Website Security

Viruses & Worms

  • Definition:

Worm is a one of the computer program. it can replicate itself and spread through network.

  • Example:

“ILOVEYOU worm”. The email subject is “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.txt.vbs”. When you get email with the worm, your email addresses are stolen. Then the worm uses them to send itself infinitely around the world. It damages on the local machine.

  • Recommendation:

Security software

  • Reference:

PC Tools

DOS, DDOS

  • Definition:

Dos attack means that an attacker send a huge data, and attempt “floods” a server. When a server have this attack customers become cannot access and request to this server. Some attacker work together and try to stop a server system. It is called Ddos attack.

  • Example:

When a email server gain a large number of email or too heavy data it will be stop few hours to days.

  • Recommendation:

Install and maintain anti-virus software. Install firewall, and ensure email security. Also good to monitor the website server for any signs of “getting too busy, too much traffic”.

  • Reference: 

United States Computer Emergency Readiness Team

Keylogger

  • Definition:

The Keylogger is a hardware device or software program that can record the real time activities of computer users.

  • Example:

The Keylogger can capture any passwords entered by users on the device. The Keylogger can capture copies of sent emails. The Keylogger can record the URLs that were visited via Web browsers. And so on..

  • Recommendation:

Install anti-spyware programs.

Change to limited-user mode.

Just say no to “freeware”.

Consider changing web browsers.

  • Reference:

Life Wire

US Norton

Phishing

  • Definition:

It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

  • Example:

Common types of phishing.

Spear phishing.Attackers may gather personal information about their target to increase their probability of success.  

Link manipulation.Sending out false link of a website.  Eg. Pretending to be a site of a

bank, to get you type in your personal information.

Phone phishing. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher) was dialed, prompts told users to enter their account numbers and PIN.

Pretending that they are a trustworthy entity.  Eg. like sending an e-mail, attachment or a fake link,  to tell the receiver that, their credit card details are require to do certrain kind of things.  Eg. To steal money to their own bank accounts.

  • Recommendation:

Confirm with banks if those emails were being sent by them officially?

Do not run any unknown attachments from email.  Or run a virus scan program on attachment.

Do not give out personal details to an unknown person over the phone.

  • Reference:

Top Ten Review

Safer Networking