Keep in touch!
What's happening in the world of Forensic Accounting?
Join now to read our latest blog and stay in the loop.
Adware is software that displays advertisements on your computer.
Adware, or advertising-supported software, displays advertising banners or pop-ups on your computer when you use an application. This is not necessarily a bad thing. Such advertising can fund the development of useful software, which is then distributed free (for example, the Opera web browser).
However, adware becomes a problem if it:
Adware can slow down your PC. It can also slow down your internet connection by downloading advertisements. Sometimes programming flaws in the adware can make your computer unstable.
Advertising pop-ups can also distract you and waste your time if they have to be closed before you can continue using your PC.
Some anti-virus programs detect adware and report it as “potentially unwanted applications’ you can then either authorize the adware program or remove it from the computer. There are also dedicated programs for detecting adware.
Anonymizing proxies allow the user to hide their web browsing activity. They are often used to bypass web security filters, for example to access blocked sites from a work computer.
Anonymizing proxies hold significant risks for organizations:
A backdoor Trojan allows someone to take control of another user’s computer via the Internet without their permission.
A backdoor Trojan may pose as legitimate software to fool users into running it. Alternatively – as is now increasingly common – users may allow Trojans onto their computer by following a link in spam mail or visiting a malicious web page.
Once the Trojan runs, it adds itself to the computer’s start up routine. It can then monitor the computer until the user is connected to the Internet. When the computer goes online, the person who sent the Trojan can perform many actions – for example, run programs on the infected computer, access personal files, modify and upload files, track the user’s keystrokes, or send out spam email.
Well-known backdoor Trojans include Zapchast, Subseven, BackOrifice and, more recently, PcClient.
To avoid backdoor Trojans, you should keep your computers up to date with the latest patches (to close down vulnerabilities in the operating system), and run anti-spam and anti-virus software. You should also run a firewall, which can prevent Trojans from accessing the internet to make contact with the hacker.
Boot sector malware spreads by modifying the program that enables your computer to start up.
When you turn on a computer, the hardware looks for the boot sector program, which is usually on the hard disk (but can be on a floppy disk or CD), and runs it. This program then loads the rest of the operating system into memory. Boot sector malware replaces the original boot sector with its own, modified version (and usually hides the original somewhere else on the hard disk). The next time you start up, the infected boot sector is used and the malware becomes active.
You can only become infected if you boot up your computer from an infected disk (e.g., a floppy disk that has an infected boot sector).
Boot sector malware is rare today, although more recent examples include Mebroot, also known as Sinowal, a password-stealing Trojan for the Windows platform.
A botnet is o collection of infected computers that are remotely controlled by a hacker.
Once a computer is infected with a bot, the hacker can control the computer remotely via the internet. From then on, the computer is a “zombie,” doing the bidding of the hacker, although the user is completely unaware. Collectively, such computers are called a botnet.
The hacker can share or sell access to control the botnet, allowing others to use it for malicious purposes.
For example, a spammer can use a botnet to send out spam email. Up to 99% of all spam is now distributed in this way. This enables the spammers to avoid detection and to get around any blacklisting applied to their own servers. It can also reduce their costs because the computer’s owner is paying for the internet access.
— Hackers can also use zombies to launch a distributed denial-of-service attack, also known as a DDoS. They arrange for thousands of computers to attempt to access the same website simultaneously, so that the web server is unable to handle all the requests reaching it. The website thus becomes inaccessible.
Browser hijackers change the default home and search pages in your internet browser without your permission.
You may find that you cannot change your browser’s homepage once it has been hijacked. Some hijackers edit the Windows registry so that the hijacked settings are restored every time you restart your computer. Others remove options from the browser’s tools menu, so that you can’t reset the start page.
Browser hijacking is used to boost advertising revenue and inflate a site’s page ranking in search results.
Browser hijackers can be very tenacious. Some can be removed automatically by security software. Others may need to be removed manually. In some cases, it is easier to restore the computer to an earlier state or reinstall the operating system.
