Whether you’re a network administrator, use a computer at work, or just an average user who loves to browse the internet, then this simple and easy to understand information is for you.
The information shared here where taken from the eBook provided by SOPHOS. This will teach you facts about computer viruses, worms, spyware, spam – and more – in simple, easy-to-understand language.
Whether you use a Mac or a Pc, this will be useful information for you. You might use the computer daily or once in a blue moon– you never know when this information might come in handy. The next time you are sending an email or checking in, or making hotel reservation or selling stuff online you will feel more confident and IT-fluent. Read more here below, and feel free to get in touch with your questions!
We are living in a digital world, were computers are not just an ordinary thing anymore but a “necessity” to our everyday lives. Most of us only knew a little about computer security threats, the most common were “virus” and “worm”. But did you know that there are 34 different types of Computer Security Threats? A lot huh? You’ll know more about them below, so keep reading and i hope that you’ll be more cautious and knowledgeable in using your computer.
Adware is software that displays advertisements on your computer.
Adware, or advertising-supported software, displays advertising banners or pop-ups on
your computer when you use the application. This is not necessarily a bad thing. Such
advertising can fund the development of useful software, which is then distributed free
(for example, the Opera web browser).
However, adware becomes a problem if it:
- installs itself on your computer without your consent
- installs itself in applications other than the one it came with and displays advertising
when you use those applications
- hijacks your web browser in order to display more ads (see Browser hijackers)
- gathers data on your web browsing without your consent and sends it to others via
the internet (see Spyware)
- is designed to be difficult to uninstall.
Adware can slow down your PC. It can also slow down your internet connection by
downloading advertisements. Sometimes programming flaws in the adware can make
your computer unstable.
Advertising pop-ups can also distract you and waste your time if they have to be closed
before you can continue using your PC.
Some anti-virus programs detect adware and report it as “potentially unwanted
applications”. You can then either authorize the adware program or remove it from the
computer. There are also dedicated programs for detecting adware.
2. Backdoor Trojans
A backdoor Trojan allows someone to take control of another user’s
computer via the internet without their permission.
A backdoor Trojan may pose as legitimate software, just as other Trojan horse programs
do, so that users run it. Alternatively – as is now increasingly common – users may
allow Trojans onto their computer by following a link in spam mail.
Once the Trojan is run, it adds itself to the computer’s startup routine. It can then
monitor the computer until the user is connected to the internet. When the computer
goes online, the person who sent the Trojan can perform many actions – for example,
run programs on the infected computer, access personal files, modify and upload files,
track the user’s keystrokes, or send out spam mail.
Well-known backdoor Trojans include Subseven, BackOrifice and, more recently,
Graybird, which was disguised as a fix for the notorious Blaster worm.
To avoid backdoor Trojans, you should keep your computers up to date with the latest
patches (to close down vulnerabilities in the operating system), and run anti-spam
and anti-virus software. You should also run a firewall, which can prevent Trojans from
accessing the internet to make contact with the hacker.
Bluejacking is sending anonymous, unwanted messages to other users
with Bluetooth-enabled mobile phones or laptops.
Bluejacking depends on the ability of Bluetooth phones to detect and contact other
Bluetooth devices nearby. The Bluejacker uses a feature originally intended for
exchanging contact details or “electronic business cards”. He or she adds a new entry
in the phone’s address book, types in a message, and chooses to send it via Bluetooth.
The phone searches for other Bluetooth phones and, if it fi nds one, sends the message.
Despite its name, Bluejacking is essentially harmless. The Bluejacker does not steal
personal information or take control of your phone.
Bluejacking can be a problem if it is used to send obscene or threatening messages or
images, or to send advertising. If you want to avoid such messages, you can turn off
Bluetooth, or set it to “undiscoverable”.
Bluetooth-enabled devices may also be at risk from the more serious Bluesnarfing.
Bluesnarfing is the theft of data from a Bluetooth phone.
Like Bluejacking, Bluesnarfing depends on the ability of Bluetooth-enabled devices to
detect and contact others nearby.
In theory, a Bluetooth user running the right software on their laptop can discover a
nearby phone, connect to it without your confirmation, and download your phonebook,
pictures of contacts and calendar.
