Types of infiltration, Trojan horse, Worms, Viruses, Hoax, Spam, Phishing, Pharming
|Wednesday, August 20 2008|
Wednesday, 20. August 2008
Computer infiltration means unauthorised entering programme code into computer system in order to perform undesired (often concealed) activities. Currently, there are about 80,000 types of infiltration (according to AEC) with 500 to 800 new types appearing every month. The problem is that classification is not unified and types are difficult to differentiate from mutations of the type. Based on behaviour and programme code construction we can differentiate the bellow types of infiltration.
Usually an interesting or somehow useful programme which, in addition to the useful code, contains a code performing undesired activities characterized as follow:
In the past two years Trojans have been spread as part of other infiltrations (worms). Based on handling activities Trojans can be classified as:
Independent programme (set of programmes) requiring no host code with the following features:
Dependent programme code connected to a host executable unit, which is a desired part of a computer system (programme, script, command file, macro, OS installer etc.). Launching this executable unit also executes virus code with the following features:
Fake alarm e-mails using “social engineering” (fraud, lie, moral blackmail) to send the message to all available addresses. They have the following features:
Reasons for creating hoaxes:
The protection is based on monitoring hoax databases, e.g. at www.mcafee.com
Is an unsolicited mail message offering goods or services often with immoral content. It is sent via infiltrated systems connected to the Internet (BOT) with a fake heading making it difficult to track the actual sender and to block the respective SMTP communication. E-mail addresses are gathered, e.g. as part of a prior infiltration of an intermediary system by a worm or from public databases (ICQ).
The motive is “cheap” marketing, as laws in many countries restrict unsolicited electronic advertising (in the Czech Republic it is Certain Information Society Services Act No. 480/2004 Coll. – „Antispam Act“).
Phishing is based on fake e-mail messages using “social engineering” and technological tricks (redirecting URL links, keylogger infiltration) to convince the user to disclose personal data and sensitive banking details (access password to Internet banking, bank account data, credit card data, etc.). Pharming is a similar type of attack redirecting the user to fake Internet banking sites, typically by compromising DNS.
One of the activities aimed against such attacks is Anti-Phishing Working Group (APWG), which recorded an immense increase in number of fake sites in February 2005 (see http://www.antiphishing.org).
Author: Jirka Dvořák
(+420) 777 310 000