Blog

Malware And Black Hat Dictionary

Posted June 22, 2011 - Filed In Security, Server Administration

I recently began thinking about the misconceptions of the MacDefender malware for Apple’s Mac OS X operating system and I came to one big conclusion – most people don’t know nerd jargon. Reading several online forums people often mistakenly believe MacDefender is a “virus”, when in reality it is a simple static trojan. Expanding upon that thought, I began to ponder the several types of malware: rootkits, trojans, spyware, key loggers, etc, as well as general blackhat terms such as DDoS, social engineering, and phishing.

So that is the point of this article  – to define some nerd jargon in a way that everyone will understand. Some of the definitions are very similar because the terms are very closely related.

DoS – Denial of Service Attack

A DoS is an attack in which one computer or device floods a server with so many requests that it will be unable to respond to legit requests.

DDos  – Distributed Denial of Service Attack

A DDoS is similar to a DoS attack, but instead of one device it is multiple devices (usually hundreds). Sometimes these devices are voluntarily used, sometime they are cloud based services, but most of the time they are zombie computers which are infected with malware. The goal of a DDoS attack is simple: to take down a server or even an entire network.

Adware

Adware is a common type of malware that randomly spams users with ads and popups. These ads may even appear when they are not using a browser. In an infected computer that is running slow, adware is often the culprit.

Virus

Malware that has the ability to both self-replicate and infect a machine with little outside help. Viruses often mutate and change form to avoid malware scanners, and are usually installed via infected programs or documents.

Worm

A subset of a virus, worms have the ability to infect other computers with no user interaction. They abuse security holes to go through the network and attack any vulnerable computers.

Trojan

A trojan [horse] is a piece of software that pretends to be one thing but in reality is another. The MacDefender malware for OS X is a recent highly-publicized form of a trojan horse – it pretends to get rid of viruses but behind the scenes it is fake software that causes popups. Trojans often install other malware.

Rootkit

A rootkit is a piece of software that has the ability to hide itself from process scanners and anti virus software. Rootkits are often used in conjunction with key loggers and spyware to steal user information, or even turn the machine into a zombie computer for a DDoS attack.

Spyware

Malware that tracks user actions, logs their passwords, etc. Spyware is a general term that includes specific software such as keyloggers, but it also covers tracking what processes the user is running, snapping pictures of their desktop, etc.

Keylogger

A piece of spyware that tracks anything the user enters on a machine. They commonly gather usernames, passwords, bank URLs, and email addresses.

Social Engineering

In its basic form social engineering is not something only black-hat hackers do. For example, it would be social engineering to convince a girl to go out with you who may otherwise hate your guts. Sales associate also use social engineering to up-sell to customers.

However, when used for black-hat purposes it can be quite nefarious. A good social engineer can convince someone to give out a password, gain security access, pretend to be an employee, etc. Con men are social engineers.

Phishing

Phishing websites are fake sites that appear to be the real thing. The goal is almost always to gain login credentials to banking sites or email services. Nearly every new browser has a built-in phishing filter that will alert users if they are on a reported fake site.

And that’s it for now. If you can think of anything else to add, please leave a comment!

Leave a Reply

Please enter your name and email. Your email address will be kept private.