Page 1472 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1472
went on to say that “the operations there, as well as related efforts in
the United States, are . . . clues that the virus was designed as an
American-Israeli project to sabotage the Iranian program.”
If these allegations are true, Stuxnet marks two major evolutions in
the world of malicious code: the use of a worm to cause major physical
damage to a facility and the use of malicious code in warfare between
nations.
Spyware and Adware
Two other types of unwanted software interfere with the way you
normally use your computer. Spyware monitors your actions and
transmits important details to a remote system that spies on your
activity. For example, spyware might wait for you to log into a banking
website and then transmit your username and password to the creator
of the spyware. Alternatively, it might wait for you to enter your credit
card number on an e-commerce site and transmit it to a fraudster to
resell on the black market.
Adware, while quite similar to spyware in form, has a different
purpose. It uses a variety of techniques to display advertisements on
infected computers. The simplest forms of adware display pop-up ads
on your screen while you surf the web. More nefarious versions may
monitor your shopping behavior and redirect you to competitor
websites.
Adware and malware authors often take advantage of
third-party plug-ins to popular internet tools, such as web
browsers, to spread their malicious content. The authors find plug-
ins that already have a strong subscriber base that granted the
plug-in permission to run within their browser and/or gain access
to their information. They then supplement the original plug-in
code with malicious code that spreads malware, steals information,
or performs other unwanted activity.
Zero-Day Attacks
