 |
|
|
|
| Close | |||
| Cyber Threats | |||
|
|
|
|
| This is a list of over seventy internet nasties which have appeared on the scene, since the mid 1990s, in chronological order more or less. Not one of the listed threats has actually gone away, so the list and the risks just grow and grow. Some general notes appear at the end of the list. | |||
|
|
|
|
| 1. | Viruses - computer viruses were around long before the internet and, in those days, were the one and only threat that existed. They were spread from machine to machine via floppy disks - which were then the only means of installing new programs or games on a computer. But the web, email and browsers all came along in the 1990s, opening up easier ways for viruses to be spread. Although floppy disks have all but died out, viruses can and do continue to hop from computer to computer via any other kind of removable media such as Zip disks, CDs, DVDs, USB drives, memory sticks, flash memory cards etc. - so viruses remain an ever-present and potent risk that will never go away. Some common and efficient media-hoppers are the ancient Redlof.htt and the newer RavMon.exe + Autorun.inf combo, to name but two. Viruses can, of course, be kept safely in check - but only by religiously scanning, before opening, any files which you have downloaded from the internet or acquired via removable media from another computer, and by never opening files you were not expecting to receive, especially not ones with mysterious names (like redlof or ravmon etc.). | ||
| 2. | Cookies - tiny files continually being downloaded to your hard disk by almost every website you visit (not this one) so as to secretly track your usage of the web. Not a serious threat in themselves - but they paved the way for everything else on the internet that later would be. | ||
| 3. | Spam - the internet's equivalent of the junk mail that comes through your letterbox. Opening unsolicited spam was once a common way to acquire viruses. But, nowadays, opening spam is more likely to make you a victim of online fraud and will also ensure your Inbox is bombarded by even more of spam. So never open unsolicited emails, never. | ||
| 4. | Email scams - spam aimed at deceiving and defrauding the unwary, naive or greedy. There is tons of it about. Same message - never open unsolicited emails. | ||
| 5. | Email viruses - email took over from floppy disks as the next main way of transmitting viruses - eventually resulting in the high-profile anti-virus software industry. | ||
| 6. | Web Bugs - tiny tracker images in spam email. They tell the spammer you opened their email to read it, so they then know your address is 'live', hence they will keep spamming you, and will also sell your email address to other spammers so you get even more spam. That is why you should never ever open even a single spam email. Once you have there's no stopping the bombardment. | ||
| 7. | Adware - parasite code secretly installed to a computer's hard disk in order to generate popup ads. | ||
| 8. | Dialers (tech spelling of 'diallers') - code secretly written to a hard disk which
can reroute somebody on a pay as you go dial-up internet connection to a premium rate exchange,
leading to a sometimes massive phone bill. A bill which you are obliged to pay - even
though you are completely innocent - or you will be abruptly cut off and then prosecuted. The later emergence of faster broadband connections enabled ISPs to enforce a return to the bad old early days of the internet of access only by subscription - but that happens to protect people from the risk from dialers. |
||
| 9. | Worms - like viruses but harder to stop or detect, and able to spread by secretly emailing themselves to other people in your Address Book. | ||
| 10. | Trojans - a small malicious program, secreted within an ostensibly genuine downloaded program, designed to damage or disable other software and/or to collect information about the user of the computer. Like a worm but harder to detect. | ||
| 11. | Hackers or Script-Kiddies - misguided or failed programmers who resort to secreting code on other people's or organisations' computers to control aspects of the computer for their own gain or amusement. | ||
| 12. | Spyware - parasite programs that you unwittingly allow to be installed on your hard disk which then secretly transmit information about you or your surfing habits to some unknown third party. | ||
| 13. | File Share viruses - malicious code piggy-backed on downloads from file-sharing websites. | ||
