

The 11 most common computer security threats… And what you can do to protect
yourself from them.

How safe are you?

The 11 most common computer security threats… And what you can do to protect
yourself from them.

Contrary to popular belief, you are not safe with antivirus software alone. Cyber-criminals
and unscrupulous businesses are constantly devising new ways to hijack your computer,
capture your personal information or steal your money. In this article, we profile the 11 most
common security threats, classified by prevalence in descending order, and what you can do
to protect yourself from them. In our article titled Designing Your Own Computer Security
Architecture For Total Protection we examine how you can put in place a simple yet
comprehensive infrastructure to protect yourself from ALL types of threats.

1
THREAT #1: VIRUS

Description:
A virus is a piece of software that can replicate itself and infect a computer without the
permission or knowledge of the user. A virus can only spread when it is transmitted by a user
over a network or the Internet, or through removable media such as CDs or memory sticks.
Viruses are sometimes confused with worms and Trojan horses, or used incorrectly to refer to
malware.

Danger level: High

Prevalence: Extremely High

Worst case damage:

Some viruses delete files, reformat the hard disk or cause other damage. Others only replicate
themselves and may present text, video, or audio messages. While they are not designed to do
damage, even these viruses take up memory and may cause erratic behavior, system crashes
and loss of data.

Prevention, detection and removal:

Antivirus software detects and eliminates known viruses. The two most common methods
used to detect viruses are:

1. Using a list of virus signature definitions: the antivirus software examines files
stored in memory or on fixed or removable drives and compares them against a
database of known virus “signatures” e.g. source code patterns. This protection is only
effective against known viruses and users must keep their signature files up-to-date in
order to be protected.
2. Using a heuristic algorithm to detect viruses based on behavioral patterns:the
advantage of this method is that it can detect viruses that were not previously known
or for which a signature does not yet exist.
Apart from directly detecting and removing viruses, users can minimize damage by
making regular backups of data and the operating system on different media. These
backups should be kept disconnected from the system (most of the time), be read-only
or not be accessible for other reasons (for instance because they use different file
systems).
To restore a system that has been infected by a virus, Windows XP and Windows
Vista provide a tool known as System Restore. This tool restores the registry and
critical system files to a previous checkpoint (point in time).

THREAT #2: SPAM / SPIM / SPIT

Description:

SPAM is electronic junk email. The amount of spam has now reached 90 billion messages a
day. Email addresses are collected from chat rooms, websites, newsgroups and by Trojans
which harvest users’ address books.

SPIM is spam sent via instant messaging systems such as Yahoo! Messenger, MSN

2
Messenger and ICQ.

SPIT is Spam over Internet Telephony. These are unwanted, automatically-dialed, pre-
recorded phone calls using Voice over Internet Protocol (VoIP).
Prevention, detection and removal:
ISPs attempt to choke the flood of spam by examining the information being sent and traffic
patterns. User systems may use spam filters to screen out email messages with suspect titles
or from suspect persons, as well email messages from blocked senders.

THREAT #3: SPOOFING, PHISHING AND PHARMING

Description:

Spoofing is an attack in which a person or program masquerades as another. A common

tactic is to spoof a URL or website (see phishing).

Phishing (pronounced “fishing”) is a common form of spoofing in which a phony web page
is produced that looks just like a legitimate web page. The phony page is on a server under
the control of the attacker. Criminals try to trick users into thinking that they are connected to
a trusted site, and then harvest user names, passwords, credit card details and other sensitive
information. eBay, PayPal and online banks are common targets. Phishing is typically carried
out by email or instant messaging. The email message claims to be from a legitimate source
but when the user clicks on the link provided, he or she lands on the fake web page.

Pharming (pronounced “farming”) is an attack in which a hacker attempts to redirect a

website's traffic to another, bogus website. Pharming can be conducted either by changing the
hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
DNS servers are computers responsible for resolving Internet names into their real IP
addresses — the servers are the “signposts” of the Internet.
Prevention, detection and removal:
As spoofing, phishing, and to a lesser extent, pharming, rely on tricking users rather than
advanced technology, the best way to handle these threats is through vigilance. Don’t open
emails from unknown sources or click on links embedded in suspect messages. Check the
security guidelines of websites such as PayPal so that you can distinguish between legitimate
and bogus emails. Also, rather than clicking on the link embedded in an email, you can type
the general link in your web browser (e.g. http://www.paypal.com).
THREAT #4: SPYWARE

Description:
Spyware is software that is secretly installed on a computer without the user’s consent. It
monitors user activity or interferes with user control over a personal computer.
Danger level: High
Prevalence: High

Worst case damage:

Spyware programs can collect various types of personal information, such as websites visited,
credit card details, usernames or passwords, as well as install other malware, redirect web
browsers to malicious websites, divert advertising revenue to a third party or change
computer settings (often leading to degraded or unstable system performance, slow
connection speeds or different home pages).

