Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent,

detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing
a set of business processes that will protect information assets regardless of how the information is formatted or
whether it is in transit, is being processed or is at rest in storage.

Infosec programs are built around the core objectives of the CIA triad: maintaining
the confidentiality, integrity and availability of IT systems and business data. These objectives ensure that sensitive
information is only disclosed to authorized parties (confidentiality), prevent unauthorized modification of data (integrity)
and guarantee the data can be accessed by authorized parties when requested (availability).

What is Information Security?

Information is an asset to all individuals and businesses. Information Security refers to the protection of these assets in
order to achieve C - I - A (Confidentiality, Integrity, Availability)

Risk Assessment Test:

1. I scan incoming emails using an anti-virus software as they are downloaded from the mail server.

2. I regularly update my anti-virus software.

3. I regularly backup my files.

4. I seldom forward emails that ask me to send a warning message to others.

5. I have a complicated password for my PC and email account, which I change regularly.

6. I regularly apply security patches to my PC.

Table showing analysis on the risk assessment test

If not doing the Security

Vulnerabilities Threats Risks
following actions Concerns
1. Scanning Lack of  Virus attack via  Destruction of  Confidentiality
incoming frontier email message software and  Integrity
emails protection and attachments data  Availability
through anti-  Malicious Code  Denial of
virus service
software
when
downloading.
2. Doing regular Lack of regular  Malicious Code  Destruction of  Confidentiality
update of update of anti-  Virus attack software, data  Integrity
anti-virus virus software & facilities  Availability
software
3. Doing back- Lack of back-  Failure of  Destruction of  Integrity
ups on files up facilities communication
 regularly and processes services data & facilities  Availability
 Technical failures

4. Seldom Lack of proof  Hoax & email  Wasting time in  Availability

forwarding spam reading
emails that  Wasting
ask me to network
give warning bandwidth
to others  Denial of
service

5. Having a Lack of  Unauthorised  Loss of data  Confidentiality

complicated sufficient data access  Destruction of  Integrity
password for access security  Unauthorised data &
my PC and dial-in Access software
email  Theft and Fraud  Others acting
account and on behalf of
changing it you and acting
regularly unlawfully

6. Applying Lack of regular  Malicious Code  Destruction of  Confidentiality

security update of  Virus attack software, data  Integrity
patches on software & facilities;
PC regularly. patches  Others acting
on behalf of
you and acting
unlawfully
 Denial of
Service

What are Electronic Services?

Electronic Services (e-Service) are the attainment and delivery of services through electronic media. E-commerce is also
put under this category. It means using electronic communications to transact, without face to face meeting between
the two parties of the transaction. Activities taken place in e-Service include:

 registering for user identity, e.g. membership application

 updating user information, e.g. new address
 updating user status, e.g. credit card account balance
 submitting application, e.g. credit card, driving licence
 placing order / instruction, e.g. buying and selling of stocks and funds
 doing payment transaction, e.g. credit card payment
 searching for information, e.g. business matching
 exchanging information, e.g. chatroom
 receiving information and service, e.g. education program notes
 making enquiry, e.g. shipping schedule
 doing survey, etc...
Who are Involved?

 Individuals, including consumers and citizens

 Businesses, including public organisations
 Government

How are they Involved?

 Business-to-Consumer (B2C)
 Business-to-Business (B2B)
 Government-to-Citizen (G2C)
 Government-to-Business (G2B)

General Information

What are Virus & Malicious Code

Malicious code refers to a broad category of programs that can cause damage or undesirable effects to computers or
networks. Potential damage can include modifying, destroying or stealing data, gaining or allowing unauthorised access
to a system, bringing up unwanted screens, and executing functions that a user never intended.

Examples of malicious code include computer viruses, worms, trojan horses, logic bombs, spyware, adware and
backdoor programs. Because they pose a serious threat to software and information processing facilities, users and
administrators must take precautions to detect and prevent malicious code outbreaks.

Computer viruses are still the most common form of malicious code. A virus is a program that infects a computer by
attaching itself to another program, and propagating itself when that program is executed. Another frequently
encountered malicious code is the worm, which is a computer program that can make copies of itself, spreading
through connected systems and consuming resources on affected computers or causing other damage.

