I’ve worked IT for some of the largest and coolest organizations on the planet. I’ve also lost plenty of hair cleaning the systems of associates and friends who were the unwilling witness to how powerful and frightening many of these threats can be.
For that reason, I’ve compiled a list of terminology that involves varying threats that individuals who utilize technology are sure to encounter. Please observe the list, so that in the future you can be aware of the threats and inform those that may still be susceptible to falling victim to social engineers, script kiddies, or hackers. When you’re victimized, your computer isn’t the only damaged component; your financial information, reputation, and identity are at risk.
So this list covers some of the most common viruses, and other threat vectors you might encounter including social engineering and phishing attacks. Being aware of social engineering tactics and phishing tactics can help fight off attackers and protect those who are targeted. Understanding the goals and motivation behind hackers and different types of phishers or social engineers will enhance a defensive resolve towards the most dedicated of scammers.
Malware, Virus, Social Engineering, and Phishing Terminology:
ActiveX and Java Viruses
Having an insecure Internet browsing environment can result in a wide array of vulnerabilities to a system. Allowing and prohibiting certain functions to work can make or break the security of a system. In other words, installing plugins such as “NoScript” can make your browsing environment significantly safer.
If you allow all scripts to run in your browser, you’re leaving your computer in danger of being targeted by inadvertently activating malicious ActiveX software or executing a command by clicking on a popup, both of which are common vulnerabilities and often introduce malware. Additionally, malvertising can take place on infected websites upon which advertisements inadvertently serve malware to you when you visit any infected site. For that reason, I recommend installing ad blockers on all of your browsers.
Adware
Adware is a term for malicious advertising software and is typically defined as software that promotes advertising campaigns. The threat range is vast for adware because level of obstruction and ethical standards varies from each development of adware. In other words, because some adware viruses are more damaging than others and their distinct classifications can vary greatly, the severity is difficult to classify.
Armored Virus
An armored virus is a piece of malicious software that attempts to hide the malicious coding one way or the other. The offensive portion of the code can either be encrypted or discrete in order to prevent a positive scan from an anti-virus application. Many armored viruses are also polymorphic viruses.
Backdoor Virus / Backdoor Trojan
A backdoor virus is a piece of malicious software that allows a remote attacker full remote access to a compromised computer. A backdoor virus grants odious users unauthorized access to a networked computer. In other words, a backdoor virus is a method of bypassing normal authentication and hereby granting a remote hacker access to a networked computer. SubSeven and Netbus are two popular backdoor viruses. In order to infect these types of backdoor Trojans, a victim can be tricked into executing the malicious code in form of an .exe or .batch file.
Banking Trojan
A banking Trojan is a piece of malware that’s designed to steal banking information, and passwords. Similar to password stealers and keyloggers, a banking Trojan can snatch information from online forms and relay financial information real time similarly to a keylogger. This is a concise representation as banking Trojans can compromise an infected computer via a wide array of methods. Because banking Trojans are a method of revenue generation, an enhanced element of effort and sophistication is often implemented in illicit activity.
Baiting
Baiting is similar to both honey pots and Trojan horses. Baiting involves leaving behind vulnerable bait in the form of a detached media infected with a backdoor Trojan, keylogger, banking Trojan, or other piece of malware. A hacker implementing a baiting attack could leave a DVD labeled “Financial Data” in a public or targeted location.
Baiting attacks can target a competitor’s company. A baiter could leave an appealing label of a DVD or USB drive in a competitor’s business location, hoping that an employee activates the malware while on company grounds. Alternatively, a phisher implementing a “whaling” or “spear phishing” attack could leave the baiting media as something those targeted would be interested in acquiring.
Botnet
A Botnet is an illegal collection of infected computers which are networked together and controlled by the Botnet owner. The infected computers within a Botnet are referred to as Zombies, and their computers and Internet connections are utilized unethically and immorally for the widest array of criminal activity. Botnets and those infected introduce vulnerabilities for themselves and everyone who relies upon a dependable and safe Internet.
