Security Threats and

Vulnerabilities
Chapter 3
 Objective
• Overview of Security threats
• Weak / Strong Passwords and Password
Cracking
• Insecure Network connections
• Malicious Code
• Programming Bugs
• Cyber crime and Cyber terrorism
• Information Warfare and Surveillance
 Beware! India faces cyber threats
• India becoming the second-biggest victim of cyber-
attacks after the United States.
• Why India?
– Given the exponential growth of our IT networks and our
increasing reliance on these networks
– China and Pakistan hit Indian cyberspace, since it is
relatively cheaper and easier way to attack Indian
interests.
– Lack of law enforcement
– It needs considerable amount of time and resources to
detect, and counter these attacks.
• http://www.claws.in/index.php?action=master&task=7
18&u_id=42
 Why YOU should study?
• Somewhere you (identity) or your device may
get used for Wrong doing, spreading malicious
code if not used carefully.
Overview of Security
 Computer Security
• Now the world is all about Mobiles, laptops, internet.

• The role we play on internet

– As user of the system
– As a vendor / service provider of any system

• Using Internet
– Either we perform transactions
– Access network resources, data
• Sensitive data
• Business data
• Intellectual property
 What all we need to protect?
• Our asset
– People:
• Employees or Customers
• Secure their personal data
– Property
• Computers, infrastructure
– Information
• Data, software product, critical company records
• Our ability to use our computers (denial of
service attacks)
• Our reputation with the general public
What are we securing?
 Whom to protect from?
• Major sources of danger can be caused by
Humans
– By running malicious code
– Carrying infected media (laptops) in from off site

• Purpose
– Damage the data
– To disrupt the operation
– Unavailability of service
– Defame someone
Security Threats
 Security terms - Vulnerability
• Refers to the security flaws in a system which can be
exploited to allow an attack
• These flaws can treated as gaps/ weakness in the
security program which can provide exposure to
attack.
• This weakness can be found in hardware, software or
process that exposes a system to compromise

• Hardware: Allowing USB port / wi –fi connection

• Software: Interface given for third party integration
• Process: unsecure gateway for online transactions
 Security terms - Threat
• A threat is what we’re trying to protect against.
• Threat is anything or anyone that can exploit a
vulnerability,
– intentionally or accidentally,
– and obtain, damage, or destroy an asset.

• E.g. FB data
• Threat : misuse of uploaded photos
• Threat source: Enemy with motivation to defame
some one
• Vulnerability: availability of data online
Types of Threat
 Unauthorized Access - Enter at
your own risk
• Accessing information or systems, without
permission or rights to do so.

• How to take care?

- Ensure you have a properly configured firewall,
- up to date
 malware prevention software
 all software has the latest security updates.
- Encryption information where appropriate
- use strong passwords
 Cyber Espionage - Hey, get off my
network!
• The act of spying through the use of computers.
• Involves the covert access (not through proper
channel) or ‘hacking’
• Spying on company or government networks to
obtain sensitive information.

• How to take care?

– Be alert and verify all requests for sensitive
information
– Ensure network is secure
– Monitor for unusual network behavior
 Malware - You installed what?
• A collective term for malicious software, such as
viruses, worms and trojans.
• Designed to break into the systems or information for
criminal, commercial or destructive purposes.

• How to take care?

– Ensure configured firewall, up to date malware
prevention software
– Do not click links or open attachments in emails from
unknown senders
– Do not visit un-trusted websites or install dubious
software.
 Data Leakage – I seek what you
leak
• The intentional or accidental loss, theft or
exposure of sensitive company or personal
information.

• How to take care?

– Ensure all sensitive information stored on removable
storage media, mobile devices or laptops is
encrypted
– Be mindful of what you post online e.g. revealing
company next project
– check email recipients before pressing send
– never email company’s sensitive information to
personal email accounts.
 Mobile Device Attack
• The malicious attack / unauthorized access on
mobile devices to get in information stored on
them
• These attacks can be performed wirelessly or
through physical possession.

• How to take care?

– Avoid connecting to insecure, un-trusted public
wireless networks
– Keep Bluetooth in ‘undiscoverable’ mode.
– Keep devices with you at all times
– Use strong passwords
 Social Engineering – Go find
some other mug
• Taking out sensitive information by tricking and
manipulating others
– either company info or personal info
• This can be done through phone, email, online or in-person
• E.g. Some times helpdesk people may ask username and
password
– While casual chat, employee of rival company may take out
company’s next strategies

• How to take care?