Some malicious codes, including most viruses, are fragments of programs that cannot exist alone and need to attach
themselves to host programs. Other types of malicious code are able to spread and replicate by themselves (such as
worms) and are able to propagate from computer to computer across a network.

It should be noted that some malicious programs are able to exhibit the behaviors of more than one type of malicious
code. For example, certain programs may be a virus and a trojan horse at the same time.

Growing Risk

The risks posed by malicious code are on the rise, due to fundamental changes in the threats and purposes that
malicious code is put to. Instead of just causing a nuisance and being destructive, malicious code attacks are becoming
more motivated by financial gain. Attackers are increasingly sophisticated and organised, adopting methods that are
similar to traditional software development and business practices.

It has been shown that the amount of time between the discovery of a software vulnerability and attempts to exploit
that vulnerability via attacks from new computer viruses/worms is continuously decreasing. In addition, it takes time
for anti-virus vendors to develop virus and malicious code definitions, so there is always a chance that your anti-virus
software cannot detect newly discovered malicious code in time. Thus, your computer is still vulnerable to virus attack
if other security best practices are not put in place.
 Your computer system could be infected if:

 a user is lured into installing or opening a malicious attachment / program / plug-in from an un-trusted source
or from a spam email
 a user is lured into visiting a malicious website
 the computer is not properly patched, so attackers take advantage and exploit a vulnerability
 the computer is not properly configured, so attackers take advantage and exploit a vulnerability

Common Best Practices

The following best practices can protect your computer(s) more effectively against virus and malicious code attacks:

Guidelines and Tips

Do's

 Do install an anti-virus program to protect your machine and make sure that an up-to-date virus signature file as
well as the detection and repair engines have been applied. There are security products that can provide anti-
virus abilities, while at the same time provide other security features such as a personal firewall, anti-spyware,
and anti-phishing features etc. These products are sometimes branded and packaged under different names
such as an Internet security package. You should select an anti-virus software package which fits your needs.
 Do install and enable a personal firewall.
 Do enable and properly configure real-time detection to scan your machine for computer viruses and malicious
code running active processes, executables and document files that are being processed.
 Do ensure that your computer has the latest security patches to reduce the chance of being affected by
fraudulent emails or websites riding on software vulnerabilities. This also helps to protect your computer from
other security or virus attacks. Many software packages and operating systems now have an auto-update
feature. You may consider having these enabled to ensure your system is kept up-to-date automatically.
 Do schedule a daily scan to check for viruses. The scheduled scan could be done during non-peak hours, such as
during lunch-break.
 Do check all removable disks and files downloaded from the Internet (especially those from an unknown origin)
with anti-virus software before using them.
 Do stop all activities on a computer if it becomes infected by malicious code. Continuing to use an infected
computer may help further spread the virus or malicious code.
 Before installing any software, do verify its integrity (e.g. by comparing checksum values) and ensure it is free of
any computer virus or malicious code.
 Do backup your programs and data regularly. Recovery from a clean backup is the most secure way to restore
the files after a virus attack.
 Do learn about Internet fraud. The Hong Kong Police provide tips on preventing technology crime.
 Do learn to protect yourself from visual spoofing. Some criminals try to use visual spoofing techniques to collect
personal information or make you believe you are installing and accepting software / plug-ins / active content
from a safe source.
 Do constantly be aware of any suspicious activities. For instance, check if there are any abnormal activities on
your computer, such as abnormal hard disk usage, abnormal Internet traffic etc. Abnormal activities may be a
symptom of a malicious code infection.
 Do enable security protection of your applications and software. Many software packages, such as browsers,
email applications, spreadsheets, and word processors come with security features. You should make sure they
are properly configured.

Don'ts

 Don't use software from a dubious source under any circumstances.

  Don't visit suspicious websites.
 Don't execute any attachment in an email or instant messaging client unless you are sure what it will do. Beware
of viruses that come as email or instant message attachments from unknown sources. Some viruses / worms will
disguise themselves as a greeting card or message.
 Don't relax your file access permissions or use personal passwords when you are connecting to the Internet
from public or insecure computers, unless absolutely necessary.

Further Tips for Network / Gateway Administrators

 Put in place a robust IT Security Policy or framework.