| 14. | Browser Toolbars - browser add-on toolbars masquerade as harmless fixtures but are really running-programs intent on spying on you to some degree or other. | ||
| 15. | Phishing (tech spelling for 'fishing') - cybercrooks sending out mass spam emails blindly fishing for people dull enough to give out their bank account and credit or debit card details. Phishing began long before the internet via cold-call phone calls (that's where the 'ph' in place of an 'f' came from). Indeed, phone-phishing for people's names, addresses and bank or card details is still with us, and people actually fall for these unsolicited phone-call scams even more readily than email scams, possibly because they are less frequent so you are caught off-guard. But either way, you would not believe just how stupid some card and bank users can be - unless you've been one of them yourself, in which case you know only too well! | ||
| 16. | Search Engine spamming - rogues creating multitudinous websites all linking back to each other to trick search engines into returning numerous, high-ranking links all pointing back to their own pages - pages which are often completely irrelevant to your original search e.g. a page listing another lot of interconnecting links. | ||
| 17. | Search Engine links - links in search engines for any subject may lead to booby-trapped web pages. Search engine links have taken over as the main medium by which malicious software infections can be acquired. | ||
| 18. | Workplace spyware - software used by employers to secretly snoop on what their employees are up to all day on their computers or are saying in their emails. People have been disciplined, demoted or even sacked as a result. Be warned. | ||
| 19. | Bogus Bank sites - websites smartly designed to pass themselves off as your own bank's website in order to obtain your passwords etc. and then steal money from your account. Spam emails are what usually lure victims there in the first place. | ||
| 20. | Messaging Services' viruses - beware of a risk of infection from using messaging services. | ||
| 21. | Bogus Escrow services - websites passing themselves off as, or an equivalent of, PayPal's safe-payment system in order to trick you out of your money. (2005) | ||
| 22. | Bogus Anti-spyware tools - beware of phoney websites or popups tempting you to download anti-spyware tools as they will also be sending you some real spyware. | ||
| 23. | Warning Notices - if you find you have been drawn to a web page that looks safe because it carries a notice warning you about other websites which are bogus, do not be fooled into thinking a fraudulent website would never carry such a message. It's the oldest trick in the book. These people will go to any lengths to look authentic - and dummy warning notices is merely one of their most audacious and successful ways of tricking people into trusting them. (5/06) | ||
| 24. | Web page and weblog deceptions - seemingly genuine and professional looking web services, of endless varieties, which exist purely to deceive people in some disadvantageous way. Don't believe everything you read! | ||
| 25. | Browser Address Bar Redirections - malicious code designed to cause a browser's address
bar to display a genuine-looking URL (e.g. for your bank) when you are actually at a spoof website
without the URL you can see. Originally an IE problem - since fixed provided your version
is IE6 or higher. Problem later found to exist in Apple's 'Safari for Windows' browser. (4/08) |
||
| 26. | Zero-day exploits - code aimed at exploiting a previously unknown bug in a program before a patch has been issued. | ||
| 27. | Keyloggers (1) - a software keylogger is a malware program put on your hard drive without your knowledge for the purpose of logging all keys you press, and the order in which you press them, so somebody else can obtain your name, address, phone number, passwords, bank account numbers etc. A keylogger could be on any computer you use, the one at home, at work, in an icaff or your laptop, so be aware of the risk. Software keyloggers are running programs or processes so are detectable and removable, but only if you look and know what to look for. If you are worried a keylogger might be on any computer you are using, say one in an icaff, the safe way to input your credit card details would be by using Windows' built-in on-screen keyboard. Also see Screenloggers and Keyloggers (2) below. | ||
| 28. | Botnets - networks of home computers which have been successfully compromised by hackers to carry out things like mass spamming to names in people's email Address books. | ||
