This tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at common software security threats that can put your web security at risk.
Please also review our WordPress Security Guide For Beginners and our free WordPress Security Checklist.
Common Software Security Threats
Below are some of the more common types of software security threats you need to try and prevent from attacking your computer or computer devices:
Viruses are designed to do damage in some form to you, your computer, and other people’s computers. They can damage certain files or data in your computer, or affect your hard drive and damage your device.
There are many ways that a computer can become infected by a virus. This can include downloading infected files directly, visiting sites that automatically download bad source code to your browser, or using external storage devices (e.g. USB memory sticks or portable hard drives) that contain infected files. Almost all computer viruses enter your system disguised in something else (e.g. an email attachment).
With the right kind of protection, most viruses can be stopped before they infect your computer.
Computer worms cause harm to your computer by duplicating themselves in order to infect other computers. Worms attack computers by exploiting security weaknesses.
A worm is a separate class of computer viruses. They do not attach themselves to existing source code like many computer viruses but are often standalone self-replicating scripts that can take over an application like your email client and begin distributing itself to others, either to harm other computers or to disrupt their activities.
Unlike a computer virus, the main purpose of spyware is not to cause malicious damage, but to collect information, often without the user’s knowledge. This can be information about your browsing habits, or, in the case of ‘key loggers’, to record everything you do (i.e. every keystroke you make and everywhere you visit).
Once installed on your computer, spyware can perform many activities, including:
- Monitor your keystrokes for reporting purposes.
- Scan files located on your hard drive.
- Snoop through applications on your desktop.
- Install other spyware programs into your computer.
- Read your cookies.
- Steal credit card numbers, passwords, and other personal information.
- Change the default settings on your home page web browser.
- Mutate into a second generation of spyware, making it more difficult to eradicate.
- Cause your computer to run slower.
- Display annoying pop-up advertisements, rewrite search engine results, and alter the computer host file to direct the Domain Name System (DNS) to look up preselected sites.
- Add advertising links to web pages for which the author does not get paid. Instead, payment is directed to the spyware programmer that changed the original affiliate’s settings.
- Provide the user with no uninstall option, and install itself in unexpected or hidden places within your computer making it difficult to remove.
There are many different types of spyware, but generally what defines software as spyware, is that they are installed on your computer without your consent, for the purposes of transmitting personal or confidential information about you to another party. This information may be reporting on your web-surfing habits, or it may have more sinister purposes, such as trying to sniff out your credit card or bank account details.
Adware is a milder form of spyware. It is often used to track online behavior for marketing purposes (e.g. to understand visitor buying preferences). There is a difference between cookies that you allow to be installed on your computer to remember your preferences (e.g. when you return to a site that you frequently visit or buy from), and adware, which is spyware.
A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool).
Rootkit installation can be automated, or an attacker can install it once they’ve obtained root or Administrator access. Obtaining this access is a result of direct attack on a system, either by exploiting a known vulnerability, or gaining access to the password by cracking, privilege escalation, or social engineering. Once installed, a rootkit can hide the intrusion while maintaining privileged access. The key is the root/Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.
Rootkit removal can be complicated or practically impossible. Often, a complete reinstallation of the operating system may be the only available solution to the problem.
Keystroke logging, often referred to as keylogging or Keyboard Capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored and that their privacy is being violated.
Key loggers can record not only your keystrokes, but they can also capture your instant messages, text messages, phone numbers, and even record your actions using your own webcam.
A Trojan horse, or Trojan, is a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Greece, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.
Brute Force Attack
A brute force attack is where a software script repeatedly and persistently tries to guess your login credentials.
We have created a separate tutorial that explains how to prevent brute force attacks.
To learn more about preventing brute-force attacks, see the tutorial below:
Blended threats are concentrated computer attacks that use a combination of malware such as a Trojan horse, worm, and spyware to try and penetrate a computer system’s defenses.
Buffer Overflow Attacks
A buffer overflow, or buffer overrun, happens when a program tries to write data to a buffer (a temporary storage location for data while the data is being transferred) and violates memory safety by overruning the buffer’s boundary and overwriting adjacent memory.
Buffer overflows result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. This forms the basis of many software vulnerabilities that can be maliciously exploited.
This is also one of the reasons why it’s important to install WordPress software like plugins and themes only from trusted and reliable sources.
Cross Site Scripting (XSS)
This type of computer vulnerability is often created through a combination of poorly coded software and an unsecured website. XSS attacks allow hackers to add scripts to web pages that get downloaded by other online users and end up infecting their computers.
According to Symantec, cross-site scripting carried out on websites accounted for most of all security vulnerabilities. These vulnerabilities can range from petty nuisances to significant security risks.
Now that we’ve looked at some of the more common types of software security threats, the next step is to look at ways to prevent malware attacks on your devices.
To learn more about preventing malware attacks on your devices, see the tutorial below:
See Also …
"Your training is the best in the world! It is simple, yet detailed, direct, understandable, memorable, and complete." Andrea Adams, FinancialJourney.org