 Ensure that the IT Security Policy, particularly the use of freeware and/or shareware, is properly communicated
to all users.

 Monitor and regularly review audit trails for suspicious activities such as a sudden surge in network traffic.

 Put in place security protection at the Internet gateway. For example, install anti-virus and content filtering
controls for all incoming and outgoing messages and files to guard against malicious content. The gateway
should be configured to stop, quarantine or drop messages or files with malicious content. There should also be
proper logging for subsequent reference purposes.

 Put in place security measures against zero-day malicious code attacks where corresponding virus definitions
may not yet be available. Automatic or manual filtering mechanisms should be established to identify and block
suspicious traffic from malicious codes.

 Ensure all workstations have anti-virus software installed with the latest virus definitions and detection and
repair engines. Virus signatures and malicious code definition updates should be applied automatically and the
update frequency should be at least daily. If automatic updating is not possible, manual updates executed at
least once a week and whenever necessary should be performed.

 Perform a full system scan on all new computers before they are allowed to connect to your corporate network.

 Apply, as far as practical, the same information security requirements and procedures on systems under
development or being used for testing purposes.

While managing servers, LAN/System Administrators should observe the following security guidelines:

 Always boot the server from the primary hard drive. If a machine needs to be booted from removable storage
media such as floppy diskettes, USB thumb-drives, USB hard drives, CDs or DVDs, it must be scanned for
computer viruses before booting. This can eliminate the chance of boot sector viruses from infecting the server.

 Protect application programs running on the server by using an access control facility, e.g. directories containing
applications should be set to 'read only'. In addition, access rights, especially the rights to 'Write' and 'Modify',
should only be granted on a need-to-have basis.

 Consider using a document management solution to share common documents so as to minimise the
propagation of infected files in an uncontrolled manner.

 Scan all newly installed software packages before they are released for public use.

 Preferably, schedule a full-system scan to run immediately after a file server has started-up.
  Perform regular data backup and recovery.

 Check all backups regularly to ensure they can be restored when needed.

In addition, LAN/System Administrators should keep abreast of the latest security advisories and educate users on the
best practices to protect against computer viruses and malicious code:

 Subscribe to notifications / advisories to receive critical computer virus /malicious code alerts at the earliest
possible opportunity.

 Promptly disseminate all computer virus alerts to every end-user and take necessary action to mitigate the
problem.

 Educate users on understanding the impact of a massive computer virus attack, recognising ways computers can
become infected with viruses and malicious codes in order to prevent virus infections, (e.g. educate users that a
sender of an email containing a computer virus or malicious code could have forged their identity as a friend or
colleague).

Detection and Recovery

The following symptoms may indicate a computer is infected with a virus or malicious code:

 A program takes longer time than usual to execute.

 A sudden reduction in system memory or available disk space.

 A number of unknown or new files, programs or processes on the computer.

 Popping up of new windows or browser advertisements.

 Abnormal restarts or shutdowns of the computer.

 An increase in network usage.

If a computer is suspected to have been infected with a computer virus or malicious code, users should stop all activities.
Continuing to use an infected computer may help spread the virus or malicious code further. Users should report the
incident to the management and LAN/System Administrator immediately. Users should also try to use any installed anti-
virus software to clean the computer virus on their own. Clearing a computer virus or malicious code does not
necessarily imply that contaminated or deleted files can be recovered or retrieved.

The most effective way to recover corrupted files is to replace them with original copies. Therefore, regular backups
should be done and sufficient backup copies should be kept to facilitate file recovery whenever necessary. After clearing
a virus from a computer, users should perform a complete scan on the computer and other removable storage media to
ensure that everything is virus-free. Failure to do this may lead to a resurgence of the computer virus.

Types of Virus & Malicious Code and Protective Measures

 Computer Virus
 Worms
 Trojan Horses
 Spyware & Adware
 Rootkit
 Active Content
  Zombies and Botnets
 Scareware
 Others

Computer Virus

A computer virus is a self replicating computer program which can attach itself to other files/programs, and can execute
secretly when the host program/file is activated. When the virus is executed, it can perform a number of tasks, such as
erasing your files/hard disk, displaying nuisance information, attaching to other files, etc.

