What’s behind the curtain? Part I

It’s no secret that any computer connected to the Internet faces a wide array of security threats. These days, however, a business needs to be connected to the Internet just to do business. What can you do? Keep reading to learn more about risks you take, and what you can do to protect yourself and your company.


Everyone who uses the Internet has encountered at least one security violation. Sometimes these violations go unnoticed by the security-unaware user, and other times we may found out about them after they have caused severe damage to our information and systems. The best approach to solve the problem and avoid possible security violations is to know in advance what threatens our safety so we can protect our systems and information. As you will see later in this article, the lists of threats is endless. Every day, a new security attack comes to the surface and causes damage to many businesses (and not only businesses).

My objective in this article is to introduce you to the subject of security threats, tell you a bit about those who target you, how they operate and what they want to compromise, and finally start talking about the threats you may face by surfing the Internet. In this part of the article I will start the discussion of security threats with the well-known category of malicious code. I aim to cover as many as threats as possible in this series of articles; the information provided will be brief so that I can cover the full range of threats, so I advise you to seek further information for specific threats which concern you, and find out about their philosophy of operation. 

{mospagebreak title=Types of attackers}

Before moving into a discussion of the security threats that exist on the Internet, we should know who sets up these attacks in the first place, and for what objective.

In general, there are two types of intruders that pose a threat to security: external and internal.

The most commonly known intruder is a hacker or cracker (I won’t get into a discussion of the exact definition; simply assume that these terms are used in a negative way. After all, a violation is still a violation whatever its purpose). The aim of their attacks is to steal, damage, or  just to have fun! Usually they have great skills and they know what they are looking for.

However, studies have shown that 70 to 80 percent of attacks come from within an organization. Do you completely trust the person sitting next to you at the office? If yes, stop trusting them! If he gets fired next week and he wants revenge, he could use your password (that you gave him a month ago when he had a problem with his PC) to get into the company’s system and delete all the customers.

Every employee is a potential threat to the company. Ignorance can cause the same damage as if an attack is set intentionally. In general, an internal user may attack for any other number of reasons, including data theft to sell information to competitors and sabotage.  

Off course, external attacks get so much publicity that organizations spend a large portion of their security budget to avoid having a security violation. After all, their reputation is what brings money to the company; would you do business with a company that got hacked three times in the last year?

{mospagebreak title=Anatomy of an attack}

In order to defend against any security threat, you should know the process that attackers go through to exploit a system. In this section I briefly cover the issue, and you can search the Internet for more information on the subject.

An attack is a three step process:

  1. Decide on the target.

    The first thing an attacker will do is decide on their target. Some attacks are set against specific targets and others are set arbitrarily, depending upon the reason for the attack in the first place. Once the target is identified, the attacker moves to the next step, which is information gathering.
  2. Information gathering.

    Before placing an attack, the attacker must gather information about the systems under attack, such as the operating system used, the architecture of the system, IP addresses, the types of servers and services used. The scanning can be performed using appropriate network scanners that are widely available on the Internet.
  3. Place the attack.

    Finally, the attack is set based on the evidence found on the previous steps. After the attacker understands the environment he is going after, he can use the information gathered to identify well known vulnerabilities and exploit them to gain access to a system. Once the mission is carried out, the attacker may try to cover his tracks such as changing the logs. Just have in mind that the more skilled an attacker, the more focused the attack will be.

{mospagebreak title=Targets}

All of these attacks aim to compromise one of the following:

  • Authentication is the process of identifying someone as a legitimate user of a system. An attacker aims to compromise the authentication and gain access to a system as an authorized user. For example, compromising the system might be accomplished by discovering the credentials of a legitimate user and then using them for malicious reasons.

  • Integrity ensures that information has not been altered in unexpected ways. If information is maliciously modified or destroyed, it can result in loss of revenue. An attacker that aims at a company’s integrity wishes to cause severe damage; the consequences of using inaccurate information can be disastrous.

  • Availability means that information and resources are available when required. It is often the most important element in a service-oriented business that depends on information. Loss of availability is often accomplished using the very well-known  denial of service attack, which I will discuss later on. These attacks aim to temporarily disable access or bringing down the entire system, and are motivated by economical or political considerations.

  • Non-repudiation is a significant concept for any personal or business transaction made using electronic means. By this term we mean that every party involved in a transaction cannot later deny their participation. Attackers try to impersonate legitimate users to deceive the other party in an attempt to steal or cause severe damage.

{mospagebreak title=Malicious Code}

This category is the most frequent threat that causes a big headache to us all. Malicious code includes, among others, viruses, Trojan horses, worms, backdoors and logic bombs.


The Internet has served as a breeding ground for the widespread propagation of viruses. Viruses represent a severe security threat that can damage the status of a company. Decreased productivity, altered files, lost data and unintended disclosures are some of the many problems viruses can cause.
A virus is an executable piece of code that, when executed, replicates and attacks other objects, such as other programs or data files. Viruses are more dangerous in a network environment, where they can propagate rapidly on the machines connected to the network, infecting everything on their way and causing destruction.

How does a virus first appear on your computer? All you need to do is run a single infected program that you downloaded from the Internet, or you transferrred from a floppy disk or a USB that your friend gave you to copy his favorite game.

Trojan horse

The Trojan horse is named for the Greek myth of the giant wooden horse that Greek solders gave as a gift to their enemies (the Trojans) to overtake the city of Troy. In reality, the Greek solders were hidden inside the huge wooden horse, which was hollow, and revealed their presence after the Trojans dragged the “gift” inside Troy and took their enemies by surprise (remember the movie Troy?).

Trojans are executable programs that appear to be useful programs, but in reality have malicious objectives, such as the compromise and damaging of your computer. Trojan horses do not replicate like viruses; instead, they are attached to electronic files you may find useful, such as screensavers, music files, applications, and so forth, to deceive you about their true purpose. After you open the infected file, the Trojan horse activates right under your nose.


A worm is like a virus that replicates from one computer to another, with the difference that it doesn’t need to travel via a host program. This is accomplished by the worm taking control of features on your computer, such as your email, to send copies of itself to everyone in your address book. When it infects a new computer, it repeats the process, automating its distribution like a chain reaction. By repeatedly doing this, it creates large volumes of network traffic that may slow down Internet communication. 

{mospagebreak title=Backdoors}

Backdoors are used to provide access to a system after the attacker has defeated the security mechanisms and gained control of the system. When the programmer writes the code for an application, he deliberately installs the backdoor. In some circumstances the programmer installs the backdoor for administrative purposes; however, attackers can detect these backdoors or install their own backdoor. A backdoor is a way of retaining the illegal entrance to the system for further exploiting the system. In addition, by using a backdoor, the compromised system can be used for launching denial of service attacks to other systems.

Logic bomb

A logic bomb (or slag code) is special programming code attached to other files that is triggered only after a predefined period of time has passed, on a specific date, or when a specific even occurs. For example, a virus can be considered a logic bomb if it is activated at a certain time. Logic bombs can be set to alter your file, format your hard drive or execute any other undesirable action.

Mobile code

The need for dynamic content has lead to the adoption of mobile code like Java Applets and Active X. Malicious code written in these languages can be executed when executing the associated Web page; their target is usually to steal data or disable the systems.


In this article I listed the threats associated with malicious code and specifically I’ve talked about six threats that are under the malicious code umbrella. As I said in the introduction of this article the list of threats is endless; more threats will be discussed on the next part of this article. 

Google+ Comments

Google+ Comments