Beruflich Dokumente
Kultur Dokumente
1.
Using a list of virus signature definitions: the antivirus software examines files stored in memory or
on fixed or removable drives and compares them against a database of known virus signatures e.g.
source code patterns. This protection is only effective against known viruses and users must keep their
signature files up-to-date in order to be protected.
2.
Using a heuristic algorithm to detect viruses based on behavioral patterns:the advantage of this
method is that it can detect viruses that were not previously known or for which a signature does not yet
exist.
Apart from directly detecting and removing viruses, users can minimize damage by making regular
backups of data and the operating system on different media. These backups should be kept
disconnected from the system (most of the time), be read-only or not be accessible for other reasons (for
instance because they use different file systems).
To restore a system that has been infected by a virus, Windows XP and Windows Vista provide a tool
known as System Restore. This tool restores the registry and critical system files to a previous checkpoint
(point in time).
2
Detection and removal: users schedule daily, weekly, or monthly scans of their computer to detect and
remove any spyware software that has been installed. These antispyware programs scan the contents of the
Windows registry, operating system files, and programs installed on your computer. They then provide a list of
threats found, allowing the user to choose what to delete and what to keep.
Some popular antispyware programs are Spybot - Search & Destroy, PC Tools Spyware Doctor, as well as
commercial offerings from Symantec, McAfee, and Zone Alarm.
THREAT #5: KEYSTROKE LOGGING (KEYLOGGING)
Description:
A keylogger is a software program that is installed on a computer, often by a Trojan horse or virus. Keyloggers
capture and record user keystrokes. The data captured is then transmitted to a remote computer.
Danger level: High
Prevalence: High
Worst case damage:
While keyloggers will not damage your computer system per se, because they can capture passwords, credit
card numbers and other sensitive data, they should be regarded as a serious threat.
Prevention, detection and removal:
Currently there is no easy way to prevent keylogging. For the time being, therefore, the best strategy is to use
common sense and a combination of several methods:
Monitoring which programs are running: a user should constantly be aware of which programs are
installed on his or her machine.
Antispyware: antispyware applications are able to detect many keyloggers and remove them.
Firewall: enabling a firewall does not stop keyloggers per se, but it may prevent transmission of the
logged material, if properly configured.
Network monitors: also known as reverse-firewalls, network monitors can be used to alert the user
whenever an application attempts to make a network connection. The user may then be able to prevent
the keylogger from transmitting the logged data.
Anti-keylogging software:keylogger detection software packages use signatures from a list of all
known keyloggers to identify and remove them. Other detection software doesnt use a signature list, but
instead analyzes the working methods of modules in the PC, and blocks suspected keylogging software.
A drawback of the latter approach is that legitimate, non-keylogging software may also be blocked. : some
k
commercial antivirus software packages can also detect adware and spyware, or offer a separate spyware
detection module.
THREAT #7: BOTNET
Description:
A Botnet (also called a zombie army) is a collection of software robots, or bots, that run automated tasks over
the Internet. The term botnet is generally used to refer to a distributed network of compromised computers
(called zombie computers). These zombies typically run programs such as worms, Trojan horses, or
backdoors. Botnets are frequently used to launch Distributed Denial-of-Service (DDoS) attacks against websites.
Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak
passwords.
Experts estimate that as many as one in four personal computers connected to the Internet has become part of a
botnet. Several botnets have been found and removed from the Internet such as a 1.5-million node botnet
recently discovered by the Dutch police.
Danger level: High
Prevalence: High
Worst case damage:
In the first place, botnets steal computing resources and the individual users system performance may degrade
as a result. More serious consequences may be caused, however, by the programs that run on botnets (see
respective entries for worm and Trojan horse).
Prevention, detection and removal:
Detection focuses on either the computer itself or the network. Both approaches use trial and error to try to
identify bot behavior patterns. Network-based approaches then shutdown servers or re-direct DNS entries.
Security companies such as Symantec,Trend Micro, FireEye, Simplicita and Damballa offer products to stop
botnets. With the exception of Norton Antibot (formerly Sana Security), most focus on protecting enterprises
and/or ISPs rather than the systems of individual users.
THREAT #8: WORM
Description:
A computer worm is a self-replicating, malicious software program. Unlike a virus, it does not need to attach
itself to an existing program or require user intervention to spread. It uses a network to send copies of itself to
other computers on the network.
Danger level: Very High
Prevalence: Moderate
Worst case damage:
Worms can cause two types of damage:
1.
Damage to the network: by their replicating behavior, worms consume bandwidth and can cause
degraded network performance.
2.
Payload: worms also deliver payloads such as backdoors that allow hackers to gain control of the
infected computer and turn it into a zombie. That computer may then become part of a botnet used to
send spam or launch Distributed Denial-of-Service (DDoS) attacks (often coupled with blackmail
attempts).
A Trojan horse or Trojan is a piece of software which like the Trojan Horse of Greek mythology conceals a
payload (often malicious) while appearing to perform a legitimate action. Trojan horses often install backdoor
programs which allow hackers a secret way into a computer system.
Danger level: Very High
Prevalence: Moderate
Worst case damage:
Trojans horses can deliver a variety of payloads and therefore have the potential to cause significant damage.
Example payloads include:
Corrupting files
Adding the victims computer to a network of zombie computers in order to launch Distributed Denial-ofService (DDoS) attacks or send spam.
Logging keystrokes to steal information such as passwords and credit card numbers
Prevalence: Low
Worst case damage:
DoS attacks typically target large businesses or government institutions rather than individuals or small
businesses. Nonetheless, they can make a website or web service temporarily unavailable (for minutes, hours or
days), with ramifications for sales or customer service. Moreover, DoS attacks on private companies are
sometimes coupled with blackmail attempts.
Prevention, detection and removal:
Surviving an attack: The easiest way to survive an attack is to plan ahead. Set aside a separate emergency
block of IP addresses for critical servers with a separate route. The separate route can be used for load
balancing or sharing under normal circumstances and switched to emergency mode in the event of an attack.
Firewalls: Firewalls follow simple rules to allow or deny protocols, ports or IP addresses. Some firewalls offer a
built-in emergency mode. If the number of incoming packets per second exceeds a set value for more than the
specified time, the firewall classifies it as a DoS attack and switches to emergency mode. In this mode, all
inbound traffic is blocked except previously established and active connections, but outbound traffic is allowed.
Some DoS attacks are too advanced for today's firewalls. If there is an attack on port 80 (web service), for
example, firewalls cannot prevent the attack because they cannot distinguish between good traffic and DoS
traffic. Another problem is that firewalls are too deep in the network hierarchy. Your router may be overwhelmed
before the traffic even gets to your firewall.
Routers and Switches: These can be configured to cut off traffic and prevent the DoS attack from
flooding the network.
Application front-end hardware: Intelligent hardware can be placed on the network perimeter to analyze traffic
before it reaches the servers. Data packets are analyzed as they enter the system and classified as priority,
regular or dangerous.
IPS-based prevention: Intrusion-prevention systems (IPS) are effective if the attacks have signatures associated
with them.
Conclusion
An expert once described computer security as an arms race. The good guys security firms, researchers
and other specialists are engaged in an ongoing struggle to keep up with the bad guys. Users should have a
basic awareness and understanding of the 11 common threats described here. However, as new threats are
constantly appearing and existing threats are evolving, it makes sense for the individual user to rely on experts
for protection rather than attempt to keep track of all the latest developments themselves.