5.1 The Internet and its uses

Show All Section Notes

Cyber Security Threats

1. Defining Malware

Malware (Malicious Software) is an umbrella term for any software intentionally designed to cause damage to a computer, server, client, or computer network.

The "Virus" Distinction: People often use "Virus" to mean any bad software, but technically, a Virus is a specific type of malware that must attach itself to a program and requires human action (like opening a file) to spread. Other malware, like Worms, can spread on their own.

2. Common Cyber Threats

Viruses

Code that replicates itself by attaching to other files. It can delete data or corrupt the operating system.

Example: You download a "free game" that contains a hidden script. When you run the game, the script deletes your documents.
Worms

Standalone malware that replicates itself to spread to other computers, usually across a network, without human help.

Example: A program enters a company network through one weak PC and automatically copies itself to every other PC on the server.
Trojan Horse

Software that looks legitimate but contains a hidden malicious function. It creates a "backdoor" for hackers.

Example: A "PC Speed Up" tool that actually installs software allowing a hacker to control your webcam remotely.
Spyware

Software that gathers information about a person or organization without their knowledge (includes Keyloggers).

Example: A hidden program records every key you press while logging into your bank and sends it to a server in another country.
Ransomware

Encrypts the user's files and demands a payment (usually in Bitcoin) to provide the decryption key.

Example: A hospital's patient records are locked; a message appears saying they must pay $50,000 to get the data back.
Phishing

Sending fraudulent communications (usually email) that appear to come from a reputable source to steal sensitive data.

Example: An email from "Paypal" tells you your account is locked and asks you to click a link to "verify" your password.
Pharming

Malicious code installed on a user's PC or a DNS server that misdirects users to a fraudulent website even if they type the correct URL.

Example: You type "www.bank.com", but the malware sends you to a fake version of the site that looks identical to the real one.
DoS / DDoS

Flooding a server with useless traffic to make it crash or become unavailable to legitimate users.

Example: Millions of automated "requests" hit a school's website at once, causing the server to shut down during exam results day.

3. Social Engineering

Many of these threats rely on Social Engineering. This is the art of manipulating people so they give up confidential information. It targets the human rather than the hardware.

⚠️ Exam Alert: Phishing vs. Pharming
  • Phishing: Uses an Email to lure the user.
  • Pharming: Uses Malicious Code to redirect the user (even if they type the right address).
End of Security Threats Notes • Ready for Protection Measures (Firewalls, Encryption, MFA)?