|
Spyware terminology can be confusing to many. Spyware is really a collective noun for a whole variety of threats and nuisances. The most common spyware problems include Pop-Ups and Browser Hijackers but often there are far more dangerous underlying threats behind these browser pop-ups that can cause real damage or financial loss to you or your company. Techni-Core's Threat Terminology list will help you navigate the maze of threats that targets computer users who have not protected their systems. Virus scanners alone will not protect you from many of these types of threats - you need specialist spyware protection such as Webroot's Spysweeper to keep you safe.
Adware: software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen.
Botnets: collections of compromised computers controlled by a single person (or a group). Botnets have become more popular and increasingly focus on identity theft and the installation of spyware programs. Some are used to hit other botnets with denial-of-service attacks and others are used to gather sensitive identity information and install adware and spyware. Some attackers are highly skilled and organized, potentially belonging to some well-organized crime structures. At least a million computers worldwide are unwitting hosts to bot software according to reliable sources. A typical bot could be connected to 10,000 other computers, use the chat system IRC for command and control, and have a plug-in architecture that allows new features to be quickly added.
Browser Helper Object: small program that runs automatically every time you start your Internet browser. Usually, a BHO is installed on your system by another software program. BHOs are typically installed by toolbar accessories and can track your internet usage and collect other information that is used on the internet.
Cookies: small files that are created by your web browser when you visit sites on the Internet. They can be used to track your visits to certain web sites and can provide companies with information about frequency of visits and other profile information so they can “personalize your experience”. The user is usually not aware that their surfing habits are being tracked.
Dialer: software that installs itself into your dial-up settings and dials to the number of its choosing. Once dialer software is downloaded the user is disconnected from their Internet service provider and another phone number is dialed and the user is billed for the time used. While they may not spy on users, they are malicious in nature and can rack up huge expensive and unwanted bills.
Dictionary Attack: programs created for the purpose of removing protection from password-protected files or systems. The software maintains a catalog of commonly used passwords and systematically attempts to gain access to a desired file or system by using this list. Dictionary attacks may also take the form of automated programs used to gain access to “live” e-mail addresses by rapidly submitting millions of random e-mail addresses through a common domain. The software then records which addresses are valid and adds the addresses to the spammer’s list.
Drive-by downloads: software (usually malicious) that installs without your knowledge when you visit certain websites. This may be accomplished by providing a misleading dialogue box or other form of stealth installation. Many times users have no idea they have installed an application.
Hijacking: software code that changes your Internet Explorer settings. Generally your home page will be changed and new favorites may be added that point to sites of dubious content. In most cases, the hijacker will have made registry changes to your system, causing the home page to revert back to the unwanted destination even if you change it manually.
Hoax: typically an e-mail that gets mailed in chain letter fashion describing some devastating, highly unlikely type of virus. Hoaxes are detectable as having no file attachment, no reference to a third party who can validate the claim. Some "hoaxes" instruct you to change or delete a specific system file or setting which can damage your system.
Keylogger: a program that records every detail of what is done on your computer down to the keystroke on the keyboard. They record this information in a log and can send that log to a server with your information. Keyloggers can record information such as passwords, credit card information, and personal identification numbers if entered into the keyboard while these programs are running.
Layered Service Provider (LSP): LSP is a piece of software that is tightly woven into the networking services of a computer. The LSP integrates itself with the TCP/IP layer of your network so it has access to all TCP/IP traffic coming into and leaving a computer. Spyware authors use an LSP to spy on the habits and data of the user. It is possible to change information that passes through the LSP so that the spyware vendor benefits. Because the LSP is very tightly woven into the TCP/IP layer, trying to remove it without the proper precautions may break the part of the program that handles TCP/IP communications. When the handler is broken, a computer may not be able to connect to the Internet. This requires a technical repair to the Winsock to recover access again.
Malware: software designed specifically to disrupt the normal operation of the computer system. A Trojan horse or a virus could be classified as Malware. Some advertising software can be malicious in that it tries to re-install itself after you remove it.
Parasiteware: term for any Adware that by default overwrites certain affiliate tracking links. Their behavior is viewed as parasitic because this type of software credits other sites with commissions and in turn lives off what would have been the affiliate's income. To the end user, Parasiteware is not a big security threat.
Pharming: uses crimeware to misdirect users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.
Phishing attack: an online method used by scam artists to steal money and personal information. Typically, a "phishing attack" is an e-mail masquerading as a message from a trusted source (bank, Credit Card Company, e-commerce retailer, and so on). The message typically asks you to verify your account information immediately with the threat of a negative consequence if you do not verify the information. The e-mail may include logos, text, and links to Web sites that appear legitimate. Users are often tricked into providing the requested personal information, such as bank or credit card account numbers, social security numbers, passwords, and more.
