The Sidewinder Security A-Z

Have you ever wondered why Trojans are on the Internet when they could be off building horses? Or why there are more references to pharming in a computer magazine than there are in Smallholders Weekly?

With Davey Winder’s handy - not to say exhaustive - primer to the threats which lie behind today’s security jargon, you never need wonder again…

Those of us who work within the IT business like to make our jobs sound a little more exciting and mysterious than perhaps they really are. One simple way of doing that is to come up with outlandish terms to describe the technology we work with.

Of course, this has the downside that it leaves other people feeling completely baffled (and probably not that impressed). That is why I’ve put together this handy A-Z. Keep it to hand the next time you want to read about IT security, and all those funny words will suddenly make sense.

Adware is a name for any application that delivers or displays advertising to an end user (you). Usually, this is just annoying - but sometimes adware can cross the security line and start gathering privacy busting data that it then sends to a remote computer for analysis.

A backdoor is a piece of code installed on a computer or network following a security compromise that provides and attacker with easy and stealthy future access to that system.

Blended threats are the mongrels of the malware world, combining multiple attack types into one mega-attack. A blended threat might include a keylogger, a Trojan and a worm for example, enabling them to exploit vulnerabilities and spread quickly so as to cause maximum damage.

A botnet occurs when a group of individual computers are brought together under central remote control, courtesy of Trojan and other malware infection, to form a sort of evil army. This increased power is used to distribute spam and launch distributed denial of service attacks. A valuable resource, botnets are often rented out to order by organised criminal gangs.

Brute force attacks are the stupid but muscular henchmen of the IT security world, using every type of methodology, one after the other, to crack a password and gain access to the computer, server or network it’s supposed to protect.

A buffer overflow will take place when an application tries to store more temporary data than it can cope with. It’s rather like pouring 20 pints into a 10 pint bucket - the water, or data, has to go somewhere. Bad guys can exploit this with clever coding and execute a malicious program during the confusion and mopping up exercises.

A denial of service (DoS) attack involves bringing a system to a halt by preventing people from being able to access it. Usually this is done by flooding a network or web server with superfluous automated requests so that it is eventually overwhelmed. If you can’t access a favourite website, it may be under this kind of attack.

A DoS attack is often carried out as a distributed denial of service (DDoS) attack, meaning that many computers are involved in sending out the flooding requests, with a botnet at the core.

A dictionary attack is pretty much what it sounds like - an automated password cracking program that goes through a dictionary in alphabetical order to try and guess the obvious word you have used to “secure” your login.

A hybrid attack is a dictionary attack on steroids; it adds numerals and various commonly used keyboard symbols into the password cracking mix.

Identity theft really should not need explaining by now, but it’s a problem that the NHS in particular needs to be very aware of, considering the amount of confidential data that’s stored within its systems. An ID thief will use any personal information they can get to clone the digital existence of their victim and then use this to access their very real world assets.

Image spam has become the fastest growing type of spam and its causing all kinds of problems for anti-spam systems. Image spam embeds its sales message as a graphical image - this looks like a word to the human eye, but like a lot of 1s and 0s to a computer. This confuses spam filters built to look out for keywords.

An input validation attack happens when an unusual input is sent to an application in order to confuse it. This allows malicious code to execute in much the same way as with the buffer overflow exploit.

IP flooding is a type of denial of service attack. Computers send occasional “ping” packets to one another as virtual pokes in the ribs to check that they are still alive and kicking. In an IP flood attack, a vastly increased number of pings are sent - far more than the receiving computer can handle.

The keylogger is perhaps both the simplest and the most dangerous of spyware applications. Coming in either software or hardware form, it monitors everything that is typed on a keyboard, including logins, passwords, system admin data, confidential patient information and the like. The data is stored away from view, ready for collection by a data thief, who can either pick it up remotely (software) or in person (hardware).

Malware refers to any and every type of software that exists to perform a malicious function, be that a virus, a spyware application or Trojan horse.

A network sniffer can be software or hardware-based, but it exists to sniff out the data traffic that passes between different bits of a network. It will capture every single bit of data as it rushes past, then decode and analyse the data stream to pick out passwords, logins and other useful confidential information.

The payload is geek-speak for the ultimate purpose of a malware effort. This covers everything from installing a backdoor into your system, dropping a keylogger onto a computer or installing a Trojan horse to download further malware.

Pharming is also known as domain hijacking, but whatever it is called, it involves pretending to be one thing (a website or online business) while actually being another (identity thief or other online fraudster).

Phishing is always called phishing and it usually takes the form of an email message attempting to fool the recipient (you, again) into handing over confidential, often financially sensitive, information. Phishing messages might pretend to be from banks, credit card companies, online auction and payment sites. Just think of them as “scams” and you’ll know what to do with them.

Phishing attempts also fall within the realm of social engineering, which is just a fancy way of saying conning people. Any fraud attempt which uses a non-technological method can be said to involve social engineering, be that someone phoning a PCT manager and asking for patient information, or someone turning up in a white coat and asking the ward sister for access to her computer terminal.

RAT is an acronym which expands to Remote Access Trojan and pretty much describes itself; it’s a Trojan that enables a scallywag to get remote access to your computer and its data.

A rootkit is a technology that can be used to run an infection without a computer’s operating system, security software or the end user being any the wiser. Rootkits are typically used to install and run spyware.

A smurf attack, sadly, has nothing to do with little blue men in pointy hats. It’s just another name for a denial of service exploit using “ping” flooding techniques.

Do you really need me to explain what spam is? It is unwanted email - and unless your computer systems are protected, you’ll most likely get lots of it. It’s also a kind of tinned meat. And something the Monty Python team sang about.

Spim does need some explaining though. It is spam sent via Instant Messaging technology. Whereas spit is distributed using the medium of Internet Telephony.

Spyware would probably win the award for the most overused piece of security jargon, but gets no credit from me for being an umbrella term that describes any application or process that gathers personal information and computer data without the knowledge of the user (you, dear reader) and sends this to a third party.

SQL injection seems apt for the NHS. It involves your database-driven applications having computer-code injected into them as part of an otherwise ordinary input query. The result is often that the database reveals more personal information than it should.

A SYN flood sounds exciting, but it’s just another denial of service attack methodology.

The Trojan horse, on the other hand, is at least a little bit clever. It mimics its namesake by disguising an attack as something friendly. Or put another way, it’s a piece of supposedly legitimate software that also installs a piece of malware alongside itself. A Trojan cannot replicate itself, and relies on a user (yes, you) to distribute the application. This can be by way of clicking on links in emails, opening unsolicited attachments or using web access to visit sites of a dubious nature.

A virus is the oldest of the software-based IT security threats, although that hardly makes it venerable. The term refers to any program that can self-replicate to spread an infection without any user intervention other than the host application being executed.

While a worm runs entirely independently of user input, propagating a working copy of itself onto other network hosts and consuming resources in the process.

And finally, I present to you the zero day attack. Perhaps the most dangerous of all the threats covered in this primer, it refers to an exploit that spreads into the wild and onto your systems on the very day that a security vulnerability is made known. Meaning that there are no security patches to save you from it, at least for a few vital hours…

About the author:

Author, journalist and consultant, Davey Winder has been writing about security issues for 16 years and was IT Security Journalist of the Year 2006, an award from BT.