The problematic nature of Botnets is the wide capacity to commit damage, especially when a quantity of zombies reaches large capacity. The ability to commit fraud is enhanced with a larger capacity of zombies; identity theft, spamming, black hat networking, DDoS attacking, and any other crime you can imagine occur on Botnets. Large Botnets and their owners are an unfathomable threat to economic and information system stability and the reliability of Internet infrastructure.
Common Uses of Botnets:
- Traffic Harvesting.
- Redirecting of Traffic/Traffic hijacking.
- DDoS attacks (Can be used to attack Websites, People, or Servers).
- Identity theft.
- Spamming.
- Spreading malware.
- Selling Fraudulent Solo Ads And Other Advertising.
Buddy List & Contact Malware
In certain instances of worm or password stealer infestations, the malware will search for buddy Lists or contacts stored on an infected machine. Once a collection of buddies or contacts is located, an e-mail is sent from the infected user in an attempt to infect others with the malware. This type of infection spreading is extremely effective as the malware comes in a form of “Trojan horse” attack and is from a seemingly trusted source.
Keylogger
A keylogger is an application that transmits all keystrokes to a destination source. Many keyloggers are difficult to detect, and it’s the actual action of transmitting that allows for eventual detection. For this reason, by the time you realize you’re infected with a keylogger, you may have already transmitted valuable or confidential information.
Keylogger implementation is common. Hundreds of thousands of users have downloaded keyloggers and use them to spy on family members, spouses, business associates, strangers, and identity theft victims. Keyloggers are also frequently misused and part of Trojan horse attacks. Because of the unveiling nature of Keyloggers they are often used as password stealers.
It’s imperative to make notation that there are two types of keyloggers; the first type is a software keylogger which acts like a virus, infecting a machine with malicious software. The second type of keylogger is a hardware keylogger, which doesn’t require any software action. Physical hardware devices can be attached to a router, modem, or keyboard in order to obtain keystrokes, these types of keyloggers can be impossible to detect unless network traffic is examined thoroughly.
If you want to see how popular keyloggers are, simply Google “free keylogger download”, and you’ll see a massive list of resources. The fact is, keyloggers are readily avaialble for people who want to spy on you, and you might be shocked to learn that your information is never safe, even within your own home on your own machine.
Additionally: Observe www.download.com and type in “keyloggers” to identify the ready availability of keyloggers. Also, observe the alarming quantities of downloads, this is another fine representation of the popularity and vast implementation of keyloggers.
Common Uses of Keyloggers:
- Parents monitoring their children.
- Spouses monitoring their partners.
- Malicious hackers, scammers, or script kiddies.
- Trojan horse attacks with a keylogger inserted. Source could be from a shady website or file sharing application. Additionally, people can be tricked into executing applications infected with a keylogger through a variety of Trojan horse tactics.
- Company observation: some companies actively engage in employee monitoring while within a company network.
- Illegal file sharing instances can have keyloggers attached to them unknowingly.
- Implemented and used as a Password, Credit Card, or Identity Stealer.
Logic Bomb
Logic bombs and logic viruses typically exist and lurk on a server or system and await action by a predefined logic perimeter. A condition will be defined, and if these conditions are met, an action is performed. Logic bombs can be inserted by malicious employees, programmers, script kiddies, or hackers.
Common Uses of Logic Bombs:
- Disgruntled employee inserts malicious code to company infrastructure to execute if they are fired or laid off.
- Malware application is set to spread in the middle of the night or during a special occasion (vacation) so the attacker can claim plausible deniability.
- Logic is set to implement at certain date or time.
Macro Viruses
Macro Viruses are typically programmed as a macro in a Microsoft document. The seemingly innocuous nature of Microsoft documents can result a false sense of security and protection. Macro viruses are easily programmed and commonly produced and distributed. Macro Viruses can be implemented to execute further implementations of malicious coding. (For example I’ve encountered a buddy-list Trojan embedded within the body of a Macro Virus, and the Microsoft Macro Virus document served only to execute the Trojan. The Macro system in this instance served as a nonchalant “gateway” to the actual Trojan application.)
