Glossary

Please leave a comment of any additional (related!) words that you would like explained, or if you’d like further information or examples of any words listed here…

  • Phishing

    • Fraudulent emails (or any other communication) that pretends to be from a legitimate source in order to obtain sensitive information
    • Sensitive information might be personal details, username and password, banking details or any other information that you would not otherwise want to be publicly known
    • A phishing attempt might be randomly distributed or might be targeted, where the perpetrators know a little bit about the target to begin with and so can tailor the message accordingly
    • Advice: Avoid providing any sensitive information unless the website is secure
    • Advice: Never provide username, password or banking details in an email; no legitimate company should ever request that you do this
    • Advice: Never provide username, password or banking details over the phone to someone who has called you; call the company back on a number that you know to be right
  • Spam

    • An unsolicited email message that is sent indiscriminately to a large number of recipients
    • The intention of a spam message is likely to be monetary gain for the perpetrators either through paid-for surveys, illicit sales or a con
    • Spam might also be intended to do no more than cause disruption or distraction through the excessive volume of emails
    • Advice: Try to avoid perpetuating spam by forwarding “chain mails” to everyone you know, no matter how funny you might think it is most people won’t thank you for it
    • Also, canned spiced ham
    • Doubly also, hilarious Monty Python sketch
  • Scam

    • Any means of propagating a malicious message including but not limited to emails, links or direct messages
    • The message might be spreading rumours, lies, gossip, gibberish, malware or a phishing attempt
  • Social Engineering

    • Tricks used by a malicious person to fool a target into giving away information or allowing an action that would otherwise not be allowed
    • Not necessarily an on-line or computer related action but often used to support malicious activity
    • Example: calling an office computer user, convincing them that the caller is from their IT support team and then persuading the user to disclose their username and password
    • Example: dressing as a service engineer in order to be allowed into a secured building to gain direct access to the network, computers and servers
  • Vulnerability

    • A weakness in a system’s security, a chink in the armour
  • Exploit

    • Taking advantage of a vulnerability, generally with malicious intent such as trying to access data that would otherwise not be available
  • Compromise

    • To take control of a computer system or access data that should not be available
    • Essentially, a vulnerability leads to an exploit which leads to a compromise
    • Analogy
      • Imagine you have an old car that has a weak door lock, that would be a vulnerability
      • A bad person might exploit that vulnerable weak lock and be able to get into your car
      • They have gained access to somewhere they shouldn’t be, they may now have access to documents in your glove box
      • Given another common weakness in old cars that person might then be able to break a vulnerable ignition and start the engine
      • At this point they have compromised your car in that they have taken control of the car
  • Hack

    • To compromise a computer system through a combination of means including but not limited to, phishing, scams, exploits and social engineering
  • Link Jacking

    • A specific type of scam that is most prevalent in social networking websites like Facebook and Twitter where a link to a malicious website is disguised as a link to some other tempting material such as a funny video or breaking news story
  • Comment Jacking

    • A progression to Link Jacking that has been developed by the perpetrators to get around security restrictions that have been implemented by Facebook
    • Comment Jacking uses comments posted to a legitimate video or article post in order to perpetuate the scam
  • Man-In-The-Middle attacks (MITM)

    • During a web attack there are three main points of focus; the user-side PC, the website server, the networks in between
    • A MITM attack is when the attacker has access to the web traffic conversation going back and forth between the two end points
    • The attacker might be connected to the same WiFi network or might be in control of a piece of network equipment that your web traffic is passing through as part of its normal journey
    • A MITM attack might be transparently eavesdropping on the conversation, waiting for useful bits of information like credentials, or they might be actively altering the conversation so that what you seem to get back from the website is not precisely what you asked it to provide
    • An attacker might use other tricks like DNS redirection or ARP poisoning in order to divert your web traffic to go via a piece of network equipment that they control
  • Cookies

    • A small packet of data used by websites to identify users
    • Cookies can also be used to track across different websites
    • A cookie acts much like a cloakroom ticket; the ticket itself is worthless but it uniquely identifies you to the clerk in order to get the right coat back
    • Cookies are specific to a PC and a browser so if you log on to a website with Firefox, the cookies generated will only apply on that PC and only for Firefox, if you then browse to the same website on the same PC but from Chrome then the cookies will not apply
    • Process
      • When you access a website, as well as returning the text and images that make up the page you are looking at, the website may also send several cookies to your computer
      • Each time your computer then requests another page from the website it also provides one or more of these cookies
      • The cookie(s) uniquely identify you to the website
      • The website can then return data that is customised for you such as your emails, bank account or shopping basket
  • Virus

    • Any program that attempts to spread itself from one computer system to another by attaching itself to user data or system files
    • A Virus normally requires some element of human interaction such as emailing a file or copying a file from one computer to another
  • Trojan

    • Any program that pretends to provide a typically safe purpose while hiding a secondary malicious purpose
    • Trojans might be disguised as free software (screen savers, games, password crackers, etc) or as innocent/interesting files (scandal videos, payroll/HR spreadsheets, package delivery forms, etc)
  • Worm

    • Any program that attempts to spread itself from one computer system to another by exploiting weaknesses or vulnerabilities in a computer or network
    • Unlike a Virus, a Worm typically does not require any human interaction in order to spread itself as it has some measures of automated discovery and propagation
  • Note on Virus, Trojan and Worm

    • These terms are often erroneously used interchangeably and while it is true that they are each undesirable and likely to cause harm, understanding the different ways in which they propagate and infect a computer can help when trying to clean up an infection
    • A Virus, Trojan or Worm will normally have a malicious payload that will attempt to interrupt the normal operation and activity of a computer, this may be immediate, delayed, persistent, sporadic or idle
  • Malware

    • A general term that includes any software that does something you would not want it to do
    • Including but not limited to spyware, adware, keyloggers, backdoors
    • May also include software that can damage your computer such as viruses
    • Malware will often perform several functions at once
    • Malware will often disguise itself as a legitimate application to avoid detection and removal
  • Rootkit

    • Rootkit attempts to allow persistent administrator level (root) access to a computer
    • Rootkit often goes undetected by operating at a level lower than the operating system, meaning that the malicious code is already running before the operating system (Windows, Ubuntu, OSx, etc) loads
    • A Rootkit infection can be used to hide further infections from discovery by modifying and manipulating system files and detection tools
  • Backdoor

    • A Backdoor is a specific type of infection that often has no malicious facility by itself, other than creating a means for other infections to more easily gain access
  • Spyware

    • Spyware often has no visible indicators and will sit quietly in the background recording activity on the computer, typically what websites are visited
    • This information is often used for fairly innocent actions such as tailoring adverts so that products shown are likely to appeal to the user
    • This information might also be used to tailor a phishing attempt so that products shown are likely to appeal to the user
  • Adware

    • Adware will display adverts in an attempt to elicit sales revenue from the user
    • Adware may advertise legitimate products or it may advertise bogus or even malicious products such as fake anti-virus tools
  • Keylogger

    • A specific sub-set of Spyware that records keys pressed
    • Usually used to specifically target login details for on-line services such as banking, social networks or email services
  • Blended Threats

    • It is becoming increasingly common for a malicious person or an infection to use several attack vectors simultaneously or sequentially to increase spread, devastation or information gathering