Your mobile phone’s serial number can also be downloaded and used to clone the
You should turn off Bluetooth or set it to “undiscoverable”. The undiscoverable setting
allows you to continue using Bluetooth products like headsets, but means that your
phone is not visible to others.
5. Boot Sector Viruses
Boot sector viruses spread by modifying the program that enables your
computer to start up.
When you switch on a computer, the hardware looks for the boot sector program –
which is usually on the hard disk, but can be on a floppy disk or CD – and runs it. This
program then loads the rest of the operating system into memory.
A boot sector virus replaces the original boot sector with its own, modified version (and
usually hides the original somewhere else on the hard disk). When you next start up,
the infected boot sector is used and the virus becomes active.
You can only become infected if you boot up your computer from an infected disk, e.g.
a floppy disk that has an infected boot sector.
Boot sector viruses were the first type of virus to appear, and they are mostly quite old.
They are rarely encountered today.
6. Browser Hijackers
Browser hijackers change the default home and search pages in your
Some websites run a script that changes the settings in your browser without your
permission. This hijacker can add shortcuts to your “Favorites” folder or, more seriously,
can change the page that is first displayed when you open the browser.
You may find that you cannot change your browser’s start page back to your chosen
site. Some hijackers edit the Windows registry so that the hijacked settings are restored
every time you restart your computer. Others remove options from the browser’s tools
menu, so that you can’t reset the start page.
In every case, the intention is the same: to force you to visit a website. This inflates
the number of “hits” and the site’s ranking with search engines, which boosts the
advertising revenue that the site can earn.
Browser hijackers can be very tenacious. Some can be removed automatically by
security software. Others may need to be removed manually. In some cases, it is easier
to restore the computer to an earlier state or reinstall the operating system.
7. Chain Letters
An electronic chain letter is an email that urges you to forward copies
to other people.
Chain letters, like virus hoaxes, depend on you, rather than on computer code, to
propagate themselves. The main types are:
- Hoaxes about terrorist attacks, premium-rate phone line scams, thefts from ATMs
and so forth.
- False claims that companies are offering free flights, free mobile phones, or cash
rewards if you forward email.
- Messages, which purport to be from agencies like the CIA and FBI, warning about
dangerous criminals in your area.
- Petitions. Even if genuine, they continue to circulate long after their expiry date.
- Jokes and pranks, e.g. the claim that the internet would be closed for maintenance
on 1 April.
Chain letters don’t threaten your security, but they can waste time, spread
misinformation and distract users from genuine email.
They can also create unnecessary email traffic and slow down mail servers. In some
cases the chain letter encourages people to send email to certain addresses, so that
these are deluged with unsolicited mail.
The solution to the chain letter problem is simple: don’t forward such mail.
Cookies are files on your computer that enable websites to remember
When you visit a website, it can place a fi le called a cookie on your computer. This
enables the website to remember your details and track your visits. Cookies can be a
threat to confidentiality, but not to your data.
Cookies were designed to be helpful. For example, if you submit your ID when you visit
a website, a cookie can store this data, so that you don’t have to re-enter it next time.
Cookies also have benefits for webmasters, as they show which web pages are well used,
providing useful input when planning a redesign of the site.
Cookies are small text files and cannot harm your data. However, they can compromise
your confidentiality. Cookies can be stored on your computer without your knowledge or
consent, and they contain information about you in a form you can’t access easily. And
when you revisit the same website, this data is passed back to the web server, again
without your consent.
Websites gradually build up a profile of your browsing behavior and interests. This
information can be sold or shared with other sites, allowing advertisers to match ads
to your interests, ensure that consecutive ads are displayed as you visit different sites,
and track the number of times you have seen an ad.
If you prefer to remain anonymous, use the security settings on your internet browser to
9. Denial of Service attack (DoS)
A denial-of-service (DoS) attack prevents users from accessing a computer or website.
In a DoS attack, a hacker attempts to overload or shut down a computer, so that
legitimate users can no longer access it. Typical DoS attacks target web servers
and aim to make websites unavailable. No data is stolen or compromised, but the
interruption to the service can be costly for a company.
The most common type of DoS attack involves sending more traffic to a computer than
it can handle. Rudimentary methods include sending outsized data packets or sending
email attachments with names that are longer than permitted by the mail programs.
