Threats

Virus
• A virus is a computer program that has the ability to replicate or make
copies of itself, and spread to other files.
• Computer viruses generally require a host program.
• The virus writes its own code into the host program.
• Computer viruses cause billions of dollars' worth of economic damage
each year.
• The three main virus parts are:
• Infection mechanism
• Trigger
• Payload
• Viruses are often combined with a worm.
 Worm
• a worm is designed to spread from computer to computer, Instead of just
spreading from file to file.
• A worm does not necessarily need to be activated by a user or program in
order for it to replicate itself.
• The Slammer worm is one of the most notorious. Slammer targeted a known
vulnerability in Microsoft’s SQL Server database software and infected more
than 90% of vulnerable computers worldwide within 10 minutes of its release
on the Internet; crashed Bank of America cash machines, especially in the
southwestern part of the United States; affected cash registers at
supermarkets such as the Publix chain in Atlanta, where staff could not
dispense cash to frustrated buyers; and took down most Internet connections
in South Korea, causing a dip in the stock market there.
• The Conficker worm, which first appeared in November 2008, is the most
significant worm since Slammer, and reportedly infected 11 million computers
worldwide (Microsoft, 2015).
 Ransomware
• Ransomware (scareware) is a type of malware (often a worm) that locks
the computer or files to stop from accessing them.
• Ransomware will often display a notice that says an authority such as the
FBI, Department of Justice, or IRS has detected illegal activity on the
computer and demands that a payment of a fine be paid in order to
unlock the computer and avoid prosecution.
• One type of ransomware is named CryptoLocker.
• CryptoLocker encrypts victims’ files with a virtually unbreakable
asymmetric encryption and demands a ransom to decrypt them, often in
Bitcoins.
• If the victim does not comply within the time allowed, the files will not
ever be able to be decrypted.
• Ransomware attacks increased by over 400% in 2016, and the U.S.
Department of Justice reports that there are over 4,000 ransomware
attacks daily, up from 1,000 daily in 2015.
 Trojan Horse
• A Trojan horse appears to be benign, but then does something other than
expected.
• The Trojan horse is not itself a virus because it does not replicate, but is
often a way for viruses or other malicious code such as bots or rootkits (a
program whose aim is to subvert control of the computer’s operating
system) to be introduced into a computer system.
• a Trojan horse may masquerade as a game, but actually hide a program to
steal your passwords and e-mail them to another person.
• According to Panda Security, Trojans accounted for over 50% of all
malware created in 2015, and over 60% of all malware infections (Panda
Security, 2016).
 Bots
• Bots (short for robots) are a type of malicious code that can be covertly
installed on the computer when attached to the Internet.
• Once installed, the bot responds to external commands sent by the
attacker.
• The computer becomes a “zombie” and is able to be controlled by an
external third party (the “bot-herder”).
 Adware
• Adware is typically used to call for pop-up ads to display when
the user visits certain sites.
• While annoying, adware is not typically used for criminal
activities.
• Adware, often called advertising-supported software by its
developers, is software that generates revenue for its
developer by automatically generating online
advertisements in the user interface of the software or on a
screen presented to the user during the installation process.
• Examples are: Fireball, DollarRevenue etc.
 Phishing
• Phishing is any deceptive, online attempt by a third party to obtain
confidential information for financial gain.
• Phishing attacks typically do not involve malicious code but instead rely on
straightforward misrepresentation and fraud, so-called “social
engineering” techniques.
• One of the most popular phishing attacks is the e-mail scam letter. The
scam begins with an e-mail: “a rich former oil minister of Nigeria is seeking
a bank account to stash millions of dollars for a short period of
time…………”……. This type of e-mail scam is popularly known as a
“Nigerian letter” scam.
• On any given day, millions of these phishing attack e-mails are sent, and,
unfortunately, some people are fooled and disclose their personal account
information.
 Spoofing
• Spoofing involves attempting to hide a true identity by using someone
else’s e-mail or IP address.
• For instance, a spoofed e-mail will have a forged sender e-mail address
designed to mislead the receiver about who sent the e-mail.
• IP spoofing involves the creation of TCP/IP packets that use someone
else’s source IP address, indicating that the packets are coming from a
trusted host.
• Most current routers and firewalls can offer protection against IP spoofing.
 DOS attacks
• In a Denial of Service (DoS) attack, hackers flood a website with useless
pings or page requests that inundate and overwhelm the site’s web
servers.
• Increasingly, DoS attacks involve the use of bot networks and so-called
“distributed attacks” built from thousands of compromised client
computers.
• DoS attacks typically cause a website to shut down, making it impossible
for users to access the site.
• Although such attacks do not destroy information or access restricted
areas of the server, they can destroy a firm’s online business.