| 29. | Wi-Fi intercepts - a mobile wireless network set up by hackers near a licensed public Wi-Fi hotspot in order to intercept traffic and steal data from any laptop that connects to the 'evil twin'. | ||
| 30. | Screenloggers - malicious code on your computer, much like a keylogger except it sends out captured images of your screen so the hacker can actually see what things you are typing in - like personal details, bank account numbers etc. | ||
| 31. | Pharming (tech spelling for 'farming') - cybercrooks using blanket blind spamming or phoning as a means of farming (i.e. harvesting) people's bank details. | ||
| 32. | Bogus Firewall Leak-testers - beware of fake websites or unsolicited popups offering to do an online test of the effectiveness of your firewall as they may be including malicious code at the same time designed to actually neutralise your firewall. | ||
| 33. | Rootkits - | ||
| 34. | Zombie-PC networks - | ||
| 35. | Packet sniffers - | ||
| 36. | Ransomware - trojan program you unknowingly allow to install itself which then compresses data files on your hard drive into encrypted zip files in order to demand a payment of £150 for a password to unlock the files. Fail to be blackmailed and you've lost all access to the data. Pay up and they'll probably encrypt it again with a different password. After that, you'll certainly remember the saying "Once bitten, twice shy"! (10/06) | ||
| 37. | Driverware - beware of bogus websites pretending to offer updated drivers as a means of secretly downloading malicious software. | ||
| 38. | Search Engine Toolbars - beware of exact replicas of a search engine's toolbar download page as they are there to send a trojan (e.g. W32.Ranky.FW which turns a PC into a bot zombie). (10/06) | ||
| 39. | Bogus Music Download Sites - beware of fake websites that offer music downloads only as a means of gathering your personal and card details for identity theft. | ||
| 40. | Social Network Sites - these sites are a highly popular fad but dangerous because the sites encourage people to post their real personal details and photos online - which can then be gathered by ID-thieves, or phished for by employers as a modern way to assess/reject job candidates. | ||
| 41. | Bogus Registry Cleaners - beware of phoney websites or unsolicited popups tempting you to download a registry cleaner tool - malicious software may be included. | ||
| 42. | Bogus Shopping Sites - beware of fake shopping websites that will take your money but have no intention of sending any goods. | ||
| 43. | Ticket Agencies - beware of unscrupulous websites that will take your money for tickets they haven't actually got - so you not only lose your money but you miss that once-in-a-lifetime gig as well. | ||
| 44. | Cybercads - crooks who frequent online dating sites. They will spend as much as 3 months romancing a person by email, hiding behind an invented name and somebody else's picture, passing themselves off as black, white, male, female, straight, bent, American or European - whatever it is you were looking for. The clever thing is they're at it full time, spinning the same yarns to dozens of other people all over the world all at the same time. And, just when you think you are about to meet the 'person' you've fallen for, the romantic emails suddenly change to desperate bad luck stories as a cue to beg money off you. No matter how much you send (the known record stands at £11,000!), you will never get to meet up because they don't live where they say and don't look anything like the photo they sent you over the internet. This is a highly sophisticated and very prevalent twist on the notorious 'Out of Africa' email scam. | ||
| 45. | Keyloggers (2) - hardware keyloggers perform the same act as software keyloggers (see higher up) except they are undetectable by the user. Use a search engine to learn more about them. See Keyloggers (3). | ||
| 46. | Desktop Widgets, Wotsits or Gadgets - little programs which provide information on your desktop like the weather, time, share price movements etc. At best, an irrelevant drain on your computer's resources. At worst, a means by which malicious websites will download bad stuff to your computer at the same time as sending the wotsit. | ||
| 47. | Animated-cursors - beware of websites or popups offering downloadable animated cursors as they might be a guise to download bad stuff to your computer as well. | ||
| 48. | Booby-trapped images - | ||
