Security Threat Descriptions
Adware are programs that secretly gather personal information through the Internet and relay it back to another computer, generally for
advertising purposes. This is often accomplished by tracking information related to Internet browser usage or habits.
Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may
unknowingly trigger adware by accepting an End User License Agreement from a software program linked to the adware.
Bot is actually short for robot. Bots are one of the most sophisticated types of crimeware facing the Internet today. Bots are similar to
worms and Trojans, but earn their unique name by performing a wide variety of automated tasks on behalf of their master (the
cybercriminals) who are often safely located somewhere far across the Internet. Tasks that bots can perform run the gamut from sending
spam to blasting Web sites off the Internet as part of a coordinated “denial-of-service” attack. Since a bot infected computer does the
bidding of its master, many people refer to these victim machines as zombies.Bots sneak onto a persons computer in many ways. Bots
oftentimes spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an
exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are
awakened by their master to perform a task. Bots are so quiet that sometimes the victims first learn of them when their Internet Service
Provider tells them that their computer has been spamming other Internet users. Sometimes a bot will even clean up the infected
machine to make sure it does not get bumped off of the victims computer by another cybercriminals bot. Other ways in which a bot
infects a machine include being downloaded by a Trojan, installed by a malicious Web site or being emailed directly to a person from an
already infected machine. Bots do not work alone, but are part of a network of infected machines called a botnet. Botnets are created
by attackers repeatedly infecting victim computers using one or several of the techniques mentioned above. Each one of the zombie
machines is controlled by a master computer called the command and control server. From the command and control server, the
cybercriminals manage their botnets and instructs the army of zombie computers to work on their behalf. A botnet is typically composed
of large number of victim machines that stretch across the globe, from the Far East to the United States. Some botnets might have a
few hundred or a couple thousand computers, but others have tens and even hundreds of thousands of zombies at their disposal.
Dialers are programs that use a system, without your permission or knowledge, to dial out through the Internet to a 900 number or FTP
site, typically to accrue charges.
Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Destructive malware will utilize popular
communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and
virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making
their entry quiet and easy. Malware may remain unnoticed by actively hiding or by simply not making its presence on a system known to
the user. Malware may appear to come from someone you know and trick you into opening it. Malware may reduce performance or cause
strange behaviors like a spontaneous reboot. Malware may be silently gathering information but appear not to have symptoms of
infection. Only open email or IM attachments that come from a trusted source and that are expected. Scan all of your email attachments
prior to opening them. Delete all unwanted messages without opening them. Do not click on Web links sent by someone you do not
know. Scan all files with an antivirus program before transferring them to your system. Only transfer files from a well known source. Use a
good antivirus program to block all unsolicited outbound communication. Keep security patches up to date.
Pharming (pronounced farming) is another form of online fraud, very similar to its cousin phishing. Pharmers rely upon the same bogus
Web sites and theft of confidential information to perpetrate online scams, but are more difficult to detect in many ways because they
are not reliant upon the victim accepting a bait message. Instead of relying completely on users clicking on an enticing link in fake email
messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address of their bank or other
online service into their Web browser.
Phishing is essentially an online con game, and phishers are nothing more than tech-savvy con artists and identity thieves. They use
spam, fake Web sites, crimeware and other techniques to trick people into divulging sensitive information, such as bank and credit card
account details. Once they’ve captured enough victims information, they either use the stolen goods themselves to defraud the victims
(e.g., by opening up new accounts using the victim’s name or draining the victim’;s bank accounts) or they sell it on the black market for
a profit. Phishing attacks may use scare tactics to entice a response. Phishing emails are often not personalized. Phishing attacks may
consist of a group of emails that share similar properties like details in the header and footer. Be extremely wary of emails asking for
confidential information. Confirm the authenticity of a suspicious request before responding in email.
Spam is the electronic version of junk mail. It involves sending unwanted messages to a large number of recipients, often unsolicited
advertising. Spam is a serious security concern as it can be used to deliver Trojan horses, viruses, worms, spyware, malware and targeted
phishing attacks. Messages that do not include your email address in the TO: or CC: fields are common forms of Spam. Some Spam can
contain offensive language or links to Web sites with inappropriate content. . Install spam filtering/blocking software. If you suspect an
email is spam, do not respond, just delete it. Consider disabling the e-mail’s preview pane and reading emails in plain text. Reject all
Instant Messages from persons who are not on your Buddy list. Requests for confidential information via email are not legitimate. Do not
click on URL links within IM unless from a known source and expected. Keep software and security patches up to date.
