ScanSafe

Client Login | International Users
Search

1.   Cross Site Scripting
Cross-site scripting (XSS) is a type of computer security vulnerability that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user. Common XSS targets include search engine boxes, online forums, social-networking sites and public-accessed blogs. Once XSS has been launched, the attacker can change user settings, hijack accounts, poison cookies with malicious code, expose SSL connections, access restricted sites and even launch false advertisements.

2.   Exploits
An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to gain control of a computer system or allow privilege escalation or a denial of service attack.

3.   DoS Attacks
A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, the attack aiming to cause the hosted Web pages to be unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB).

DoS attacks have two general forms:
  • Force the victim computer(s) to reset or consume its resources such that it can no longer provide its intended service.

  • Obstruct the communication media between the intended users and the victim in such that they can no longer communicate adequately.


4.   Identity Theft
Identity theft (or identity fraud, iJacking) occurs when someone wrongfully acquires or uses another person's personal data, typically for their own financial gain. Sometimes it is referred to as "identity fraud" since the criminal impersonates rather than 'removes' the victim's identity.

5.   Malware
Malware is software designed to infiltrate or damage a computer system, without the owner's informed consent. It includes computer viruses, worms, Trojan horses, spyware, adware, and other malicious and unwanted software.

6.   Phishing
Phishing is a form of criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, with the information acquired by a 'fake' Web page.

7.   Rootkits
A rootkit is a collection of tools that enable administrator-level access to a computer or computer network. Rootkits are usually installed on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. A rootkit can consist of spyware and other programs that monitor traffic and keystrokes, create a "backdoor" into the system for the hacker's use, alter log files, attack other machines on the network; and alter existing system tools to escape detection.

8.   Social Engineering
Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally accepted that users can be the weak link in security and this principle is what makes social engineering possible.

9.   Session Hijacking
The term refers to the exploitation of a valid Session key to gain unauthorised access to information or services in a computer system. Session keys are normally randomised and encrypted to prevent session hijacking.  For the attack to succeed, the victim must use telnet, rlogin, ftp, or any other non-encrypted TCP/IP utility. Use of SecurID card, or other token based secondary authentication is useless as protection against hijacking, as the attacker can simply wait until after the user authenticates, then hijack the session.

10.   Spam
Spam is the abuse of electronic messaging systems to send unsolicited, bulk messages. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, and mobile phone messaging spam.

11.   Spoofing
A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.

12.   Spyware and Adware
Spyware and adware typically deploy without a user's express knowledge and are often difficult to remove. Common behaviors include passing information about a user's behaviour, displaying 'pop-up' advertisements and hijacking web requests.

13.   Trojan
A Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

14.   Vulnerabilities
Vulnerability refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the data and applications it hosts. Vulnerabilities may result from bugs or design flaws in the system.

15.   Web Viruses
Viruses are malicious self-replicating programs, much like biological viruses.  They insert destructive 'code' into normal 'code', and this can cause a range of very significant problems for the users, network and enterprise.

16.   Worms
A worm is a piece of software that uses computer networks and security flaws to create copies of itself. A copy of the worm will scan the network for any other machine that has a specific security flaw. It replicates itself to the new machine using the security flaw, and then begins scanning and replicating anew.

17.   Zombie PCs
A Zombie PC is one that is infected with malware to perform a task without the knowledge of the user. These 'hijacked' PCs are often unwittingly used to distribute spam, pornography or initiate a DoS attack.