– Verify all requests for sensitive information, no matter how
legitimate (genuine) they may seem
– Never share your passwords with anyone – not even the
helpdesk.
– Never share sensitive info, if in doubt, Report if suspected
 Insiders – I see bad people
• An employee or worker with malicious intent to
steal sensitive company information.
• He can commit fraud or cause damage to
company systems or information.
• E.g. Khabari, 300 movie
• How to take care?
– Ensure access to sensitive information is restricted to
only those that need it
– revoke access when no longer required.
– Report all suspicious activity or workers immediately.
 Phishing – Think before you link
• A form of social engineering
• It involves sending of legitimate looking emails aimed
at fraudulently extracting sensitive information from
recipients
• usually to gain access to systems or for identity theft.
• e.g. Emails like “You have won lottery”.
• How to take care?
– Look out for emails containing unexpected or unsolicited
requests for sensitive information.
– Look out for contextually relevant emails from unknown
senders.
– Never reply to such mails.
 System Compromise – Only the
strong survive
• A system that has been attacked earlier is
often used for attacking other systems.

• How to take care?

– Ensure vulnerable holes are tightly closed.
– Ensure systems are hardened and configured
securely,
– Regularly scan them for vulnerabilities
 Denial of Service – Are you still
there?
• An intentional or unintentional attack on a
system or on information
• Resulting system unavailable and inaccessible
to authorized users.
• E.g. Etoys vs Etoy cyber war
• How to take care?
– Securely configure and harden all networks and
network equipment against known DoS attacks.
– Monitor networks through log reviews
– Use intrusion detection or prevention systems.
 Identity Theft – You will never be
me
• The theft of an unknowing individual’s personal
information.
• This info will be used to commit a crime, usually for
financial gain.
• E.g. Filing for online - tax refund on someone else's
behalf
• http://www.irs.gov/uac/Examples-of-Identity-Theft-
Schemes-Fiscal-Year-2013
• How to take care
– Never provide personal information to un-trusted
individuals or websites.
– Ensure personal information is protected when stored
and securely disposed of when no longer needed.
Passwords
 Passwords
• Usernames and password combinations are the
most common means of providing access to
information.
• A username identifies you as a unique
individual,
• Password is then used to prove your identity.
• A password is a set of secret characters or words
utilized to gain access.
• If passwords are not set properly, then there is
threat of losing information or misusing it.
 Weak password
• A weak password is easy to detect both by
humans and by computer.
• Do NOT use:
– Your username or family members name
– Birthdays or other personal information such as
addresses or phone numbers
– A set of characters in alphabetic or numeric order
(ex. Abcdef, 123456), in a row on a keyboard
– Words that can be found in a dictionary
Weak password
Strong password
 Strong password
• An effective password that would be difficult
to break.
• For a password to be strong and hard to
break, it should:
– Contain 8 or more characters
– Contain letters, numerals (0-9), Symbols (@ # $
etc)
– Be significantly different from prior passwords
 Strong password
General Instructions:
• Try to change your password(s) every 6
months.
• make sure no one is watching you when you
type password.
• Ask anyone around you to kindly look away.
 Password Cracking
• Attackers use this technique to break into someone
account.
• Password cracking software uses one of three
approaches
– intelligent guessing (about Personal info)
– dictionary attacks
– automation that tries every possible combination of
characters
• Given enough time, the automated method can crack
any password.
• However, it still can take months to crack a strong
password.
Insecure Network connections
 Insecure Network connections
• Using Blue tooth
• Wi-fi
• Unsecured web site content
– Digital Certificates associated with web contents

• http://smallbusiness.chron.com/mean-
internet-access-unsecure-69147.html
 Unsecure Wi - fi
• Case1: Leaving your home wireless network
unsecured
– Your neighbor will download contents
– They can also download illegal contents like
music, movies or child pornography, anything.
– They can also access your personal data like your
tax documents, financial records, online banking
information, credit card numbers, emails,
usernames and passwords,
 Unsecure Wi - fi
• Case2: Using Public Unsecured Networks or
Hotspots e.f. wi-fi in coffee shop, MG Road
– Everyone know they are available for public use,
even criminal too
– Criminals will watch the online traffic looking for
valuable information such as credit card numbers,
usernames and passwords, or online banking
information
Unsecure Web contents
Malicious Code /
Software
 Malicious code /Software
• Known as Malware i.e. malicious software
• Designed to break into the systems or
information for criminal, commercial or
destructive purposes.

