The vocabulary of computer security can be daunting. Terms like worm, Trojan Horse, Phishing, Spyware, Script Kiddies, Adware - all of this can start to sound like a language that has only passing resemblance to English. The list below is a dictionary and a short history of some of the lingo that should have you talking like - or at least understanding - a security expert.
1) RATs: RATs is the abbreviated form of Remote Administration Tools, most commonly known as Trojans. RATs generally help a hacker to gain remote access to a target computer system. After installing the Trojan horse on the victims PC, the hacker can take control of the computer. Trojans can even perform functions on their computer like opening and closing the CD-ROM drive. The latest RATs come packed with two files - the server file and client file. By tricking the user into running the server file and by getting their IP, the hacker can gain full control over their computer.
2) BlueBugging: The term BlueBugging came from a German researcher whose Bluebug program allowed the user to take control of a victim's phone. Initially Bluebugging was carried out using laptops but now, if done by a skilled person, can be used to access a cellular phone via a Bluetooth connection without alerting the user. It pretends to be the user's Bluetooth headset and tricks the phone into obeying its call commands. It also allows the hacker to make phone calls, read and send SMS messages, erase phonebook contacts and tap phone conversations.
3) Scareware: This is scam software which convinces users to download fake anti-virus programs. These programs run system scans and sometimes produce a list of malicious software that needs to be removed. Often users will come across options to pay for the registered version in order to fix the a problem, which may not even exist. The first program to use this methodology was NightMare and other examples include System Security, Anti-Virus 2010, SpySheriff and Registry Cleaner XP.
4) Smishing: Smishing is very similar to phishing and derives from SMS. Using a hidden URL sent along with a text message to the victim, the malware finds its way into the phone. A few examples of smishing messages include immediate attention and We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order on this URL: www.?????.com. The word smishing originated from McAfee Avert Labs blog.
5) Ransomware: This is tricky software which reproduces as a conventional computer worm, as it takes hold of the data inside the computer and demands a ransom for its restoration. Ransomware is otherwise known as cryptovirus or cryptotrojan. The first known ransomware dates back to 1989 and was called PC Cyborg Trojan. Others which came out after 2005 include Krotten, Cryzip, MayArchive, Gpcode, TROJ.RANSOM.A and Archiveus.
6) Black Hat: The term Black Hat refers to a villain who wears a black hat in contrast to the hero's white hat. In the computer world it is used to describe a hacker who breaks into a computer system or network with malicious intent. The hacker can destroy files and steal data or install malware.
7) White Hat: White Hat is referred to hackers who use various methods to ensure that a company's information systems are secure. Their job is to identify a security weakness in a computer system or network and expose the weakness in a way that will allow the owners to fix it -- before anyone else can take advantage of it. White hat hackers are otherwise known as sneakers, red teams or tiger teams.
8) Sidejacking: SideJacking is a technique used to gain unauthorized access to information or services in a computer system. The hacker can hijack an engaged Web session with a remote service by intercepting and using the credentials that identify the victim to that specific server. The cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's machine. Then the hacker can read the user's emails, note the purchases made online and take control of social networking accounts. Sidejacking is also called session hijacking and has been a problem for browser developers and security experts for at least five years. One recent example being the exploitation of Facebook accounts.
9) Pod Slurping: It is an act of using an iPod, PDA or USB drive to copy files from a computer via the USB port. One can use an iPod, for example, to download large quantities of confidential data by directly plugging it into a computer, which may be on the inside of a firewall. Portable storage devices continue to become physically smaller, making them easier to conceal. The storage capacity of such devices has also grown rapidly, easily fitting most types of data file. This is a growing menace becoming popular risking the security of companies and government agencies.
10) Botnet: The term bot is short for robot. Criminals distribute malware that can run on your computer and direct it to perform automated tasks over the Internet, without the user knowing it.
Typical botnet topologies are star, multi-server, hierarchical and random. In order to avert detection, some botnets scale back in size. As of 2006, the average size of such a network was estimated at 20,000 computers, although larger networks continued to operate.