Glossary of Terms
Ever wonder what the difference is between a Trojan and a Worm? Well, find the answer here.
Scroll to the left to view the rest of the table.
|Man in the Browser||Zeus "SpyEye"|
|Trojan Horse||Man in the middle|
|Spear & Mobile Phishing|| Botnet |
|Dumpster Diving|| Svpeng |
Is a security attack where the perpetrator installs a Trojan Horse on a victim's computer that's capable of modifying that user's Web transactions as they occur in real time. According to security expert Philipp Guhring, the technology to launch a man in the browser attack is both high-tech and high priced. Use of the tactic has been limited to financial fraud in most cases, due to the resources required. Both Firefox and Internet Explorer on Windows have been successfully targeted.
Many experienced Web users are aware of phishing scams, in which an unsuspecting user is directed to a fake Web site through a link in an e-mail or some other notification. A man in the browser attack, however, unlike phishing, occurs when the victim has entered the URL into the browser independently, without an external prompt. On the surface, transactions are taking place normally with expected prompts and password requirements.
A man in the browser attack is similar to the man-in-the-middle attack, in which an attacker intercepts messages in a public key exchange. The attacker then re-transmits them, substituting bogus public keys for the requested ones. A man in the browser attack is more difficult to prevent and disinfect, however, because instead of occurring in a public exchange, the activity takes place between the user and the security mechanisms within that user's browser.
In computers, a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan horse was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.
The term comes from Greek mythology about the Trojan War, as told in the "Aeneid" by Virgil and mentioned in "THE ODYSSEY" by Homer. According to legend, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city.
Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include Pay Pal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.
Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims. In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links.
If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers; personal identification numbers (PINs), social security numbers, banking numbers, and passwords. This information was used for identity theft.
The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the organization's Web site to find out whether the request is legitimate. If you suspect you have been phished, forward the e-mail to email@example.com or call the FTC help line at 1-877-FTC-HELP.
Click this link to see a diagram entitled HOW DOES A ROBO CALL WORK.
Vishing is a means of identity theft where criminals pose as employees of a bank and call customers or send an SMS text message in an attempt to obtain sensitive information for fraudulent use. The message claims that your debit card needs to be reactivated, or perhaps that a fraud has occurred on your card then you are asked to call a number and enter the card number, PIN and in some cases the CIV number from the back of the card in order to reactivate the card. This information is then used by the thieves to commit fraud.
As soon as a phishing website is broadcast through fraudulent email messages, the first systems to visit it are typically mobile devices. This makes sense since mobile users are "always on" and are most likely to read email messages as soon as they arrive. Meanwhile, desktop users only read messages when they have access to their computer. Also, most fraudulent emails call for immediate action. For example, they usually claim that suspicious activity has been detected in the user's banking account and that immediate action is required. Most victims who fall for this ploy will visit the phishing site quickly.
Most users who do click to continue to the phishing website do not submit their personal information. Some submit fake information. However, compared with desktop users, mobile users are three times more likely to submit private information once they access a phishing website. Why do mobile users trust phishing websites more? One explanation could be that it's harder to spot a phishing website on a mobile device than on a computer. It's very difficult to tell whether an email is fraudulent since the "From" field doesn't include the sender's address, but rather the name of the sender (such as Bank of America). Some users could interpret that the device "trusts" the sender more because it is just shows the name and not the full address. Although email addresses can be spoofed, if the entire address is visible and appears "phishy", savvy users will not click through the link in the message.
Here's one version of a spear phishing attack: The perpetrator finds a web page for their target organization that supplies contact information for the company. Using available details of the individuals to make the message seem authentic, the perpetrator drafts an e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator or someone in the technical support department. The email asks the employee to log into a bogus page that requests the employee's user name and password or to click on a link that will download spyware or other malicious software. If a single employee falls for the spear phisher's email and clicks, the attacker can masquerade as that individual and use social engineering techniques to gain further access to sensitive data including financial data.
A botnet is a collection of compromised computers connected to the Internet (these are also known as 'bots'). When a computer becomes compromised, it becomes a part of a botnet. Botnets are usually controlled by network protocols such as IRC (used for chat) and HTTP (used for website traffic). Botnets are used for both recognition of the author of the code, and for financial gain. The larger the botnet, the more 'kudos' the author ('bot herder') orchestrating the botnet could claim in underground online communities.
