A blended threat will use more than one
exploit to get through your defenses. Phishing is usually a hybrid threat,
as is the Nigerian or 419 scam. They may use e-mails, web sites, and
social engineering techniques to get you to divulge personal information or to
gain access to your financial accounts.
Bots are small scripts designed to perform automated functions, and are not
inherently bad. Malicious bots are Trojan horse programs that open your machine
up to remote access, usually via IRC (Internet Relay Chat). According to
Symantec, the appearances of bots on the internet are up 600% in the past 6
months, and are the second most common attack. Variations include Rbots,
SDBots, GAObots, and spybots.
Unfortunately, Internet Explorer has many
security flaws, with more being revealed almost weekly. These browser “holes”
allow hackers to gain admission to your computer as you browse their web sites.
Internet Explorer 7 is currently available for download in beta, and has been
strengthened and hardened against most known exploits.
DoS
attacks are computerized assaults launched by an attacker in an attempt
to overload or halt a network service, such as a Web server or a file
server. For example, an attack may cause a server to become so busy
attempting to respond that it ignores legitimate requests for
connections. In 2003, massive DoS attacks were orchestrated against
several major businesses on the Web, including Yahoo and Microsoft, in
an attempt to clog the servers.
Elevation
of privilege is a process by which a user misleads a system to grant
unauthorized rights, usually for the purpose of compromising or
destroying the system. For example, an attacker might log in to a
network using a guest account, then exploit a weakness in the software
that lets the attacker change the guest privileges to administrative
privileges.
A firewall is a software program or hardware device that works by examining information coming from
and going to the Internet. It identifies and ignores information that
comes from a dangerous location or seems suspicious. It also blocks
ports your computer is not using. If you set up your
firewall properly, crackers searching for vulnerable computers can't
detect your computer.
One day your home page on your browser is
mysteriously replaced by another page. You change it back using the Internet Options
menu, but it changes right back. Your home page has been hijacked.
Or you may have installed a "Search Bar" that has changed your home page.
Home page hijacking is a hallmark of an adware infection.
Identity
theft consists of the exposure of personal information to individuals who
normally would not have access to it. Identity theft on the Internet has
become a more serious issue than it was previously, through the use of
sophisticated phishing e-mails and web site exploits.
Keystroke
logging (often called keylogging) is a diagnostic used
in software development that captures the user's
keystrokes. It can be useful to determine sources of
error in computer systems. Such systems are also highly
useful for law enforcement and espionage - for instance,
providing a means to obtain passwords or encryption keys
and thus bypassing other security measures. However,
keyloggers are widely available on the internet and can
be used by anyone for the same purposes.
Keystroke logging can be achieved by both hardware and software means. Commercially available systems include devices which are attached to the keyboard cable (and thus are instantly installable, but visible if the user makes a thorough inspection) and also devices which can be installed in keyboards (and are thus invisible, but require some basic knowledge of soldering to install). Writing software applications for keylogging is trivial, and like any computer program can be distributed as a Trojan horse or as part of a virus or worm. It is also said that using an on-screen keyboard is a way to combat these, as it only requires clicks of the mouse. That is, however, false information, because a keyboard event message must be sent to the external target program to type text. Every software keylogger can log the text typed with an on-screen keyboard. (Wikipedia)
Some
web sites silently download malicious software just by visiting the site.
Others appear to offer free software products, like games, emoticons, and
utilities.
Crackers use software programs that are
designed to break passwords by trying thousand of possibilities. Of
course, the first passwords they check are "password," "letmein," "opensesame,"
and a password that is the same as the username. There are programs
that run every word in the dictionary against your password. Some of
the more sophisticated ones will try the dictionary with the first letter
capitalized and a number at the end of the word, which is the most common
and easily cracked variation in supposedly "complex" password policies enforced
by most companies these days.
This is how most Internet identity theft occurs.
It may start as a very realistic looking e-mail from your bank, your brokerage,
or an on-line business like Amazon, E-Bay or PayPal. There will be some
problem with your account or credit card. There will be serious
repercussions for failure to address the issue, like account suspension or
closure. You will be asked to link to a web site in the e-mail.