Type of virus

Memory-Resident Virus

This type will reside in main system memory. Whenever the operating system executes a file, the virus will infect a file if
it is a suitable target, for example, a program file.

Program File Virus

This will infect programs like EXE, COM, SYS etc.

Polymorphic Virus

The virus itself can change form using various polymorphism techniques.

Boot Sector Virus

This type will infect the system area of a disk, when the disk is accessed initially or booted.

Stealth Virus

A virus which uses various stealth techniques in order to hide itself from detection by anti-virus software.

Macro Virus

Unlike other virus types, these viruses attack data files instead of executable files.

Macro viruses are particularly common due to the fact that:

 They attach to documents and files, which are platform independent.

 The document is sent to other computers by, for example, email or file exchange. Recipients are receiving the
infected document from a "trusted" sender.

Email virus

A virus spread by email messages.

Worms
A worm is a self-replicating program that does not need to attach to a host program/file. Unlike viruses, worms can
execute themselves. Worms have the ability to spread over a network and can initiate massive and destructive attacks in
a short period of time.

One typical example of a massive attack is the "SQL Sapphire Slammer (Sapphire)" that occurred on 25 January 2003.
The Sapphire exploited an MS SQL Server or MSDE 2000 database engine vulnerability. The weakness lays in an
underlying indexing service that Microsoft had released a patch in 2002. It doubled in size every 8.5 seconds, and
infected more than 90 percent of vulnerable hosts within 10 minutes. It eventually infected at least 75,000 hosts and
caused network outages that resulted in:

 Canceled airline flights

 Interference with elections

 Bank ATM failures

Trojan Horses

A trojan horse is a non-replicating program that appears legitimate, but actually performs malicious and illicit activities
when executed. Attackers use trojan horses to steal a user's password information, or they may simply destroy programs
or data on the hard disk.

A trojan horse is hard to detect as it is designed to conceal its presence by performing its functions properly.

Some recent examples are:

 Trojan horses embedded into online game plug-ins which will help online gamer to advance their game
characters; however, the online game account and password are also stolen. The gamer's cyber assets are
therefore stolen.
 Trojan horses are embedded into popular commercial packages and uploaded to websites for free download or
to be shared across peer-to-peer download networks.

Trojan horses are particularly dangerous due to the fact that they can also open a back door into a system and allow an
attacker install further malicious programs on your computer. Back Orifice and SubSeven are two well-known remote
access trojan horses that allow attackers to take control of a victim's computer.

Tips for Prevention

Besides the following common best practices, you should:

 Install a file and directory integrity checker.

 Be alert to suspicious hard disk activity and/or network activity e.g. if your hard disk access LED light is always
on.
 Be alert to suspicious deletion or modification of files.
 Check if your system is accessed without your knowledge, e.g. your email accounts.

Spyware & Adware

Spyware is a type of software that secretly forwards information about a user to third parties without the user's
knowledge or consent. This information can include a user's online activities, files accessed on the computer, or even
user's keystrokes.
Adware is a type of software that displays advertising banners while a program is running. Some adware can also be
spyware. They first spy on and gather information from a victim's computer, and then display an advertising banner
related to the information collected.

A system with spyware / adware installed may display one or more of the following symptoms:

 The default start page of the web browser is changed to another website and/or new items are added to the
Favorites folder without the user's consent. The user cannot undo the changes, and these browser hijackers
force the user to visit the unwanted websites in order to, for example, inflate the hit rate of the websites for
higher advertising value.

 Pop-up windows with advertisements open on the screen even when the user's browser is not running or when
the system is not connected to the Internet.

 New software components, such as browser toolbars, are installed on a user's computer without his or her
permission.

 Suspicious network traffic appears on the user's computer when he or she is not performing any online
activities.

However, there are some spyware carefully programmed to avoid being noticed, and hence cannot be picked up by the
above abnormalities. This type of spyware can only be detected and removed by anti-spyware products / tools.

Tips for Prevention

Besides the following common best practices, you should:

 Not download / install software from suspicious sources such as websites, peer-to-peer file sharing sources, etc.

 Read the terms and conditions of use, even before downloading and installing a legitimate piece of software,
because they may require you to accept that an adware or spyware system be installed.

 Read the terms of use carefully when you are asked to install a plug-in or use active content when visiting some
websites.