• Attackers use this software

– to disrupt computer operation
– gather sensitive information,
– gain access to private computer network
– To spy on network traffic
 Malicious code /Software
• Types of Malicious code
– Viruses
– Worms
– Trojans
– Spyware
– Botnet
– zombie
 Virus
Malicious Code
 What is a computer virus?
• Virus is a program written to alter the way a computer
operates, without the permission or knowledge of the
user.

• A virus replicates and executes itself, usually doing

damage to your computer in the process.

• It’s estimated that the Conficker virus infected more

than 10 million computers in 2009.

• Tens of thousands of computer viruses now operate

over the Internet, and new computer viruses are
discovered every day
 How does a computer virus find me?
• Sharing music, files or photos with other users
(songs.PK)
• Visiting an infected Web site
• Opening spam email or an email attachment
• Downloading free games, toolbars, media
players and other system utilities
• Installing mainstream software applications
without fully reading license agreements
 What does a computer virus do?
• Can erase data
• Encrypt files
• Delete directory structures
• Prohibit us from using our own machine , set up
• Send files stored on our machine to contacts in
our address book
• replicate themselves or flood a network with
traffic
• making it impossible to perform any internet
activity
 Virus Types - Parasitic Viruses

– Also called as File Infector Virus

– This attaches itself to a file in order to propagate (to
multiply)
– Adds itself to start of the file or end of the file
– COM and EXE files are common targeted file
• Since these get loaded directly into the memory and
execution always starts at the first instruction
 Virus Type - Browser Hijacker

• Spread itself in numerous ways

– including voluntary download
• Effectively hijacks certain browser functions and
re-directs the user automatically to particular
sites.
• E.g. CoolWebSearch
 Virus Type - Macro Virus
• Many programs provide support for macros e.g.
Microsoft Excel, Outlook
• Macros are special action programs implemented in
macro programming language.
• Unfortunately this facility opens door for virus to be
hidden in normally genuine looking documents.
• E.g. Melissa
– a Word document supposedly containing the passwords
to pornographic websites
– The virus also exploited Word’s link to Microsoft Outlook
in order to automatically email copies of itself.
 Virus Type – E-Mail Viruses
• It’s a computer code sent to you as an e-
mail note attachment
• Opening the attachment will
– destroying certain files on hard disk
– Re-email the attachment to everyone in your address
book
• How to protect ??
1. Don't open messages from unknown senders
2. Immediately delete messages you suspect to be
spam
3. Install antivirus which will scan email attachments
How to know you are infected by Virus?
• Your computer may be infected if you
recognize any of these malware symptoms
– Slow computer performance
– Erratic (unreliable) computer behavior
– Unexplained data loss
– Frequent computer crashes
 How to protect computer from Virus?
• Install best security software on your computer
• Use antivirus protection and a firewall
• Install antispyware software
• Keep your antivirus protection and antispyware
software up-to-date
• Update operating system regularly
• Increase browser security settings
• Avoid questionable Web sites
• Download software from trusted sites.
• Carefully evaluate free software and file-sharing
applications before downloading them.
 Worms
Malicious Code
 Worm
• A standalone program that replicates itself in
order to spread malicious code
• Worms normally
– spread across network,
– exploiting vulnerabilities (OS specific, network
specific)
– Installs a backdoor to allow creation of Zombie
 Worms Vs Virus
Virus Worm
Virus are dependent, need Worms are separate
existing file to get attached entity.
to. It does not need to attach
it self to any existing file
Viruses almost always Worms will spread
corrupt or modify files on themselves to consume
a targeted computer bandwidth
Worm interfere with the
normal use of computer
or network
 Morris Worm
• Released via Internet on November 2, 1988
• Intention was not cause damage, but to gauge the size of
the Internet.
• Mistake in code
– Code written was checking if there is already running version of
the program
• If yes, don’t copy the version
• Else copy program
– Problem was though answer was yes, program was getting
copied.
– This level of replication was excessive and resulted into network
down
– The U.S. Government Accountability Office put the cost of the
damage at $100,000–10,000,000 for this
 Stuxnet
• Discovered in June 2010, believed to have been
created by the United States and Israel
• Purpose: To attack Iran's nuclear facilities
• Worm initially spread via Microsoft Windows and
targets Siemens industrial control systems
• Different variants of Stuxnet targeted five Iranian
organizations.
• Worm has not caused any damage to its customers.
• But successfully damaged Siemens equipment
procured by Iran.
 How they are spread?
Most known computer worms are spread in one of the
following ways:

• Files sent as email attachments

• Via a link to a web or FTP resource
• Via a link sent in an ICQ (I Seek You) or IRC (Internet
Relay chat) chat message
• Via P2P (peer-to-peer) file sharing networks
• Some worms are spread as network packets.
– They enter the computer memory, and then gets activated.
 Types of Worms
• Email Worms
– Spread thru email attachment, links in the message

• Instant Messaging Worms

– Spread thru instant messaging application, sending links
to infected site

• Internet Worms
– Nasty ones, will try to get network down
– Scan available network resources or internet for
vulnerable machines
– If found, try to connect and gain full access
– Send data packets or requests to install the worm or
worm downloader
 How to stay safe from computer
worms?
• Because worms spread by exploiting
vulnerabilities in operating systems, apply
regular OS security updates.
• Install Anti-spyware, Firewall or Anti Virus
software.
• Keep virus information up-to-date .
• Be cautious while opening unexpected mail,
attachment, visiting web sites.
 Trojan
Malicious Code
Trojan Horse
 What is a Trojan?
• malicious, security-breaking program that is
disguised as something benign (genuine)
• Perform actions that have not been
authorized by the user.
• Trojans are not able to self-replicate.
 Trojan
• It can come to your machine in form like
movie or music file
• Trojan will get activated on clicking the file
• Damage it can do
– Erases your disk,
– sends your credit card numbers and passwords to
a stranger
– Allows stranger hijack your computer to commit
illegal denial of service attacks
 Trojan Types - Backdoor
• This program gives malicious user remote
access to the infected machine
• User can do any operation like
– Sending, receiving, launching and deleting files,
displaying data and rebooting the computer
• Backdoor Trojans are often used to unite a
group of victim computers, which can be used
for Criminal purposes.
 Trojan Types - Rootkit
• Rootkits are designed to conceal certain
objects or activities in your system.

• Main purpose: is to prevent malicious

programs being detected.

• This helps to extend the period in which

programs can run on an infected compute
 Trojan Types
Trojan-Banker
• They will steal your account data for online
banking systems, e-payment systems and credit
or debit cards.

Trojan-DoS
• Conduct DoS (Denial of Service) attacks against a
targeted web address.
• Will send multiple requests – from your
computer and several other infected computers
 How to protect yourself against
Trojans
• Install effective anti-malware software
• NEVER download blindly from people or sites
which you aren't 100% sure about
• Be sure what the file is before opening it
• Beware of hidden file extensions
• Don't download an executable program just
to "check it out"
Malware Distribution in 2011
Programming Bugs
 Programming Bugs
These are programming related bugs – which open
system to vulnerabilities.
• During program execution, certain task needs
privileges of “administrator” account,
1. access should be grant only for that task
2. Remove access on task completion.
• Giving access to un-trusted user
1. Create temp user account
2. Give minimum access to perform necessary task
3. Ensure, program doesn’t give any kind of unwanted
access to the user, which he can exploit further.
 How to handle?
• Design system carefully.
• Listing different users and their access rights
who will be accessing the system.
• In case of third party integration, ensure the
user gets only minimum access which is
enough to perform given tasks.
 Cyber Crime in India
• MUMBAI: Easy money, lack of deterrents amid
slow job market lure Indians into hacking
services
– Rent botnets infrastructure to launch DOS attacks for
2$ (Rs 125) per hour
• NEW DELHI : Cybercrime cases in India rose by
61% in 2012:
• BANGALORE: Cyber lab to help nail hi-tech crooks
• VISAKHAPATNAM : 23-year-old man held for
sending lewd SMSs
• MANGALORE: Greed sets Mulki woman back by
Rs. 3 lakh
 Cyber Crime - News
• WASHINGTON: Computer Glitch(fault) Opens
Prison Doors?
• WASHINGTON : Android bug tweaked tactics to
earn profits (for hackers) in Q2: McAfee
• WASHINGTON: Cybercrime costs upto $500
billion to world economy: Report
• Google Gives Researchers More In¢entive to
Report Its Vulnerabilities
– Cross site scripting vulnerabilities ($5000)
– Authentication bypasses ($7500)
 Cyber Crime
• Computer crime or Cyber crime refers to any
crime that involves a computer and a network.
– The computer may have been used in the commission
of a crime, or it may be the target.
• “ These are offences that are committed against
individuals or groups of individuals
– with a criminal motive to intentionally harm the
reputation of the victim or
– cause physical or mental harm to the victim directly
or indirectly,
– using modern telecommunication networks such as
Internet (Chat rooms, emails, notice boards and
groups) and mobile phones (SMS/MMS)"
 Cyber Crime
• Cybercrime ranges across a of activities.
– fundamental breaches of personal or corporate
privacy , identity theft.
– transaction-based crimes such as fraud, trafficking in
child pornography, digital piracy, money laundering,
and counterfeiting
– deliberately altering data for either profit or political
objectives.
– attempts to disrupt the actual workings of the
Internet - spam, hacking, and denial of service
attacks , cyber terrorism.
 Cyber Crime
Targets Computer
Crimes include
- Computer viruses
- Denial-of-service attacks,
- Malware