A brute force attack is one in which hackers try a large number of possible key or password combinations to gain unauthorized access to a system or file.
Brute force attacks are often used to defeat a cryptographic scheme, such as those secured by passwords. Hackers use computer programs to try a very large number of passwords to decrypt the message or access the system. To prevent brute force attacks, it is important to make your passwords as secure as possible.
An electronic chain letter is an email that urges you to forward copies to other people.
Chain letters, like virus hoaxes, depend on you, rather than on computer code, to propagate themselves. The main types are:
Chain letters don’t threaten your security, but they can waste time, spread misinformation and distract users from genuine email.
They can also create unnecessary email traffic and slow down mail servers. In some cases, the chain letter encourages people to send email to certain addresses so that they are deluged with unsolicited mail.
The solution to the chain letter problem is simple: Don’t forward such mail.
A command and control centre (C&C) is a computer that controls a botnet (i.e., a network of compromised or zombie computers). Some botnets use distributed command and control systems making them more resilient.
From the command and control centre, hackers can instruct multiple computers to perform their desired activities. Command and control centres are often used to launch distributed denial-of-service attacks because they can instruct a vast number of computers to perform the same action at the same time.
Cookies are files, placed on your computer that enables websites to remember websites.
When you visit a website, it can place a file called a cookie on your computer. This enables the website to remember your details and track your visits. Cookies can be a threat to confidentiality, but not to your data.
Cookies were designed to be helpful. For example, if you submit your ID when you visit a website, a cookie can store this data so you don’t have to re-enter it the next time. Cookies also have benefits for webmasters, as they show which webpages are well- used, providing useful input when planning a redesign of the site.
Cookies are small text files and cannot harm your data. However, they can compromise your confidentiality. Cookies can be stored on your computer without your knowledge or consent, and they contain information about you in a form you can’t access easily. And when you revisit the same website, this data is passed back to the web server, again without your consent.
Websites gradually build up a profile of your browsing behaviour and interests. This information can be sold or shared with other sites, allowing advertisers to match ads to your interests, ensure that consecutive ads are displayed as you visit different sites, and track the number of times you have seen an ad.
If you prefer to remain anonymous, use the security settings on your internet browser to disable cookies.
Data theft is the deliberate theft of information, rather than its accidental loss.
Data theft can take place both inside an organization (e.g., by a disgruntled employee), or by criminals outside the organization.
In one example, hackers broke into a Virginia government website, stealing the details of almost 8.3 million patients, and threatened to auction them to the highest bidder. In another, a former Goldman Sachs employee uploaded the company’s secret source code to an FTP server in Germany.
Criminals often use malware to access a computer and steal data. A common approach is to use a Trojan to install keylogging software that tracks everything the user types, including usernames and passwords, before using this information to access the user’s bank account.
Data theft also occurs when devices containing data, such as laptops or USB drives, are stolen.
Data loss is the result of the accidental misplacement of data, rather than its deliberate theft.
Data loss frequently occurs through the loss of a device containing data, such as a laptop, CD-ROM, mobile phone or USB stick. When these are lost, the data is at risk of falling into the wrong hands unless an effective data security technique is used.
A denial of service (DoS) attack prevents users from accessing a computer or website.
In A DoS attack, a hacker attempts to overload or shutdown a service so that legitimate users can no longer access it. Typical DoS attacks target web servers and aim to make websites unavailable. No data is stolen or compromised, but the interruption to the service can be costly for a company.
The most common type of DoS attack involves sending more traffic to a computer than it can handle. There are a variety of methods for DoS attacks, but the simplest and most common is to utilise a botnet to flood a web server with requests.
Document malware takes advantage of embedded script or macro content in document files.
Macro viruses infecting Microsoft Office documents first appeared in the mid-1 990s and rapidly became the most serious threat of that time. More recently there has been a resurgence in document malware, with cybercriminals turning their attention to other -widespread and trusted document formats such as PDFs, and even Aut0CAD.
