Page 317 - Introduction to Electronic Commerce and Social Commerce
P. 317
304 10 E-Commerce Security and Fraud Issues and Protections
and nontechnical (or organizational), which we discuss in Malware (Malicious Code): Viruses, Worms,
Section 10.4. and Trojan Horses
Malware (or malicious software) is software code that,
Technical and Nontechnical Attacks: when spread, is designed to infect, alter, damage, delete, or
An Overview replace data or an information system without the owner’s
knowledge or consent. Malware is a comprehensive term
Software and systems knowledge are used to perpetrate tech- that describes any malicious code or software (e.g., a virus
nical attacks. Insufficient use of antivirus and personal fire- is a “subset” of malware). Malware attacks are the most
walls and unencrypted communication are the major reasons frequent security breaches. Computer systems infected by
for technical vulnerabilities. malware take orders from the criminals and do things such
Organizational attacks are those where the security of a as send spam or steal the user’s stored passwords.
network or the computer is compromised (e.g., lack of proper Malware includes computer viruses, worms, botnets,
security awareness training). We consider financial fraud, Trojan horses, phishing tools, spyware tools, and other mali-
spam, social engineering, which includes phishing, and other cious and unwanted software. According to Harrison and
fraud methods as nontechnical. The goals of social engineer- Pagliery (2015), nearly one million new malware threats are
ing are to gain unauthorized access to systems or information released every day.
by persuading unsuspecting people to disclose personal
information that is used by criminals to conduct fraud and Viruses
other crimes. The major nontechnical methods are described
in Section 10.4. A virus is programmed software inserted by criminals into a
computer to damage the system; running the infected host
program activates the virus. A virus has two basic capabili-
The Major Technical Attack Methods ties. First, it has a mechanism by which it spreads. Second, it
can carry out damaging activities once it is activated.
Hackers often use several software tools (which unfortunately Sometimes a particular event triggers the virus’s execution.
are readily and freely available over the Internet together with For instance, Michelangelo’s birth date triggered the infa-
tutorials on how to use them) in order to learn about vulnera- mous Michelangelo virus. On April 1, 2009, the entire world
bilities as well as attack procedures. The major technical was waiting for a virus named Conficker. In 2014, a virus by
attack methods are illustrated in Figure 10.3 and are briefly the name of “Pony” infected hundreds of thousands of com-
described next. Note that there are many other methods such puters to steal bitcoins and other currencies (see Finkle 2014).
as “Mass SQL Injection” attacks that can be very damaging. Finally, Finkle reports that a virus named Agent BTZ attacked
over 400,000 computers in Russia, the United States, and
Europe. This big attack was not successful, but viruses con-
tinue to spread all the time. For how computer viruses work,
see computer.howstuffworks.com/virus.htm.
Web-based malware is very popular today. Virus attacks
are the most frequent computer attacks. The process of a
Malware (Virus, Worm, Trojan)
virus attack is illustrated in Figure 10.4.
Viruses are dangerous, especially for small companies. In
Unauthorized Access
2013, the CryptoLocker virus was used to blackmail compa-
Denial-of-Service Attacks nies after seizing their computer files and threatening to
erase their content.
Spam and Spyware For tutorials on, and information about, viruses, see Scott
(2014) and Dawn Ontario (n.d.). For the scariest viruses of
Hijacking (Servers, Pages) 2001–2015, see Van Allen (2016). Note that in Microsoft
tutorials, you will learn how to identify a computer virus,
Botnets
how to know if you are infected, and how to protect yourself
against viruses (see the Microsoft Safety and Security Center
Figure 10.3 The major technical security attack methods (in descend-
ing order of importance) at microsoft.com/security/default.aspx).