Targets User
Crimes include: Cyber stalking, Fraud and identity theft,
Phishing scams, cyber terrorism, Information warfare
Cyber Crime: Spam
 Cyber Crime: Spam
• Spam is the unwanted sending of
bulk email for commercial purpose, such as
products and services advertisement.
• It comprise roughly 50 percent of the e-mail.
• Spam is a crime since it wastes both the
storage and network capacities.
• Spam is nearly free for perpetrators
– Costs is same for sending 10 messages as well for
10 million.
 Cyber Crime: Spam
How Does this work?
• Spammer gets secret control of numerous
infected machines connected to internet.
– Such machines are known as zombie computers.
• This network can be activated to flood the
Internet with spam or to institute DoS attacks.
• While Spam will be still ok but DoS can be used
to blackmail Web sites by threatening to shut
them down.
Cyber Crime: Spam

To control Spam configure

Email Filtering,
Outbound spam protection
 Cyber Crime: Fraud
• Computer fraud is any dishonest misrepresentation of
fact intended to let another to do or refrain from
doing something which causes loss.
• Altering in an unauthorized
way.
• Altering, destroying,
suppressing, or stealing
output, usually to conceal
unauthorized transactions:
this is difficult to detect;
• Altering or deleting stored
data;
• Altering or misusing existing
system tools or software
packages, or altering or
writing code for fraudulent
purposes. E.g. Malware code
 Cyber Crime: Fraud
• Crimes coming under fraud
– bank fraud, identity theft, extortion, and theft of
classified information.
 Cyber Crime: Identity Theft
• Major problem for people
using the Internet for cash
transactions and banking
services.

• A criminal accesses data about a person’s bank

account, credit cards, Social Security, debit card
and other sensitive information to siphon money
or to buy things online in the victim’s name.
• It can result in major financial losses for the
victim and even spoil the victim’s credit history.
Cyber Crime: Identity Theft

Zeus
 Cyber Crime: Theft
• Theft is anything which is taken without permission.
• This crime occurs when a person violates copyrights and downloads
music, movies, games and software.
• There are even peer sharing websites which encourage software
piracy and many of these websites are now being targeted by the FBI.
• Today, the justice system is addressing this cyber crime and there are
laws that prevent people from illegal downloading..
 Cyber Crime: Hacking