Pop-up: small window that is displayed on top of the existing windows on screen. A popup window can be used in any application to display new information. It is widely used on Web pages to cause an ad to "pop up;" however, pop-ups can be prevented or made to appear beneath the browser window using various pop-up blockers.
Port-Knocking Back Doors: Some of the newest and most complex Trojans utilize the "port knocking" method. This technique involves establishing a connection to a networked computer that has no open ports. A normal scan of the computer might show that it's not listening on any ports. But that doesn't mean that the system is clean of rogue daemons. The two most common delivery methods for Trojans are e-mail attachments and bad freeware or shareware. If you do have such a back door loaded on your system, typical port scans from the Internet will reveal no new listening ports. The Trojan will lie dormant, and it won't appear to be operating or listening on any ports—until the attacker uses a specific series of events to wake it up. To activate the Trojan, the attacker uses port knock sequences to activate the back door (for example, three connection attempts to ports 500, 501, and 502) and opens a TCP port to listen for further instructions. The attacker can then use your machine for a massive distributed denial of service (DDoS) attack on his or her choice of targets. Port-knocking back doors are cutting-edge virus technology. Computers can receive them without immediate side effects, and they allow attackers to retain control of their distribution network.
RATs (Remote Administration Tools): allow an attacker to gain unrestricted access to your computer whenever you are online. The attacker can perform activities such as file transfers, adding/deleting files or programs, and controlling the mouse and keyboard. Some are delivered using rogue Active X scripts that run on websites and either install software on the PC without the user’s knowledge or open a gateway onto the user’s hard drive to access files in an attempt to delete and modify them as they will.
Retrospies: spyware software that actively attacks targets anti-spyware software and detection programs in an effort to prevent detection. Retrospies often use various hiding techniques such as using common system file names. Retrospies are malicious and usually use other types of deception to avoid detection.
Rootkits: a rootkit is a collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. The intruder installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. The rootkit then collects user ID’s and passwords to other machines on the network, thus giving the hacker root or privileged access. A rootkit may consist of utilities that also monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to circumvent detection.
Scumware: slang word for any unwanted software or programs installed on your computer.
SearchPage Hijackers: software that takes control over your default search engine. This doesn't mean you cannot use your favorite search engine, it means that when you mistype something, their search page pop-ups instead. This generally includes a lot of advertisements and generally contains a search engine that will deliver advertising content rather then relevant search results.
Smurf attack: named after its exploit program, is a denial-of-service attack which uses spoofed broadcast ping messages to flood a target system. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the switching or routing device delivering traffic to those broadcast addresses performs the IP broadcast at layer 2, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, potentially hundreds of machines might reply to each packet. Several years ago, most IP networks could lend themselves thus to smurf attacks -- in the lingo, they were "smurfable". Today, thanks largely to the ease with which administrators can make a network immune to this abuse, very few networks remain smurfable.
Snoopware: another name for spyware software, Snoopware refers to the act of snooping. It can track what you do on the internet and report it to a server or collect personal information and report that to a server.
Social-engineering: schemes to use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond.
Spam: unsolicited commercial e-mail or the junk mail you get in your regular inbox.
Surveillance Software: a potentially greater and more dangerous threat than viruses because it can record your keystrokes, history, passwords, and other confidential and private information and then send that information to the creator. Surveillance Software is often sold as a spouse monitor, child monitor, surveillance tool or a tool to spy on users trying to gain unauthorized access. Surveillance Software covertly gathers user information and monitors activity without the user's knowledge. You do not have to be connected to the Internet to be spied on. Some software will save logs to be transmitted later or may email out user activity or post information on the web where the creator can view the information at their leisure. Some Surveillance Software vendors go as far as using "stealth routines" and "polymorphic" techniques to avoid detection and removal by popular anti-spyware software.
System Monitors: software that can monitor your computer activity. They range in capabilities and may record some or all of the following: keystrokes, e-mails, chat room conversations, instant messages, Web sites visited, programs run, time spent on Web sites or using programs, and even usernames and passwords. The information is transmitted via remote access or sent by e-mail.
Technical Subterfuge: schemes that plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware.
Thiefware: software that pops up on sites and does not pay or even give credit to the web page owner. It can also redirect a search or webpage to the web page of their choosing. This practice is not illegal although many web site owners believe it to be unethical.