| 49. | Drive-by downloads - malware acquired from a compromised or deliberately booby-trapped web page without you having to do anything other than visit, or click a link leading to, the said web page. | ||
| 50. | MBS billing - an online debt collector which uses persistent spyware popup windows
to nag you into paying up for a genuine online debt you didn't realise you had incurred after
visiting a colluding website. Search online if you want to know more about MBS and for
possible ways to escape their clutches. (8/07). An OFT inquiry subsequently allowed MBS to continue in business with a relatively unmodified scheme. If you still fall foul of MBS; after all the adverse publicity, you deserve everything you get for being so gullible in the first place - and you will now probably have to pay up, no matter how much you protest, now they've got official condonation. [Update 4/08] |
||
| 51. | Music download tracking - be aware that tracking code might be secretly embedded in downloaded music files in order to check your computer for illegal piracy or copyright breaches. | ||
| 52. | Bogus Internet Security Suites - beware of phoney websites or popups tempting you to download security software as it will also include malicious software. | ||
| 53. | Bogus Auction-Helper tools - there are dozens of fabulous 3rd-party desktop and online eBay-helper tools, anything from listers, searchers and hosters, to snipers and zero-bidders. It's a minefield and crooked program writers are trying to cash in on the unwary. The fact that you have to pay to obtain some of the services is no guarantee they are genuine - they might only be after your credit card details. Research them first, check with friends or forums and - ignore any that come to your notice via unsolicited emails, popups or website links as they are the ones most likely to send you malicious software as well. | ||
| 54. | VOIP Messenger Services' viruses - viruses are on the loose which can now move via this medium. | ||
| 55. | Bogus Medicines and Drugs - beware of websites which appear to be selling drugs or brand-name medicines and pills, at attractive prices, but will send you weaker or useless fake products instead. | ||
| 56. | Cyber flirts - innovative automated software like 'CyberLover' which looks and responds like a real person on dating sites, so as to sucker personal details and photos out of unwary users, with a view to committing identity fraud. (1/08) | ||
| 57. | Credit Reports and Credit Reference Agencies - beware of websites or popup ads offering to provide you with a credit report for free or for a nominal fee. Even if you know the site is run by a bone-fide company, it is there only to gather saleable personal details about you which you would not otherwise dream of divulging to a stranger. And, worse, if it is a fake site, it will go on to misuse those details by stealing your identity. Always remember the only good credit reference report is a bad one. Because, then, the high-street money-lending parasites cannot, at least, put that person in any more debt. If you have been declined a loan or credit card, that is probably the best thing that could happen to you. Do not then go putting all your personal details out on the internet to try to find out why. That's the worst thing you could do. You have a lot to lose and absolutely nothing to gain from credit report agencies. | ||
| 58. | JavaScript threat - advanced JavaScript code on infected websites which bypasses a viewer's anti-virus filters so that keylogging software can be downloaded to steal personal data. Currently unstoppable except by surfers disabling JavaScript (Feb 2008). If you did not come here from our page dedicated to JavaScript security you can click here to go to our JavaScript notes. | ||
| 59. | Rogue Marriage Bureau and Dating Agencies - these differ from the dating-site scams (see 'Cybercads' higher up) as you will, at least, actually get to meet a real person. The only problem is the person is in on the scam so nothing will ever come of the relationship. In fact, they will be stringing along many other unwary punters all at the same time who, of course, will all be continually forking out for things like trips out, clothes, hols, air fares, endless begging and, of course, not forgetting the agency's fees! (2/08) | ||
| 60. | Suicide sites - At the end of the day, malicious websites can only damage your computer
or your bank balance. Suicide sites are a much more sinister threat. Idiotic do-gooders
who think the media (which includes the internet) should not be censored have got it so wrong.
