A form of spyware that enters your computer from an Internet download. Like spyware, it monitors your computer use, such as what Web sites you visit. Adware gets its name from also launching numerous pop-up ads in your browser. What to do: Visit the BevoWare Web site to download anti-virus and anti-spyware software. Update regularly.
See also: Pop-up Messages or Ads, Spyware
Anti-virus software will protect your computer from viruses encountered on the Web. New viruses are born every day, so it’s important to update your anti-virus software regularly. What to do: Information Technology Services (ITS) provides students, faculty and staff at the university with security software at no additional cost through the BevoWare Web site. BevoWare includes Symantec anti-virus, firewall and firewall products. Download, install and run security software from BevoWare on your own personal computer today.
A document, a picture, a video clip, program or any other kind of file that can be attached and sent with an e-mail or instant message. Malicious programs, viruses or spyware are commonly spread through attachments. What to do: Never open or download an IM or e-mail attachment from an unknown source or one that you are not expecting. Be cautious of attachments ending in .exe, .com, .scr, .bat or .pif. By simply deleting a suspect attachment or message, you take another step in protecting your computer.
In a computer system, a backdoor refers to an overlooked or hidden entry into a computer system. A backdoor allows a hacker or other unauthorized user to bypass a password requirement and to gain access to a computer.
BevoWare is a selection of free, useful software available to all current students, faculty and staff members at The University of Texas at Austin. BevoWare includes anti-virus, firewalls, Web browsers, media viewers, and lots more. It is all available to download from ITS online at the BevoWare Web site. BevoWare includes: Norton and Symantec Anti-Virus, Symantec Firewall, SpyBot Search & Destroy, Adobe Acrobat, Apple QuickTime, Macromedia Flash Player, and SpyWare Blaster. Download, install and run security software from BevoWare on your personal computer today.
The transfer of data from one computer (or server) to another computer. Downloading can refer to documents, software programs, photo, music or movie files. Often downloads can mask unwanted malicious programs. What to do: When you go to download that “free” screen saver, you may also be downloading spyware or a virus. Make sure you only download material from a legal, well-known source. Also, since instant message and e-mail sender names can be spoofed, only download instant message or e-mail attachments that you are expecting.
See also: Attachment
Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running on your computer.
A security tool that protects an individual computer or even an entire network from unauthorized attempts to access your system. Firewalls often protect e-mail servers from receiving spam. A firewall will also scan both incoming and outgoing communications for your personal information and prevent it from leaving your computer without permission. What to do: Students, faculty and staff can download, install and run the Symantec Firewall available on the BevoWare Web site at no additional cost.
A hacker is someone who has the technical know-how to intentionally breach or “hack” into a computer system to steal confidential information or to cause damage to a computer or whole network. Hackers are often looking to find financial or personal information in order to steal money or identities. They are not nice people.
HTTP (Hypertext Transfer Protocol)
This is the standard language that computers use to communicate with each other on the Internet. Web addresses tend to start with http://www.
See also: HTTPS
If a Web address begins with https, it indicates that the Web site is equipped with an additional security layer. Typically, users must provide a password or other means of authentication to access the site. This is often used when making payments online or accessing classified information. What to do: When asked to provide personal information online, such as a credit card purchase, always look for https in the URL before you do so. If it’s not there, the site is not secure–and neither is your information.
Instant Messaging (IM)
Instant messaging rivals e-mail as the most popular form of online communication. IM allows users to relay messages to each other in real time for a “conversation” between two or more people. IM is also becoming the quickest new threat to network security. Because many IM systems have been slow to add security features, hackers have found IM a useful means of spreading viruses, spyware, phishing scams, and a wide variety of worms. Typically, these threats have infiltrated systems through attachments or contaminated messages.
What to do:
Use a strong IM password.
Don’t automatically accept incoming messages or file transfers—even if you think you know the sender. IM addresses can be easily forged and file transfers are commonly used to launch viruses.
Don’t discuss personal or private information. Often, IM programs are easily compromised allowing hackers to read your messages as if they were postcards.
Watch for and download security upgrades from IM companies and BevoWare. Check them often for important patches and updates.
This term refers to any “malicious software” created to damage or illegally access a computer or network. Computer viruses, worms, spyware, and adware are all examples of malware.
