Web threats are malicious software programs (such as spyware, adware, trojan horse programs, bots, viruses and worms) that are installed on your computer without your knowledge or permission. These programs utilise the web to spread, hide, update themselves and send stolen data back to criminals. They can also be combined to do the crime – for example, a trojan horse program can download spyware, or a worm can be used to infect your computer with a bot. But we can minimise the risk we face from these threats in 5 simple ways.
First, here are some basic definitions for the most common web threats:
|Malware||A software program that is secretly placed on your computer to do unexpected or unauthorised, but always malicious, actions.|
|Virus||A program that can copy itself and, like real-life viruses, spread quickly. Viruses are designed to damage your computer, display unexpected messages or images, destroy files, reformat your hard drive, or take up storage space and memory in your computer which may slow it down.|
|Worm||A self-contained program that can spread copies of itself to other computer systems through network connections, email attachments, instant messages (via file-sharing applications), and by working with other malware. Worms may block you from accessing certain websites or steal the licenses for applications you have installed on your computer.|
|Trojan Horse||A program that performs a malicious action but cannot replicate itself. It may arrive as a seemingly harmless file or application with hidden, malicious code. When it is executed, you may experience unwanted system problems and might sometimes lose information from your computer.
|Spam||Any message sent by email or instant messenger that you did not request for and is usually designed to make money for the sender.|
|Phishing||Any attempt by phone, email, instant message or fax to get your personal information in order to steal your identity (and your money). Most phishing attempts look like they are designed for a legitimate purpose, but they are actually intended to be used for criminal activity.|
|Pharming||The act of hijacking legitimate website addresses or URLs (e.g. “www.mybank.com”) to redirect you to a fake website that looks like the original. The spoofed website secretly collects your personal information after you have entered it, and could be used for any number of criminal activities.|
|Spyware||- Software that is installed or executed on your computer (without your knowledge) that monitors, tracks and reports your electronic movements to the spyware author. It is usually installed on computers through trojans or as part of legitimate software that you choose to download and install. Spyware collects information using the following:
- Keyloggers – software that notes keyboard strokes for the purpose of tracking the websites that consumers visit or for recording passwords.
- Screen-capture technologies – software that periodically gathers screen shots of a desktop and can therefore record confidential information (such as login names and credit card numbers).
- Event loggers – software that tracks the websites consumers visit or other online behaviour. The information is generally used for targeting future ads to a user.
|Adware||A piece of software that delivers advertisements (such as pop-ups or web links) to you without your permission. It is usually installed secretly through trojans or as part of legitimate software that you choose to download and install. Adware can display highly-targeted ads based on data collected by spyware that was already on your computer and which had tracked your Internet surfing habits.|
|Short for “robots”, these are small programs placed secretly on your computer through a trojan. A criminal ‘botmaster’ can control several bots from a central location at any time to distribute spam, conduct phishing activities, or perform a denial of service (DoS) attack and bring down a website so that it cannot be accessed. Botnets are networks of bots. They are typically used to distribute spam and aid in phishing activities.|
|Ransomware||Software that encrypts documents for the purpose of extortion. Documents are held ransom until victims buy a decryption key – either by sending payment through a third-party like PayPal, or buying an item online (the receipt includes the key).|
So, how can we keep our computers safe from web threats?
- Always keep your security software working and up-to-date. Always install, update and maintain firewalls, anti-virus systems and intrusion detection software, including those that provide malware/spyware security. Especially, if you use your laptop on unprotected wireless networks in airports, cafes and other locations.
- Install products and solutions that protect you whether you’re surfing the Internet or downloading files directly onto your computer. Ensure that your web protection software extends beyond email protection to encompass peer-to-peer networks and the entire range of home computing applications, and can provide warnings about traffic that is incoming and outgoing from your computer in real-time.
- Employ the latest technologies, such as web reputation, which can measure the trustworthiness and safety of a website before you visit it. Use web reputation technology combined with existing URL filtering and content scanning technologies.
- Use the latest web browser version and install security patches when available. Use a web browser that has a no-script plug-in.
- Check with your Internet Service Provider to see what kind of protection is offered by their network.
Article was first adapted from gosafeonline website: https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/internet-safety-for-all-the-basics-of-web-threats