By embedding malicious content within documents, hackers can exploit vulnerabilities in the host applications used for opening the documents.
A drive-by download is the infection of a computer with malware when a user visits a malicious website.
Drive-by downloads occur without the knowledge of the user. Simply visiting an infected website may be sufficient for the malware to be downloaded and run on a computer. Vulnerabilities in a user’s browser (and browser plug-ins) are exploited in order to infect them.
Hackers continually attack legitimate websites in order to compromise them, injecting malicious code into their pages. Then, when a user browses that legitimate (but compromised) site, the injected code is loaded by his/her browser, which initiates the drive-by attack. In this manner, the hacker can infect users without having to trick them into browsing a specific site.
To defend against drive-by downloads, you should have effective endpoint security software coupled with web security filtering.
An exploit takes advantage of a vulnerability in order to access or infect a computer.
Usually an exploit takes advantage of a specific vulnerability in an application and so becomes obsolete when that vulnerability is patched. Zero-day exploits are those that are used or shared by hackers before the software vendor knows about the vulnerability (and so before there is any patch available).
Secure against exploits, you should ensure your anti-virus or endpoint security are is active and your computers are fully patched. Buffer overflow protection BOP) technology can provide effective protection against many exploits. Client firewalls first defense against many exploits and should be deployed throughout an Urbanization, not simply on mobile assets.
Fake anti-virus malware reports non-existent threats in order to scare the user into paying for unnecessary product registration and clean-up.
Fake anti-virus malware is commonly known as scareware. Typically it is installed through malicious websites and takes the form of fake online scans. Cybercriminals attract traffic to these sites by sending out spam messages containing links or by compromising legitimate websites. Frequently they also attempt to poison the results of popular search engines so that users access the malicious distribution sites when conducting a search.
Fake anti-virus malware is financially motivated and is a big earner for cybercriminals. The large profits enable significant resources to be invested into its creation and distribution. Hacking gangs are proficient at rapidly producing professional-looking bogus websites that pose as legitimate security vendors.
Using up to date, legitimate anti-virus or endpoint security software will protect you against fake anti-virus software.
A honeypot is a form of trap that is used to detect hacking attack Worms are viruses that create copies of themselves across the or collect malware samples.
There are many different types of honeypots. Some consist of machines connected Worms differ from computer viruses because they can propagate themselves, rather to the network that are used to capture network worms.
Honeypots are frequently used by security specialists in order to gather information about current threats and attacks.
Worms are viruses that create copies of themselves across the internet.
Others provide fake network than using a carrier program or file.
Worms differ from computer viruses because they propagate themselves, rather than using a computer carrier program or file.
They simply create exact copies of themselves use communication between computers to spread.
The Conficker worm is an example of an internet worm that exploits a system vulnerability in order to infect machines over the network. Such worms are capable of spreading very rapidly, infecting large numbers of machines.
Some worms open a “back door’ on the computer, allowing hackers to take control of it. Such computers can then be used to send spam mail.
Operating system vendors regularly issue patches to fix security loopholes in their software. You should update your computer regularly by using Windows Update or selecting the Apple logo and choosing software updates.
In-the-cloud detection uses real-time online checking of data in order to detect threats.
The goal of in-the-cloud detection is to reduce the time taken for a security product to use a new malware signature. By querying data published online (i.e., “in the cloud”), passwords, credit card details and other sensitive data.
In-the-cloud detection offers a very rapid response to new threats as they are discovered, but it has the drawback that it requires an Internet connection in order to do the checking.
Keylogging is when keystrokes are surreptitiously recorded by an unauthorised third party.
This is a common payload in malware because it is an effective way to steal usernames, passwords, credit cards details and other sensitive data.
Malware is a general term for malicious software including viruses, worms, Trojan horses and spyware. Many people use the terms malware and viruses interchangeably.
Anti-virus software usually detects a wider range of threats than just viruses.
