The use of internet has its risks like, leakage of personal information, leakage of company data or hacking of computers. In order to protect the data we must know the (online) threats. One threat is malware. Malware is the collective name for malicious software. In the beginning the main purpose of malware was destruction of the system; viruses would wipe out hard drives and made computers useless. Today malware will do changes on your computer without your permission like: change your browser settings, alter your system files, install new toolbars, present constant popups etc. So, there are different kinds of malware. We will introduce the most common ones below.
Adware is software that displays (unwanted) advertisements on your computer. This is not necessarily a bad thing. However, when adware comes with incorporated spyware (the software analyses which web sites the user visits to be able to present advertising pertinent to the types of goods the user has searched) and keylogger (that observes the user’s key strokes). Furthermore, Adware can consume processing power and therefore can be quite annoying, as it slows down the computer. Prevention: Adware are often downloaded as part of illegal software. To prevent being infected with Adware, do not download and/or install software or files illegally. Removal: You need an Adware Removal Tool. However, many malware removal tools can be used such as: Anti-Virus / Anti-Malware / Anti-Spyware software.
Autorun Worms are malicious software that take advantage of the Auto Run feature commonly found on systems running a Windows Operating System. These worms are distributed on external storage media such as USB sticks and infect the system once the device is connected to the computer. Once on the system the worm starts copying itself into the root directories of the hard drives and other external media. Prevention: To protect yourself from being infected with autorun worms, disable to autorun feature. (Read our section on PC protection for more information on how to do this). Removal: Anti-Virus software
One of the most notorious dangers of the internet is the botnet. A botnet is a collection of computers that have been compromised by a hacker (these computers are then referred to as “Zombie”, “Bot” or “Drone”). This hacker often referred to as a “Botnet Herder” can use this botnet for many malicious purposes for example orchestrating a DDOS (Distributed Denial of Service) attack or sending unsolicited e-mails (Spam). Botnets are also offered for sale or rent on the cyber black market. Cyber criminals can then rent or buy the botnet from the Botnet Herder and use them for their criminal activities. Botnets are successful because of the ease of infection, the profit and the fact that not every country has a criminal sanction in place (yet). They are notorious because they are extremely difficult to take down. Prevention: Bot-agents (software that turn your computer into a bot) are distributed in a number of ways. One of the most common distribution methods for bot-agents is via e-mail attachments. This is why it is important never to open attachments from unknown sources. Bot-agents can also be included in illegal software/files. Thus a good method for preventing bot-agents is to not participate in downloading of illegal materials. Also keep your internet browsers up-to-date to prevent Drive-by-Downloads (see below). Removal: Bot-agents can be recognized and removed by Anti-Virus software (so make sure your Anti-Virus software is always up to date).
A browser hijacker does just what its name suggests; it hijacks your browser to display webpages they want you to see. This software can change your browser settings and make it difficult for you to get back to your homepage. Some even make it impossible for you to browse to other sites. Prevention: Browser Hijackers are a type of virus. They infect your machine and change its settings. To prevent browser hijackers it is important not to participate in illegal downloading of software or files. Do not open e-mail attachments from unknown sources and keep your browser up-to-date. Removal: Anti-Virus software. Sometimes when this virus is removed your internet settings may not go back to their original settings. If this is the case, you need to reconfigure your browser settings, or you can reset your browser settings to default or if all else fails, you can send your computer to a PC repair shop.
Chain Letters are e-mails that tempt you to forward copies to other people by promising you something good will happen if you do (too good to be true) or by telling an incredible yet fake story which you absolutely must share with your friends. While most of these chain letters are not harmful, they do waste precious system resources, such as memory and time. Also these letters can be used by cyber criminals to harvest e-mail addresses and use these for spear phishing. It is important to note that on social networking sites such as Facebook there are also these types of posts. Clicking on them can cause your Facebook account to be hijacked or download malware on your system. Every time a person forwards a chain letter he/she puts the other person at risk. Prevention: Delete Chain letters; do not forward chain letters (not within and not outside the company) Removal: Since Chainletters themselves are not installed on your system. Removal consists of deleting them from your inbox.
A Denial of Service (DOS) Attack occurs when more requests are sent to a server than it can handle. This will cause the server to crash and make it unavailable to legitimate users. DOS attacks are commonly done on webservers aiming to make the site unavailable. Another variant of the Distributed Denial of Service (DDOS) is when the source of the request flood is not one system, but many systems. This way a DDOS can be much larger and damaging then a regular DOS. Prevention: There is no real way to prevent a DDOS attack. It is very uncommon for home networks to be attacked with a DDOS. Removal: A DDOS attack is an external attack. There is no removal.
Drive-by Download refers to a type of infection that takes place when a user visits an infected website; the download happens without the person’s knowledge. This can happen on even the most legitimate of websites, such as news sites or sites belonging to legitimate companies. To perform a drive by download a criminal has to infect this site with its malware (virus, spyware, crimeware). Prevention: It is almost impossible to prevent Drive-by Download, as the malware is on the website the person visits. Removal: However a good Anti-Virus software may be able to detect and remove it.
Malware is a collective name for malicious (evil) software that cybercriminals use as tools for their criminal activity.
