The Security Attacks Most People Have Never Heard Of

Smishing: Smishing or “SMS phishing” refers to a phishing attack that specifically targets mobile phones. The victim would receive an SMS with a hyperlink wherein a malware automatically finds its way in your phone or leads the user to a phishing site formatted for mobile screens. The term was brought on by David Rayhawk in a McAfee Avert Labs blog.

Botnet (Zombie PCs): A portmanteau of the words “Robot” and “Network,” a Botnet is any number of internet computers that inconspicuous to their owners; forward e-mails (any of which include spam, malware, or viruses) to other computers on the internet. These infected computers are also known as “zombies”. DoS attacks (Denial of Service) often rely on thousands of zombie PCs.

BlueBugging: A craze originally jumpstarted by a Malaysian IT Professional, bluebugging (not to be confused with bluesnarfing) allows a more skilled person to illegally access a cellular phone via Bluetooth wireless technology. This act often times goes unnoticed without any proper notification or alerting to the phone’s user. A vulnerability such as this allows phone calls, SMS messages to be read and sent, phonebook contacts to be erased, phone conversations to be tapped, and other malicious activities. But much to the hacker’s dismay [I think the hacker knows the limitations… perhaps the point is that widespread impact is minimized because of the range…], access is only attainable within a 10 meter range of the phone.

Pod Slurping: Coined by US security expert Abe Usher; Pod Slurping is when your iPod or any portable USB storage device begins to surreptitiously copy large amounts of files from your computer to its hard drive, it’s engaged in something called “Pod Slurping”. Pod slurping is becoming an increasing security risk to companies and government agencies. Typically, access is gained while the computer is unattended, and this process can occur in as little as 65 seconds.

Ransomware: A program that makes a computer near unusable then demands payment in order for the user to regain full access. It “kidnaps” the computer! Ransomware is also commonly referred to as a “cryptovirus” or “cryptotrojan.” Examples of Ransomware include Gpcode.AK, Krotten, and Archiveus. Ransomware was originally a with a trojan called PC Cyborg, created by a Dr. Joseph Popp.

Scareware: Scareware is software that tricks people into downloading or purchasing it, under the guise of fixing their computer, when in reality the faux anti-virus program is the real problem. Scareware programs often run a fictitious or careless system scan, and then present the user with a list of malicious programs that must be corrected, always leaving itself off of the list. The scareware then informs that in order to fix these “problems” it will require the user to pay a fee for a “full” or “registered” version of the software. Examples of scareware include: System Security, Anti-Virus 2010, and Registry Cleaner XP.

Sidejacking: Sidejacking is a hacking technique used to gain access to your website specific accounts. Websites typically encrypt your password so it cannot be stolen, but then send you an unencrypted “session-id”. The session-id is either some random data in the URL, or more often, random data in a HTTP cookie. A hacker who finds the session-id can then use it to gain access to the respective account. Thus enabling the hacker ability to read your email, look at what you’ve bought online, or control your social network account, and so on. Robert Graham, who pulled together a variety of known and new vulnerabilities and packaged them into an automated session snatcher, was responsible for this term.

Black Hat: “Black Hat” hackers are those people who specialize in unauthorized breaching of information systems, often times attacking those containing sensitive information. They may use computers to attack systems for profit, for fun, or for political motivations. Attacks often involve modification and/or destruction of data which is done without authorization. They also may distribute computer viruses, internet Worms and deliver spam through the use of botnets.

White Hat: A “White Hat” hacker describes an individual who identifies a security weakness in a computer system or network but, instead of maliciously taking advantage of it, exposes the weakness, and repairs the vulnerability protecting the network from unwarranted intrusions or attacks. The term is taken from old western films, where the white hat cowboy is portrayed as the hero, and the black hat as the villain.

This entry was posted in General. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>