Malware Lingo and Scams

Microsoft’s Windows 10 desktop operating system is probably the most secure desktop OS the company has ever deployed. And if your company deploys the Enterprise edition of Windows 10 along with BitLocker, Device Guard or even AppLocker along with limited user account policies, you can be rest assured that those end user computers are pretty darn well protected. While your friendly neighborhood system administrator can protect you from many of the evils-doers out there on the Internet, it still benefits you greatly to learn and educate yourselves about all the malware lingo and scams that come with it. Here is a list of terminology and brief explanations to keep you informed and protected.

Brute force attack
This one has been around forever. It is a method used by hackers to attempt to steal your password or encryption keys by trying endless combinations of characters and numbers until they crack your password. Another reason not to ever make your password “password 123”, as if you needed a reason….

You have to wonder where they come up with these names. A “catfish’ is a person who sets up a fake online profile to purposely deceive you. I can think of a few other names we can call this person.

Drive-by Download
This is a scary one because it can happen quickly and without you having a clue as to what just happened. This one downloads a virus or other malware to your computer or even your phone. Yes, phones are being increasingly targeted. The bad download occurs when you visit a compromised website. You don’t even have to click anything on the site. Sometimes, it may even be a legitimate website that got hacked but hasn’t been remediated yet.

Now here is a name that is clever albeit a bit morbid. It involves the stolen identity of a dead person and uses the identity to file for tax refunds, open credit lines and or loans and everything else that goes along with identity theft. Just your luck, you pay the Life Lock membership dues faithfully for decades and when you finally need it…’re dead.

Keyloggers have been around as long as beloved entertainer and actor, Dick Van Dyke. Yes, as of this posting, he’s still alive and well! You don’t want this nasty little program installed on your computer. Once, installed, this little baby starts logging your key strokes from your keyboard and sends that information to the evil doers so they can try and crack your precious credentials. If only these folks would use their abilities for good rather than evil, we’d be in much better shape as a society.

This attack is a popular one and has been a lucrative one for the hackers out there. It involves someone intercepting messages, mostly email, between unsuspecting people who think they are communication with each other. The payload usually results in an attempt to convince one of the folks to wire money to the other. The unsuspecting person thinks he or she is sending the cash to a trusted source but they are not. Personally, I’m offended by this this particular attack. How dare they assume that the hacker is a man. Women can hack just as good as men. It should be renamed to Person-in-the-Middle!

Malware is essentially any software that performs actions that are not known and authorized by the user.

Not to be confused with one of our most respected professions in the world (farming), this one redirects users to the hacker’s websites instead of the real websites. A program is normally downloaded and redirects you to websites that look an awful lot like the real thing (an online bank website for instance). They count on the user not noticing and wait for the poor unsuspecting user to type in their credentials. By the time you suspect foul play the hacker has emptied your bank account and is enjoying a tropical cranberry margarita on a beautiful white sand beach on your dime!

I love fishing, there’s nothing like reeling in a big one and then exaggerating the actual size to all your friends and family. I want to take the time to remind everyone to always practice the catch and release policy. However, we aren’t referring to the nice kind of fishing here. “Phishing” refers to someone pretending to be someone else, usually through email and sometimes phone, and extract personal information from you like bank account numbers, social security information or credit card data. One rule of thumb to remember, never respond to unsolicited requests.

I like to refer to this one as the “Cadillac” of malware. It’s so brilliant, it almost makes you want to be a hacker. I’m just kidding of course. If ransomware gets on your computer, it will overtake your computer and most likely encrypt your data like your files, pictures and God forbid, your MP3 library! No! You know how long it took me to download all those songs? Once the computer has been compromised, the attacker will attempt to extort money from you in order to restore your data.

Love this name! It fits this type of malware perfectly. This type of malware made its rounds several years ago, but every once in a while, you might read about it rearing its ugly, scary face. Basically, it is another program that flashes a big, bright, neo looking warning to your computer screen stating that you have a virus! But don’t fear, the Anti-malware hero is here! The genius of this is that you don’t really have a virus, it just makes you think you have a virus. It then tries to trick you into either clicking a link that would install an actual virus or tries to get you to buy fake anti-virus software. I know, it sounds crazy but a lot of folks fall for this.

This one is just like Phishing, see Phishing above, but it is targeted to specific individuals. For example, hackers pretend to be someone else, see Spoofing below, like the CFO of your company and targets someone who they know has access to cut checks or wire money. They send an email to a manager in the AP department for example as the CFO requesting they send a certain amount of money to a fake party. The AP manager believes he or she is communicating with the CFO and wires the money to the fake party which is actually the hacker’s Christmas Club account. Merry Christmas Mr. Hacker!

Spoofing comes in many forms. Email spoofing is the bogus sending of an email so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a method used in phishing and other scams. The purpose of email spoofing is to get recipients to respond to, an unsolicited email believing they are communicating with someone or some company they know when in fact they are responding to the spammer/hacker/attacker or whatever you want to call them.

You’ve most likely heard of this term. Spyware tracks your movements on the Internet. Where you go, what you buy, what you click on, pretty much everything you do. You can argue that we ALL have some variant of spyware installed on our computers and mobile devices since all the major browsers like Google and Bing as well as all the various phone apps already track every movement we make. Ah yes, that is true, but he difference is that the legitimate apps as well as Google and Microsoft are up front with you and tell you they are collecting this data, whereas spyware programs do it without your permission.

Very similar to Spear-phishing, so much so, that I don’t really see much of a difference. Basically, it is a targeted phishing attempt involving high level company executives, Accounts Payable or Payroll departments in the hopes that someone, somewhere winds up sending a big paycheck to the hacker’s college fund. Hey, hackers have families too you know and they have to send their future little hackers to college one day.

We hope this list was helpful. There are many more terms and acronyms but this is a good start. The first defense in protecting yourself from being scammed is to educate yourself with the various scams and malware out there. The Internet is a great resource and has truly transformed the way we live. But with all the good it brings, it helps to be aware of the bad things that come along with it. Good luck and happy surfing!

George Almeida

Welcome to my little corner of the blogosphere. I'm an Information Technology manager for a Fortune 500 company. I specialize in Windows operating systems, applications, servers, storage, networks and also have a technical background on the IBM iSeries platform. My only purpose for this blog is the hope that it helps someone, someday, somewhere. Any meager proceeds derived from our sponsors will be donated to charity.

You may also like...

Leave a Reply

Be the First to Comment!