3
Prevention, detection and removal: Anti-spyware programs can combat spyware in two
ways:

1 Real-time protection: these programs work just like anti-virus software. They scan all
incoming network traffic for spyware software and block any threats that are detected.
2 Detection and removal: users schedule daily, weekly, or monthly scans of their
computer to detect and remove any spyware software that has been installed. These
antispyware programs scan the contents of the Windows registry, operating system files, and
programs installed on your computer. They then provide a list of threats found, allowing the
user to choose what to delete and what to keep.
Some popular antispyware programs are Spybot - Search & Destroy, PC Tools’ Spyware
Doctor, as well as commercial offerings from Symantec, McAfee, and Zone Alarm.

THREAT #5: KEYSTROKE LOGGING (KEYLOGGING)

Description:
A keylogger is a software program that is installed on a computer, often by a Trojan horse or
virus. Keyloggers capture and record user keystrokes. The data captured is then transmitted to
a remote computer.

Danger level: High

Prevalence: High

Worst case damage:

While keyloggers will not damage your computer system per se, because they can capture
passwords, credit card numbers and other sensitive data, they should be regarded as a serious
threat.

Prevention, detection and removal:

Currently there is no easy way to prevent keylogging. For the time being, therefore, the best
strategy is to use common sense and a combination of several methods:

 Monitoring which programs are running: a user should constantly be aware of

which programs are installed on his or her machine.
 Antispyware: antispyware applications are able to detect many keyloggers and
remove them.
 Firewall: enabling a firewall does not stop keyloggers per se, but it may prevent
transmission of the logged material, if properly configured.
 Network monitors: also known as reverse-firewalls, network monitors can be used to
alert the user whenever an application attempts to make a network connection. The
user may then be able to prevent the keylogger from transmitting the logged data.
 Anti-keylogging software:keylogger detection software packages use “signatures”
from a list of all known keyloggers to identify and remove them. Other detection
software doesn’t use a signature list, but instead analyzes the working methods of
modules in the PC, and blocks suspected keylogging software. A drawback of the
latter approach is that legitimate, non-keylogging software may also be blocked. :
some k

4
THREAT #6: ADWARE

Description:

Adware is software which automatically plays, displays, or downloads advertisements to a

computer. The adware runs either after a software program has been installed on a computer
or while the application is being used. In some cases, adware is accepted by users in
exchange for using software free-of-charge. Not all adware is innocuous, however. Some
types of adware are also spyware and therefore a threat to privacy.

Danger level: Low

Prevalence: High

Worst case damage:

Adware is relatively harmless unless it is spyware (see spyware). It can, however, cause
degradation in system performance.

Prevention, detection and removal:

As adware is also often spyware or malware, programs have been developed to detect,
quarantine, and remove both spyware and adware. Ad-Aware and Spybot - Search & Destroy
are two commonly used programs. These programs are specifically designed for spyware
detection and therefore do not detect viruses, although some commercial antivirus software
packages can also detect adware and spyware, or offer a separate spyware detection module.

THREAT #7: BOTNET

Description:

A Botnet (also called a “zombie army”) is a collection of software robots, or bots, that run
automated tasks over the Internet. The term “botnet” is generally used to refer to a distributed
network of compromised computers (called “zombie computers”). These “zombies” typically
run programs such as worms, Trojan horses, or backdoors. Botnets are frequently used to
launch Distributed Denial-of-Service (DDoS) attacks against websites. Newer bots can
automatically scan their environment and propagate themselves using vulnerabilities and
weak passwords.
Experts estimate that as many as one in four personal computers connected to the Internet has
become part of a botnet. Several botnets have been found and removed from the Internet such
as a 1.5-million node botnet recently discovered by the Dutch police.

Danger level: High

Prevalence: High

Worst case damage:

In the first place, botnets steal computing resources and the individual user’s system
performance may degrade as a result. More serious consequences may be caused, however,
by the programs that run on botnets (see respective entries for worm and Trojan horse).