Trojans or Trojan Horses: Malicious programs disguised as harmless software programs. Trojans do not replicate themselves like viruses, but are spread through e-mail attachments and Web downloads. Once the file is opened, the Trojan may install itself on your computer without your knowledge or consent. It may have the ability to manage files on your computer, including creating, deleting, renaming, viewing, or transferring files to or from your computer. It may install a program that allows a malicious user to install, execute, open, or close software programs or take full control of the infected machine. The malicious user may have the ability to open and close your CD-ROM drive, gain control of your cursor and keyboard, and may even send spam by sending mass e-mails from your infected computer. They have the ability to run in the background, hiding their presence.
Virus: a self-replicating program that spreads by inserting copies of itself into other executable code or documents. In common parlance, the term virus is often extended to refer to computer worms and other sorts of malware although technically these are note viruses in the traditional sense. Viruses cannot directly damage hardware, only software is damaged directly. The software in the hardware however may be damaged (such as BIOS code or Boot Sectors in a hard drive). While viruses can be intentionally destructive (for example, by destroying data), many other viruses are fairly benign or merely annoying. Some viruses have a delayed payload, which is sometimes called a bomb. For example, a virus might display a message on a specific day or wait until it has infected a certain number of hosts. A time bomb occurs during a particular date or time, and a logic bomb occurs when the user of a computer takes an action that triggers the bomb. However, the predominant negative effect of viruses is their uncontrolled self-reproduction, which wastes or overwhelms computer resources.
Worm: viruses that reside in the active memory of a computer and duplicate themselves. They may send copies of themselves to other computers, such as through email or Internet Relay Chat (IRC).
Click here to
jump to our Spyware Protection page
|
NEW! The Arxceo Ally IP1000
Arxceo's approach to enhancing network security has created a unique solution that complements and enhances existing intrusion detection, intrusion prevention and firewall products as well as provides a significant advancement toward protecting PDAs, smartphones, 3G Mobile phones and other limited CPU, RAM, and power platforms.
The Ally IP1000, PnPro and Tag-UR-IT technology enhances the security of existing firewall-protected corporate and government sites. Arxceo products provide a more secure DMZ front-end that guarantees every TCP/IP source address arriving from the Internet is who they say they are. Coupling this IP Source Authentication filter with superior reporting and data collection allows administrators to fully realize when truly dangerous cyberhackers are targeting their site. Arxceo's products are undetectable on the network and do not require any modifications to routing tables or other network configurations -- it's truly "plug and protect (PnPRO)". Therefore, PnPro is also the perfect technology for today's 'bulkhead' requirements - protecting the LAN from intrusions coming from the inside, as opposed to the traditional front door firewall role. Application or database specific firewalls are now easy, cost effective, and literally free of performance impacts.
A truly innovative approach - "Not seeing is believing!"
As Ben Franklin stated, "Necessity is the mother of invention". Arxceo's PnPro technology stems from a public PC access environment where a firewall wasn't allowed by the IT department due to policy. Fortunately for Arxceo, this policy created some very frustrated administrators. If only they could implement a firewall that wasn't even detectable to their own IT department... that didn't affect any existing configurations or routers... that didn't impact performance... that protected systems from hackers on the outside and misuse or viruses on the inside... something that just plugged in and started protecting in both directions.
TCNS is an Authorized
WatchGuard Reseller!
About WatchGuard Technologies, Inc.
WatchGuard is a leading provider of network security solutions for small- to mid-sized enterprises worldwide, delivering integrated products and services that are robust as well as easy to buy, deploy and manage. The company's Firebox X line of expandable integrated security appliances is designed to be fully upgradeable as an organization grows and to deliver the industry's best combination of security, performance, intuitive interface and value. WatchGuard Intelligent Layered Security architecture protects against emerging threats effectively and efficiently and provides the flexibility to integrate additional security functionality and services offered through WatchGuard. Every WatchGuard product comes with an initial LiveSecurity Service subscription to help customers stay on top of the security landscape with vulnerability alerts, software updates, expert security instruction and superior customer care. For more information, please call (206) 521-8340 or visit www.watchguard.com.
TCNS is an ONTRACK Authorized Partner!
Focusing on quality service for our customers,
OnTrack Data Recovery offers free consulting, and 24/7/365 global service with highly knowledgeable data recovery specialists and technical staff providing top-notch support before, during and after the recovery process.
OnTrack's unique and long-term relationships with all major drive manufacturers enable our R&D teams to maintain a leading edge on computer storage technology and create new tools to perform recoveries on new devices and anticipate our customers’ needs.
OnTrack Data Recovery services range in price and complexity, depending on your data loss situation.
OnTrack is the ONLY company offering true remote recovery capabilities – the fastest, most cost-effective data recovery solution available. In addition to the different recovery services, we offer a variety of service levels ranging from standard to emergency, depending on how quickly you need your data back.
|
