Security threats demystified

Knowing the difference between a worm and a virus can help boost a company's defenses against such malicious code threats.

ZDNet Asia asked Symantec to give a lowdown on the common security threats affecting businesses today. Small and medium-sized businesses can use this checklist to identify the gaps in their corporate IT security policies and infrastructures.

Worms
A worm is a program that makes and facilitates the distribution of copies of itself--for example, from one disk drive to another, or by copying itself using e-mail or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive by exploiting a system's vulnerability or by clicking on an infected e-mail.

Viruses
A virus is a program or code that replicates itself onto other files with which it comes in contact. That is, a virus can infect another program, boot sector, partition sector, or a document that supports macros, by inserting or attaching itself to that medium. Most viruses only replicate, though many can do damage to a computer system or a user's data as well.

In Symantec's Internet Security Threat Report (ISTR) released in March this year, the company documented more than 7,360 new Win32 virus and worm variants. This represents an increase of 64 percent over the previous six-month period. As of Dec. 31, 2004, the total number of document Win32 threats and their variants was approaching 17,500.

Denial of Service
A Denial of Service (DoS) attack is not a virus but a method hackers use to prevent or deny legitimate users access to a computer. DoS attacks are typically executed using DoS tools that send many request packets to a targeted Internet server (usually Web, FTP, or Mail server), which floods the server's resources, making the system unusable. Any system that is connected to the Internet and is equipped with TCP-based network services is subject to attack.

Botnets
Bots are computer programs that are covertly installed on a user's machine so that the person who installed it can control the victim's computer remotely, and a botnet (sometimes known as a zombie army) is a collection of such bots.

According to Symantec's report , known bot network computers declined from over 30,000 per day in late July to an average of below 5,000 per day by the end of 2004. The United Kingdom had a higher percentage of bot-infected computers than any other country.

Phishing
Phishing e-mail attempt to get you to send them your personal details such as credit card numbers, banking account information and passwords.

The security report also stated that the volume of phishing messages as a percentage of e-mail grew from an average of 1 million messages a day to 4.5 million. During peaks days, over 9 million phishing messages were observed.

ID Theft
Identity theft (or identity fraud) are terms used to refer to crime in which someone wrongfully obtains and uses another person's personal data for economic gain. This includes bank account or credit card numbers, and other valuable identifying data, which may be used for illegal means.

Spam
Spam is defined as electronic junk mail or junk newsgroup postings, while some also define it generally as any unsolicited e-mail and is generally e-mail advertising for some product sent to a mailing list.

Hacking
This refers to unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.