Internet Threats Glossary

A bot herder is a hacker who uses automated techniques to scan target networks for vulnerable systems. These weak machines do not have updated security patches, allowing the hacker to install a bot program into them. The application infects the computer, turning it into a zombie in a botnet. A zombie follows all the bot herder’s commands, typically through an Internet Relay Chat (IRC) channel. If you don’t know, IRC is a text-based chat system. Think of IRC as the less advanced version of today’s chat apps like Messenger, Skype, and WhatsApp.

You can compare a bot herder to a puppet master. The computers (zombies) under his control are puppets that do everything he wants them to. Bot herders are also called “bot masters.”

Crimeware is a blanket term for all kinds of software criminals use to instigate cybercrime, using it to steal personal identities, money, or proprietary information.

Crimeware users typically combine it with social engineering—the process of luring the unaware to click a malicious link or download a malware-laced attachment—to get them to download crimeware onto their computers.
You can compare crimeware to the gadgets thieves use to get into their target victims’ houses in the real world. These instruments can include lockpicks, security lock PIN guessers, and the like.

Cross-site tracing (XST) is an advanced form of cross-site scripting (XSS), a code injection attack where the attacker executes malicious scripts injected into a website or an application. In XST, attackers can bypass existing security measures against XSS and steal users’ cookies.

XST scripts exploit HTTP TRACE or TRACK methods originally designed for diagnostic purposes. Some web server administrators still use this HTTP request method for debugging, although server providers disable it by default to prevent XST and other similar attacks.

A cryptographic attack lets threat actors bypass the security of a cryptographic system by finding weaknesses in its code, cipher, cryptographic protocol, or key management scheme. It is also called “cryptanalysis.” Based on the definition above, cryptographic attacks target cryptographic or cipher systems, which hide data so that only a few people can view it.

Think of a cryptographic attack as thieves’ means to open a locked safe. It can either be a lockpick set, a bomb, or an electronic passcode guesser.

A directory traversal attack lets threat actors exploit HTTP weaknesses to gain unauthorized access to restricted files and directories. Also known as “path traversal attacks,” attackers use web server software to bypass inadequate security mechanisms and access directories and files stored outside webroot folders. That allows attackers to compromise entire web servers.

Performing directory traversal attacks let threat actors access application code and data, backend system credentials, and operating system (OS) files. In some cases, attackers can even write arbitrary files or those that don’t go through security checks on the server, allowing them to change application data or behavior and take complete control of a server.

A distributed reflection denial-of-service (DrDoS) attack occurs when attackers compromise computers or devices to send multiple simultaneous requests to their chosen target. They redirect or reflect their requests to the victims’ systems before these are sent to a selected website, server, application, or computer.

Think of it this way, DrDoS attackers hide behind the compromised systems to evade leaving traces that cybersecurity analysts or researchers can follow. As such, the victims’ computers or devices would look like they belong to the threat actors instead of just serving as mirrors as when, say, you want to light a bonfire using sunlight.

A fork bomb attack is also known as a “rabbit virus attack.” It is a denial-of-service (DoS) attack that repetitively issues the fork system call until the target system uses all of its resources to execute a command. The device eventually becomes overloaded until it can no longer respond to any input. But unlike other DoS attacks, the requests don’t come from outside the network. Instead, they come from the target network, making the attack look self-inflicted.

A fork system call in Unix and Linux systems takes an existing process or a parent and replicates it, forming a new process or child. It lets both processes (parent and child) carry out unique tasks simultaneously.

A homograph attack is a means for a threat actor to fool users that they’re accessing the correct website when they’re actually not. Hackers do that by taking advantage of the fact that many letters from different alphabets look alike.

Attackers replace Latin characters in internationalized domain names (IDNs) with letters from non-Latin-based languages, such as Cyrillic. An example would be using the Cyrillic character а (Cyrillic lowercase a) instead of a (English lowercase a). To the naked eye, they would look the same. But computers would know the difference and take the user to a malicious website (usually a look-alike of the site they wish to visit) instead of the legitimate webpage they want to access.

Non-delivery report (NDR) backscatter refers to bounce messages users receive for emails they didn’t send. It is caused by spammers spoofing the users’ From address in their messages to make them seem they came from the forged senders. When one of their messages gets sent to a nonexistent recipient, that person’s destination email server returns a bounce notification to the owner of the From address.

Think of NDR backscatter as a snail mail you supposedly sent to someone who no longer lives at the street address indicated. As such, it was returned to the sender, that is, you. That means someone (maybe a fraudster asking for donations) is pretending to be you. The strategy allows them to hide their real identity if an investigation on the case (filed by a victim or someone tricked into donating) ensues.

A polymorphic virus is a complex file infector that can change itself to evade detection while retaining its routines after every successful infection. To modify its physical file makeup during each infection, the virus encrypts its code using a different encryption key.

Think of a polymorphic virus as a shapeshifter. Each time you think you’re close to identifying and blocking it, it changes form. But while its looks may have changed, its goal remains the same—to stop your computer from working.

Threat actors use polymorphic viruses primarily to avoid getting detected by traditional security systems and solutions—those that are not yet capable of recognizing threats that have yet to be identified or so-called “emerging threats” or “unknown threats.”

Rogue security software programs refer to what we also know as “fake antivirus.” It is a malicious program that tricks users into thinking their computers are infected by malware so they would buy the software.

A rogue security software doesn’t protect against cybersecurity threats. It is, in fact, a piece of malware, specifically a scareware, that displays fake warnings to fool users into paying for nonexistent antivirus solutions.