Wednesday 9 October 2013

28 Types of Computer Security Threats and Risks

There are many types of computer security threats in this world. Some are pretty harmful while some are totally harmless although annoying. There are also some which does not do any damage to your computer, but has the capability to empty the numbers in your bank account.
If you are really interested to find out these threats, I have 28 of them here and do get yourself a cup of coffee before you start.

The types of computer security threats

1. Trojan. Trojan is one of the most complicated threats among all. Most of the popular banking threats come from the Trojan family such as Zeus and SpyEye. It has the ability to hide itself from antivirus detection and steal important banking data to compromise your bank account. If the Trojan is really powerful, it can take over your entire security system as well. As a result, a Trojan can cause many types of damage starting from your own computer to your online account.
2. Virus. Looking at the technology 10 years back, Virus is something really popular. It is a malicious program where it replicates itself and aim to only destroy a computer. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all. It is not so popular today because Malware today is designed to earn money over destruction. As a result, Virus is only available for people who want to use it for some sort of revenge purpose.
3. Worms. One of the most harmless threats where it is program designed only to spread. It does not alter your system to cause you to have a nightmare with your computer, but it can spread from one computer to another computer within a network or even the internet. The computer security risk here is, it will use up your computer hard disk space due to the replication and took up most of your bandwidth due to the spread.
4. Spyware. Is a Malware which is designed to spy on the victim’s computer. If you are infected with it, probably your daily activity or certain activity will be spied by the spyware and it will find itself a way to contact the host of this malware. Mostly, the use of this spyware is to know what your daily activity is so that the attacker can make use of your information. Such as if you browse on sex toys for a week every day, the attacker will try to come out with a sex toy scam to cheat on your money.
5. Scareware. Scareware is something that plant into your system and immediately inform you that you have hundreds of infections which you don’t have. The idea here is to trick you into purchasing a bogus anti-malware where it claims to remove those threats. It is all about cheating your money but the approach is a little different here because it scares you so that you will buy.
6. Keylogger. Something that keeps a record of every keystroke you made on your keyboard. Keylogger is a very powerful threat to steal people’s login credential such as username and password. It is also usually a sub-function of a powerful Trojan.
7. Adware. Is a form of threat where your computer will start popping out a lot of advertisement. It can be from non-adult materials to adult materials because any ads will make the host some money. It is not really harmful threat but can be pretty annoying.
8. Backdoor. Backdoor is not really a Malware, but it is a form of method where once a system is vulnerable to this method, attacker will be able to bypass all the regular authentication service. It is usually installed before any virus or Trojan infection because having a backdoor installed will ease the transfer effort of those threats.
9. Wabbits. Is another a self-replicating threat but it does not work like a Virus or Worms. It does not harm your system like a Virus and it does not replicate via your LAN network like a Worms. An example of Wabbit’s attack is the fork bomb, a form of DDoS attack.
10. Exploit. Exploit is a form of software which is programmed specifically to attack certain vulnerability. For instance if your web browser is vulnerable to some out-dated vulnerable flash plugin, an exploit will work only on your web browser and plugin. The way to avoid hitting into exploit is to always patch your stuff because software patches are there to fix vulnerabilities.
11. Botnet. Botnet is something which is installed by a BotMaster to take control of all the computer bots via the Botnet infection. It mostly infects through drive-by downloads or even Trojan infection. The result of this threat is the victim’s computer, which is the bot will be used for a large scale attack like DDoS.
12. Dialer. This threat is no longer popular today but looking at the technology 10 years back or more where we still access the internet using a dial-up modem, it is quite a popular threat. What it does is it will make use of your internet modem to dial international numbers which are pretty costly. Today, this type of threat is more popular on Android because it can make use of the phone call to send SMS to premium numbers.
13. Dropper. Looking at the name, a Dropper is designed to drop into a computer and install something useful to the attacker such as Malware or Backdoor. There are two types of Dropper where one is to immediately drop and install to avoid Antivirus detection. Another type of Dropper is it will only drop a small file where this small file will auto trigger a download process to download the Malware.