Malware
A term meaning malicious software. This term is vague and can typically comprise of any malicious software; viruses, worms, Trojans. In many cases Malware is utilized to generalize all forms of malicious software and dirty coding.
Multipartite Virus
A Multipartite virus is a virus capable of infecting the boot sector in addition to executable files. These applications are activated through program applications and upon execution can be programmed to affect the boot record. These viruses are capable of infecting a local drive and other system applications.
Password Stealer
A password stealer has the sole objective of obtaining passwords from an infected user. The passwords can be detected similarly to a keylogger by recognizing instances of credential verification. Additionally, cached passwords can be obtained from hash files from stored locations. The password stealer can transmit data over the Internet or be stored in a physical device for retrieval. In most instances passwords are sent to the remote attacker via some form of Internet transmission.
Phishing
Phishing is a method of social engineering that involves tricking individuals into unveiling information. Classically phishing involves tricking individuals into unveiling password or login credential information. Mediums for phishing attempts can be e-mail, unsolicited software applications and popups, scam webpages that attempt to appear authentic, instant messages, private messages, text messages, or even automated telephone recordings.
Phishers use an advanced array of techniques in order to trick users of a system to unveiling login credentials or other secure information. Informing the user that their account will be disabled unless they reveal their password can frustrate or trick an unlearned user into giving their login information. Many times recipients receive e-mail from a phisher that appears authentic, and request for a myriad of reasons that the user visit a website and insert their login credentials.
Phishing can occur over the telephone, instant messaging, e-mail, or texting. Any method of communication enables a phish attacker to inquire for sensitive information. Phishing attack dialogues are designed to appear authenticated and often represent a trusted source or affiliation
Phishing can be advanced and targeted, or entirely mass reproduced and broad ranged. Some phishing attacks can implement systems of identifying information and can know your name, or business associations. Targeted phishing attacks often appear more authentic. Others will be less specific and more blatantly abhorrent.
Phishing attacks that appear authentic by inserting the full names, addresses, companies, or services are more effective and fool a greater quantity of victims. An example of a highly targeted phishing attack could be: “Hello, (NAME), I am with (SERVICE) customer support. There has been a problem with your account, and your information may have been compromised! In order to maintain the function of your account, please reply with your username and password, and Credit Card on file. Failure to authenticate your identity will result in account termination and service disruption. Thanks! We appreciate your cooperation and value your business.”
Polymorphic Virus
A polymorphic virus is a virus that can change its virus signature or “binary pattern” when it replicates, and avoids detection by an antivirus program by infecting a separate file. A polymorphic virus is also capable of hiding its code. This method is typically accomplished by utilizing encryption and decryption algorithms that appear to be innocuous. When the virus is hiding, it will be encrypted. When the application moves on the offensive mode, it will decrypt. Since the interval of time required to attack and spread is limited, these viruses can be difficult to detect unless a system has real time monitoring capabilities.
Retro Virus
A retrovirus works to remove anti-virus applications that are currently operating on a computer. The techniques of attack vary, from removing the virus index or removing the actual installation of the application, or otherwise damaging the integrity of the Anti-Virus system.
Root Kit
A root kit is a piece of malicious software that is utilized by third party after gaining access to a computer system without authentication, or user’s knowledge. Typically a root kit is associated with subverting operating system functionality. A hacker typically injects a root kit on a machine after obtaining access, via exploitation or cracking a password. Root kits allow an odious user to mask the intrusion and then gain privileged access, accomplished by bypassing authentication and authorization protocols.
Scareware
Scareware is malicious software with the intention of frightening those infected with the notion of being infected with a fictitious array of vulnerabilities. The depth of malice can vary with Scareware infections though often these offensive scripts limit an Operating System’s functionality.
In modern trends Scareware tactics are most often implemented with Root Kit access. Scareware software applications bypass normal Operating System function and disable features granting a victimized user less of a chance to address the infection. Scareware also acts as a Root Kit by granting the software special authentication and muffling Operating System functionality
The psychology of Scareware implementation is to limit system functionality and frighten those infected. The primary motivation for Scareware tactics is often to generate revenue. System functionality is compromised in an attempt to prevent a user from scanning with a third party Anti-Virus or seeking professional council.