Any information that can personally identify you, such as your name, address, phone numbers, your schedule, Social Security number, bank account number, credit card account numbers, family members’ names or friends’ names. What to do: Treat your personal information with the utmost confidentiality on the Web. Finding this information is often the goal of hackers looking to steal your identity or your money. Also, don’t send personal information over e-mail or IM. These are insecure methods of communication and can be read or intercepted by outside sources. Remember, once you send an e-mail, you no longer control the information in it. It can be forwarded to other people without your knowledge or consent. Keep your personal information private.
Like the sport it’s named after, phishing refers to an urgent instant message or e-mail message meant to lure recipients into responding. Often these messages will appear to be from a friend, a bank or other legitimate source asking for personal information such as names, passwords, Social Security numbers or credit card information. These messages might also direct users to phony Web sites to trick users into providing personal information. Users falling for the “bait,” often have their money or identities stolen. What to do: Be suspicious of any message asking for personal or financial information. If you are unsure about a message’s authenticity, never click a link within the e-mail taking you to any Web site. Banks or other legitimate organizations are not likely to contact you in this manner due to the security risks of sharing sensitive material online. If you think the message may be legitimate, call or contact the sender using contact information you already have, not the contact information provided in the suspicious message. These types of IM or e-mail messages should be treated like spam: delete them.
See also: Social Networking Sites, Spam
Pop-up Messages or Ads
Unsolicited advertising that “pops up” in its own browser window. Adware programs can overrun a computer with pop- up ads or messages. If you are receiving a huge amount of pop- ups in your online sessions, your computer may be infected with adware, spyware or a virus.
Possibly-unwanted-program – this designation is typically given to software, scripts and other files that may be harmful to your computer or have been installed without your knowledge
Rootkits are designed to conceal certain objects or activities in your system. Often their main purpose is to prevent malicious programs being detected – in order to extend the period in which programs can run on an infected computer.
This refers to a direct communication, either in person, by phone, by fax or over the Internet, designed to trick you into providing your personal information. These messages usually ask you to “update” or “confirm” information by typing in a reply or clicking on a link. Legitimate institutions, such as banks, do not send e-mail or IM of this nature due to security concerns on the Internet. “Phishing” is a prime example of social engineering.
See also: Phishing
Social Networking Sites
These are Web sites, such as Facebook or MySpace, where users build online profiles and share personal information, opinions, photographs, blog entries, and other media to network with other users, to find new friends or find a new job. Unfortunately, social networking sites have become targets of online predators, spammers, and other dangerous forces on the Web. What to do: Keep in mind that the Internet is a public resource. Only post information you are comfortable with anyone seeing and we do mean anyone—your parents, your grandparents, your siblings, your teachers, your employer, even potential employers. It’s not uncommon for companies to run an Internet search of job applicants before they offer them a position. There are several stories of people being “weeded out” from a job search due to compromising or ill-advised photos and information found on the Web, usually posted by that very person! Even if you remove information, that same information may still be living on other people’s computers or networks. Also, don’t post information that would make you vulnerable to a physical attack, such as your address, your schedule or where you will be meeting friends this weekend. Most of all, be careful of people you meet on the Web. The Internet provides people with a certain amount of anonymity. The Internet makes it easy for predators to pose as something they’re not.
Unsolicited, commercial e-mail messages that are sent out in bulk, often to millions of users in hopes that one person may actually reply. Spam messages often involve Internet hoaxes and should be deleted immediately. Responding to a spam message will confirm to the sender that they have reached a legitimate e-mail address and they will more than likely continue to send messages to that address. What to do: Never respond to spam! Delete it.
See also: Firewall, Phishing, Social Engineering, Spim
A new term for spam messages being sent to instant message addresses. What to do: Simply ignore them. Also, never respond to a message that looks like spim. A response will confirm to the sender that your account is legitimate and it’s likely the messages will continue.
Forging an e-mail or instant message address to make it appear as if it came from someone or somewhere other than the true source. Whole Web sites can also be spoofed, tricking users into providing their passwords or other personal information, such as their credit card information.
