Learn free form Wikipedia’s selection and earn gcl, European Chamber’s world recognized commercial certificate

System vulnerability and abuse

There are different types of vulnerability. The most known are:

• 
  A computer virus is a computer program that can replicate itself ^[1] and spread from one computer to another. The term "virus" is also commonly, but erroneously, used to refer to other types of malware, including but not limited to adware and spyware programs that do not have a reproductive ability.
  

In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs (see code injection). If a user attempts to launch an infected program, the virus' code may be executed simultaneously. Viruses can be divided into two types based on their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect those targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.

Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.

Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. This module, however, is not called by a finder module. The virus loads the replication module into memory when it is executed instead and ensures that this module is executed each time the operating system is called to perform a certain operation.

• 
  A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
  
• 
  A Trojan horse, or Trojan, is a standalone malicious file or program that does not attempt to inject itself into other files unlike a computer virus and often masquerades as a legitimate file or program. Trojan horses can make copies of themselves, steal information, or harm their host computer systems.^[1] The first and many current Trojan horses attempt to appear as helpful programs. Others rely on drive-by downloads in order to reach target computers.
  

A Trojan may give a hacker remote access to a targeted computer system. Once a Trojan has been installed on a targeted computer system, hackers may be given remote access to the computer allowing them to perform all kinds of operations. Operations that could be performed by a hacker on a targeted computer system may include but are not limited to:

• 
  Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
  
• 
  Electronic money theft^[7]
  
• 
  Data theft (e.g. retrieving passwords or credit card information)
  
• 
  Installation of software, including third-party malware
  
• 
  Downloading or uploading of files on the user's computer
  
• 
  Modification or deletion of files
  
• 
  Keystroke logging
  
• 
  Watching the user's screen
  
• 
  Crashing the computer
  
• 
  Anonymizing internet viewing
  

A recent innovation in Trojan horse code takes advantage of a security flaw in older versions of Internet Explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide internet usage. A hacker is able to view internet sites while the tracking cookies, internet history, and any IP logging are maintained on the host computer. The host's computer may or may not show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of the host computer. Newer generations of the Trojan horse tend to "cover" their tracks more efficiently. Several versions of Slavebot have been widely circulated in the US and Europe and are the most widely distributed examples of this type of Trojan horse.^[8]

• 
  Netbus (by Carl-Fredrik Neikter)
  
• 
  Subseven or Sub7(by Mobman)
  
• 
  Y3K Remote Administration Tool (by Konstantinos & Evangelos Tselentis)
  
• 
  Back Orifice (Sir Dystic)
  
• 
  Beast
  
• 
  Zeus
  
• 
  The Blackhole exploit kit^[11]
  
• 
  Flashback Trojan (Trojan.BackDoor.Flashback)
  

• 
  A rootkit is software that implements stealth capabilities that are designed to hide the existence of certain processes or programs. While some uses of the technology may be beneficial, the most notable usage is by malware seeking to avoid detection by antivirus software.^[1] 
  

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative, trusted operating system; behavioral-based methods; signature scanning; difference scanning; and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialised equipment.

• 
  Malware, short for malicious software, is software to help hackers disrupt users computer operation, gather sensitive information, or gain unauthorized access to a computer system. While it is often software, it can also appear in the form of script or code. ^[1] 'Malware' is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or code.^[2]
  

Malware is not the same as defective software, which is software that has a legitimate purpose but contains harmful bugs that were not noticed before release. Sometimes, malware is disguised as genuine software, and may come from an official company website. An example would be software used for useful purposes that also includes tracking software to gather marketing statistics for advertising.

Therefore, some security programs may find "potentially unwanted programs" or "PUP". Though a computer virus is malware that can reproduce itself, the term is sometimes used erroneously to refer to the entire category.

• 
  Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging,^[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,^[2] and exploits the poor usability of current web security technologies.^[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
  

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Phishing attempts directed at specific individuals or companies have been termed spearphishing.^[30] Attackers may gather personal information about their target to increase their probability of success.

A type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a re-send of the original or an updated version to the original.

This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

Whaling

Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.^[31]

Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts.^[45] Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.^[46]

Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar.^[39] This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.^[40]

An attacker can even use flaws in a trusted website's own scripts against the victim.^[41] These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.^[42]

• 
  Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Spyware is often secretly installed on a user's personal computer without their knowledge. However, some spyware such as keyloggers may be installed by the owner of a shared, corporate, or public computer on purpose in order to intentionally monitor users.
  

Sometimes, spyware is included along with genuine software, and may come from an official software vendor. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is provided by the term privacy-invasive software. In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.

• 
  Browser hijacking is the modification of a web browser's settings by malware. The term "hijacking" is used as the changes are performed without the user's permission. Some browser hijacking can be easily reversed, while other instances may be difficult to reverse. Various software packages exist to prevent such modification.