Malicious programs, network attacks and Internet-fraud

Backdoors — programs that enable someone to log into a system or obtain privileged access functions. Often used to bypass existing security systems, backdoors do not infect files, but instead write themselves into the register, modifying the register keys in the process.

Brute-force attacks — attacks that use "brute force" techniques. Computer users usually rely on simple passwords like "123", "admin", etc. This is exactly what computer attackers love. With special Trojan programs that use trial-and-error methods based on a built-in password dictionary or by generating random sequences of symbols, attackers are able to calculate the password required to enter a network.

Defacement — Web page deformation. Sometimes carried out for a hacker’s amusement, defacement is a kind of computer vandalism. It can also be a method of expressing political preferences. Deformations can be done in certain parts of a site or to totally replace one of the site's pages (most often the home page).

DoS attacks — a denial-of-service attack is popular with hackers. It is a type of network attack bordering on terrorism. An enormous number of service requests are sent to the server under attack in order to make it fail. When a certain limit of requests is reached (this depends on the server's hardware) the server is unable to cope and fails. Usually the attack is preceded by spoofing. DoS-attacks have become a widely used method of intimidating and blackmailing competitors.

Keyloggers — types of Trojan programs used to log data entered via a computer keyboard. Keyloggers steal personal and network passwords, logins, credit card data, and other personal information.

Logic bombs — Trojan-like modules built into programs that are already written and widely used. Instruments of computer sabotage, logic bombs are harmless until particular events happen (users press certain keys, changes in the file occur or a pre-set date/time is reached) and then they are activated.

Mail bombs — one of the simplest kinds of network attacks. An attacker sends to a user's computer or a company mail server one huge message or tens of thousands of e-mail messages which leads to system failure. Dr.Web Anti-virus for e-mail servers has a special mechanism to protect against such attacks.

Phishing — Internet fraud technology used to steal personal, confidential data such as access passwords, bank and identification card information, etc. Using spam mailings or mail worms, perpetrators send potential victims fictitious letters from supposedly legitimate organizations. The letters ask recipients to visit the fake web sites of these organizations which have been set up by the criminals, and to confirm their passwords, PIN numbers and other personal information. The stolen data is then used by the criminals to steal money from the victim's account and to carry out other crimes.

Pharming — a relatively new kind of Internet fraud. Pharming technologies enable perpetrators to change DNS (Domain Name System) records or the records in the hosts file. During visits to what appear to be a legitimate web pages, pharming redirects visitors to fake pages created to collect confidential information. Most often such fake pages are created to substitute for bank web site pages both offline and online.

Rootkits — ill-intended programs designed to intercept the system functions of an operating system (API) without being detected. In addition, rootkits can mask processes of other programs, different registry keys, directories, and files. Rootkits spread as independent programs and as additional components inside other malicious programs — backdoors, mail worms, etc. Rootkits can be divided into two groups: User Mode Rootkits (UMR)—rootkits operating in the user mode—and Kernel Mode Rootkit (KMR)—those operating in the kernel mode. UMRs intercept user mode library functions, while KMRs install system drivers that intercept the functions of the kernel, which makes it much more complicated to detect and neutralize them.

Scamming — this is a kind of Internet fraud involving fake online marriage agencies (scam agencies) that attempt to get money from clients who are legitimately seeking spouses.

Sniffing — a kind of network attack also known as "network passive listening". It involves unauthorized traffic flow analysis and data monitoring with a special non-malicious program called a packet sniffer. The packet sniffer captures all of the network packets of the domain being monitored. The captured data can be used by attackers to legally enter the network as an imposter.

Spoofing — a kind of network attack directed at getting illegal access to a network via connection imitation (a.k.a. spoofing). Spoofing is used to bypass access control systems based on IP addresses, and also to mask phony sites, making them appear to be legitimate copies or just legal businesses. The latter is a trend that is currently on the rise.

Time bomb — a type of logic bomb, where activation of the hidden module is set to occur at a given time.

Trojan horse — a malicious program containing a hidden module that performs operations without a computer user's authorization. These operations are not necessarily destructive, but they will always be directed to the detriment of the user. This kind of attack is named after the famed wooden horse used by the Greeks to enter the ancient city of Troy.

Trojan vandal programs substitute a frequently run program, and take over or imitate its functions, while simultaneously causing damage (erasing files, destroying directories, formatting disks, or sending out the passwords or other confidential information stored on the user's computer). Certain Trojan programs have a mechanism that allows them to update their components via the Internet.

Vishing — Internet fraud technology, a type of a phishing. It uses for malicious purposes “war dialers” and VoIP technology to steal personal, sensitive data, such as passwords, banking and identification card details, etc. Potential victims receive telephone calls from allegedly legitimate companies and institutions. They are asked to confirm PIN numbers or passwords using the keypads of their smart phones or PDAs. This data is used by criminals to steal money from bank accounts and to carry out other crimes.

Zombies — — small computer programs distributed around the Internet by computer worms. Zombie programs install themselves on infected systems and wait for further commands.