Scareware and ransomware have skyrocket in popularity over the last few years. More recently, scareware and ransomware will actually encrypt your entire system, and request that you pay the developers in bitcoin or face permanent loss of your digital content.
Script Kiddie
A script kiddie is someone improperly trained or disciplined in computer science or technology though is still capable of infecting others with malware. Script kiddies are a problem because though they aren’t necessarily highly trained, they are still capable of tricking others into executing malicious scripts. Indeed, the widest array of Trojans, backdoor Trojans, keyloggers, and password stealers can be implemented by undisciplined Script Kiddies leaving those unlearned at risk.
Skimming
Skimming is the act of inserting physical devices that steal credit card information from credit card transaction or ATM machines.
Smishing (SMS Phishing)
Smishing is a term that describes phishing, or social engineering attacks that target mobile devices by utilization of SMS (Short Message Service) technology. Typically smishing attacks request an immediate call of action, and use unethical and effective methods to generate responses.
Smishing attacks will lead a recipient to a website or telephone recording. The telephone recording or website will request action is taken, and will aim at obtaining personally identifying information. Often a web form or telephone script is designed to appear authentic. Information requested could entail social security numbers, bank account numbers, full names, address, credit card numbers, or anything else the attacker is aiming to acquire, collect, and exploit.
Examples of immoral Smishing requests are “We’ve cancelled your ATM card, please click here to activate it.” “You’ve been charged $2,000 for a new computer, click here to cancel order.” “Your account has been suspended for a Service Violation. Click here to dispute.” “Thanks for registering for our Diet program! Your account will be billed $50 per month until you cancel. Click here to cancel.”
Social Networking Trojan
Social networking Trojan is a vague term comprising of malware targeting social networking accounts. Social networking infection is often used in conjunction with advertising campaigns and can be a method of revenue generation. Often account owners are unaware of the infection and continue utilizing their account; an infected Twitter, Facebook, Pinterest, or LinkedIn account could have advertisements inserted into their posts or profile settings unknowingly.
Spear Phishing
Spear phishing involves a relatively targeted implementation of phishing schemes. In instances of spear phishing, a particular and often specific group of individuals are targeted for phishing attacks. A particular group, school, business, political party, government office, retail store, website, blog, or bank could be targeted for spear phishing.
Additionally, tactics such as Trojan, keylogger, or backdoor attacks may be attempted in order to compromise a CEO or empowered individual.
Spyware
Spyware is a general term for a form of malware that can vary in its severity and ethics. Typically Spyware is only capable of tracking websites visited, and are often correlated with advertising campaign targeting and cookie implementation. On the more severe and obtrusive side, some Spyware applications can redirect traffic, or highjack searches.
Social Engineering
Social Engineering is the art of manipulating people into revealing sensitive or private information. Social Engineering is a method of information acquisition, and is a form of psychological interaction and manipulation. By engaging with an individual that contains information, a social engineer interacts with them and through a variety of tactics acquires additional and often specific information.
Trojan Horse
A Trojan is defined as a piece of malware that is included unknowingly into a computer application. A perfect example of a Trojan horse attack is when a file or application contains a keylogger.
Trojan horse attacks are designed to be inserted unknowingly; an unhappy associate could embed any piece of malware into a seemingly viable application. Or, an illegal file server sharing pirated media could contain a backdoor Trojan.
These are excellent representations of Trojan horse attacks, and real Trojan horse threats. A Trojan horse therefore is not a particular type of coded virus, but is representative of the stylistic attack as represented by the Trojan horse attack of Troy.
Virus
A virus is typically defined as any piece of malicious software that replicates itself. A virus is not to be confused with a worm; a worm has the ability to replicate itself without human interaction.
Vishing (Voice Phishing)
Vishing is a form of phishing and social engineering that occurs on phone (voice) systems. Automated voice systems will call a regionally random, or otherwise targeted list of phone numbers. The phone number list could be stolen from a financial institution, company, or any targeted database. A highly targeted vishing scam will seem more authentic because it will appear to derive from your company, or whatever targeted group you may belong to.