Non-compliance is the failure to comply with local, federal or industry regulations regarding data privacy and security.
Non-compliance can be costly. Organizations may incur fines, suffer a loss of reputation or even face legal action.
Parasitic viruses, also known as file viruses, spread by attaching themselves to programs.
When you start a program infected with a parasitic virus, the virus code is run. To hide itself, the virus then passes control back to the original program.
The operating system on your computer sees the virus as part of the program you were trying to run and gives it the same rights. These rights allow the virus to copy itself, install itself in memory or make changes on your computer. Parasitic viruses appeared early in virus history and then became quite rare. However, they are now becoming more common again with recent examples including Sality, Virut and Vetor.
Patches are software add-ons designed to fix software bugs, including security, in operating systems or applications.
Patching against new security vulnerabilities is critical to protect against malware. Many high-profile threats take advantage of security vulnerabilities, such as Conficker. If your patches are not applied or not up to date, you risk leaving your computer open to hackers.
To stay abreast of the latest vulnerabilities and patches, subscribe to vulnerability mailing to lists. Most reputable vendors offer such a service.
Organizations should ensure that all computers connecting to their network abide by a fined security policy that includes having the latest security patches in place.
Phishing refers to the process of tricking recipients into sharing sensitive information with an unknown third party.
Typically, you receive an email that appears to come from a reputable organization, such a bank. The email includes what appears to be a link to the organization’s website. However, if you follow the link, you are connected to a replica of the website. Any details u enter, such as account numbers, PINs or passwords, can be stolen and used by the hackers who created the bogus site.
Sometimes the link displays the genuine website but superimposes a bogus pop-up window. You can see the address of the real website in the background, but the details you enter in the pop-up window can be stolen.
Phishing originated in the 1990s, when scammers used the technique to collect AOL account details so that they could gain free internet access. The details were called phish because they were gathered by “fishing” for users. The “ph” imitates the spelling of “phreaker” the term for those who hacked into the telephone network.
To better protect against phishing attacks, it is good practice not to click on links in email messages. Instead, you should enter the website address in the address field and then navigate to the correct page, or use a bookmark or a Favourite link.
Phishing attacks via email are beginning to include an off line aspect to convince users are well trained to still leak information; we have seen phishing schemes use phone numbers and fax numbers in addition to websites.
Anti-Spam software can block many phishing-related emails and web security software block access to phishing-related websites.
Potentially unwanted applications are programs that are not malicious but may be unsuitable for use in a business environment.
Some applications are non-malicious and possibly useful in the right context, but are not suitable for company networks. Examples are adware, dialers, non-malicious spyware, tools for administering PCs remotely and hacking tools.
Certain anti-virus and endpoint security programs can detect such applications on user’s computers and report them. The administrator can then either authorize the applications ruse or remove them from the computers.
Rootkit is a piece of software that hides programs or processes running on a computer. It is often used to conceal computer misuse or data theft.
A significant proportion of current malware installs rootkits upon infection to hide its activity.
Rootkit can hide keystroke loggers or password sniffers, which capture confidential information and send it to hackers via the internet. It can also allow hackers to use the computer for illicit purposes (e.g., launching a denial-of-service attack against other computers, or sending out spam email) without the user’s knowledge.
Endpoint security products now often detect and remove rootkits as part of their standard Malware routines, although some rootkits require a standalone removal tool to effectively remove them.
Social engineering refers to the tricks attackers use to fool victims into performing an action. Typically, these actions are opening malicious webpage or running on unwanted file attachment.
Many social engineering efforts are focused on tricking users into disclosing username or passwords, enabling attackers to send messages as an internal user to further their data acquisition attempts.
In March 2009, hackers distributed personalized emails posing as breaking news from Reuters-related website of a bomb blast in the recipients’ city. Clicking on the link in the email took users to a webpage that installed malicious code and video footage, which then downloaded the Waled malware.
