Virus:
Virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge pr permission. Once the virus infects the computer, it can spread throughout and may damage files and system software, including the operating system. (Discovering Computers, 2007, Shelly Cashman Vermaat)
A worm program replicates itself by creating copies of itself. Although this is a characteristic of a virus, worms do not require a host program to replicate. Worms “creep” through all levels of a computer system without using a carrier program. (Computer Viruses and Data Protection, Ralf Burger)
Worm, such as the CodeRed or Sircam worm, resides in active memory and replicates itself over a network to infect machines, using up the system resources and possibly shutting the system down. (Discovering Computers, 2007, Shelly Cashman Vermaat)
Trojan horses:
The idea behind the Trojan horse is as simple as it is dangerous.
These programs appear to perform valid functions but contain damaging instructions hidden in their code. The user of such a program may be distracted while waiting for the application to load. However, during this time, the Trojan horse program may reformat the hard drive before the user notices what is happening.
In 1989, more than 10,000 copies of a program were mailed to large corporations, insurance firms and medical offices in North America. The program, thought to calculate the risks of exposure to AIDS, actually contained a very destructive Trojan horse. Anyone who loaded the program disks into their computers found that all data on their hard drives had been deleted. (Computer Viruses and Data Protection, Ralf Burger)
Payload:
Payload is the destructive event or prank the program is intended to deliver. (Discovering Computers, 2007, Shelly Cashman Vermaat)
The term used to describe the malicious activity that is the result of an activated computer virus. While not all viruses have a payload, some payloads will perform destructive actions. (http://www.webopedia.com/TERM/P/payload.html)
Honey pots:
Honey pots are decoy systems designed to lure potential attackers away from critical systems and encourage attacks against themselves. Indeed, these systems are created for the sole purpose of deceiving potential attackers. In the industry, they are also known as decoys, lures and fly-traps. (Computer Viruses and Data Protection, Ralf Burger)
Some companies and organizations use honey pots so they can analyze an attack being perpetrated. A hone pot is a vulnerable computer that is set up to entice an intruder to break into it. These computers, which appear real to the intruder, actually are separated safely from the company or organizations’ network. Honey pots allow the company or organizations to learn how intruders are exploiting their network and also attempt to catch perpetrators who have been doing damage elsewhere on their network. Large web hosting companies, such as Yahoo! And AT & T and law enforcement agencies frequently use honey pots. (Discovering Computers, 2007, Shelly Cashman Vermaat)
A botnet refers to a type of bot running on an IRC network that has been created with a Trojan. When an infected computer is on the Internet the bot can then start up an IRC client and connect to an IRC server. The Trojan will also have been coded to make the bot join a certain chat room once it has connected. Multiple bots can then join in one channels and the person who has made them can now spam IRC chat rooms, launch huge numbers of Denial of Service attacks against the IRC servers causing them to go down. (http://www.webopedia.com/TERM/B/botnet.html)
Spoofing is a technique used to gain unauthorized access to computers, wherein the intruder sends messages to a computer that has an IP address that indicates that the messages are coming from a trusted host. To engage IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host. Newer routers and firewall arrangements can offer protection against IP spoofing. (Principles of Information Securities, Michael E. Whitman and Herbert J. Mattord)
The attacker sends a large number of connection or information requests to a target. So many requests are made that the target system cannot handle them along with other legitimate requests for service successfully. This may result in the system crashing, or simply becoming unable to perform ordinary functions. (Computer Viruses and Data Protection, Ralf Burger)
Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource through a backdoor. Sometimes there entries are left behind by system designers or maintenance staff and thus referred to as trap doors. A trap door is hard to detect, because very often the programmer who puts it in place also makes the access exempt from the usual audit logging features of the system. (Principles of Information Securities, Michael E. Whitman and Herbert J. Mattord)
Firewalls:
In the commercial and residential construction of buildings, firewalls are concrete or masonry walls that run from the basement through the roof, to prevent a fire from jumping from one section of the building to another. A firewall in an information securities program is similar to a building’s firewall in that it prevents specific types of information from moving between the outside world, known as the trusted known as the untrusted network (e.g., the internet), and the inside world, known as the trusted network. The firewall may be a separate computer system, a software service running on an existing router or server, or a separate network containing a number of supporting devices. (Computer Viruses and Data Protection, Ralf Burger)