ORIENTATION...
Notes: Adware is NOT a separate category threat - adware is a Spyware category threat. Antispyware products do NOT remove antivirus category threats such as viruses and worms. Antivirus products do NOT remove antispyware category threats such as adware and spyware threats. Rootkits are a SEPERATE threat - though most antivirus companies have added anti-rootkit scanning in the antivirus product since the middle of the past decade (2000-2010). Traditionally and ongoing, there are many anti-rootkit scanners for detection and removal available.
A bot is the payload to infect computers into a botnet. These can infect with the world's best defense products in place - simply disabling them etc. There have been several break throughs in defenses such as original Symantec AntiBot. Botnet infection has replaced ALL threats as the worst plague to the internet and computer users currently since approximately year 2005-6. Their entry is common like clicking something warned against like virus attachments. The best defense is up to date antivirus and antispyware - as a bot payload can be built in pieces at a time as the system defense may be spied on by Botmaster / Botherder Command And Control employed for picking attacks against known weak products installed in the computer user machine. A botnet infection can be built by several installations secretly by viruses, worms, trojans and downloader trojans, rootkits, spyware kits, virus kits, backdoor threats, safe mode with networking, etc - and various other instant full payload
infections via reverse engineering of many security devices/wares/appliances etc.
SEE http://www.bluecollarpc.org/Forensics.html
(reverse engineered encapsulation example - full payload delivered instantly past top defense products).
SPYWARE CATAGORY THREATS
ThreatsGlossary
http://www.webroot.com/En_US/csc/resources-glossary.html
Spyware Encyclopedia
http://www3.ca.com/securityadvisor/pest/browse.aspx
a-squared Process List
http://www.hijackfree.com/en/processlist/
CA Spyware Encyclopedia
http://www3.ca.com/securityadvisor/pest/browse.aspx
F-Secure Malware Code Glossary
http://www.f-secure.com/en_EMEA/security/security-lab/learn-more/
Glossary of Malware
Security Threat Glossary
http://www.westcoastlabs.org/
The Difference Between Adware & Spyware
http://www.webopedia.com/DidYouKnow/Internet/2004/spyware.asp
SPYWARE CATAGORY THREATS
(antispyware products used to detect/remove)
Adware
http://searchcio-midmarket.techtarget.com/sDefinition/0,,sid183_gci521293,00.html
Spyware
http://en.wikipedia.org/wiki/Spyware
Malware (malware means all)
http://en.wikipedia.org/wiki/Malware
http://www.bleepingcomputer.com/tutorials/tutorial41.html
Tracking cookies
http://www.f-secure.com/sw-desc/tracking_cookie.shtml
http://en.wikipedia.org/wiki/HTTP_cookie#Tracking
Browser Hijackers
http://en.wikipedia.org/wiki/Browser_hijacker
http://www.microsoft.com/protect/terms/hijacking.aspx
http://us.trendmicro.com/us/threats/enterprise/threats-summary/browser-hijackers/
Browser Hi-Jackers BHO
http://en.wikipedia.org/wiki/Browser_Helper_Object
Joke Programs
http://threatinfo.trendmicro.com/vinfo/
Spyware/Grayware
http://threatinfo.trendmicro.com/vinfo/
Page hijacking
http://en.wikipedia.org/wiki/Page_hijacking
Dialers
http://www.ca.com/us/securityadvisor/pest/browse.aspx?cat=Dialer
dialer
http://www.webroot.com/En_US/csc/resources-glossary.html
Keyloggers - Introduction to Spyware Keyloggers
http://www.securityfocus.com/infocus/1829
Scumware
http://www.cgmsystems.com/Resources/scumware.htm
data miner (spyware)
http://www.webopedia.com/TERM/D/data_miner.html
parasites (Computer)
http://www.yourdictionary.com/computer/parasite
Web bugs
http://news.cnet.com/2100-1017-243077.html
The Web Bug FAQ
http://w2.eff.org/Privacy/Marketing/web_bug.html
Web Bug Report
http://www.securityspace.com/s_survey/data/man.200102/webbug.html
Web beacon
http://en.wikipedia.org/wiki/Web_bug
E-mail web bugs
http://en.wikipedia.org/wiki/Web_bug
Web Beacons - Opt Out at Yahoo
http://info.yahoo.com/privacy/us/yahoo/webbeacons/details.html
Keyloggers defined
http://www.webopedia.com/TERM/K/keylogger.html
NOTE TROJANS ARE BLOCKED - DETECTED - REMOVED BY BOTH
ANTIVIRUS AND ANTISPYWARE PRODUCTS - both needed !
