Glossary
ActiveX is a set of technologies developed by Microsoft for communication between different applications. Malefactors often exploit its numerous vulnerabilities.
Сookies are files sent by a web-server to a browser. A browser sends back such files to a server every time it needs to reload a page. Files are plaintext and contain user site preferences including passwords and other sensitive information. Cookies can be used by spammers for creation of spam-lists.
Java applet is a piece of Java bytecode downloaded from a web-server and executed by the Java virtual machine. An applet is run in a browser window as an element of a web-page or in a separate browser window. Applets are usually used when the interaction with a user is necessary.
Phishing is an Internet fraud aiming to steal personal data including passwords, credit card and social security numbers. A spam mailing or a mail worm can be used to deliver a fake message from an financial institution instructing a victim to visit a bogus web-site and submit personal information that is later used by criminals for identity theft.
Phisher tricks
- Replacement of a sender address with an address related to a respected company showing that a vulnerability of the SMTP has been exploited.
- Using botnet computers all over the world to make sure that messages look legitimate.
- Using data obtained by malware from address books of e-mail clients.
- Making a link provided in a message look similar to a link to the supposed legitimate site.
- Copying look and feel of original web-sites.
- Adding excessive fields in a submitted form to distract user’s attention.
- Prompting users to follow instructions provided by phishing e-mails by urgent warnings about supposed closure of a bank or a user account.
Pop-up is a type of adware working as small windows popping up on the screen.
Script is a program or its code, written using an interpreted language, that contains instructions for a browser. The script source code is easy to read for an experienced user that’s why encryption is often applied to malicious scripts making them harder to analyze. An encrypted script will still work because it complies with rules of the language it is written in.
Vishing (voice phishing) is an Internet fraudulent process aiming to obtain personal and financial information. using war dialer software supporting VoIP. A victim receives a phone call informing a user about supposed unauthorized use of a credit card or a bank account and instructing to call a specified number. The very number related to a trusted financial institution is typically displayed in the spoofed caller ID and a user is prompted to enter his credit card number or other personal information with a key pad of the phone. Later this information is used by criminals to withdraw money from the victim account or for an identity theft.
Vulnerability is a piece of a program code that can be used to compromise a system. Nowadays it takes a few days for a malefactor to design an exploit after a vulnerability has been announced. Vulnerabilities found in Microsoft software are the most widely exploited ones.
Web bug is a technique used to track down activities of users in the Internet. Typically implemented as a transparent 1x1 png or gif image it allows a third party to collect information about site visitors including date and time, the browser type, screen resolution, JavaScript settings and IP addresses. Such techniques are also employed by spammers that include bugs in messages to find out if a message has been read.