Here’s where the fun begins, instead of going to the link you see, which
probably is a legitimate web address for the company in question, you will be
redirected to a fake site. This site will look like the real thing, right
down to the logo and typeface. You will only catch this if you look at the
address in the browser tool bar. This is possible because in an HTML
e-mail, the address you see does not have to be identical to the hidden HTML
code in the email. 
Pop-ups are usually ads that “pop-up” a new
Internet Explorer window. The worst of these masquerade as system trouble
windows, in an effort to trick the unwary into downloading a software program,
virus, or bot. My favorite pop-up has to be the one selling a pop-up
blocking tool. The great thing is that this tool usually hijacks your home
page and actually increases the amount of pop-ups you will experience.
On the Internet port often refers to a
number that is part of a URL, appearing after a colon (:) right after the domain
name. Every service on an Internet server listens on a particular port number on
that server. Most services have standard port numbers, e.g. Web servers normally
listen on port 80. Services can also listen on non-standard ports, in which case
the port number must be specified in a URL when accessing the server.
Repudiation
refers to the ability of a user to falsely deny having performed an action that
other parties cannot prove otherwise. For example, a user that deleted a file
can successfully deny doing so if no mechanism (such as audit records) can prove
otherwise.
A rootkit is a set of software tools frequently used by a third party (usually
an intruder) after gaining access to a computer system. These tools are intended
to conceal running processes, files or system data, which helps an intruder
maintain access to a system without the user's knowledge. Rootkits are known to
exist for a variety of operating systems such as Linux, Solaris and versions of
Microsoft Windows. A computer with a rootkit on it is called a rooted computer.
The word "rootkit" came to public awareness in the 2005 Sony CD copy protection
controversy, in which Sony BMG music CDs placed a rootkit on Microsoft Windows
PCs. (
For more deliberate attacks (e.g., industrial espionage) a combination
of technology and social engineering is most effective. For example, inducing
members of staff to reveal confidential information, rifling through trash in
search of revealing information, or simply looking for passwords written on
notes by monitors are all options. 
An inappropriate attempt to use a mailing
list, or USENET or other networked communications facility as if it
was a broadcast medium (which it is not) by sending the same message to a large
number of people who didn't ask for it. The term probably comes from a famous
Monty Python skit which featured the word spam repeated over and over. The term
may also have come from someone's low opinion of the food product with the same
name, which is generally perceived as a generic content-free waste of
resources.
There
are a couple of kinds of spoofing.
IP spoofing means creating packets that look as though they have come from a
different IP address. This technique is used primarily in one-way attacks
(such as DoS attacks). If packets appear to come from a computer on the
local network, it is possible for them to pass through firewall security
(which is designed to protect against outside sources). IP spoofing attacks
are difficult to detect and require the skill and means to monitor and
analyze data packets. E-mail spoofing means forging an e-mail so that
the From address does not indicate the true address of the sender. For example,
a round of hoax e-mail messages circulated the Internet in late 2003 that were
made to look as though they carried notice of official security updates from
Microsoft by employing a fake e-mail address from Microsoft
A somewhat vague term generally referring to
software that is secretly installed on a users computer and that monitors use of
the computer in some way without the users' knowledge or consent. Most spyware
tries to get the user to view advertising and/or particular web pages.
Some spyware also sends information about the user to another machine over the
Internet. 
Tampering
consists of altering the contents of packets as they travel over the Internet or
altering data on computer disks after a network has been penetrated. For
example, in a "man in the middle" attack, an attacker might place a tap on a
network line to intercept packets as they leave your establishment. The attacker
could intercept and alter the information as it leaves your network, before it
reaches its destination. The recipient would be unaware that the
information had been altered.
A
virus is a piece of computer code that attaches itself to a program or file
so it can spread from computer to computer, infecting as it travels.
A virus makes copies of itself without any
conscious human intervention. Some viruses do more than simply replicate
themselves, they might display messages, install other software or files,
delete software of files, etc.
Viruses can damage your software, your hardware, and your files.