Every website with anti-social, criminal or fraudulent intent should be throttled at source
by those with the means. N.B. Suicide sites threaten the lives of otherwise healthy but mentally-vulnerable young people. Those bad sites must never be confused with good sites about 'voluntary euthanasia'. VE is for perfectly normal, older people who have no desire to die but are driven to it because they are suffering intolerable pain or degeneration from some incurable protracted disease. Most certainly no need to ban those sites or services. (2/08) |
||
| 61. | Quicktime Video Player - thousands of innocent UK websites have allegedly been hacked with malicious code which, when visited, runs a JavaScript which exploits a flaw in Internet Explorer and Quicktime to allow a keylogger to be downloaded. Make sure you have the latest update patches. Security firms are having a hard time combating these attacks because the names of the scripts and the programs are being disguised under variable names. (2/08) | ||
| 62. | ISP Spyware - Leading UK ISPs are colluding with a software company to record every website their customers visit in order that the other company can sell the data to advertisers. The biggest UK ISP had already been doing just that in secret trials dating from 2006. Recent protests mean their customers at least will now have a chance to opt out. Use a search engine to find out if your ISP is going to spy on you. (3/08). Six ISPs are now involved, up from the original top three [Update1 10/08]. UK's 6th-biggest ISP has refused to be involved [Update2 11/08]. | ||
| 63. | Theatre Tickets' scam - Crafty ticket agents prey on tourists and toffs by using websites named and designed to look like, and rank higher in search engines than the online booking offices of famous theatres. Viewers will probably get the tickets they order but, what they won't know, is they are paying up to 40% above the face value they would have paid if they had clicked an alternative link to the theatre's own booking page. (4/08) | ||
| 64. | Master Card and Visa Card phishing scam - emails lure you to spoof sites that look exactly like the card company's real site where you are enticed to give them your card details in exchange for the false promise of improved online card security (sic) and discounts on online purchases. (4/08) | ||
| 65. | Boiler Room share scams - These have been known about for a few years. It is a £multi-million racket and yet still nobody does anything to stop the fraudsters or try to recover people's lost savings. It starts with a series of out-of-the-blue befriending emails, or phone calls, which gradually hypnotise gullible victims into parting with initially smallish sums of money in exchange for share certificates in companies on the promise of big returns. Once a person is convinced that everything is genuine, usually because of a seemingly smooth and simple completion of the first transaction, more phone calls (no emails anymore) sucker the victim out of ever bigger sums quickly, before any doubts can set in. In all cases, it eventually transpires that all the certificates were for shares in companies which were worthless, non-existent or, the most worrying latest twist, foreign-registered imitations of top-brand companies. If you ever get one of these phishing scams, whether by email or phone, never give them any personal details, at least not true ones. And never waste any time trying to discover if the calls might be genuine because they never are - repeat never. If you want some shares, buy them through your bank. Safe and simple! (5/08) | ||
| 67. | Keyloggers (3) - Hardware keyloggers are now available as a small, cheap USB device which can be plugged into the back of a computer, by anybody, between the box and the keyboard cable, and you'll never know. (6/08) | ||
| 66. | JavaScript NOSCRIPT threat - Internet security firms have been advising surfers for
some time not to allow their browsers to run JavaScripts from sites other than those sites they
trust and have whitelisted. But blocking JavaScript in a browser invariably results in
a NOSCRIPT message being displayed which itself can be used to carry a malicious package or
an alluring link to a booby-trapped web page. N.B. The most convenient and secure place to block JavaScript is in a firewall so, ideally, make sure you are using one which actually grants you that flexibility. That will also stop a NOSCRIPT message from appearing even if JS is blocked in the browser as well. Alternatively, a plug-in for Firefox called NOSCRIPT may be worth looking at. (8/08) |
||
| 67. | e-greetings cards - a few years back these were just a harmless bit of fun in one's Inbox. But open one of these nowadays and, if from a bogus copy-cat phishing site, you are far more likely to be greeted by a malicious attack on your computer. (8/08) | ||
| 68. | PDF files - beware of PDF files attached to or linked to in unsolicited (phishing) emails. Once opened, the PDF could download a further file designed to give hackers access to your computer. (8/08) | ||