An attack can also exploit the way that a “session” of communications is established
when a user first contacts the computer. If the hacker sends many requests for a
connection rapidly and then fails to respond to the reply, the bogus requests are left in
a buffer for a while. Genuine users’ requests cannot be processed, so that they can’t
contact the computer.
Another method is to send an “IP ping” message (message requiring a response from
other computers) that appears to come from the victim’s computer. The message goes
out to a large number of computers, which all try to respond. The victim is flooded with
replies and the computer can no longer handle genuine traffic.
A distributed denial-of-service (DDoS) attack uses numerous computers to launch the attack. Typically, hackers use a virus or Trojan to open a “back door” on other people’s
computers and take control of them. These “zombie” computers can be used to launch
a coordinated denial-of-service attack.
Dialers change the number used for dial-up internet access to a premium-rate number.
Dialers are not always malicious. Legitimate companies that offer downloads or games
may expect you to use a premium-rate line to access their services. A pop-up prompts
you to download the dialer and tells you how much calls will cost.
Other dialers may install themselves without your knowledge when you click on a
pop-up message (for example, a message warning you about a virus on your computer
and offering a solution). These do not offer access to any special services – they simply
divert your connection so that you access the internet via a premium-rate number.
Broadband users are usually safe, even if a dialer installs itself. This is because
broadband doesn’t use regular phone numbers, and because broadband users don’t
usually have a dial-up modem connected.
Anti-virus software can detect and eliminate Trojan horse programs that install dialers.
11. Document Viruses
Document or “macro” viruses take advantage of macros – commands that are embedded in fi les and run automatically.
Many applications, such as word processing and spreadsheet programs, use macros.
A macro virus is a macro program that can copy itself and spread from one file to
another. If you open a file that contains a macro virus, the virus copies itself into the
application’s startup files. The computer is now infected.
When you next open a file using the same application, the virus infects that file. If your
computer is on a network, the infection can spread rapidly: when you send an infected
file to someone else, they can become infected too. A malicious macro can also make
changes to your documents or settings.
Macro viruses infect files used in most offices and some can infect several file types,
such as Word and Excel files. They can also spread to any platform on which their host
Macro viruses first appeared in the mid-1990s and rapidly became the most serious
virus threat of that time. Few viruses of this type are seen now.
12. Email Viruses
Many of the most prolifi c viruses distribute themselves automatically by email.
Typically, email-aware viruses depend on the user double-clicking on an attachment.
This runs the malicious code, which will then mail itself to other people from that
computer. The Netsky virus, for example, searches the computer for files that may
contain email addresses, and then uses the email client on your computer to send
itself to those addresses. Some viruses, like Sobig-F, don’t even need to use your email
client; they include their own “SMTP engine” for constructing and sending the email
Any attachment that you receive by email could carry a virus; and launching such an
attachment can infect your computer.
Even an attachment that appears to be a safe type of file, e.g. a file with a .txt
extension, can pose a threat. That file may be a malicious VBS script with the real file
type (.vbs) hidden from view.
Some viruses, such as Kakworm and Bubbleboy, can infect users as soon as they read
email, exploiting a vulnerability in the operating system or mail program. They look
like any other message but contain a hidden script that runs as soon as you open the
email, or even look at it in the preview pane (as long as you are using Outlook with the
right version of Internet Explorer). This script can change system settings and send the
virus to other users via email.
Email viruses may compromise your computer’s security or steal data, but their most
common effect is to create excessive email traffic and crash servers.
To avoid email viruses, you should run anti-virus software and avoid clicking on
unexpected attachments. You should also install the patches issued by software
vendors, as these can close down the vulnerabilities exploited by email viruses.
13. Internet Worms
Worms are programs that create copies of themselves and spread via internet connections.
Worms differ from computer viruses because they can propagate themselves, rather
than using a carrier program or file. They simply create exact copies of themselves and
use communication between computers to spread.
Internet worms can travel between connected computers by exploiting security “holes”
in the computer’s operating system. The Blaster worm, for example, takes advantage of
a weakness in the Remote Procedure Call service that runs on unpatched Windows NT,
2000 and XP computers and uses it to send a copy of itself to another computer.
