Definitions of Incidents
1. Malicious Codes
Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.
1.1 Malicious Codes - Botnet C&C
Botnet is a jargon term for a collection of software agents, or robots, that run autonomously and automatically. The term is most commonly associated with malicious software, but it can also refer to the network of computers using distributed computing software. While botnets are often named after their malicious software name, there are typically multiple botnets in operation using the same malicious software families, but operated by different criminal entities.
1.2 Malicious Codes - Bots
A bot typically runs hidden and uses a covert channel (e.g. IRC, twitter or IM) to communicate with its C&C server. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, etc). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community. The process of stealing computing resources as a result of a system being joined to a "botnet" is sometimes referred to as "scrumping."
1.3 Malicious Codes - Malware
Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
1.4 Malicious Codes - Malware Hosting
Definition of Malware hosting is where the malware reside whether at a comprise server or client PC that have been infected by virus/malware. Malicious software that is installed on a users machine without their consent.
A denial of service (DOS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target.
The term fraud generally refers to any type of fraud scheme that uses one or more online services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Internet fraud can take place on computer programs such as chat rooms, e-mail, message boards, or Web sites.
3.1 Fraud - Phishing
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or online banking are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
3.2 Fraud - Fraud Site
Scammer usually create a fraud website that to entice user on acquire their service or buy certain product which actually not providing actual goods or services. This particular fraud site also has the possibility embedded with Malware / Trojan software in which will infected unsuspected visitors.
3.3 Fraud - Fraud Purchase
Purchasing good or services by using bogus credit card or stolen online/internet banking credential.
3.4 Fraud - Counterfeit Item
To sell forged or imitation goods or money intended to deceive or defraud online user. Counterfeited goods of inferior quality are often sold at substantially lower prices than genuine products and may bear the brand or trade name of the company. Counterfeiting violates trademark and intellectual property rights and may damage the reputation of producers of authentic goods.
3.5 Fraud - Online Scam
To uses online services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Online Scam can occur in chat rooms, e-mail, message boards or Web sites.
3.6 Fraud - Unauthorized Transaction
Try to gain access into any computer, network, storage medium, system, program, file, user area, or other private repository, without the express permission of the owner. Unauthorized access is the same as theft. Example Use of a Credit Card by someone other than the authorized cardholder, for example, after a bank credit card has been lost or stolen and purchases not approved by the cardholder are charged to the account.
3.7 Fraud - Illegal Investment
A fraudulent moneymaking scheme in which people are recruited to make payments to others above them in a hierarchy while expecting to receive payments from people recruited below them. Eventually the number of new recruits fails to sustain the payment structure, and the scheme collapses with most people losing the money they paid in.
3.8 Fraud - Lottery Scam
Lottery scams are one of the most common types of fraudulent email currently hitting inboxes. Scammer will informs that you have won a large sum of money in an international lottery. This is a common Internet scam. There is no lottery and no prize. Those who initiate a dialogue with the scammers by replying to the lottery scam emails will eventually be asked for advanced fees to cover expenses associated with delivery of the supposed "winnings".
3.9 Fraud - Nigerian Scam
Nigerian, or "419", scams are one of the most common types of fraudulent email currently hitting inboxes. Nigerian scam messages can also arrive via fax or letter. The messages generally claim that your help is needed to access a large sum of money, usually many millions of dollars. In fact, this money does not exist. The messages are an opening gambit designed to draw potential victims deeper into the scam. Those who initiate a dialogue with the scammers by replying to a Nigerian scam message will eventually be asked for advance fees supposedly required to allow the deal to proceed.
4 Intrusion Attempt
4.1 Intrusion Attempt- Port Scanning
The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer.
4.2 Intrusion Attempt - Login Brute Force
The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext, or trying to automate ssh login : username and password attack.
4.3 Intrusion Attempt - Vulnerabilities Probes
The automated process of proactively identifying vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened.
5. Cyber Harassment
Harassment covers a wide range of offensive behaviour. It is commonly understood as behaviour intended to disturb or upset. In the legal sense, it is behaviour which is found threatening or disturbing.