Prevention, detection and removal:

5
Detection focuses on either the computer itself or the network. Both approaches use trial and
error to try to identify bot behavior patterns. Network-based approaches then shutdown
servers or re-direct DNS entries. Security companies such as Symantec, Trend Micro,
FireEye, Simplicita and Damballa offer products to stop botnets. With the exception of
Norton Antibot (formerly Sana Security), most focus on protecting enterprises and/or ISPs
rather than the systems of individual users.

THREAT #8: WORM

Description:
A computer worm is a self-replicating, malicious software program. Unlike a virus, it does
not need to attach itself to an existing program or require user intervention to spread. It uses a
network to send copies of itself to other computers on the network.

1. Damage to the network: by their replicating behavior, worms consume bandwidth

and can cause degraded network performance.
2. Payload: worms also deliver payloads such as backdoors that allow hackers to gain
control of the infected computer and turn it into a “zombie”. That computer may then
become part of a botnet used to send spam or launch Distributed Denial-of-Service
(DDoS) attacks (often coupled with blackmail attempts).

Prevention, detection and removal:

Since worms spread by exploiting vulnerabilities in operating systems, computers should be
kept current with the latest security updates or “patches” from operating system vendors.
To prevent infection, users need to be wary of opening unexpected emails and should not run
attached files or programs, or visit websites that are linked to such emails. Users should be
constantly on guard against phishing.
Antivirus and antispyware software, if kept up-to-date, are also helpful, as is the use of a
firewall.
THREAT #9: TROJAN HORSE
Description:
A Trojan horse or Trojan is a piece of software which – like the Trojan Horse of Greek
mythology – conceals a payload (often malicious) while appearing to perform a legitimate
action. Trojan horses often install “backdoor programs” which allow hackers a secret way
into a computer system.

 Erasing or overwriting data on a computer

 Corrupting files
 Allowing remote access to the victim's computer
 Installing other malicious programs such as viruses
 Adding the victim’s computer to a network of zombie computers in order to launch
Distributed Denial-of-Service (DDoS) attacks or send spam.

Prevention, detection and removal:

Normally, antivirus software is able to detect and remove Trojan horses automatically. They
may also be deleted by clearing the temporary Internet files on a computer, or by finding the
offending file and deleting it manually (in safe mode).

THREAT #10: BLENDED THREAT

6
A blended threat is a threat that combines different malicious components, such as a worm,
a Trojan horse and a virus. In this way, a blended threat uses multiple techniques to attack
and propagate itself.
Worst case damage:
See respective entries for worm, Trojan horse and virus.
Prevention, detection and removal:
See respective entries for worm, Trojan horse and virus.

THREAT #11: DENIAL-OF-SERVICE ATTACK (DOS ATTACK)

Description:
As its name implies, a Denial-of-Service or DoS attack is an attempt to make a computer
resource such as a website or web service unavailable to users. One of the most common
methods of attack involves saturating the target (victim) machine with external
communications requests. The machine then cannot respond to legitimate traffic or responds
so slowly as to be rendered effectively unavailable. Attacks are often launched by networks
of zombie computers or botnets..
Worst case damage:
DoS attacks typically target large businesses or government institutions rather than
individuals or small businesses. Nonetheless, they can make a website or web service
temporarily unavailable (for minutes, hours or days), with ramifications for sales or customer
service. Moreover, DoS attacks on private companies are sometimes coupled with blackmail
attempts.
Prevention, detection and removal:
Surviving an attack: The easiest way to survive an attack is to plan ahead. Set aside a
separate emergency block of IP addresses for critical servers with a separate route. The
separate route can be used for load balancing or sharing under normal circumstances and
switched to emergency mode in the event of an attack.

Firewalls: Firewalls follow simple rules to allow or deny protocols, ports or IP addresses.
Some firewalls offer a built-in emergency mode. If the number of incoming packets per
second exceeds a set value for more than the specified time, the firewall classifies it as a DoS
attack and switches to emergency mode. In this mode, all inbound traffic is blocked except
previously established and active connections, but outbound traffic is allowed.

Routers and Switches: These can be configured to cut off traffic and prevent the DoS
attack from flooding the network.

Application front-end hardware: Intelligent hardware can be placed on the network

perimeter to analyze traffic before it reaches the servers. Data packets are analyzed as they
enter the system and classified as priority, regular or dangerous.

IPS-based prevention: Intrusion-prevention systems (IPS) are effective if the attacks have
signatures associated with the