Trojan Horse
Trojans - myths & facts
http://www.emsisoft.com/en/kb/articles/tec021007/
Backdoor Santas
http://www.bleepingcomputer.com/tutorials/tutorial41.html
Proxy Trojan
http://www.webopedia.com/TERM/P/Proxy_Trojan.html
http://inews.webopedia.com/TERM/P/Proxy_Trojan.html
Security software disabler Trojan
http://www.webopedia.com/TERM/S/security_software_disabler_Trojan.html
http://inews.webopedia.com/TERM/S/security_software_disabler_Trojan.html
FTP Trojan
http://www.webopedia.com/TERM/F/FTP_Trojan.html
Destructive Trojan
http://www.webopedia.com/TERM/D/Destructive_Trojan.html
Data Sending Trojan
http://www.webopedia.com/TERM/D/Data_Sending_Trojan.html
http://inews.webopedia.com/TERM/D/Data_Sending_Trojan.html
Remote Access Trojan
http://www.webopedia.com/TERM/R/Remote_Access_Trojan.html
ROOTKITS WORST THREAT TO COMPUTERS STEALTH-WISE BEFORE BOTNETS
Rootkit (definition)
http://en.wikipedia.org/wiki/Rootkit
RootkitRevealer
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
http://en.wikipedia.org/wiki/RootkitRevealer
Rootkit FAQ's (chkrootkit -- locally checks for signs of a rootkit)
http://www.chkrootkit.org/faq/
WORLD WIDE WEB CRIMEWARE / CYBER CRIME EVENTS
Phishing
http://en.wikipedia.org/wiki/Phishing
Pharming
http://en.wikipedia.org/wiki/Pharming
Phishing Information - Federal Trade Commission
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
Scareware
http://en.wikipedia.org/wiki/Scareware
Rogue security software
http://en.wikipedia.org/wiki/Rogue_software
Ransomware (malware)
http://en.wikipedia.org/wiki/Ransomware_(malware)
E-mail address harvesting
http://en.wikipedia.org/wiki/Email_harvesting
E-mail harvesting is the process of obtaining lists of e-mail addresses for use in bulk mail or other purposes
usually grouped as spam. Methods range from purchasing lists of e-mail addresses from other spammers to
the more common use of special software, known as "harvesting software", "harvesting bots" or "harvesters",
which scan web pages, postings on Usenet, mailing list archives and other online sources to obtain e-mail addresses.
Cyber crime
http://www.webopedia.com/TERM/C/cyber_crime.html
Zero-Day exploit
http://www.webopedia.com/TERM/Z/Zero_Day_exploit.html
Malicious code
http://www.webopedia.com/TERM/m/malicious_code.html
Spoof
http://www.webopedia.com/TERM/S/spoof.html
Password cracking
http://www.webopedia.com/TERM/P/password_cracking.html
Man-in-the-middle attack
http://www.webopedia.com/TERM/m/man_in_the_middle_attack.html
Masquerade attack
http://www.webopedia.com/TERM/M/masquerade_attack.html
Nuker
http://www.webopedia.com/TERM/N/Nuker.html
Binder
http://www.webopedia.com/TERM/B/binder.html
Malicious Active Content
http://www.webopedia.com/TERM/M/malicious_active_content.html
Scams and Hoaxes
http://threatinfo.trendmicro.com/vinfo/
BOT payload of infection BOTNET network of infected computers
(NOTE a botnet infection can be built by several installations secretly by viruses, worms, trojans and downloader trojans, rootkits, spyware kits, virus kits, etc and various other probable instant full payload infections via reverse engineering of many security devices/wares/appliances etc. SEE
http://www.bluecollarpc.org/Forensics.html (encapsulation example - full payload delivered instantly)
Botnet - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Botnet
botnet Definition: TechEncyclopedia
http://www.techweb.com/encyclopedia/defineterm.jhtml?term=botnet
Botnet : Definition From Webopedia
http://www.webopedia.com/TERM/b/botnet.html
Article: Battling the Botnet Pandemic
http://www.lavasoft.com/company/newsletter/2007/2_28/article2.html
Lavasoft News - March 2007
Battling the Botnet Pandemic. Your home computer may be among the millions of PCs that are under the control of criminals, and worse yet, you may not even be aware of it.
Article: Botnet - CNET News.com
http://news.cnet.com/Security-from-A-to-Z-Botnet/2100-7355_3-6138435.html
Security from A to Z: Botnet | These armies of zombie PCs are used by cybercriminals for sending spam .. These armies of zombie PCs are used by cybercriminals for sending spam. Part of a series on ...
Article: Botnet Basics
http://www.eweek.com/c/a/Video/Botnet-Basics/
Bots are software applications that run automated tasks over the Internet. A network of bots working under
a central command and control center is a botnet. This eVideo seminar looks at the basic ...
