Internet Security: Some Definitions

Security computer securityI think it’s important for all of us to be as knowledgeable as possible on Internet security and cyber crime as a base of our defense against the bad guys. However, in order to educate ourselves, we must first understand the jargon of Internet security…okay, the buzzwords. Yes…try as we might; we all slip up and use buzzwords. SANS.org has published a great list of definitions entitled Dirty Tricks And Larceny.
 
Blackhats

Hackers who use their skills for explicitly criminal or other malicious ends, such as writing malware (malicious software) to steal credit card numbers and banking data or by phishing; a.k.a. the Bad Guys.

Phishing

The practice of sending out fake email messages that look as if they come from a trusted person or institution——usually a bank— in order to trick people into handing over confidential information. The emails often direct you to a website that looks like that of the real financial institution. But it is a fake and has been rigged to collect your personal information, such as passwords, credit card numbers and bank account numbers, and transmit them to the Bad Guys.

Man-in-the-middle

An attack in which a criminal hacker intercepts information sent between your computer and the website of your financial institution and then uses that information to impersonate you in cyberspace. The hacker is able to defeat even very sophisticated security measures and gain access to your account.

Botnet

Botnets consist of large numbers of hijacked computers that are under the remote control of a criminal or a criminal organization. The hijacked computers —a.k.a. “zombies” or “bots” (short for “robots”) —are recruited using viruses spread by email or drive-by downloads. Worms are used to find and recruit additional computers. The biggest botnets consist of thousands and even millions of computers, most often unprotected home computers.

Virus

A malicious program that usually requires some action on the part of a user in order to infect a computer; for example, opening an infected attachment or clicking on a link in a rigged email may trigger a virus to infect your computer.

Drive-by Download

A kind of malware that installs itself automatically when you visit a booby-trapped website. Symptoms of a drive-by download include: your homepage has been changed, unwanted toolbars have been added, and unfamiliar bookmarks appear in your browser.

Worm

Self-replicating malware that, for instance, hunts down unprotected computers and recruits them for criminal or other malicious purposes. Unlike a virus, worms do not require any action on your part in order to infect your computer.

Fake Anti-Virus

Fake anti-virus software purports to be a helpful program than can find and remove malware, but in fact it is malware–the very thing that it’s supposed to eliminate. After taking over your computer, it pretends to do security scans, tells you it has found malware, and then asks you to pay to have the non-existent malware removed. Whether or not you pay, fake anti-virus is likely to install more malware.

Whitehats

Hackers who use their skills for positive ends, and often for thwarting blackhats. Many whitehats are security professionals who spend their time identifying and fixing vulnerabilities in software that blackhats seek to exploit for criminal or other malicious purposes.

Security suite

A set of software applications designed to protect your computer that consists of anti-virus, anti-malware and a personal firewall.

Anti-virus and anti-malware.

Helpful software applications that scan your computer for certain patterns of infection. The patterns they scan for are the signatures, or definitions, of known forms of malware. Since Bad Guys are creating new forms of malware continuously, it is important that you keep your anti-virus and anti-malware definitions updated. See the “Patches and Updates” definitions below.

Personal firewall

Software that monitors incoming and outgoing traffic on your computer and checks for suspicious patterns indicating the presence of malware or other malicious activity. A personal firewall alerts you to these threats and attempts to block them. Like anti-virus and anti-malware software, personal firewalls require frequent updates to provide effective protection.

Updates

Security software relies on frequent updates in order to be able to counteract previously undetected forms of malware. Consequently, your computer may suffer a ““window of vulnerability” between the time a new form of malware is identified and the time when your security software can block it or remove the infection. Set your security software to update automatically.

Patches

Operating systems, like Windows and OS X, and software applications, such as Internet Explorer and Firefox, may be found to contain security flaws or holes that make your computer vulnerable to attack. Their makers release patches to plug the holes. The fastest and surest way to get these installed quickly is to use auto-updating via the Internet. Some software applications require manual updating.

Black Tuesday a.k.a. Patch Tuesday

On the second Tuesday of each month Microsoft releases security patches for Windows, Internet Explorer, Office and its other software products. You can have these installed automatically using Microsoft Update.

Auto-updating

A software tool built into Windows (“Microsoft Update”) and OS X (“Auto Update”) and many other applications which can download and install important security updates and patches for software installed on your computer automatically.

Ref: SANS.org Dirty Tricks And Larceny

Please comment on this article; we all learn from each other when our views and opinions are shared.