• This is a crime wherein a person’s computer is broken into so that his personal
or sensitive information can be accessed.
– In the US, hacking is classified as a felony and punishable as such.
• This is different from ethical hacking
• In hacking, the criminal uses a variety of software to enter a person’s computer
and the person may not be aware that his computer is being accessed from a
remote location.
 Cyber Crime: Hacking
• Most hackers have not been criminals but young
people driven by intellectual curiosity .
• Hacking costs the world economy billions of dollars
annually.
• Hacking is not always an outside job.
• Hacking is old-fashioned industrial espionage by
other means.
• The largest known case of computer hacking was a
spyware called GostNet discovered in late March
2009 by University of Toronto.
– (Dalai Lama case)
– compromised systems embassies and foreign affairs
bureaus
Cyber Crime: Cyber Stalking
• Cyberstalking is the use of
the Internet or other
electronic means
to stalk or harass an
individual, a group of
individuals, or an
organization.
• It may include the making
of false accusations or
statements of fact (as
in defamation), monitoring,
making threats, identity
theft, damage to data or
equipment, the solicitation
of minors for sex, or
gathering information that
may be used to harass.
 Cyber Crime: Cyber Stalking
• False accusations
• Attempts to gather information about the victim.
• Monitoring their target's online activities and
attempting to trace their IP address in an effort to
gather more information about their victims.
• Encouraging others to harass the victim.
• False victimization.
• Attacks on data and equipment.
• Ordering goods and services.
• Arranging to meet.
• Cyberstalking is a form of cyberbullying
Cyber Crime: Cyberbullying

• Cyberbullying is being cruel to

others by sending or posting
harmful material using a cell
phone or the internet
• Cyberbullying is referred as
cyberstalking or cyberharassment
when perpetrated by adults
toward adults.
• Cyber terrorism is the use of the Internet to
cause public disturbances and even death.
 Cyber Terrorism
• Cyber terrorism focuses upon the use of the
Internet by non-state actors to affect a nation’s
economic and technological infrastructure.
• Cyber terrorist attack is designed to cause
physical violence or extreme financial harm.
• Possible cyber terrorist targets include the
banking industry, military installations, power
plants, air traffic control centers, and water
systems.
Why It's Appealing To Terrorists
 Cyber Terrorism
• How dangerous could these cyber attacks be?
• There can be three levels of cyber terror
capability :
– Simple-Unstructured
– Advanced-Structured
– Complex-Coordinated
• Cyber terrorism is possibly one of the top 10
events to "end the human race“.
 Cyber Terrorism: NEWS
• "Cyber Blue Team," or "Blue Army," belonging to Chinese Defense
Ministry is officially claimed to be engaged in cyber-defense
operations.
• ISRAEL - May 2011 Israeli Prime Minister Benjamin Netanyahu
announced the establishment of the National Internet Defense
Taskforce, charged with developing tools to secure vital Israeli
online infrastructure.
• Last year, cyber terrorists used a deadly virus to attack the
information network of Aramco, the Saudi oil company, and
annihilated all of the data on 35,000 desktop computers.
• Somewhere around May this year, computer hackers hacked the
Twitter account of The Associated Press and sent a tweet stating
that there had been two explosions at the White House and that
President Barack Obama was injured. Within two minutes, the stock
market dropped by 143 points. The Syrian Electronic Army later
claimed credit for the attack.
• 9/11 attack, Ahmedabad Bomb Blast(26-07-08), 26/11 Mumbai
Attack
 Cyber Terrorism:
Methods of Protection
• The only way to completely secure a system is to fully
isolated from any outside connection.
OR
• Create unique passwords that are difficult to guess for
all accounts that you use.
• Use security software.
• Check with vendors for upgrades and patches for your
security software.
• If you’re unsure about a website/email, don’t access it.
Better safe than sorry.
• Use sandboxing software. A free option is Sandboxie.
Information Warfare and Surveillance
 Information Warfare
• Information Warfare is about WEALTH.
• Information Warfare is about POWER.
• Information Warfare is about FEAR.
• Information Warfare is about POLITICS.
• Information Warfare is about SURVIVAL.
• Information – Data and Knowledge.
• Information Infrastructures – Display, Store,
Process, Transmit
• Information-based Processes – Obtain, Exchange
Information Warfare
 Surveillance
• Computer and network surveillance is the monitoring
of computer activity, of data stored on a hard drive, or
being transferred over computer networks such as
the Internet.
• It is very useful to governments and law enforcement
to maintain social control, recognize and monitor
threats, and prevent/investigate criminal activity.
 References
• http://www.webroot.com/us/en/home/resource
s/articles/pc-security/computer-security-threats-
computer-viruses
• http://en.wikipedia.org/wiki/Computer_virus#Re
sident_vs._non-resident_viruses
• http://www.webroot.com/us/en/home/resource
s/articles/pc-security/computer-security-threats
• http://www.makeuseof.com/tag/types-
computer-viruses-watch/