Social networking websites allow you to communicate and share information. But they can also be used to spread malware and to steal personal information.
Such sites sometimes have lax security which enables criminals to access personal information that can be used to hack into computers, bank accounts and other secure sites.
These sites can also be used for phishing exploits. For example, in 2009 Twitter users received messages from their online followers encouraging them to visit a website that attempted to steal their username and password. The same year, hackers accessed a politician’s Facebook account and used it to send messages to contacts, directing to a malicious webpage.
To prevent social networking threats, you should run web security solutions that check any link and webpage as it is clicked to see if it contains malware or suspicious activity. It should also ensure that your anti-virus or endpoint security is active.
Spam is unsolicited commercial email, the electronic equivalent the junk mail that comes to your mailbox.
Spammers often disguise their email in an attempt to evade anti-spam software.
More than 99% of all Spam comes from compromised computers, infected machines that are part of a botnet. Spam is often profitable: Spammers can send millions of emails in a single campaign at a negligible cost. If even one recipient out of 10,000 makes a purchase, the spammer can turn a profit.
Spammers are now also exploiting the popularity of instant messaging and social networking sites such as Facebook and Twitter to avoid Spam filters and to trick users into revealing sensitive and financial information.
Email spoofing is when the sender address of an email is forged for the purposes of social engineering.
Spoofing can be put to a number of malicious uses.
Phishers (criminals who trick users into revealing confidential information) use spoofed sender addresses to make it appear that their email comes from a trusted source, such as your bank. The email can redirect you to a bogus website (e.g., an imitation of an online banking site), where your account details and password can be stolen.
Phishers can also send email that appears to come from inside your own organization (from a system administrator), asking you to change your password or confirm your details.
Criminals who use email for scams or frauds can use spoofed addresses to cover their tracks and avoid detection.
Spammers can use a spoofed sender address to make it appear that an innocent individual or company is sending out spam. Another advantage for them is that they are not inundated with non-delivery messages to their own email address.
Spyware is software that enables advertisers or hackers to gather information without your permission.
You can get spyware on your computer when you visit certain websites. A pop-up message may prompt you to download a software utility that it says you need, or software y be downloaded automatically without your knowledge.
When spyware runs on the computer, it may track your activity (e.g., visits to websites) and report it to unauthorized third parties, such as advertisers. Spyware consumes memory and processing capacity, which may slow or crash the computer. Good anti-virus and endpoint security solutions can detect and remove spyware programs, which are treated as a type of Trojan.
When a file is scanned, it is labelled as clean or malicious. If a file a number of questionable characteristics, it is labelled as suspicious.
Suspicious behaviour refers to files exhibiting questionable behaviour, such as copying themselves to a system folder, when they are run on a computer.
Runtime protection helps protect against suspicious files by analysing the behaviour the programs running on your computer and blocking any activity that looks as if it could be malicious.
Trojan horses are programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.
Trojan horse is an umbrella term under which many types of malware sits: bots, backdoor Trojans and downloader Trojans.
A significant percentage of today’s malware is Trojans.
Trojan program claims to have one function—and may even appear to carry it out—but actually does something different, usually without your knowledge. Trojans are often distributed with pirated software applications and keygens that create illegal license codes downloadable software.
Vulnerabilities are bugs in software programs that hackers exploit to infect computers.
Security vulnerabilities leave users susceptible to attacks and can be present in any software product. Responsible software vendors, when aware of the problem, create and issue patches, which address the problem.
There are companies that pay researchers or ethical hackers for new vulnerabilities. There are also hackers that sell new vulnerabilities on the black market. These zero-day attacks refer to vulnerabilities being exploited before a patch is available.
To avoid vulnerabilities, your operating system and any installed applications need to be running the latest available patches.
A zombie is an infected computer that is remotely controlled by a hacker. It is often part of a botnet, which is a network of many zombie, or bot, computers.
Once a hacker can control the computer remotely via the internet, the computer is a zombie.
Send this to a friend