14. Fake AV. Fake Antivirus threat is a very popular threat among Mac user about 10 months ago. Due to the reason that Mac user seldom faces a virus infection, scaring them with message which tells them that their computer is infected with virus is pretty useful where it results them into purchasing a bogus antivirus which does nothing.
15. Phishing. A fake website which is designed to look almost like the actual website is a form of phishing attack. The idea of this attack is to trick the user into entering their username and password into the fake login form which serves the purpose of stealing the identity of the victim. Every form sent out from the phishing site will not go to the actual server, but the attacker controlled server.
16. Cookies.Cookies is not really a Malware. It is just something used by most websites to store something into your computer. It is here because it has the ability to store things into your computer and track your activities within the site. If you really don’t like the existence of cookies, you can choose to reject using cookies for some of the sites which you do not know.
17. Bluesnarfing. Bluesnarfing  is all about having an unauthorized access to a specific mobile phones, laptop, or PDA via Bluetooth connection. By having such unauthorized access, personal stuff such as photos, calender, contacts and SMS will all be revealed and probably even stolen.
18. Bluejacking. Bluejacking is also uses the Bluetooth technology but it is not as serious as Bluesnarfing. What it does is it will connect to your Bluetooth device and send some message to another Bluetooth device. It is not something damaging to your privacy or device system compared to the Bluesnarfing threat.
19. DDoS. One of the most famous thing done by Anonymous, which is to send millions of traffic to a single server to cause the system to down with certain security feature disable so that they can do their data stealing. This kind of trick which is to send a lot of traffic to a machine is known as Distributed Denial of Service, also known as DDoS.
20. Boot Sector Virus. It is a virus that places its own codes into computer DOS boot sector or also known as the Master Boot Record. It will only start if there it is injected during the boot up period where the damage is high but difficult to infect. All the victim need to do if they realize there is a boot sector virus is to remove all the bootable drive so that this particular virus will not be able to boot.
21. Browser Hijackers. A browser hijacker uses the Trojan Malware to take control of the victim’s web browsing session. It is extremely dangerous especially when the victim is trying to send some money via online banking because that is the best time for the hijacker to alter the destination of the bank account and even amount.
22. Chain Letters. When I was small, I got tricked with chain letters written by my friend. But chain letters does not stop at that era. It brings to adult life as well where people like to send chain letter such as Facebook account delete letter. It usually says if you don’t forward that particular message or email to 20 people or more, your account will be deleted and people really believe that.
23. Virus Document. Virus today can be spread through document file as well especially PDF documents. Last time, people will only advice you not to simply execute an EXE file but in today’s world with today’s technology, document file should also be avoided. It is best if you use an online virus scanner to scan first before opening any single file which you feel it is suspicious.
24. Mousetrapping. I am not too sure whether you had encountered a Mousetrapping Malware before where what it does is it will trap your web browser to a particular website only. If you try to type another website, it will automatically redirect you back. If you try clicking forward/backward of the navigation button, it will also redirect you back. If you try to close your browser and re-open it, it will set the homepage to that website and you can never get out of this threat unless you remove it.
25. Obfuscated Spam. To be really honest, obfuscated Spam is a spam mail. It is obfuscated in the way that it does not look like any spamming message so that it can trick the potential victim into clicking it. Spam mail today looks very genuine and if you are not careful, you might just fall for what they are offering.
26. Pharming. Pharming works more or less like phishing but it is a little tricky here. There are two types of pharming where one of it is DNS poisoning where your DNS is being compromised and all your traffic will be redirected to the attacker’s DNS. The other type of pharming is to edit your HOST file where even if you typed www.google.com on your web browser, it will still redirect you to another site. One thing similar is that both are equally dangerous.
27. Crimeware. Crimeware is a form of Malware where it takes control of your computer to commit a computer crime. Instead of the hacker himself committing the crime, it plants a Trojan or whatever the Malware is called to order you to commit a crime instead. This will make the hacker himself clean from whatever crime that he had done.
28. SQL Injection. SQL injection does not infect the end users directly. It is more towards infecting a website which is vulnerable to this attack. What it does is it will gain unauthorized access to the database and the attacker can retrieve all the valuable information stored in the database.

Thursday 19 April 2012

Open office Competition 2012

Vanue: Faculty of Information Science & Technology, Multimedia University, Melaka.
Date: 29th March 2012
Time: 1.00pm - 5.00pm