Spyware is a general term used for programs that covertly monitor your activity on your computer, gathering personal information, such
as usernames, passwords, account numbers, files, and even driver’s license or social security numbers. Some spyware focuses on
monitoring a person’s. Internet behavior; this type of spyware often tracks the places you visit and things you do on the web, the emails
you write and receive, as well as your Instant Messaging (IM) conversations. After gathering this information, the spyware then transmits
that information to another computer, usually for advertising purposes. Spyware is similar to a Trojan horse in that users unknowingly
install the product when they install something else. However, while this software is almost always unwelcome, it can be used in some
instances for monitoring in conjunction with an investigation and in accordance with organizational policy. Spyware is installed in many
ways. Most often spyware is installed unknowingly with some other software that you intentionally install. For example, if you install a
music or file sharing service or download a screensaver, it may also install spyware. Some Web pages will attempt to install spyware when
you visit their page. A person who wants to monitor your online activities may also manually install spyware. Depending on how this is
done, this might be acceptable surveillance of an individual or an unwelcome, even illegal, invasion of privacy.
Trojans are often the first stage of an attack and their primary purpose is to stay hidden while downloading and installing a stronger
threat such as a bot. Unlike viruses and worms, Trojan horses cannot spread by themselves. They are often delivered to a victim through
an email message where it masquerades as an image or joke, or by a malicious website, which installs the Trojan horse on a computer
through vulnerabilities in web browser software such as Microsoft Internet Explorer.
Virus. A program or code that replicates; that is, infects another program, boot sector, partition sector, or document that supports
macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, but many do a large amount of damage as well.
Vulnerabilities are flaws in computer software that create weaknesses in the overall security of the computer or network. Vulnerabilities
can also be created by improper computer or security configurations. Threats exploit the weaknesses of vulnerabilities resulting in
potential damage to the computer or personal data. Companies announce vulnerabilities as they are discovered and quickly work to fix the
vulnerabilities with software and security patches. Keep software and security patches up to date. Configure security settings for
operating system, internet browser and security software. Develop personal security policies for online behavior. Install a proactive security
solution like Norton Internet Security to block threats targeting vulnerabilities
Worm. A program that makes copies of itself; for example, from one disk drive to another, or by copying itself using email or another
transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke
program or software of some sort.
GO TO TOP OF PAGE
Adware are programs that secretly gather personal information through the Internet and relay it back to another computer, generally for
advertising purposes. This is often accomplished by tracking information related to Internet browser usage or habits.
Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may
unknowingly trigger adware by accepting an End User License Agreement from a software program linked to the adware.
Bot is actually short for robot. Bots are one of the most sophisticated types of crimeware facing the Internet today. Bots are similar to
worms and Trojans, but earn their unique name by performing a wide variety of automated tasks on behalf of their master (the
cybercriminals) who are often safely located somewhere far across the Internet. Tasks that bots can perform run the gamut from sending
spam to blasting Web sites off the Internet as part of a coordinated “denial-of-service” attack. Since a bot infected computer does the
bidding of its master, many people refer to these victim machines as zombies.Bots sneak onto a persons computer in many ways. Bots
oftentimes spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an
exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are
awakened by their master to perform a task. Bots are so quiet that sometimes the victims first learn of them when their Internet Service
Provider tells them that their computer has been spamming other Internet users. Sometimes a bot will even clean up the infected
machine to make sure it does not get bumped off of the victims computer by another cybercriminals bot. Other ways in which a bot
infects a machine include being downloaded by a Trojan, installed by a malicious Web site or being emailed directly to a person from an
already infected machine. Bots do not work alone, but are part of a network of infected machines called a botnet. Botnets are created
by attackers repeatedly infecting victim computers using one or several of the techniques mentioned above. Each one of the zombie
machines is controlled by a master computer called the command and control server. From the command and control server, the
cybercriminals manage their botnets and instructs the army of zombie computers to work on their behalf. A botnet is typically composed
of large number of victim machines that stretch across the globe, from the Far East to the United States. Some botnets might have a
few hundred or a couple thousand computers, but others have tens and even hundreds of thousands of zombies at their disposal.
Dialers are programs that use a system, without your permission or knowledge, to dial out through the Internet to a 900 number or FTP
site, typically to accrue charges.
Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Destructive malware will utilize popular
communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and
virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making
their entry quiet and easy. Malware may remain unnoticed by actively hiding or by simply not making its presence on a system known to
the user. Malware may appear to come from someone you know and trick you into opening it. Malware may reduce performance or cause
strange behaviors like a spontaneous reboot. Malware may be silently gathering information but appear not to have symptoms of
infection. Only open email or IM attachments that come from a trusted source and that are expected. Scan all of your email attachments
prior to opening them. Delete all unwanted messages without opening them. Do not click on Web links sent by someone you do not
know. Scan all files with an antivirus program before transferring them to your system. Only transfer files from a well known source. Use a
good antivirus program to block all unsolicited outbound communication. Keep security patches up to date.
