A Trojan is malware disguised as harmless software, named after the wooden horse the ancient Greeks used to trick their way into the city of Troy. The intent of the hacker is to get you to install it by making you believe it’s safe. Once installed on your computer, a Trojan can do anything from logging your keystrokes, to opening a backdoor and giving the hacker access to your system.
There are several ways in which a Trojan can infect your personal computer. The most common infection vector hackers use is to trick you into clicking on a file or email attachment. Often, these attachments can come to you by way of a friend whose account has already been compromised, making you believe the contents are from a trustworthy source. Other times the hacker may try to scare you into opening the attachment, making it seem like it is an official notice from the IRS, FBI, or your bank.
Email may be a popular delivery vehicle for Trojans, but it’s not the only one. Clicking on a malicious link on Facebook or other social media sites can allow a hacker to inject a Trojan into your personal computer. Even though these sites take security seriously and are as vigilant as possible, there have been instances when Trojans have infected users this way.
2. Drive-By Downloads
In a drive-by download attack, you don’t have to click on anything to initiate the download and installation of malware – just visiting a website that has been compromised is enough to get your computer infected. A rather dated but good example of this was the infected site known as Spyware Warrior, in 2004, Internet users who visited had unwanted software installed on their systems – a collection of eight advertising programs that, in addition to causing other problems, hijacked the users’ homepage and search bar, and placed advertisements in the users’ “Favorites” folder.. According to
A drive-by download exploits exposed security flaws in your web browser, operating system, or other software that has not been recently updated or patched. Unfortunately, the download and installation of the malware is invisible to the victim. Also, there is no way to tell whether a website is infected just by looking at it.
If you suspect that a site poses a possible threat to your computer, check a blacklist of malicious websites before navigating to the homepage. BlackListAlert.org is a free service that can alert you as to which sites have been placed on a blacklist.
The stealth and effectiveness of a drive-by download makes it one of the best methods in a hacker’s arsenal today. As a result, this form of attack has been on the rise and will only continue to get worse unless computer users take the proper precautions. Updating your software and using the latest version of your favorite web browser is a good start since it will close any newly discovered security holes these infected sites can exploit.
A rootkit is not exactly malware like a virus or Trojan. It is something much more insidious: a malicious segment of code injected into your computer system, designed to hide any unauthorized activity taking place. Since rootkits grant administrative control to the attacker, your computer can be used without restrictions and without your knowledge.
A rootkit can attack and replace important operating system files, allowing it to hide or disguise itself and other malware. Once a rootkit has buried itself deep within your system, it can cover an intruder’s tracks (by altering system logs), cover up evidence of malicious processes running in the background, hide files of all types, and open a port to create a backdoor.
Some rootkits are designed to infect a computer’s BIOS (basic input/output system), which is a type of firmware that initializes the hardware when your computer is powered on. When rootkits invade this part of your system, it makes even operating system reinstallation or disk replacement an ineffective strategy to neutralize the rootkit infection.
Many of the worst, most destructive kinds of malware use rootkit technology. Since rootkits can infect different areas and different files, it is very difficult for even moderately experienced users to deal with them. Unfortunately, you will not even know whether you have this type of malware since it is designed to hide itself so effectively. That is why avoiding questionable sites, diligently updating your antivirus software, avoiding dubious email attachments, and generally protecting your system is a good way to make sure you never fall victim to this type of ingeniously malicious infection.
One problem with using Bio-metrics for identification
Biometrics are a security approach that offers great promise, but also presents users and implementers with a number of practical problems. Whilst some of these are technical, and possess technical solutions, however difficult they may be to implement, others are social and cultural. Social and cultural barriers are much more complicated to resolve, and need much more thought by would-be implementers as well as the manufacturers and suppliers before they will succeed. Culturally, one size does not fit all, and that may increase the cost and complexity of solutions.
For some considerable time now the personal identification segment of the IT security industry has been trying to improve on the use of the identifier and password as the means of authenticating the user of an IT service. The problems of managing password based systems, their weaknesses, and the (now) classical ways of attacking or subverting such systems are well documented and need not be considered here.
Many consider that such simple authentication measures need to be reinforced, and refer to multi-factor authentication, based upon:
- a secret that you know (password)
- something that you have (a token)
- something that you are (a biometric).
In the IT world, probably the most commonly implemented method for token authentication is the SecureID token. (Smart cards for mass transit rail systems and telephone cards are more numerous, although they do not really authenticate the user. Possession of the token authorizes the holder to have a use.)
The introduction of advanced security techniques such as public key cryptography (better known as PKI – public key infrastructure) has increased the need to be able to store secret information (a private key), because a user could never remember a randomly constructed password that long (RSA 2048 would require you to remember a mere 256 characters worth of information and be able to input it reliably!).
The rapid increase in fraud, and in particular credit card fraud, is creating demands for greater security methods than magnetic stripe cards and handwritten signatures offer. This has seen many card issuers issue chip or smart cards which require a password (commonly a four digit PIN) before they can be used. However, these are by no means generally implemented. A spot check on the various cards in my pocket showed only 50% of the various bank/credit cards have chips, whilst none of the others have that facility.
-Geraldine Kaye Medrocillo