Location: Bowdoin / IT / FYI / Information Security / Security For / Common Information Security Threats

Information Security

Get Help

Submit Help Ticket 24/7

Live Chat

Faculty/Staff
x3030 or 207-725-3030
Students
x5050 or 207-721-5050

Common Information Security Threats

Terms for common information security threats are described below:

Malware

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.

Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.

Malware is not the same as defective software, that is, software which has a legitimate purpose but contains harmful bugs.

The release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications.  As much malware was produced in 2007 as in the previous 20 years altogether. Malware's most common pathway from criminals to users is through the Internet, by email and the World Wide Web.

Computer Virus

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but most are surreptitious. This makes it hard for the average user to notice, find and disable and is why specialist anti-virus programs are now commonplace.

Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.

Computer Worm

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Many worms that have been created are only designed to spread, and don't attempt to alter the systems they pass through. However, the network traffic and other unintended effects can often cause major disruption. A "payload" is code designed to do more than spread the worm - it might delete files on a host system, encrypt files, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" under control of the worm author. Networks of such machines are often referred to as botnets and are very commonly used by spam senders for sending junk email or to cloak their website's address. Spammers are therefore thought to be a source of funding for the creation of such worms, and worm writers have been caught selling lists of IP addresses of infected machines.

Trojan

The Trojan horse, also known as trojan, in the context of computing and software, describes a class of computer threats that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine. For example, if a computer game is designed such that, when executed by the user, it opens a back door that allows a hacker to control the computer of the user, then the computer game is said to be a Trojan horse.

Spyware

Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.  While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.

Botnet

Botnet is a term for a collection of software robots, or bots, that run autonomously and automatically. The term is often associated with malicious software but it can also refer to the network of computers using distributed computing software.  While the term "botnet" can be used to refer to any group of bots, such as IRC bots, this word is generally used to refer to a collection of compromised computers (called Zombie computers) running software, usually installed via worms, Trojan horses, or backdoors, under a common command-and-control infrastructure.

Zombie

A zombie computer is a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way.  Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50-80% of all spam worldwide was sent by zombie computers.

Backdoor

A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.  It is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program, or could be a modification to an existing program or hardware device.

Phishing

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites (YouTube, Facebook, MySpace, Windows Live Messenger), auction sites (eBay), online banks (Bank of America, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs, corporate) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

E-mail Spam

E-mail spam, or junk e-mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e-mail.  E-mail spam has exponentially grown since the early 1990s to several billion messages a day. Spam has frustrated, confused, and annoyed e-mail users.  The amount received by most e-mail users has decreased, mostly because of better filtering. About 80% of all spam is sent by fewer than 200 spammers. Botnets, networks of virus-infected computers, are used to send about 80% of spam.  E-mail addresses are collected from chatrooms, websites, newsgroups, and viruses which harvest users' address books, and are sold to other spammers.

Scareware

Fake anti-virus products, also known as scareware or rogueware, are one of the fastest growing threats on the internet. They attempt to frighten you into believing that your computer has a security problem and that you should purchase a solution from the very people who have tricked you.

Keyword Stuffing

The next time you hear about a breaking news story, visit an established news website, rather than using a search engine which might take you to a keyword-stuffed site harboring malware.  Criminals are increasingly using the speed of the internet to lure unwary surfers into visiting their dangerous sites and infecting their computers.

Document author:
ngrant
Last modified:
Oct 02, 2009