Wednesday, February 2, 2011

The Security Attacks Most People Have Never Heard Of & The Attacks Everyone Sort of Understands

We've all heard of worms, Trojan horses, phishing, and other common computer security attacks that aims to infect your system and steal your data. But what about bluebugging, smishing, and scareware? Brush up on your computer security terminology with these lesser-known attackers.

Malware is serious business. It can slow PCs down to a crawl. On the other hand, some of the terms security researchers have decided to name these sometimes annoying (and often damaging) pieces of code are downright charming.

Here are nine that stand out, followed by seven most people have heard of:

The Security Attacks Most People Have Never Heard Of



Smishing: Smishing or "SMS phishing" refers to a phishing attack that specifically targets mobile phones. The victim would receive an SMS with a hyperlink wherein a malware automatically finds its way in your phone or leads the user to a phishing site formatted for mobile screens. The term was brought on by David Rayhawk in a McAfee Avert Labs blog.

Botnet (Zombie PCs): A portmanteau of the words "Robot" and "Network," a Botnet is any number of internet computers that inconspicuous to their owners; forward e-mails (any of which include spam, malware, or viruses) to other computers on the internet. These infected computers are also known as "zombies". DoS attacks (Denial of Service) often rely on thousands of zombie PCs.

BlueBugging: A craze originally jumpstarted by a Malaysian IT Professional, bluebugging (not to be confused with bluesnarfing) allows a more skilled person to illegally access a cellular phone via Bluetooth wireless technology. This act often times goes unnoticed without any proper notification or alerting to the phone's user. A vulnerability such as this allows phone calls, SMS messages to be read and sent, phonebook contacts to be erased, phone conversations to be tapped, and other malicious activities. But much to the hacker's dismay [I think the hacker
knows the limitations… perhaps the point is that widespread impact is minimized
because of the range…], access is only attainable within a 10 meter range of the phone.

Pod Slurping: Coined by US security expert Abe Usher; Pod Slurping is when your iPod or any portable USB storage device begins to surreptitiously copy large amounts of files from your computer to its hard drive, it's engaged in something called "Pod Slurping". Pod slurping is becoming an increasing security risk to companies and government agencies. Typically, access is gained while the computer is unattended, and this process can occur in as little as 65 seconds.

Ransomware: A program that makes a computer near unusable then demands payment in order for the user to regain full access. It "kidnaps" the computer! Ransomware is also commonly referred to as a "cryptovirus" or "cryptotrojan." Examples of Ransomware include Gpcode.AK, Krotten, and Archiveus. Ransomware was originally a with a trojan called PC Cyborg, created by a Dr. Joseph Popp.

Scareware: Scareware is software that tricks people into downloading or purchasing it, under the guise of fixing their computer, when in reality the faux anti-virus program is the real problem. Scareware programs often run a fictitious or careless system scan, and then present the user with a list of malicious programs that must be corrected, always leaving itself off of the list. The scareware then informs that in order to fix these "problems" it will require the user to pay a fee for a "full" or "registered" version of the software. Examples of scareware include: System Security, Anti-Virus 2010, and Registry Cleaner XP.

Sidejacking: Sidejacking is a hacking technique used to gain access to your website specific accounts. Websites typically encrypt your password so it cannot be stolen, but then send you an unencrypted "session-id". The session-id is either some random data in the URL, or more often, random data in a HTTP cookie. A hacker who finds the session-id can then use it to gain access to the respective account. Thus enabling the hacker ability to read your email, look at what you've bought online, or control your social network account, and so on. Robert Graham, who pulled together a variety of known and new vulnerabilities and packaged them into an automated session snatcher, was responsible for this term.

Black Hat: "Black Hat" hackers are those people who specialize in unauthorized breaching of information systems, often times attacking those containing sensitive information. They may use computers to attack systems for profit, for fun, or for political motivations. Attacks often involve modification and/or destruction of data which is done without authorization. They also may distribute computer viruses, internet Worms and deliver spam through the use of botnets.

White Hat: A "White Hat" hacker describes an individual who identifies a security weakness in a computer system or network but, instead of maliciously taking advantage of it, exposes the weakness, and repairs the vulnerability protecting the network from unwarranted intrusions or attacks. The term is taken from old western films, where the white hat cowboy is portrayed as the hero, and the black hat as the villain.

The Attacks Everyone Sort of Understands



Worm: Originating in a Xerox Palo Alto Research Center 1979 by engineers, a "Computer Worm" was originally designed to make programs run more efficiently, then later corrupted to be a destructive computer virus that can alter or erase data on computers. Often times, they leave files irretrievably corrupted or slow the PC down to a crawl.

Trojan Horse: A long time and common infection found amongst even the newest of computers, this destructive program disguises itself as a harmless application. Although Trojans are incapable of self-replication, they are still just as destructive as a computer virus. In an act similar to its Greek origin, often times a Trojan horse opens up a backdoor to your computer enabling potential viral infections and allowing hackers to control the PC. Origins trace back to MIT hacker turned NSA spook, Dan Edwards.

Phishing: Originated by hackers who were stealing America On Line accounts by scamming passwords from unsuspecting users, "phishing" is the age-old crime of taking ownership of sensitive information from third parties (phishing scam victims). Information includes usernames, passwords, banking information, and credit card numbers. This is typically accomplished from sending someone an e-mail fraudulently claiming to be a legitimate company, or redirecting someone to a website that looks legitimate but isn't. More often than not, the direct result of being phished is your identity being stolen.

Script Kiddies: A term originated by Marcus Ranum to describe white hats who had no idea what they were doing, a script kiddy (sometimes plural as kiddies) is a derogative term, used by more skilled hackers of computer security systems, to describe young or less experienced hackers who still can be just as much a threat or annoyance. Utilizing cheap techniques, pre-written scripts and sometimes with assistance, the average script kiddy can exploit a weakness with computer networks. The difference is that these untrained hackers are often unaware of the potential consequences of their actions.

Keylogging: Originally designed by Perry Kivolowitz for a Usenet news group in 1983, Keylogging for the most part has become increasingly common, not to mention dangerous. It involves the recording of any keyboard input via internet connection. Not every instance of keylogging is necessarily illegal. It's sometimes done as a way to monitor teens and children.

Social Engineering: Brought into common knowledge by Kevin Mitnick (a hacker popular back in the day), Social Engineering involves obtaining or attempting to obtain private data by illegally persuading an individual to reveal otherwise secure information. The Information released by victims is often then used to attack a computer network. One common example would be when an employee at a large company is convinced to give out his employee identification, and then it is manipulated to gain further access to the said company's network, often sensitive information.

Crapware: Originally coined and reported by Marc Orchant on his ZDNet blog, Crapware is comprised of programs that use valuable resources on a computer's hard drive, such as memory or RAM, which are not necessary and are unused by the computer owner. Crapware can range from software loaded onto the system prior to sale to programs that are downloaded from the internet without the knowledge or consent of the user. One of the more common examples of Crapware is AOL being installed on PCs by the PC manufacturer.

No comments:

Post a Comment

Total Pageviews

Popular Posts