Spyware refers to a software program that slips into your computer without your consent to track your online activity. These programs tend to piggyback on another software program. When the user downloads and installs the software, the spyware is also installed without the user’s knowledge. There are different forms of spyware that track different types of activity. Some programs monitor what Web sites you visit, while others record key stokes to steal personal information, such as credit card numbers, bank account information or passwords. What to do: Consider the reliability of the site offering the software download. Be careful if a download prompts you to accept the installation of additional software. Scan the fine print before downloading. If you see anything that refers to monitoring browsing sessions or collecting information, consider this your “red flag” that you may be installing spyware. Also, keep your systems up to date with BevoWare. BevoWare includes two anti-spyware products for students, faculty and staff to download, install and run on their computers at no cost: SpyBot Search & Destroy and Spyware Blaster. Visit the BevoWare Web site to download these programs and protect yourself from spyware. Don’t forget to update regularly.
See also: Adware
If you read “The Iliad” in high school, you will remember that the Trojan horse concealed an army and fooled the citizens of Troy into taking it inside its city walls. Once inside the city gates, the army was let loose and brought Troy down. Similarly, in computer security terms, a Trojan horse refers to a malicious program that enters a computer or system disguised or embedded within legitimate software. Once installed on a computer, a Trojan horse will delete files, access your personal information, reconfigure your computer or even allow hackers to use your computer as a weapon against other computers on a network. What to do: Like most other viruses or malicious programs, Trojan horses are most commonly spread through e-mail or IM messages. Never open a message attachment unless you are expecting, even from someone you know. IM or e-mail addresses are easily forged and what you think is a message from your roommate could be from someone you’ve never met and would never want to meet. Also, check the file extension of all attachments you receive. If the attachment ends in .exe, .com, .scr, .bat, or .pif, be careful. These suggest a program that may start running on your machine if you click on it. Also, make a habit of regularly checking the BevoWare Web site for updates and patches to your anti-virus software.
See also: Pop-up Messages or Ads, Spyware
Trojan-Banker programs are designed to steal your account data for online banking systems, e-payment systems, and credit or debit cards.
These programs conduct DoS (Denial of Service) attacks against a targeted web address. By sending multiple requests – from your computer and several other infected computers – the attack can overwhelm the target address… leading to a denial of service.
Trojan-Downloaders can download and install new versions of malicious programs onto your computer – including Trojans and adware.
These programs are used by hackers in order to install Trojans and / or viruses – or to prevent the detection of malicious programs. Not all antivirus programs are capable of scanning all of the components inside this type of Trojan.
Trojan-FakeAV programs simulate the activity of antivirus software. They are designed to extort money from you – in return for the detection and removal of threats… even though the threats that they report are actually non-existent.
This type of program steals user account information from online gamers.
Trojan-IM programs steal your logins and passwords for instant messaging programs – such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager, Skype, and many more.
This type of Trojan can modify data on your computer – so that your computer doesn’t run correctly or you can no longer use specific data. The criminal will only restore your computer’s performance or unblock your data, after you have paid them the ransom money that they demand.
These programs can cost you money – by sending text messages from your mobile device to premium rate phone numbers.
Trojan-Spy programs can spy on how you’re using your computer – for example, by tracking the data you enter via your keyboard, taking screen shots, or getting a list of running applications.
These programs can harvest email addresses from your computer.
Other types of Trojans include:
How to protec
A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in Microsoft Office programs that allows users to generate macros.
Back to top
A somewhat common technique for attackers is to install “telnet redirectors” on a system they have compromised. This allows them to telnet to the redirector and then telnet out from there anonymously, masking their true point of origin. These attackers no longer need to bother with penetrating systems, as the Wingate includes anonymous telnet redirection as a feature enabled by default! Just telnet to port 1080 or 23 and then telnet right back out to wreak havok on the internet. And don’t worry, it doesn’t (by default) log anything!
Just as a worm burrows through an apple making it inedible, a computer worm is a program built to reproduce itself and spread across a network, rendering it ineffective. A worm may be designed to complete several different malicious activities. However, one common denominator is that a worm can harm a network by consuming large amounts of bandwidth, potentially shutting the network down. Viruses, on the other hand, are more limited to targeting computers one-at-a-time. A virus also requires other programs to execute and replicate, whereas a worm can act independently of other programs. What to do: To keep a computer worm from entering your computer and network, be wary of unexpected or unknown e-mails, IMs or attachments. Also, use anti-virus software on your personal computer and update it regularly.
See also: Pop-up Messages or Ads, Spyware
A computer overtaken by a hacker and used to perform malicious tasks. Commonly, zombie computers are used to send large amounts of spam or host fraudulent Web sites. What to do: If you believe your computer has been taken over by an outside source, first: disconnect it from the Web. Then, contact the ITS Help Desk.