Tools
Terminology
Pharming
A type of social engineering attack in which a fraudulent website is used to trick a user into giving out their sensitive personal information, such as their banking or e-mail account details.
A pharming attack typically depends on "DNS poisoning", which involves seeding the user's hosts file or a DNS server with false information. In this case, the DNS poisoning tactic redirects users from a legitimate website to a copycat website under the attacker's control. Any information the user enters in the malicious website is then compromised.
A pharming attack may also be used in conjunction with a 'phishing' attempt. In this case, a misleading message leads the unsuspecting user to the malicious website.
Pharming is pronounced the same as "farming".
Phishing
A type of social engineering attack in which fraudulent communications are used to trick the user into giving out sensitive information, such as passwords, account information and other details.
A phishing attack usually involves a fake communication, supposedly from a trusted corporation or institution, that uses an alarming pretext such as "restoring access to a bank account" to pressure the user into providing their sensitive details. The communication is most commonly done via e-mail, but phishing attacks by instant messages and SMSes are also known.
Sophisticated attempts will direct users to a seemingly-legitimate website, which is actually under the attacker's control. Any information the user enters in the malicious website is then compromised.
Phishing is pronounced the same as "fishing". Phishing is a criminal activity in many jurisdictions.
Polymorphic Virus
A virus that mutates, or modifies, its own code at various intervals. The changes in code typically occur each time the virus replicates, or infects a new machine.
Detection and disinfection of a polymorphic virus can be very challenging, as mutating code makes traditional signature-based detection methods ineffective.
Resident
A program that remains in a computer system's memory after it has been closed and control has been returned to the operating system is said to be "resident" in the memory, or memory-resident.
Replication Mechanism
An essential feature of certain types of malware. If the program does not include a routine specifying a method for replicating its own code, it does not meet the definition of a virus or worm.
Rogue
An antivirus or antispyware application that does not provide the functionality claimed, and may not work at all.
Also known as rogues or scareware, these programs are often the subject of hoaxes, or programs that promote these deceptive products using aggressive or fraudulent sales tactics.
Rootkit
A technique or program that allows malware to obscure the fact that a computer has been compromised. Rootkits work by directly interfering with the operating system and critical system mechanisms, and essentially "cloaking" the malware's activities.
A rootkit's manipulation of critical system functions allows it to circumvent or even subvert most security processes, making them difficult to detect and remove with normal security programs.
See also: F-Secure BlackLight
Signature
A sufficiently unique section of code that can be used as a program's identifying marker. A signature may also be known as a "definition".
A malware's signature is listed in an antivirus program's database. Each time the program scans a computer system's files, it searches for code matching any signature in its database; any file found with matching code is automatically flagged as a potential security risk.
Social Engineering
A general term used to describe attacks that leverage on psychological or social pressures to dupe an unsuspecting victim into providing sensitive information such as passwords, account details and so on.
Social engineering attacks can take place both online and offline. Online social engineering attacks usually take the form of phishing or pharming attempts. Examples of offline attacks include pretending to be a surveyor and asking people to provide their passwords in return for a prize; calling a company and pretending to be an employee to gain access to the company intranet; or leaving an infected disk in a position where someone is likely to pick it up and use it, thereby infecting their system.
SQL Injection
A type of attack that targets improperly configured Structured Query Language (SQL) databases. SQL databases are a common feature of most modern interactive websites.
An SQL injection attack involves exploiting poor user-input filtering to inject and run executable commands in the database. Technically, a few types of SQL injection attacks are possible, but the end result of all successful SQL injection attacks is that an attacker can manipulate or even gain total control over the database.