Learning CenterThe 11 most common c

Learning Center

The 11 most common computer security threats… And what you can do to protect yourself from them.

How safe are you?
The 11 most common computer security threats… And what you can do to protect yourself from them.
Contrary to popular belief, you are not safe with antivirus software alone. Cyber-criminals and unscrupulous businesses are constantly devising new ways to hijack your computer, capture your personal information or steal your money. In this article, we profile the 11 most common security threats, classified by prevalence in descending order, and what you can do to protect yourself from them. In our article titled Designing Your Own Computer Security Architecture For Total Protection we examine how you can put in place a simple yet comprehensive infrastructure to protect yourself from ALL types of threats.


THREAT #1: VIRUS

Description:
A virus is a piece of software that can replicate itself and infect a computer without the permission or knowledge of the user. A virus can only spread when it is transmitted by a user over a network or the Internet, or through removable media such as CDs or memory sticks. Viruses are sometimes confused with worms and Trojan horses, or used incorrectly to refer to malware.

Danger level: High
Prevalence: Extremely High

Worst case damage:
Some viruses delete files, reformat the hard disk or cause other damage. Others only replicate themselves and may present text, video, or audio messages. While they are not designed to do damage, even these viruses take up memory and may cause erratic behavior, system crashes and loss of data.

Prevention, detection and removal:
Antivirus software detects and eliminates known viruses. The two most common methods used to detect viruses are:

Using a list of virus signature definitions: the antivirus software examines files stored in memory or on fixed or removable drives and compares them against a database of known virus “signatures” e.g. source code patterns. This protection is only effective against known viruses and users must keep their signature files up-to-date in order to be protected.
Using a heuristic algorithm to detect viruses based on behavioral patterns:the advantage of this method is that it can detect viruses that were not previously known or for which a signature does not yet exist.
Apart from directly detecting and removing viruses, users can minimize damage by making regular backups of data and the operating system on different media. These backups should be kept disconnected from the system (most of the time), be read-only or not be accessible for other reasons (for instance because they use different file systems).
To restore a system that has been infected by a virus, Windows XP and Windows Vista provide a tool known as System Restore. This tool restores the registry and critical system files to a previous checkpoint (point in time).

THREAT #2: SPAM / SPIM / SPIT

Description:

SPAM is electronic junk email. The amount of spam has now reached 90 billion messages a day. Email addresses are collected from chat rooms, websites, newsgroups and by Trojans which harvest users’ address books.

SPIM is spam sent via instant messaging systems such as Yahoo! Messenger, MSN Messenger and ICQ.

SPIT is Spam over Internet Telephony. These are unwanted, automatically-dialed, pre-recorded phone calls using Voice over Internet Protocol (VoIP).

Danger level: Low
Prevalence: Extremely High

Worst case damage:
Spam can clog a personal mailbox, overload mail servers and impact network performance. On the other hand, efforts to control spam such as by using spam filters run the risk of filtering out legitimate email messages. Perhaps the real danger of spam is not so much in being a recipient of it as inadvertently becoming a transmitter of it. Spammers frequently take control of computers and use them to distribute spam, perhaps the use of a botnet. Once a user’s computer is compromised, their personal information may also be illegally acquired.

Prevention, detection and removal:
ISPs attempt to choke the flood of spam by examining the information being sent and traffic patterns. User systems may use spam filters to screen out email messages with suspect titles or from suspect persons, as well email messages from blocked senders.

THREAT #3: SPOOFING, PHISHING AND PHARMING

Description:

Spoofing is an attack in which a person or program masquerades as another. A common tactic is to spoof a URL or website (see phishing).

Phishing (pronounced “fishing”) is a common form of spoofing in which a phony web page is produced that looks just like a legitimate web page. The phony page is on a server under the control of the attacker. Criminals try to trick users into thinking that they are connected to a trusted site, and then harvest user names, passwords, credit card details and other sensitive information. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging. The email message claims to be from a legitimate source but when the user clicks on the link provided, he or she lands on the fake web page.

Pharming (pronounced “farming”) is an attack in which a hacker attempts to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses — the servers are the “signposts” of the Internet.

Danger level: High
Prevalence: Extremely High

Worst case damage:
Once personal information is acquired, spoofers, phishers or pharmers may use a person’s details to make transactions or create fake accounts in a victim’s name. They can ruin the victims’ credit rating or even deny the victims access to their own accounts.

Prevention, detection and removal:
As spoofing, phishing, and to a lesser extent, pharming, rely on tricking users rather than advanced technology, the best way to handle these threats is through vigilance. Don’t open emails from unknown sources or click on links embedded in suspect messages. Check the security guidelines of websites such as PayPal so that you can distinguish between legitimate and bogus emails. Also, rather than clicking on the link embedded in an email, you can type the general link in your web browser (e.g. http://www.paypal.com).

THREAT #4: SPYWARE

Description:
Spyware is software that is secretly installed on a computer without the user’s consent. It monitors user activity or interferes with user control over a personal computer.
Danger level: High
Prevalence: High

Worst case damage:
Spyware programs can collect various types of personal information, such as websites visited, credit card details, usernames or passwords, as well as install other malware, redirect web browsers to malicious websites, divert advertising revenue to a third party or change computer settings (often leading to degraded or unstable system performance, slow connection speeds or different home pages).

Prevention, detection and removal: Anti-spyware programs can combat spyware in two ways:

1 Real-time protection: these programs work just like anti-virus software. They scan all incoming network traffic for spyware software and block any threats that are detected.
2 Detection and removal: users schedule daily, weekly, or monthly scans of their computer to detect and remove any spyware software that has been installed. These antispyware programs scan the contents of the Windows registry, operating system files, and programs installed on your computer. They then provide a list of threats found, allowing the user to choose what to delete and what to keep.
Some popular antispyware programs are Spybot - Search & Destroy, PC Tools’ Spyware Doctor, as well as commercial offerings from Symantec, McAfee, and Zone Alarm.

THREAT #5: KEYSTROKE LOGGING (KEYLOGGING)

Description:
A keylogger is a software program that is installed on a computer, often by a Trojan horse or virus. Keyloggers capture and record user keystrokes. The data captured is then transmitted to a remote computer.

Danger level: High
Prevalence: High

Worst case damage:
While keyloggers will not damage your computer system per se, because they can capture passwords, credit card numbers and other sensitive data, they should be regarded as a serious threat.

Prevention, detection and removal:
Currently there is no easy way to prevent keylogging. For the time being, therefore, the best strategy is to use common sense and a combination of several methods:
Monitoring which programs are running: a user should constantly be aware of which programs are installed on his or her machine.
Antispyware: antispyware applications are able to detect many keyloggers and remove them.
Firewall: enabling a firewall does not stop keyloggers per se, but it may prevent transmission of the logged material, if properly configured.
Network monitors: also known as reverse-firewalls, network monitors can be used to alert the user whenever an application attempts to make a network connection. The user may then be able to prevent the keylogger from transmitting the logged data.
Anti-keylogging software:keylogger detection software packages use “signatures” from a list of all known keyloggers to identify and remove them. Other detection software doesn’t use a signature list, but instead analyzes the working methods of modules in the PC, and blocks suspected keylogging software. A drawback of the latter approach is that legitimate, non-keylogging software may also be blocked. : some k

THREAT #6: ADWARE

Description:

Adware is software which automatically plays, displays, or downloads advertisements to a computer. The adware runs either after a software program has been installed on a computer or while the application is being