GLOSSARY of Computer and Data Security Threats
Today, malware is unlikely to only sabotage your hard drive, corrupt your data, or display scam messages. Such cyber-crime has given way to more insidious methods. Today’s viruses might allow a scammer to encrypt all your files and ransom them back to you.
Or a hacker might blackmail a large company by threatening to launch a denial-of-service attack, which would prevent customers from accessing the company’s website.
More commonly, though, viruses don’t cause any apparent damage or announce their presence at all. Instead, a virus might silently install a keystroke logger, which waits until the victim visits a banking website and then records the user’s account details and password, and forwards them to a hacker via the Internet.
Today’s hacker is an identity thief, using these details to clone credit cards or empty bank accounts. The victim isn’t even aware that the computer has been infected. The virus may delete itself once it has finished its task in order to avoid detection.
Another trend is for malware to take over your computer, turning it into a remote-controlled zombie. It uses your computer without your knowledge to relay millions of profit-making spam messages. The infected computer may become a tool to infect others.
Originally, phishing involved sending out mass-mail messages that appeared to come from banks, asking customers to re-register confidential details. It’s evolution, spearphishing, by contrast, confines itself to a small number of people, usually within an organization. The mail appears to come from colleagues in trusted departments, asking for password information. The principle is the same, but the attack is more likely to succeed because the victim thinks that the message is internal and trustworthy.