Computers are recruited into a botnet by running malicious software. This may be achieved by exploiting web browser vulnerabilities, by tricking the user into running a program, or sending them an email with malware contained in an attachment. As with any malware, there is no general rule; the software controls the computer and can do anything. It will typically install modules which allow the computer to be controlled by the botnet's owner. The Trojan may delete itself, or may remain present to update and maintain the modules.
The Zeus SpyEye is a result of a merger between several other codes. The current version combines features from previous versions of the two crime-ware toolkits. For example, whereas Zeus required hackers (buyers of their code) to include desired plug-ins from the get-go to enhance their code, SpyEye allowed users (the bad guys) to install them after the purchase. Now, the new software will offer some of the plug-in functionality of the former, with the "buy when you like" functionality of the latter.
"The merger of Zeus and SpyEye is significant because it not only uses different code bases, but it is also merging two different bot networks, meaning 'SpyZeus' will have a much greater reach. Anup Ghosh, Chief Scientist of virtual browser protection vendor Invincea, said in an email, "Essentially SpyEye is subsuming the Zeus Trojan kit, network, and user base."
Plug-in options include the ability to steal certificates from Windows cryptographic storage areas on a user's computer, a tool for faking HTTP and HTTPS web pages in Internet Explorer and Firefox, without having to connect to the original web server.
A man in the middle attack, also known as a fire brigade attack, is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.
The attack gets its name from the ball game where two people try to throw a ball directly to each other while one person in between them attempts to catch it. In a man in the middle attack, the intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it. Man in the middle attacks are sometimes known as fire brigade attacks. The term derives from the bucket brigade method of putting out a fire by handing buckets of water from one person to another between a water source and the fire.
In computers , a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector, or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD. The immediate source of the e-mail note, downloaded file, or diskette you've received is usually unaware that it contains a virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect ("Happy Birthday, Ludwig!") and some can be quite harmful, erasing data or causing your hard disk to require reformatting. A virus that replicates itself by resending itself as an e-mail attachment or as part of a network message is known as a worm.
Generally, there are three main classes of viruses:
- File infectors.
Some file infector viruses attach themselves to program files, usually selected .COM or .EXE files. Some can infect any program for which execution is requested, including .SYS, .OVL, .PRG, and .MNU files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly-contained programs or scripts sent as an attachment to an e-mail note.
- System or boot-record infectors.
These viruses infect executable code found in certain system areas on a disk. They attach to the DOS boot sector on diskettes or the Master Boot Record on hard disks. A typical scenario (familiar to the author) is to receive a diskette from an innocent source that contains a boot disk virus. When your operating system is running, files on the diskette can be read without triggering the boot disk virus. However, if you leave the diskette in the drive, and then turn the computer off or reload the operating system, the computer will look first in your A drive, find the diskette with its boot disk virus, load it, and make it temporarily impossible to use your hard disk. (Allow several days for recovery.) This is why you should make sure you have a bootable floppy.
- Macro viruses.
These are among the most common viruses, and they tend to do the least damage. Macro viruses infect your Microsoft Word application and typically insert unwanted words or phrases.
The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program. Since this is difficult, you can buy anti-virus software that can screen e-mail attachments and also check all of your files periodically and remove any viruses that are found. From time to time, you may get an e-mail message warning of a new virus. Unless the warning is from a source you recognize, chances are good that the warning is a virus hoax.
- The computer virus
Gets its name from the biological virus. The word itself comes from a Latin word meaning slimy liquid or poison.
In a computer, a worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.
Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.
Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. However, spyware is often installed without the user's consent, as a drive-by-download, or as the result of clicking some option in a deceptive pop-up window. Software designed to serve advertising, known as adware, can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information. However, marketing firms object to having their products called "spyware." As a result, McAfee (the Internet security company) and others now refer to such applications as "potentially unwanted programs" (PUP).
Many Internet users were introduced to spyware in 1999, when a popular freeware game called "Elf Bowling" came bundled with tracking software.
Skimming is a term used when a special storage device is used to steal your credit/debit card number when you are making a transaction purchase or using your card at an Automated Teller Machine (ATM).
Dumpster diving happens when your trash has been rummaged through looking for bills, invoices, bank statements, and other paper with personal information on it.