Many viruses, such as MyDoom or Bagle, now behave like worms and use email to
A worm can have malicious effects. For example, it may use affected computers to
deluge websites with requests or data, causing them to crash (a “denial-of-service”
attack). Alternatively, it can encrypt a user’s files and make them unusable. In either
case, companies can be blackmailed.
Many worms open a “back door” on the computer, allowing hackers to take control of
it. Such computers can then be used to send spam mail.
Quite apart from such effects, the network traffic generated by a fast-spreading worm
can slow down communications. The Blaster worm, for example, creates a lot of traffic
on the internet as it spreads, slowing down communications or causing computers to
crash. Later it uses the affected computer to bombard a Microsoft website with data,
with the aim of making it inaccessible.
Microsoft (and other operating system vendors) issue patches to fix security loopholes in
their software. You should update your computer regularly by visiting the vendor’s website.
14. Mobile Phone Viruses
Mobiles can be infected by worms that spread themselves via the mobile phone network.
In 2004, the first mobile phone worm was written. The Cabir-A worm affects phones
that use the Symbian operating system, and is transmitted as a telephone game file (an
SIS file). If you launch the file, a message appears on the screen, and the worm is run
each time you turn the phone on thereafter. Cabir-A searches for other mobile phones
nearby using Bluetooth technology, and sends itself to the first it finds.
There are also conventional viruses that send messages to mobile phones. For example,
Timo-A uses computer modems to send text (SMS) messages to selected mobile
numbers, but in cases like these the virus can’t infect or harm the mobile phone.
Until now, the risks for mobile phones have been few. The reason could be that they
use many different operating systems, and that the software and device characteristics
change so rapidly.
Mousetrapping prevents you from leaving a website.
If you are redirected to a bogus website, you may find that you cannot quit with the
back or close buttons. In some cases, entering a new web address does not enable you
to escape either.
The site that mousetraps you will either not allow you to visit another address, or will
open another browser window displaying the same site. Some mousetraps let you quit
after a number of attempts, but others do not.
To escape, use a bookmark or “Favorite”, or open the list of recently-visited addresses
and select the next-to-last. You can also press Ctrl+Alt+Del and use the Task Manager
to shut down the browser or, if that fails, restart the computer.
browser. This prevents you from being trapped at sites that use this script, but it also
affects the look and feel of websites.
There are still 19 types of computer security threats that i will share to you next time. Keep on visiting this site or you can subscribe to our RSS feeds or follow us on twitter.
Share your thoughts on the comment section below.
16. Obfuscated spam
Obfuscated spam is email that has been disguised in an attempt to fool anti-spam software.
Spammers are constantly trying to find ways to modify or conceal their messages so that
your anti-spam software can’t read them, but you can.
The simplest example of this “obfuscation” is putting spaces between the letters of
words, hoping that anti-spam software will not read the letters as one word, for example
V I A G R A
Another common technique is to use misspellings or non-standard characters, for example
These tricks are easily detected.
More advanced techniques exploit the use of HTML code (normally used for writing
web pages) in email. This allows the spammer to write messages that anti-spam
software “sees” quite differently from the way you see them.
For example, words can be written using special numerical HTML codes for each letter,
e.g. instead of “Viagra”, you can write
HTML can also allow the reader to see one message, while the anti-spam software sees
another, more innocent one. The more innocent message is in the same color as the
<body bgcolor=white> Viagra
<font color=white>Hi, Johnny! It was nice to have dinner with you. </font></body>
Spammers often include large amounts of hidden text, often cut from online reference
books, to try to fool anti-spam software that assesses mail according to the frequency
of certain key words.
Page-jacking is the use of replicas of reputable web pages to catch users and redirect them to other websites.
Scammers copy pages from an established website and put them on a new site that
appears to be legitimate. They register this new site with major search engines, so that
users doing a search find and follow links to it. When the user arrives at the website,
they are automatically redirected to a different site that displays advertising or offers
of different services. They may also find that they cannot escape from the site without
restarting their computer (just like mousetrapping).
Scammers use page-jacking to increase the number of visitors to a website. That
means that their site commands more advertising revenue and is also more valuable if
they decide to sell it. Alternatively, the scammer can redirect users to another site and
claim a fee for “referring” visitors to that site.
