|
1. Malicious Codes |
|
|
Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content. |
|
|
1.1 Malicious Codes – Botnet C&C |
|
|
Botnet is a jargon term for a collection of software agents, or robots, that run autonomously and automatically. The term is most commonly associated with malicious software, but it can also refer to the network of computers using distributed computing software. While botnets are often named after their malicious software name, there are typically multiple botnets in operation using the same malicious software families but operated by different criminal entities. |
|
|
1.2 Malicious Codes – Bots |
|
|
A bot typically runs hidden and uses a covert channel (e.g. IRC, twitter or IM) to communicate with its C&C server. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, etc). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community. The process of stealing computing resources as a result of a system being joined to a "botnet" is sometimes referred to as "scrumping." |
|
|
1.3 Malicious Codes – Malware |
|
|
Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
|
|
|
1.4 Malicious Codes – Malware Hosting |
|
|
Definition of Malware hosting is where the malware resides whether at a comprise server or client PC that have been infected by virus/malware. Malicious software that is installed on a user’s machine without their consent. |
|
|
2. DOS |
|
|
A denial of service (DOS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target.
|
|
|
3. Fraud |
|
|
The term fraud generally refers to any type of fraud scheme that uses one or more online services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Internet fraud can take place on computer programs such as chat rooms, e-mail, message boards, or Web sites. |
|
|
3.1 Fraud – Phishing |
|
|
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or online banking are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. |
|
|
3.2 Fraud – Fraud Site |
|
|
Scammer usually create a fraud website that to entice user on acquire their service or buy certain product which actually not providing actual goods or services. This particular fraud site also has the possibility embedded with Malware / Trojan software in which will infect unsuspected visitors. |
|
|
3.3 Fraud - Fraud Purchase |
|
|
Purchasing good or services by using bogus credit card or stolen online/internet banking credential. |
|
|
3.4 Fraud - Counterfeit Item |
|
|
To sell forged or imitation goods or money intended to deceive or defraud online user. Counterfeited goods of inferior quality are often sold at substantially lower prices than genuine products and may bear the brand or trade name of the company. Counterfeiting violates trademark and intellectual property rights and may damage the reputation of producers of authentic goods. |
|
|
3.5 Fraud - Online Scam |
|
|
To uses online services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Online Scam can occur in chat rooms, e-mail, message boards or Web sites. |
|
|
3.6 Fraud - Unauthorized Transaction |
|
|
Try to gain access into any computer, network, storage medium, system, program, file, user area, or other private repository, without the express permission of the owner. Unauthorized access is the same as theft. Example Use of a Credit Card by someone other than the authorized cardholder, for example, after a bank credit card has been lost or stolen and purchases not approved by the cardholder are charged to the account. |
|
|
3.7 Fraud - Illegal Investment |
|
|
A fraudulent moneymaking scheme in which people are recruited to make payments to others above them in a hierarchy while expecting to receive payments from people recruited below them. Eventually the number of new recruits fails to sustain the payment structure, and the scheme collapses with most people losing the money they paid in. |
|
|
3.8 Fraud - Lottery Scam |
|
|
Lottery scams are one of the most common types of fraudulent email currently hitting inboxes. Scammer will informs that you have won a large sum of money in an international lottery. This is a common Internet scam. There is no lottery and no prize. Those who initiate a dialogue with the scammers by replying to the lottery scam emails will eventually be asked for advanced fees to cover expenses associated with delivery of the supposed "winnings". |
|
|
3.9 Fraud - Nigerian Scam |
|
|
Nigerian, or "419", scams are one of the most common types of fraudulent email currently hitting inboxes. Nigerian scam messages can also arrive via fax or letter. The messages generally claim that your help is needed to access a large sum of money, usually many millions of dollars. In fact, this money does not exist. The messages are an opening gambit designed to draw potential victims deeper into the scam. Those who initiate a dialogue with the scammers by replying to a Nigerian scam message will eventually be asked for advance fees supposedly required to allow the deal to proceed. |
|
|
3.10 Fraud – Job Scam |
|
|
Job scams, also known as employment scams, are a type of advance fee scam that targets potential victims, obviously job seekers, on the net. The scam poses as a recruitment agency from well known companies in the Oil & Gas, Cruise Liner, Mega Yacht sectors. They offer attractive remuneration packages and benefits when actually it operates with malicious motives to obtain money in advance from interested job seekers in the name of processing fees, work visas, travel expenses and so on. |
|
|
4 Intrusion Attempt |
|
|
4.1 Intrusion Attempt- Port Scanning |
|
|
The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer. |
|
|
4.2 Intrusion Attempt - Login Brute Force |
|
|
The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext, or trying to automate ssh login : username and password attack. |
|
|
4.3 Intrusion Attempt - Vulnerabilities Probes |
|
|
The automated process of proactively identifying vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. |
|
|
5. Cyber Harassment |
|
|
