1.7.
1 Malware
Malware is probably the most common threat to any system, including home users’ systems,
small networks, and large enterprise wide-area networks. One reason is that malware is designed
to spread on its own, without the creator of the malware having to be directly involved. This
makes the malware attack much easier to spread across the Internet, and hence more widespread.
The most obvious example of malware is the computer virus. You probably have a general idea
of what a virus is. If you consult different textbooks you will probably see the definition of a
virus worded slightly differently. One definition for a virus is “a program that can ‘infect’ other
programs by modifying them to include a possibly evolved copy of itself.”
A computer virus is analogous to a biological virus in that both replicate and spread. The most
common method for spreading a virus is using the victim's e-mail account to spread the virus to
everyone in his address book. Some viruses do not actually harm the system itself, but all of
them cause network slowdowns or shutdowns due to the heavy network traffic caused by the
virus replication.
Another type of malware, often closely related to the virus, is the Trojan horse. The term is
borrowed from the ancient tale. In this tale, the city of Troy was besieged for a long period of
time, but the attackers could not gain entrance. They constructed a huge wooden horse and left it
one night in front of the gates to Troy. The next morning, the residents of Troy saw the horse and
assumed it a gift, consequently rolling the wooden horse into the city. Unbeknownst to them,
several soldiers were hidden inside the horse. That evening, the soldiers left the horse, opened
the city gates, and let their fellow attackers into the city. An electronic Trojan horse works in the
same manner, appearing to be benign software but secretly downloading a virus or some other
type of malware onto your computer. In short, you have an enticing gift that you install on your
computer, and later find out it has unleashed something quite different from what you expected.
It is a fact that Trojan horses are more likely to be found in illegitimate software. There are many
places on the Internet to get pirated copies of commercial software. Finding that such software is
actually part of a Trojan horse is not at all uncommon. Trojan horses and viruses are the two
most widely encountered forms of malware.
A third category of malware is spyware, which is increasing in a dramatic pace. Spyware is
software that literally spies on what you do on your computer. This can be as simple as a cookie,
a text file that your browser creates and stores on your hard drive. Cookies are downloaded onto
your machine by websites you visit. This text file is then used to recognise you when you return
to the same site. That file can enable you to access pages more quickly and save you from having
to enter your information multiple times on pages you visit frequently. However, in order to do
this, that file must be read by the website; this means it can also be read by other websites. Any
data that the file saves can be retrieved by any website, so your entire Internet browsing history
can be tracked.
Another form of spyware, called a key logger, records all of your keystrokes. Some also take
periodic screen shots of your computer. Data is then either stored for retrieval later by the party
�who installed the key logger or is sent immediately back via e-mail. In either case, everything
you do on your computer is recorded for the interested party.
1.7.2 Intrusions
Intrusions are those attacks that are actually trying to intrude into the system. They are different
from attacks that simply deny users access to the system (blocking), or attacks that are not
focused on a particular target such as viruses and worms (malware). Intrusion attacks are
designed to gain access to a specific targeted system and are commonly referred to as hacking,
although that is not the term hackers use. Hackers call this type of attack cracking, which means
intruding onto a system without permission, usually with malicious intent. Any attack designed
to breach security, either via some operating system flaw or any other means, can be classified as
cracking. Using security flaws is not the only method for intruding into a system. In fact, some
methods can be technologically much easier to execute. For example, one completely not
technologically based method for breaching a system's security is called social engineering,
which, as the name implies, relies more on human nature than technology. This was the type
of attack that the famous hacker Kevin Mitnick most often used. Social engineering uses
techniques to get users to offer up the information needed to gain access to a target system. The
way this method works is rather simple.
The perpetrator obtains preliminary information about a target organisation, such as the name of
its system administrator, and leverages it to gain additional information from the system's users.
For example, he might call someone in accounting and claim to be one of the company’s
technical support personnel. The intruder could use the system administrator's name to validate
that claim. He could then ask various questions to learn additional details about the system's
specifications. A well-informed intruder might even get a person to provide a username and
password. As you can see, this method is based on how well the intruder can manipulate people
and actually has little to do with computer skills.