5.1 Cyber Harassment - Cyber Bullying
Cyber-bullying is "when the Internet, cell phones or other devices are used to send or post text or images intended to hurt or embarrass another person." Can be as simple as continuing to send e-mail to someone who has said they want no further contact with the sender, but it may also include threats, sexual remarks, pejorative labels (i.e., hate speech), ganging up on victims by making them the subject of ridicule in forums, and posting false statements as fact aimed at humiliation.
5.2 Cyber Harassment - Cyber Stalking
Cyber Stalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group. A cyberstalker relies upon the anonymity afforded by the Internet to allow them to stalk their victim without being detected. Cyberstalking messages differ from ordinary spam in that a cyberstalker targets a specific victim with often threatening messages, while the spammer targets a multitude of recipients with simply annoying messages.
5.3 Cyber Harassment - Sexual
Sexual harassment is when the internet, cell phones or other devices are used to send or post text or images intended to hurt or embarrass another person. Sexual harassment may include the following: Unwelcome comments about a person’s physical characteristics, or sexual behavior. Inappropriate sexually charged language when talking to co-workers, other students, or employees (such as telling an obscene joke). Displaying materials of a sexual nature, such as inappropriate pictures, pornography, etc.
5.4 Cyber Harassment - Religious
Form of harassment, usually consisting of invective and potentially intimidating or threatening comments towards victims. Often contains exceptionally abusive, foul or otherwise hurtful language. The victim receives disparaging remarks concerning the subject's religion remark which often contains profanity, or it may simply contain a negative, misappropriating message.
5.5 Cyber Harassment - Racial
Form of harassment, usually consisting of invective and potentially intimidating or threatening comments towards victims. Often contains exceptionally abusive, foul or otherwise hurtful language. The victim receives disparaging remarks concerning the subject's racial remark which often contains profanity, or it may simply contain a negative, misappropriating message.
6. Content Related
Material which is offensive, morally improper and against current standards of accepted behavior. This includes nudity and sex.
6.1 Content Related - Pornography
Obscene content gives rise to a feeling of disgust by reason of its lewd portrayal and is essentially offensive to one’s prevailing notion of decency and modesty. Any portrayal of sexual activity that a reasonable adult considers explicit and pornographic is prohibited.
6.2 Content Related - Intellectual Properties
Cases that related to unauthorized use of "any word, name, symbol, or device" used by a person or company "to identify and distinguish his or her goods, including a unique product, from those manufactured or sold by others and to indicate the source of the goods."
6.3 Content Related - National Threat
Content that causes annoyance, threatens harm or evil, encourages or incites crime, or leads to public disorder is considered menacing and is prohibited.
Intrusion is referred to the unauthorized access or illegal access to a system or network, successfully. This could be the act of root compromise, web defacements, installation of malicious programs, ie backdoor or trojan.
7.1 Intrusion - Account compromise
An account compromise is the unauthorized use of a computer account by someone other than the account owner, might expose the victim to serious data loss, data theft, or theft of services. The lack of root-level access means that the damage can usually be contained, but a user-level account is often an entry point for greater access to the system.
7.2 Intrusion - Defacement
Also referred to as Web defacement or Web site defacement, a form of malicious hacking in which a Web site is "vandalized." Often the malicious hacker will replace the site’s normal content with a specific political or social message or will erase the content from the site entirely, relying on known security vulnerabilities for access to the site’s content.
8.1 Spam - Spam
Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; junk e-mail.
8.2 Spam - Spam Relay
Sending mail to a destination via a third-party mail server or proxy server in order to hide the address of the source of the mail. When e-mail servers (SMTP servers) are used, it is known as an "open relay" or "SMTP relay," and this method was commonly used by spammers in the past when SMTP servers were not locked down.
9. Vulnerabilities Report
A security vulnerability is a flaw in a product that makes it infeasible - even when using the product properly —to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming un granted trust.
9.1 Vulnerabilities Report - Misconfiguration (Disclosure)
A problem exists with certain configuration which may allow root access or system compromise from any account on the system.
9.2 Vulnerabilities Report - Web
User or complainant report vulnerabilities which related to Web sites.
9.3 Vulnerabilities Report - System
User or complainant report vulnerabilities on any specific system.