Pharming (pronounced farming) is another form of online fraud, very similar to its cousin phishing. Pharmers rely upon the same bogus
Web sites and theft of confidential information to perpetrate online scams, but are more difficult to detect in many ways because they
are not reliant upon the victim accepting a bait message. Instead of relying completely on users clicking on an enticing link in fake email
messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address of their bank or other
online service into their Web browser.
Phishing is essentially an online con game, and phishers are nothing more than tech-savvy con artists and identity thieves. They use
spam, fake Web sites, crimeware and other techniques to trick people into divulging sensitive information, such as bank and credit card
account details. Once they’ve captured enough victims information, they either use the stolen goods themselves to defraud the victims
(e.g., by opening up new accounts using the victim’s name or draining the victim’;s bank accounts) or they sell it on the black market for
a profit. Phishing attacks may use scare tactics to entice a response. Phishing emails are often not personalized. Phishing attacks may
consist of a group of emails that share similar properties like details in the header and footer. Be extremely wary of emails asking for
confidential information. Confirm the authenticity of a suspicious request before responding in email.
Spam is the electronic version of junk mail. It involves sending unwanted messages to a large number of recipients, often unsolicited
advertising. Spam is a serious security concern as it can be used to deliver Trojan horses, viruses, worms, spyware, malware and targeted
phishing attacks. Messages that do not include your email address in the TO: or CC: fields are common forms of Spam. Some Spam can
contain offensive language or links to Web sites with inappropriate content. . Install spam filtering/blocking software. If you suspect an
email is spam, do not respond, just delete it. Consider disabling the e-mail’s preview pane and reading emails in plain text. Reject all
Instant Messages from persons who are not on your Buddy list. Requests for confidential information via email are not legitimate. Do not
click on URL links within IM unless from a known source and expected. Keep software and security patches up to date.
Spyware is a general term used for programs that covertly monitor your activity on your computer, gathering personal information, such
as usernames, passwords, account numbers, files, and even driver’s license or social security numbers. Some spyware focuses on
monitoring a person’s. Internet behavior; this type of spyware often tracks the places you visit and things you do on the web, the emails
you write and receive, as well as your Instant Messaging (IM) conversations. After gathering this information, the spyware then transmits
that information to another computer, usually for advertising purposes. Spyware is similar to a Trojan horse in that users unknowingly
install the product when they install something else. However, while this software is almost always unwelcome, it can be used in some
instances for monitoring in conjunction with an investigation and in accordance with organizational policy. Spyware is installed in many
ways. Most often spyware is installed unknowingly with some other software that you intentionally install. For example, if you install a
music or file sharing service or download a screensaver, it may also install spyware. Some Web pages will attempt to install spyware when
you visit their page. A person who wants to monitor your online activities may also manually install spyware. Depending on how this is
done, this might be acceptable surveillance of an individual or an unwelcome, even illegal, invasion of privacy.
Trojans are often the first stage of an attack and their primary purpose is to stay hidden while downloading and installing a stronger
threat such as a bot. Unlike viruses and worms, Trojan horses cannot spread by themselves. They are often delivered to a victim through
an email message where it masquerades as an image or joke, or by a malicious website, which installs the Trojan horse on a computer
through vulnerabilities in web browser software such as Microsoft Internet Explorer.
Virus. A program or code that replicates; that is, infects another program, boot sector, partition sector, or document that supports
macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, but many do a large amount of damage as well.
Vulnerabilities are flaws in computer software that create weaknesses in the overall security of the computer or network. Vulnerabilities
can also be created by improper computer or security configurations. Threats exploit the weaknesses of vulnerabilities resulting in
potential damage to the computer or personal data. Companies announce vulnerabilities as they are discovered and quickly work to fix the
vulnerabilities with software and security patches. Keep software and security patches up to date. Configure security settings for
operating system, internet browser and security software. Develop personal security policies for online behavior. Install a proactive security
solution like Norton Internet Security to block threats targeting vulnerabilities
Worm. A program that makes copies of itself; for example, from one disk drive to another, or by copying itself using email or another
transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke
program or software of some sort.
GO TO TOP OF PAGE
| Home | About Us | Services/Prices | Testimonials | Contact Us | Education | Disclaimer |