Form of harassment, usually consisting of invective and potentially intimidating or threatening comments towards victims. Often contains exceptionally abusive, foul or otherwise hurtful language. The victim receives disparaging remarks concerning the subject's racial remark which often contains profanity, or it may simply contain a negative, misappropriating message. Harassment covers a wide range of offensive behavior. It is commonly understood as behavior intended to disturb or upset. In the legal sense, it is behavior which is found threatening or disturbing. |
|
|
5.1 Cyber Harassment - Cyber Bullying |
|
|
Cyber-bullying is "when the Internet, cell phones or other devices are used to send or post text or images intended to hurt or embarrass another person." Can be as simple as continuing to send e-mail to someone who has said they want no further contact with the sender, but it may also include threats, sexual remarks, pejorative labels (i.e., hate speech), ganging up on victims by making them the subject of ridicule in forums, and posting false statements as fact aimed at humiliation. |
|
|
5.2 Cyber Harassment - Cyber Stalking |
|
|
Cyber Stalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group. A cyberstalker relies upon the anonymity afforded by the Internet to allow them to stalk their victim without being detected. Cyberstalking messages differ from ordinary spam in that a cyberstalker targets a specific victim with often threatening messages, while the spammer targets a multitude of recipients with simply annoying messages. |
|
|
5.3 Cyber Harassment – Sexual |
|
|
Sexual harassment is when the internet, cell phones or other devices are used to send or post text or images intended to hurt or embarrass another person. Sexual harassment may include the following: Unwelcome comments about a person’s physical characteristics, or sexual behavior. Inappropriate sexually charged language when talking to co-workers, other students, or employees (such as telling an obscene joke). Displaying materials of a sexual nature, such as inappropriate pictures, pornography, etc. |
|
|
5.4 Cyber Harassment – Religious |
|
|
Form of harassment, usually consisting of invective and potentially intimidating or threatening comments towards victims. Often contains exceptionally abusive, foul or otherwise hurtful language. The victim receives disparaging remarks concerning the subject's religion remark which often contains profanity, or it may simply contain a negative, misappropriating message. |
|
|
5.5 Cyber Harassment – Racial |
|
|
|
|
|
6. Content Related |
|
|
Material which is offensive, morally improper and against current standards of accepted behavior. This includes nudity and sex. |
|
|
6.1 Content Related – Pornography |
|
|
Obscene content gives rise to a feeling of disgust by reason of its lewd portrayal and is essentially offensive to one’s prevailing notion of decency and modesty. Any portrayal of sexual activity that a reasonable adult considers explicit and pornographic is prohibited. |
|
|
6.2 Content Related – Intellectual Properties |
|
|
Cases that related to unauthorized use of “any word, name, symbol, or device” used by a person or company “to identify and distinguish his or her goods, including a unique product, from those manufactured or sold by others and to indicate the source of the goods.” |
|
|
6.3 Content Related – National Threat |
|
|
Content that causes annoyance, threatens harm or evil, encourages or incites crime, or leads to public disorder is considered menacing and is prohibited. |
|
|
7. Intrusion |
|
|
Intrusion is referred to the unauthorized access or illegal access to a system or network, successfully. This could be the act of root compromise, web defacements, installation of malicious programs, ie backdoor or trojan. |
|
|
7.1 Intrusion – Account compromise |
|
|
An account compromise is the unauthorized use of a computer account by someone other than the account owner, might expose the victim to serious data loss, data theft, or theft of services. The lack of root-level access means that the damage can usually be contained, but a user-level account is often an entry point for greater access to the system. |
|
|
7.2 Intrusion – Defacement |
|
|
Also referred to as Web defacement or Web site defacement, a form of malicious hacking in which a Web site is “vandalized.” Often the malicious hacker will replace the site’s normal content with a specific political or social message or will erase the content from the site entirely, relying on known security vulnerabilities for access to the site’s content. |
|
|
8. Spam |
|
|
8.1 Spam – Spam |
|
|
Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; junk e-mail. |
|
|
8.2 Spam – Spam Relay |
|
|
Sending mail to a destination via a third-party mail server or proxy server in order to hide the address of the source of the mail. When e-mail servers (SMTP servers) are used, it is known as an "open relay" or "SMTP relay," and spammers commonly used this method in the past when SMTP servers were not locked down. |
|
|
9. Vulnerabilities Report |
|
|
A security vulnerability is a flaw in a product that makes it infeasible – even when using the product properly —to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming un granted trust. |
|
|
9.1 Vulnerabilities Report – Misconfiguration (Disclosure) |
|
|
A problem exists with certain configuration that may allow root access or system compromise from any account on the system. |
|
|
9.2 Vulnerabilities Report - Web |
|
|
User or complainant report vulnerabilities which related to Web sites. |
|
|
9.3 Vulnerabilities Report – System |
|
|
User or complainant report vulnerabilities on any specific system.
|
|
|
Service Level Agreement (SLA) ZmCIRT will use the following guidelines in prioritizing incidents and will respond to the incident within the target time frame. Actual response times may be shorter or longer depending on the volume and complexity of incidents. NOTE/DISCLAIMER: * Response Time is defined as the time taken between receiving of an incident and the time taken by a ZmCIRT staff to begin working on the incident which include analysis, communication and sending notifications to respective parties. Due to the wide diversity, complexity of incidents that can occur, and the methods needed to resolve them, response time IS NOT defined as the time taken between receiving of an incident and problem resolution.
|
|
|
|
Copyright @2023 ZAMBIA CIRT