Page-jacking annoys users and can confront them with offensive material. It also
reduces revenue for legitimate websites, and makes search engines less useful.
In some cases, page-jacking is used in phishing attacks.
To avoid page-jacking, use a bookmark or “Favorite” (but you must be sure that you did
not set up the favorite at a page-jacked site), or type the desired website address (the
URL) in directly.
18. Palmtop viruses
Palmtops or PDAs provide new opportunities for viruses, but so far
virus writers have shown little interest.
Palmtops or PDAs run special operating systems – such as Palm and Microsoft
PocketPC. These are vulnerable to malicious code, but so far the risks are low.
There are currently only a few items of known malware written for Palm. Virus writers prefer to target desktop systems, perhaps because they are more popular and allow viruses to spread rapidly via email and the internet.
The real risk at present is that your palmtop will act as a carrier. When you connect
it to a home or office PC to synchronize data, a virus that is harmless on the palmtop
could spread to the PC, where it can do harm.
19. Parasitic viruses
Parasitic viruses, also known as fi le viruses, spread by attaching themselves to programs.
When you start a program infected with a parasitic virus, the virus code is run. To hide
itself, the virus then passes control back to the original program.
The operating system on your computer sees the virus as part of the program you were
trying to run and gives it the same rights. These rights allow the virus to copy itself,
install itself in memory or make changes on your computer.
Parasitic viruses appeared early in virus history but they can still pose a threat.
Pharming redirects you from a legitimate website to a bogus copy, allowing criminals to steal the information you enter.
Pharming exploits the way that website addresses are composed.
Each computer on the internet has a numerical “IP address”, e.g. 127.0.0.1. However,
these are not easy to remember, so web addresses also have a domain name, like
sophos.com. Every time you type in an address, the domain name has to be turned
back into the IP address. A DNS or Domain Name Server on the internet handles this,
unless a “local host file” on your computer has already done it.
Hackers can subvert this process in two ways. They can send out a Trojan horse that
rewrites the local host file on your PC, so that it associates the domain name with a
bogus website. You are then directed to that site, even though you enter the correct
address. Alternatively, they can “poison” the DNS directory, i.e. alter it so that anyone
who tries to visit that address is directed to the bogus site.
To avoid pharming, make sure that you use secure web connections when you access
sensitive sites. Just look for the https:// prefix in the web address. If a hacker tries to
mimic a secure site, a message will warn you that the site’s certificate does not match
the address being visited.
If you see a warning that a site’s certificate is not valid or not issued by a trusted
authority, you should not enter the site.
There are also software solutions. Some software can display a warning if you enter
personal information in reply to an unknown email address. Other utilities can check to
see if websites or IP addresses are blacklisted.
Phishing is the use of bogus emails and websites to trick you into supplying confi dential or personal information.
Typically, you receive an email that appears to come from a reputable organization,
such as a bank. The email includes what appears to be a link to the organization’s
website. However, if you follow the link, you are connected to a replica of the website.
Any details you enter, such as account numbers, PINs or passwords, can be stolen and
used by the hackers who created the bogus site.
Sometimes the link displays the genuine web site, but superimposes a bogus pop-up
window. You can see the address of the real website in the background, but details you
enter in the pop-up window can be stolen.
Sometimes the hacker uses a technique called “cross-site scripting (XSS)”: the link takes you to the correct website, but subverts it by pulling in content from elsewhere. Once again,
the part of the site where you enter information is controlled by the hacker.
Phishing had its origins in the 1990s, when scammers used the technique to collect
AOL account details so that they could gain free internet access. The details were
called “phish” because they were gathered by “fishing” for users. The “ph” imitates the
spelling of “phreaker”, the term for those who used to hack into the telephone network.
You should always be wary about emails that use generic salutations, e.g. “Dear
Customer”, and about following links sent to you in emails. Instead, you should enter
the website address in the address field and then navigate to the right page, or use a
bookmark or a “Favorite” link. Even if you enter the address, there is a risk of being
redirected to a bogus site (see Pharming above), so you should always exercise caution.
Anti-spam software can block many phishing-related emails. Some software can detect
phishing content on web pages or in email, and can provide a toolbar that shows the
real domain for the website you are following a link to.