Ransomware is a term used to describe malicious software that lock (encrypt) your data or functionalities of your computer and demand a payment in order for them to be unlocked. Prevention: Do not open e-mail attachment from unknown sources; do not download software/files illegally. Make sure your browsers are up-to-date. Do not click on links in e-mails. Removal: Ransomware can be tricky to remove. The techniques used to remove them depend on what type of ransomware it is. Some anti-virus products can remove them. However ransomware often take your screen hostage, meaning that there is not much you can to. The best solution is to send your computer to a computer repair shop where professionals in computer repair can remove the ransomware for you.
Rootkit is a term used for programs that hide programs or processes that are running. This way they can remain undetected for a long time. Rootkits themselves do not perform malicious activities; they are being used to hide the malicious activities. Prevention: Do not open e-mail attachment from unknown sources; do not download software/files illegally. Make sure your browsers are up-to-date. Do not click on links in e-mails. Removal: There are anti-rootkits tools available. Also, some anti-virus solutions can detect and remove rootkits. However the removal of rootkits is often something a computer repair specialist must do.
Spear Phishing is phishing targeting a specific organization. Spear phishing is mostly being conducted by perpetrators out for financial gain, trade secrets or military information. Spear phishing also differs from phishing in that Spear phishing mostly seems to come from an individual within the recipient’s own company who is in a position of authority, asking for confidential information. Prevention: Same as phishing. Removal: Spam filters for e-mail recognize and remove phishing e-mails. Delete untrustworthy e-mails.
Spyware is software that gathers information without the user’s consent and reports this to the software’s author. The type of information gathered really depends on what the writer of the spyware is looking for. It might be your browsing activity, meaning which websites you visit. This information can then be sold to advertisers who can send you more targeted ads. They can also get information such as usernames, passwords and other sensitive information. They use this information to steal your identity and money. Prevention: Do not open e-mail attachment from unknown sources; do not download software/files illegally. Make sure your browser is up-to-date. Do not click on links in unsolicited e-mails. Removal: Anti-Virus / Anti-Spyware software (nowadays most anti-virus software can remove spyware)
A Trojan is a stand-alone software that does not attach itself to other programs or propagate itself across networks. Trojans get their name from the infamous Trojan horse in Greek mythology. Much like this ancient wooden horse that was presented as a gift but contained soldiers that would invade the city once the horse was brought through the city gates, a Trojan disguises itself as a benevolent (good) computer program, but it does harm instead. A Backdoor Trojan, once installed can make it possible for a hacker to remotely access the infected computer. The hacker can afterwards perform a variety of actions on the affected PC, from stealing information to using the computer to send out SPAM. Prevention: Do not open e-mail attachment from unknown sources; do not download software/files illegally. Be especially careful when download “free” software. Make sure your browsers are up-to-date. Do not click on links in e-mails. Removal: Most trojans can be removed by anti-virus software. But keep in mind that once a Trojan is installed on your system it downloads other malicious software to your system.
A virus is a self-replicating program that attaches itself to legitimate software and requires user interaction to successfully infect a system. The result of this infection can range from simple pranks that display certain content, to more malicious effects such as corruption or destruction of programs and/or data. Prevention: Do not open e-mail attachment from unknown sources; do not download software/files illegally. Removal: Anti-Virus software
A worm is a self-replicating program that uses vulnerabilities in computer networks to propagate itself. In contrast to a computer virus a worm does not need to attach itself to another program and does not require user interaction to run. The damage caused by computer worms depends on their payloads. Although some worms are only programmed to multiply themselves across networks, they can still be disruptive as they consume network bandwidth. Other worms carry more malicious payloads as they can create backdoors for hackers to take control of a PC, turning this into a “zombie” that will execute commands from said hacker. Prevention: Do not open e-mail attachment from unknown sources; do not download software/files illegally. Make sure your browsers are up-to-date. Do not click on links in e-mails. Removal: Removal: Because worms propagate through network connections, removal can be tricky. Every infected machine has to be taken off the network and cleaned. After the machine is re-connected it must be monitored for reinfection. If the machine is re-infected within a short period of time, it could mean that there are more infected machines on the network.
Website Defacement is the act of replacing a company’s/organization’s/individual’s original website content with some other content. This if often done as a form of protest, retaliation or as a way to prove “hacking” skills. Causes Websites can be defaced for a number of reasons and by a number of individuals or groups. One method hackers use is to look for vulnerabilities within the OS that is running the webserver. The vulnerabilities can be exploited in different ways to gain control of the webserver and its contents. Hackers can also try to gain access by guessing passwords, or as it is known among security professionals as a “Brute Force Attack”. Hackers use this method to go through a variety of password possibilities and try to guess passwords. These methods can also be combined if necessary. Website defacement can be used as a diversion. So if your webserver is inside your local network, make sure you monitor your network for suspicious behavior. Prevention Webservers are very vulnerable machines as they are easily accessible from the internet. They serve as the holder of all the content we want to make available to the world. That is why they are one of the most difficult machines to protect. But there are best practices you can follow to make your webservers more secure. These include:
- Patch/Update the Server; Webservers just like all other servers can contain vulnerabilities, these are mistakes in the code of the OS or software installed on the webserver that can be used by hackers to break into the system. Software vendors often release “patches” which are used to remove or remediate these vulnerabilities. Once a system is patches (updates are installed), hackers can no longer use the patched vulnerabilities to break into the system. An up-to-date server is more difficult to break into than one full of vulnerabilities.
- Use strong passwords; this is a rule that applies to all aspects of system security. Weak passwords can be easily cracked by password cracking software and can be used to gain control of the system. If you want to read more about how to create strong passwords, click here.