Understanding Cyberspace Threats
SQL injection. Drive-by downloads. Social engineering. Rootkits. Malware. Rogueware. To the busy small business owner these words and phrases might sound like gibberish, but they’re actually terms that describe some of the more destructive security risks lurking in cyberspace today. Since the first step in helping prevent harmful hacker attacks to your company computers is getting up to speed with the ever-evolving threat landscape, here’s a brief overview:
Malware. Short for malicious software, it includes all forms of computer viruses, worms, Trojan horses, rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software. When you see the word "malware" in a news story or threat report, keep in mind that it covers a variety of forms of hostile, intrusive, or annoying software or program code.
Rootkits. Popularized by the Sony digital-rights management case, a rootkit is a form of malware that allows an attacker to maintain a stealthy presence on an infected computer. Rootkits are typically used in spyware and other programs to avoid detection and allow another piece of malware to monitor traffic and keyboard strokes. A rootkit is considered the most insidious form of malware.
SQL injection. SQL injection is an attack technique used by hackers to insert malicious code into the database layer of a Web application. These types of attacks are typically used to plant harmful code into hacked Web sites and use that code to launch drive-by-downloads against end users.
Drive-by downloading. Drive-by downloading is a catch-all name for malware that gets installed on a computer when a user simply surfs to a (maliciously rigged) Web site. Over the past year, there has been a dramatic surge in these types of attacks where a hacker uses SQL injection to infect legitimate Web sites for use in drive-by download attacks. The exploits used in these types of attacks typically target unpatched vulnerabilities in desktop applications, so the best defense for this is to adopt safe browsing habits and ensure that all installed software programs are fully updated.
Rogueware, fraudware, or scareware. These are types of malware that attempt to trick computer users into buying useless and dangerous software. They typically generate a legitimate-looking pop-up warning that purports to be antivirus or antispyware software or a registry cleaner. These are fake warnings that claim the computer is infected with a large number of viruses and point the user to a Web site to pay for a virus cleaner. Rogueware/fraudware/scareware is such a big problem that Microsoft recently added removal detections for this class of attack and removed fake security software programs from 994,061 distinct machines, most in the U.S. and Europe.
Ryan Naraine Security Evangelist Kaspersky Lab, Americas Woburn, Mass.