Remember, a highly targeted vishing scam will get more responses than a random or broad attack, so for that reason some vishing scams are targeted and may seem to be authentic. In most instances the initial call will request that the user call a separate number. That’s because the majority of automated dialers aren’t that complex and are often incapable of recording any information. Hence most vishing schemes rely on an answering system, and prompt the recipient to enter credit card, banking, and personally identifying information.
Polymorphic Virus
A polymorphic virus is a virus that can change its virus signature or “binary pattern” when it replicates, and avoids detection by an antivirus program by infecting a separate file. A polymorphic virus is also capable of hiding its code. This method is typically accomplished by utilizing encryption and decryption algorithms that appear to be innocuous. When the virus is hiding, it will be encrypted. When the application moves on the offensive mode, it will decrypt. Since the interval of time required to attack and spread is limited, these viruses can be difficult to detect unless a system has real time monitoring capabilities.
War Drivers and War Walkers
War Driving and War Walking are methods of actively seeking open and vulnerable wireless networks. Some network hackers are out to commit illegal actions on a vulnerable Wi-Fi network, and others are just seeking free Internet service.
Common Instances of War Drivers and War Walkers:
- Sending Spam Anonymously.
- Downloading Pirated Software and Music.
- Seeking a Free Internet Connection.
- Taking advantage of anonymity; Browsing with your IP Address.
- Seeking to obtain information, compromise your files, delete or otherwise access your files.
- Accessing Illegal, Prohibited or Unethical Websites.
Whaling
In some instances of phishing attacks, a hacker targets a powerful person. Whaling is targeting a valuable account or identity in a phishing scam. These instances of phishing attacks are high-level implementations and are focused. In some instances individuals will have an enhanced, empowered, or extremely valuable account, reputation, or office. More prominent examples of whaling would be phishing scheme that focused on a prominent business leader or a popular government official.
People with elevated access, administrative access, server or database access or that have empowered accounts are at elevated risks of whaling because hackers want to steal their credentials.
Additionally, many administrators, CEOs, or marketing professionals are targeted by spammers and scammers because of the customer, or user databases that they likely have access to. Possession of large targeted databases enables scammers to target their scamming, social engineering, or spamming campaigns and are very valuable.
Worm
A worm is defined as a computer infection that has the capacity to infest, without human interaction. Unlike a virus or Trojan horse, a worm doesn’t have to attach itself to a host application. When the worm finds a way onto your local machine, its capability to replicate itself on your system can quickly subdue a computer. By having an out of date operating system, unprotected network or having an insecure operating system, you are vulnerable to worm infestation.
Zombie
A zombie is any Internet networked device that’s currently controlled by a Botnet owner.
Concluding Thoughts On Malware
It’s important to note that the nature of viruses and malware often contain a mix of these definitions. For example, many Trojans are keyloggers, and multipartite viruses are often armored. It’s also important to note that as the nature and complexity of websites and information structures enhance, as will the nature and complexity of accommodating viruses and malware.
Programmers are developing new forms of cutting edge viruses and malware all the time. Since an alarming quantity of hackers earn a living by exploiting others, the expectation of odious malware continually being redefined is certain.
Because the motivation of many spyware and malware infestations is monetarily driven, many instances can dictate skill, professionalism, dedication, and precision on the behalf of those implementing an illicit campaign.
How To Keep Yourself Safe?
In a future post, I’m going to talk about the biggest steps you can take to keep yourself safe in our world of IT security attacks that happen every second of every day.
For now, the best advice I can give you, is to keep your system up to date, never believe anyone who tries to contact you asking you to click on a link (except for me, lol), and never browse shady websites that you have no business browsing.
=]
Another big idea is “if you don’t use it – lose it”, which transcends all vendors, Operating Systems, and business systems. So it doesn’t matter if we’re talking about a WordPress blog, or a Microsoft Operating System, if there are software programs, themes, or plugins that you’re not using – disable and delete them, because every line of code you introduce into your life is another piece of code just asking to be hijacked and messed with.