’) and networks of virus or worm-infected PCs in homes and offices around the world. Spammers are able to access the computer via a ‘backdoor’ installed by worms. They use it for malicious purposes. This ‘backdoor’ access complicates attempts to control the spread of spam because the spam doesn’t usually originate from the spammer. There are set-ups that deploy ‘e-mail address harvesting’, which are dedicated to collecting e-mail addresses and selling collected databases. Some rely on users not reading the ‘small print’ of agreements who then unwittingly agree to sending messages to their contacts. This very common approach is particularly prevalent in social networking sites.
Do not be over alarmed at the information given above. Rest assured that there is almost always a remedy; however, it is important to consider all security threats, both known and unknown, when selecting your network security systems. To help counteract problems, ensure that you update your computer or device with the latest protective software and that passwords are strong and changed regularly. You should also make sure you use a personal firewall programme to protect your computer from unauthorized access.