Viruses used to be the biggest bogey on the Internet. These days, they seem to take a back seat to spyware and spam and phishing scams. But don't let that shift lead you to regarding viruses lightly: get infected with a nasty virus and you'll know the definition of computer hell.
A virus is a small program that infects other code and then replicates. Some viruses also delete or corrupt other files, change computer settings and, in the worst cases, render your computer unusable.
Worms are also self replicating, but they do it alone without attaching to another program as viruses do. The most common form of worm is called a mass-mailing worm. Such a worm uses email to replicate itself. When activated, it may scan your entire computer system for email addresses and then email itself to those addresses. The worm may also place one of the addresses it uncovers into the "From:" field of the infected email, making it seem like it came from a completely different source (a technique known as spoofing the address).
Adware, spyware and key loggers
Adware is software which displays advertising while you use it. Many very useful free utilities and applications use the adware model to raise money. Most adware updates the ads displayed through an Internet connection; some tracks your computer usage in order to target the advertising to your interests.
Spyware is software installed without your knowledge or consent which tracks you while you use the computer and the Internet. Spyware may come piggybacking on other "legitimate" software or it may be installed via a Web site, when you unwisely click a pop-up dialog box to clear it from your screen.
Look for the padlock at the bottom of your browser's window before entering sensitive data online, and double-click the padlock to ensure the site's security certificate is in order.
As you might guess, the line between adware and spyware is sometimes measured in nanometres. Things get particularly nasty when spyware not only tracks your usage in order to target advertising, but also to gather personal information about you. In its most pernicious form, spyware may install a key logger on your computer. The key logger lurks hidden on your system and keeps track of every single thing you do, including everything you type. With a key logger active on your system, your security and privacy is completely compromised.
Phishing
Phishers use email and Web sites to try to reel in your private information, including bank account and credit card numbers, PINs and site passwords.
Of course, if you received an email saying "hand over your bank account details", you'd hit the Delete key before you blinked. But what if that email appeared to come from a bank with which you have online access? And what if the email said "There's a problem with your account, if you don't log in and fix the problem we'll suspend account access within 3 days"? And what if, on clicking the link supplied in the email, you found yourself, apparently, at your bank's Web site?
In that case, you might well think the email was on the up and up and complete the log in, in the process handing over your account number and password. Within minutes, the phisher can be working on making you poorer and sullying your credit record.
Telltale signs of a phishing scam: poor grammar and a fake Web address. (Click the image to see a full-size screenshot.)
That's how phishers work. They fake – spoof – email addresses, email content and Web sites, right down to using the same graphics, wording and other components you find on the legitimate sites. By using some sneaky coding techniques, they can mask Web addresses, fake the padlock security icon on secure pages, and make it difficult, indeed, to spot the fraud.
Spam
We all know spam is a nuisance, but does it rate as a security threat?
Well, apart from the complete invasion of privacy caused by having pornographic spam splattered all over your inbox (and your children's inboxes), the answer is…yes. Many spam emails contain Web bugs – invisible graphics containing tracking code designed for the same purposes as spyware. In addition, the sheer volume of spam and the frustration of having to deal with it may lead to incautious behaviour. That is particularly the case when spam is used as the delivery method for a virus or spyware or phishing scam. An unthinking click in the wrong email and, bam!, you've granted entry to the scammers.
Browser hijacking
Browser hijacking is the use of programming tools, in the form of scripts, to modify your browser's default settings. This may be as trivial as adding a new link to your favourites or bookmarks, or as unconscionable as changing your home page persistently via a combination of scripting, registry changes and auto-running programs.
What's the point of hijacking? To bring you back, over and over, to a site or a site's sponsor, in the hope of boosting business. The site to which you are hijacked may also house spyware, and the more often you end up on the site trying to close in-your-face pop-ups and escape, the more chance you'll accidentally install that spyware.
