Information Technology Reference
In-Depth Information
The drive-by download problem is growing [36]. The Google Anti-Malware Team
has discovered more than three million URLs that initiate drive-by downloads. That may
not seem like so many URLs, given the size of the Web, but hackers target the most
popular Web sites. As a result, about 1.3 percent of queries to Google's search engine
result in a malicious URL appearing somewhere in the results page [37].
A
Trojan horse
is a program with a benign capability that conceals a sinister purpose.
When the user executes a Trojan horse, the program performs the expected beneficial
task. However, the program is also performing actions unknown to, and not in the best
interests of, the user.
A recent example of a Trojan horse is Mocmex, first uncovered in 2008 in digital
picture frames manufactured in China. It spread from digital picture frames to computer
hard drives and other portable storage devices people attached to their PCs. The purpose
of the Trojan horse appeared to be to steal passwords to online computer games [38].
A
backdoor Trojan
is a Trojan horse that gives the attacker access to the victim's
computer. For example, a backdoor Trojan may purport to cleanse malware from a
computer, but in actuality it installs spyware (described later).
A
rootkit
is a set of programs that provide privileged access to a computer. Once in-
stalled, a rootkit is activated every time the computer is booted. Rootkits are difficult
to detect because they start running before the operating system has completed booting
up, and they can use security privileges to mask their presence.
Spyware
is a program that communicates over an Internet connection without the user's
knowledge or consent. Spyware programs can monitor Web surfing, log keystrokes, take
snapshots of the computer screen, and send reports back to a host computer. Spyware is
often part of a rootkit.
Adware
is a type of spyware that displays pop-up advertisements
related to what the user is doing.
Since people would not intentionally download a spyware program, spyware must
get installed using subterfuge. Free software downloaded from the Internet often con-
tains spyware. Alternatively, the spyware may be a Trojan horse, tricking users into
downloading it because they think it serves a useful purpose. A Trojan horse contain-
ing spyware is an example of a backdoor Trojan. A 2006 survey of US consumers with
broadband Internet connections found that 89 percent of them had spyware on their
computers [39].
A
bot
is a particular kind of backdoor Trojan that responds to commands sent by a
command-and-control program located on an external computer. The first bots sup-