Article: Botnet Battle Already Lost?
http://www.eweek.com/article2/0,1759,2029720,00.asp
Botnets have become a big underground business, and the security industry has few answers.
eWEEK ... It's dress-down Friday at Sunbelt Software's Clearwater, Fla., headquarters. In a bland cubicle on ...
MSNBC: The lowdown on 'Bots'
The lowdown on 'Bots'
http://www.msnbc.msn.com/id/17805145/
What are ‘bots’?
“Bots” – short for robots – are hijacked computers that are infected by computer viruses and then used by criminals
and pranksters for a variety of criminal and malicious purposes.
Who controls ‘bots’?
The criminals behind “bots,” known as “bot herders,” assemble armies of infected computers -- often between 50,000
and 70,000 PCs strong -- that they can then charge customers for the use of. The going rate for sending spam is $5,000
a day or more, according to Howard Schmidt, former White House cyberczar.
What are ‘bots’ used for?
“Bots” are used to spread malicious programs, send spam, fuel “pump-and-dump stock schemes and launch
denial-of-service attacks, among other things.
How many ‘bots” are there?
Internet founding father Vint Cerf recently estimated that 150 million computers have been hijacked. Most other experts
believe that figure is too high, but there is general agreement that “bots” number in the millions, if not the tens of millions.
How can I tell if my computer is a ‘bot’?
You can’t necessarily. Antivirus software will catch most known viruses, but new ones are being created all the time.
It used to be that poor performance often tipped off users that their computers had been infected, but “bot herders” now
distribute tasks among thousands of computers to avoid tell-tale crashes.
More:
How big is the botnet problem?
Feature By Julie Bort, Network World, 07/06/07
http://www.networkworld.com/research/2007/070607-botnets-side.html?fsrc=rss-security
Types of attacks: Botnets
Cross-site scripting: Inserting malicious JavaScript into the header of an otherwise legitimate Web site.
DNS cache poisoning: Hacking a DNS so that it directs people who enter legitimate URLs to the hacker's malicious Web site.
iFrames: Invisible frames capable of executing malware.
Pharming: Creating an illegitimate copy of a real Web site and redirecting traffic to the phony site to obtain information or
download malicious code.
Pretexting: Pretending to be a legitimate entity to lure people to malicious sites.
Toxic blogs: Uploading links to malicious Web sites, or when blogs support HTML or scripts, uploading malicious code or
using iFrames.
VIRUS CATAGORY THREATS
(Antivirus products to block, detect, remove)
Virus Encyclopedia Search
http://threatinfo.trendmicro.com/vinfo/
Microsoft: What is a computer virus?
http://www.microsoft.com/security/antivirus/whatis.aspx
Armored Virus
http://www.webopedia.com/TERM/A/Armored_Virus.html
Appending Virus
http://www.webopedia.com/TERM/A/Appending_Virus.html
Microsoft: 5 steps to help avoid instant message viruses
Published: September 15, 2006
http://www.microsoft.com/athome/security/viruses/imvirus.mspx
Computer worm
http://en.wikipedia.org/wiki/Computer_worm
Microsoft JPEG Vulnerability
Microsoft JPEG Vulnerability and the Six New Content Security Requirements
http://whitepapers.silicon.com/0,39024759,60129423p-39000575q,00.htm
In November 2004, a critical Microsoft security vulnerability (MS04-028) was discovered which could allow attackers to embed malicious code inside JPEG image files. Until that time, JPEG image files were considered immune to attack. To effectively deal with this vulnerability, security and IT professionals need to incorporate six new and critical content security requirements into their networks.
Virus Encyclopedia Trend Micro
http://threatinfo.trendmicro.com/vinfo/
Glossary of Malware
Security Threat Glossary
http://www.westcoastlabs.org/
Attack Vectors
Method by which malware attempts to enter a system. This generally refers to a protocol such as HTTP, SMTP, FTP, IRC, IM, etc. Anti-Malware - A term generally applied to a software application which combats malicious code through detection and/or removal.
Drive-by Download
This technique is used to surreptitiously download malware onto a user's machine. The attack generally includes exploits to browser or OS vulnerabilities, and may be separated into several pieces so that a user may be directed to several websites or domains to avoid detection by anti-malware programs.
FTP Threats
Malware which uses FTP as an attack vector.
Malicious URL
URLs which direct a user to a Web Threat.
SMTP Threats
Malware which uses email as an attack vector Application-specific attacks - Exploits or hacking attempts which seek to use a vulnerability in a particular software program to gain entrance onto a user's system.
Socially Engineered Attack
Exploits or hacking attempts which seek to use a user's susceptibility to fear, trust or titillation to gain entrance onto a user's system or information. Phishing and trojans are two types of attacks which rely almost exclusively on social engineering.
Undesirable URL
URLs which direct a user to content which may be considered inappropriate for certain contexts, such as "adult" or violent content, or network tools which could be used to compromise a network.