Don’t miss an article.  If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted.  I don’t share your email address with anyone…no one; I hate spam too.  Please share my site with your friends and family.  Thanks.

Remember, home computing is a blast…keep it productive and enjoyable.

Best regards,

Paul

paulshomecomputing@yahoo.com

Advertisements

8 Comments

Filed under Internet, security

8 responses to “Internet Security: Some Definitions

  1. Pingback: Tech Thoughts Daily Net News – October 30, 2010 « Bill Mullins' Weblog – Tech Thoughts

  2. Thanks Paul, for this very helpful article.

    You’re quite right, if we don’t understand the words (buzzwords, or not), it’s difficult, if not impossible, to take proactive steps to protect ourselves.

    Best,

    Bill

    • Bill,
      Always brightens my day when you visit. Thanks. I’m just trying to figure out why so many folks don’t heed our warnings and advice. And I’m thinking that we may need to address the basics and rebuild from there, at least for new users, etc., if not for all non-IT pros.
      Best,
      Paul

  3. Paul,

    This list is great… I can tell you put a lot into putting it together.

    Rick

  4. Manmohan Rajyana

    Trojan the “%WINDIR%\temp\symantec.exe”: Mozilla has admitted to a zero-day security flaw in Firefox that saw the Nobel Prize website offering up malware. Windows users of Firefox 3.5 and 3.6 visiting the website were infected by a Trojan that gives the attacker complete control of the user’s machine. The insecurity vendor Norman, in its threat analysis said that once the machine is infected, the Trojan creates registry keys to automatically start during Windows’ boot-up.
    Mozilla has acknowledged the vulnerability and confirmed it is working on a fix. In the meantime, affected users who visit the Nobel Prize website find that Firefox’s malware protection feature throws up a warning message. The problem with this method of containment is that Mozilla doesn’t know if other websites have similar drive-by download exploits.
    To counter such a threat on a more general level, Mozilla suggest disabling Java-script or using the No-script add-on.
    Drive-by download attacks are becoming an increasingly common method to push malware onto unsuspecting web users. Making use of holes in scripting language interpreters such as Java-script and Microsoft’s ActiveX has been standard practice for many years. Generally it is recommended to disable scripts on all but trusted websites, though few would have thought the Nobel Prize website would end up inadvertently peddling malware.
    It seems that this time some Firefox users got caught out while trying to find out which bright spark received a Nobel gong.

    The underlying vulnerability affects Mac OS X and Linux as well as Windows boxes running Firefox, hence the need for a cross-platform update even though the Nobel Prize site attack was Windows-specific.
    Mozilla credits Norwegian security vendor Telenor with discovering the flaw. Right after execution the Backdoor is retrieving the path to the Windows Directory and is creating a copy of itself as “%WINDIR%\temp\symantec.exe”. After the Backdoor created that file, auto-start keys are added to the Windows Registry. The registry keys point to different paths within the Windows Registry (current user and local machine). After the system operations are done, the Backdoor tries to create two connections to Internet servers. One connection is opened to Nobel. .mooo.com and one to update.microsoft.com. The connection to update.microsoft.com is no malicious behaviour for sure. After establishing these connections, it tries to connect to two further addresses.
    If both hosts are offline, as they are currently, the malware will stop execution and exit. If a connection to one of the servers is successful, the malware opens a shell to the socket which is opened. An attacker can get access to the local computer with same rights as the malware was executed, the computer is compromised.
    It is currently unclear why obviously a script-kiddie-like malware abuses such valuable 0-day vulnerability; usually cyber criminals abuse them for profitable malware.
    Code planted on the site redirected surfers to a hacker-controlled site that ran a JavaScript-based exploit, specific to Firefox, that attempted to plant a Trojan on vulnerable Windows PCs The mechanism of the attack, detected by security researchers on Tuesday, is blocked with the release of the latest version of the open source web browser, Mozilla has also released a cross-platform update for the earlier version 3.5.x version of the browser that addresses the same security hole.
    Mozilla acknowledged the bug Tuesday and said it was at work on a patch, but provided few details. Today, the company said the vulnerability existed in the Windows, Mac OS X and Linux versions of Firefox 3.6 and the older Firefox 3.5.
    The currently-stalled Firefox 4 was not at risk, Daniel Veditz, a Firefox security engineer, and Veditz said “Firefox 4 beta users appear safe for the moment,” on Tuesday. “The underlying problematic code does exist, but other code changes since Firefox 3.6 seem to be shielding us from the vulnerability.”
    Mozilla Firefox release delayed

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s