4.1: Security Threats
Types of Malware
Malware is any type of harmful program that seeks to damage or gain unauthorised access to your computer system.
A virus can replicate itself and spread from system to system by attaching itself to infected files.
A virus is only activated when opened by a human.
Once activated, a virus can change data or corrupt a system so that it stops working.
A worm can replicate itself and spread from system to system by finding weaknesses in software.
A worm does not need an infected file or human interaction to spread.
A worm can spread very quickly across a network once it has infiltrated it.
A trojan is a harmful program that looks like legitimate software so users are tricked into installing it.
A trojan secretly gives the attacker backdoor access to the system.
Trojans do not self replicate or infect other files.
Spyware secretly records the activities of a user on a computer.
The main aim of spyware is to record usernames, passwords and credit card information.
All recorded information is secretly passed back to the attacker to use.
A keylogger secretly records the key presses of a user on a computer. Data is stored or sent back to the attacker.
The main aim of a keylogger is to record usernames, passwords and credit card information.
Keyloggers can be downloaded or plugged into the USB port.
Ransomware locks files on a computer system using encryption so that a user can no longer access them.
The attacker demands money from the victim to decrypt (unlock) the data.
Attackers usually use digital currencies like bitcoin which makes it hard to trace them.
SQL (Structured Query Language) is a programming language used for manipulating data in databases.
A SQL injection is when a malicious SQL query (command) is entered into a data input box on a website.
If the website is insecure then the SQL query can trick the website into giving unauthorised access to the website’s database.
An SQL injection can be used to view and edit the contents of a database or even gain administrator privileges.
' or 1 = 1
A DoS (Denial of Service) attack is when a computer repeatedly sends requests to a server to overload the system. A server overload will slow the system and may take websites offline temporarily.
A DDoS (Distributed Denial of Service) attack is a coordinated attack using a botnet of infected systems to overload a server with requests. A botnet is a large group of devices controlled and used maliciously by an attacker.
Every possible combination is tested in order from start to finish. This is not a quick method but it should break the password eventually and can be sped up if multiple computer systems are used at the same time.
Social engineering means to trick others into revealing their personal data by posing as a trusted source.
For example, impersonating an IT technician of a school via email and asking for a student's username and password.
This is when data packets on a network are intercepted by a third party (e.g. a hacker) and copied to a different location than the intended destination.
Software called packet sniffers are used to intercept and analyse data packets.
4.1 - Security Threats:
1. What is malware? 
2a. Describe three characteristics of a virus. 
2b. Describe three characteristics of a worm. 
2c. What is a trojan? 
2d. Describe how spyware and keyloggers work. 
2e. Explain how ransomware works and why it is difficult to trace attackers. 
2f. In your opinion, which malware do you think is the most dangerous and why? 
3. Describe what an SQL injection is and how an attacker would use it. 
4a. Describe what a DoS attack is and its impact. 
4b. Describe how a DDoS attack is different to a DoS attack. 
5a. Describe a brute-force attack. 
5b. Describe social engineering and give an example of when it might be used. 
5c. Describe interception.