Web Threats
This is a category of threats delivered by HTTP which intend to perform actions which harm a user or their system. Phishing, drive-by downloads and sites which host malware can be considered to fall into this category.
Malware Glossary
Bots
The term Bot (short for robot) is a type of program, which has evolved from RATs (see Spyware definitions). A bot usually leverages an internet facing port to deliver a program that awaits a further command upon which it can take remote control of the system. Bots are often combined with other infected machines to form a botnet (a network of bot-infected machines). Bots are used to turn an individual machine into a "zombie" that can then be used for actions such as co-ordinated DoS attacks on websites, spamming, or hired/sold to others for such use.
Exploits
An Exploit is a piece of code designed to attack a vulnerability on a computer system, or such an attack. Hackers and writers of Malware look for announcements of such vulnerabilities by manufacturers and other sources and then attack machines, which have not been patched against the vulnerability. The code is designed to enable an activity that otherwise could not take place, or to avoid system restrictions preventing such an activity. Various payloads attached to the exploits may provide the attacker with a number of ways into the compromised system.
Rootkit
Although the term referred originally to Unix systems, the term has come to more widely mean a set of tools or programs that are used on a host system, often in conjunction with malware, to allow attackers to exploit said system or a network. Rootkits can be used to hide applications from third party scanners and the term is also coming to mean more generalized cloaking utilities that mask the attacker's activities. Recently the term rootkit has become more publicly known after the anti-copy security software on several Sony-BMG audio CDs displayed rootkit-like tendencies as part of their Digital Rights Management strategy.
Spyware
Spyware is a form of software that makes use of a user's internet connection without his or her knowledge, usually in order to covertly gather information about the user. Once installed, the Spyware may monitor user activity on the Internet and transmit that information in the background to someone else. Spyware can also gather information about addresses and even passwords and credit card numbers. Spyware is often unwittingly installed when users install another program, but can also be installed when a user simply visits a malicious website.
Types of Spyware used in the West Coast Labs Test Suites
Backdoor - A Backdoor is a secret or undocumented way of gaining access to a program, online service, computer or an entire computer network. Most Backdoors are designed to exploit a vulnerability in a system and open it to future access by an attacker. A Backdoor is a potential security risk in that it allows an attacker to gain unauthorized access to a computer and the files stored thereon.
Key Loggers - A Key Logger is a type of surveillance software that has the capability to record every keystroke to a log file (usually encrypted). A Key Logger recorder can record instant messages; email and any information typed using the keyboard. The log file created by the Key Logger can then be sent to a specified receiver. Some Key Logger programs will also record any e-mail addresses used and Web Sites visited.
Financials - A Financial is a program that has the capability of scanning a PC or network for information relating to financial transactions and then transmitting the data to a remote user.
Proxies - Proxies are designed to enable an external user to use a computer for their own purposes, for example, to launch DDoS attacks or send spam, so that the true originator of the attack cannot be traced.
Password Stealers and Crackers - A Password Stealer is a program resident on a computer, which is designed to intercept and report to an external person any passwords, held on that machine. A Password Cracker has the ability to decode any encrypted passwords.
Downloaders - A downloader is a file which when activated, downloads other files on to the system without the knowledge or consent of the user, those other files then carrying out malicious functions on the system.
Hijacker - A Hijacker is a file with the ability to change your default Internet home page and/or to create or alter other Web browser settings such as bookmarks and redirection of Internet searches or Internet browsing to commercial sites that could offend the user or breach corporate policies on inappropriate or illegal content.
RATs - A Remote Access Trojan (RAT) is a piece of malware designed to run and gain access to a remote computer across a network or the Internet in order to carry out a particular purpose on that remote computer, that purpose being malicious and without the consent of the remote system's owner or user. Access is usually gained by use of a backdoor, either already installed or included in the code of the RAT.
Trojan
Trojan Horses or Trojans are destructive programs that pretend to be benign applications. Unlike Viruses or Worms, Trojan Horses do not replicate themselves; they can be damaging to networks by delivering other types of Malware.
Virus
A Virus is a program or piece of code attached to a file or diskette's boot sector; it is loaded onto a computer without the user's knowledge. Viruses are manmade (though they can be corrupted in use to form new variants of the virus) and replicate themselves by attaching themselves to files or diskettes, often soaking up memory or hard disk space and bringing networks to a halt. Most recent viruses are internet-borne and capable of transmitting themselves across and bypassing security systems. Minor variants of the same virus are classed as families of viruses.
Worm
A Worm is an insidious program or algorithm that replicates itself over a computer network or by email system and usually performs malicious actions, such as using up the computer's resources or distributing pornography and possibly shutting the system down. Unlike Viruses, Worms copy themselves as standalone programs and do not attach themselves to other objects.
Since DEC 28 2009
| web page counter |
