Malicious software (malware) allows an intruder to take over or damage a target host without the owner’s consent and often without his or her knowledge. Over the past thirty years, malware has become a more serious worldwide problem as Internet-connected computers have proliferated and operating systems have become more complex. Today, the average PC user must be more cognizant of computer security than ever before due to the constant threat of possible infection. Although exact costs are difficult to determine, there is little doubt that malware has widespread impact on equipment damages, loss of data, and loss of productivity. According to surveys, malware is one of the most common and costly types of attack on organizations (CERT, CSO, and ECTF, 2005).
Key Terms in this Chapter
Firewall: A device or software to selectively filter packets.
Intrusion Detection System: A device or software to detect suspicious or malicious activities.
Trojan Horse: A type of malware with a hidden malicious function.
Virus: A type of self-replicating malware that infects other files or programs.
Malware: Software intended to perform a malicious action.
Worm: A standalone program capable of automated replicating itself through a computer network.
Spyware: A type of malware that collects personal user information and transmits to a remote attacker.
Exploit: Software written to take advantage of a specific vulnerability.
Antivirus: Software to detect viruses and worms, clean infected files, and prevent new infections.
Vulnerability: A security weakness in operating system or application software.
Rootkit: Low-level software designed to avoid detection on a compromised host.