| 69. | Bogus Anti-virus tools - beware of out of the blue warning messages on your screen alleging your computer is infected with a virus or spyware. If you fall for the invitation to buy and/or download the 'advertised' anti-virus or anti-spyware program, the fake tool will infect your machine with a trojan. (9/08) | ||
| 70. | Facebook Flash Player threat - beware of unsolicited messages on your Facebook wall inviting you to click a link to view a video. If you click it and it gives a message you need to download a newer version of Adobe's Flash Player, and you click the link to download it you get a trojan instead. (9/08) | ||
| 71. | Chrome browser - this brand-new beta-version browser provides low control over cookies and no obvious means for turning off JavaScript, Java or ActiveX. So remember, surfers who follow links blindly, including links in leading search engines, are frequently led straight to booby-trapped websites which exploit those very technologies. The solution recommended by security firms is to surf or search with JavaScript, Java and ActiveX all disabled in your browser, and only allow them for specific sites you trust and have whitelisted. Those features can be turned off selectively, collectively or temporarily in Internet Explorer or Firefox but not yet in Chrome. (9/08) | ||
| 72. | Codecs con - you download a music file from a P2P file-sharing network, when you try to play the track it instead fires up Internet Explorer showing a web page saying you have to download a new codec first. All seems pretty harmless - until you click the link to download the codec and you are secretly sent a malicious trojan as well which then spreads by hunting out and infecting all the other MP3 files on your hard disk so that it might be copied from your machine by other file-sharers. Nasty! (9/08) | ||
| 73. | YouTube threat - you follow a link to a seemingly genuine You Tube page but it might be totally fake, with no way of telling, and designed explicitly to download malware to your computer. (10/08) | ||
| 74. | ClickJackers - you visit a website, which could be a spoof site or an innocent site which has been hacked into, you see a button to a mainline site like BBC News or Amazon etc. so you click on it. But, invisibly layered over the button is a transparent hyperlink which has a malicious intent. To avoid this trap, never surf with Adobe Flash Player enabled or, if you must, use only version 10 or higher which have been patched to defeat the threat. (11/08) | ||
| 75. | Auto-trading scams - this is another fraud which has made the leap from phone to internet. If you are buying or selling a car, caravan, horsebox, boat etc. online you are in big danger of being duped by phoney sellers, buyers or agents and by bouncing cheques. The biggest loss in the UK to date is £78K on a phantom Porsche purchase. Trust nobody while they only exist in an email or on a web page. And always wait for cheques to clear before sending agents' fees or parting with keys. (11/08) | ||
|
|
|
|
| Long list isn't it?! If you already had a good idea about most of the above things, and how to evade them, you are obviously on the ball. But, if you didn't have a clue, that means you are a highly vulnerable surfer whose computer, bank account or identity may already have been compromised or, if not, probably will be sooner or later if you do not become more savvy. All of the known threats can be blocked or avoided, but only if you have appropriate strategies for doing so. | |||
|
|
|
|
| It should also be noted that not one of the above 60-odd threats has actually gone away. They are all still floating about out there, in one form or another - waiting to trap the unwary. Even the granddaddy of them all, the 'Out of Africa' email scam, is still going very strong. There is clearly no limit to the evolving ingenuity of the fraudsters. The internet has definitely become the playground of criminals. So watch out because, if you have allowed a third-party toolbar to be installed to your browser, as many people have, you already have a conspicuous red flag right in front of your eyes that you can easily be hoodwinked into thinking something is good for you without even considering what its ulterior motive might be. | |||
|
|
|
|
| If you want to know more about any of the items in the above list, feed them into a search engine. But do remember that links in search engines have a nasty habit of pointing to booby-trapped websites whose unsolicited download offerings are the main way by which malicious software infections are distributed. So, before using any search engine, always ask yourself first "Have I done what I need to do to protect my computer from infection in the evnt that I follow a search-engine link to a dangerous website?". If, prior to reading this, you have been fairly blazé about clicking links in search engines, emails or popups, we would advise you should either tighten up your surfing habits or continue to run the gauntlet and, when you do eventually fall victim to a phishing scam or to ID theft, be prepared to recognise whose fault it was. | |||
|
|
|
|
| Close
- please close this popup after use or it may stop similar windows from appearing. |
|||
|
|
|
|