 Review the information provided by certain search engines whose search results may contain malicious code.
This may help in avoiding dangerous or untrustworthy websites via search links.

 Install browser toolbars that can help filter out adware and spyware.

 Install anti-spyware and anti-adware software.

Rootkit

A rootkit is a collection of files that alter the standard functionality of an operating system on a computer in a malicious
and stealthy manner. By altering the operating system, a rootkit allows an attacker to act as system administer on the
victim's system. (Or the "root" user in a Unix system - hence the name "rootkit".)

Many rootkits are designed to hide their existence and the changes they made to a system. This makes it very difficult to
determine whether a rootkit is present on a system, and identify what has been changed by the rootkit. For example, a
rootkit might suppress directory and process listing entries related to its own files.
Rootkits may be used to install other types of attacker tools, such as backdoors and keystroke loggers. Examples of
rootkits include LRK5, Knark, Adore, and Hacker Defender.

Active Content

Unlike the traditional methods of working with static data files using a software program, today's data objects, such as
web pages, email and documents can interweave data and code together, allowing dynamic execution of program code
on the user's computer. The fact that these data objects are frequently transferred between users makes them efficient
carriers of viruses. The transparency of code execution can be a security concern.

The two main 'active content' technologies are ActiveX controls and Java. In general, ActiveX poses a greater threat
because it has direct access to native Windows calls, and hence any system function. Java, on the other hand, is
"sandboxed" or insulated from operating system services by the Java Virtual Machine. However, this does not mean that
there will never be a Java virus.

Tips for Prevention

Besides the following common best practices, you should:

 Watch out for any abnormal machine behaviour:

o Programs taking much longer than usual to execute.

o A sudden reduction in system memory, or available or disk space.

o The browser home page was changed.

o Some websites cannot be accessed anymore.

 Not install any active content from suspicious websites. Instead of selecting the decline option at the installation
page, you should close the browser. This is because some installation pages may be a visual spoof, installing
active content no matter which option is chosen. If it is not successful, you may consider using the task manager
to force quit the browser.

ombies and Botnets

A zombie computer, usually known in the short form zombie, is a computer attached to the Internet that has been
compromised and manipulated without the knowledge of the computer owner. A botnet refers to a network of zombie
computers that have been taken over and put under the remote control of an attacker.

A botnet might consist of thousands of zombie computers, and even more. The zombie computers in the botnets can
consist of computers at homes, schools, businesses and governments scattered around the world.

A zombie computer itself may only be slowed down slightly, or displaying mysterious messages. However, the whole
botnet can be used by the attacker for a massive attack, such as DDoS (the Distributed Denial of Service) attack, against
another system or network. Due to the large number of machines in a botnet, the aggregate computing power can be
enormous when all these machines work together to launch a DDoS attack against a single target.

You should protect your machines or systems from becoming zombie computers.

Scareware
Scareware, or sometimes called rogueware, comprises several classes of ransomware or scam software with malicious
payloads. While pretending as legitimate anti-virus software or the likes, scareware is in fact dummy software without
functions, or sometimes even a malicious software which may, for example, steal the victim's personal information and
credentials such as passwords or credit card details. Ransomware makes your computer files inaccessible. The victim is
then requested to pay a fee ("ransom") to regain access to their files.

Scareware usually entices victims by convincing them that a virus has infected their computer, then suggesting that they
download (and pay for) an anti-virus software to remove it. Very often, the virus is entirely fictional, and the software
installed is the scareware itself. In additional to the loss of money paid for the scareware, the personal details and credit
card information provided by the victim during the purchase of the scareware can be used by criminals in further fraud
or sold on black market forums.

Ransomware is a twisted form of scareware. One of common tactics is that the malware attacks victims through phishing
emails with a malicious attachment. Once infected, the malware makers of ransomware can "kidnap" user’s computer
and hold it to ransom by, for example, stopping the computer working, encrypting key system files or locking up some of
the personal information. The victim needs to pay ransom to free their machines and get their files back.

Protection against scareware and ransomware would require the common best practices against malware, in particular,
users must be cautious and exercise their common sense, and use of legitimate security software is of particular
importance. Some best practices for protection against scareware, ransomware, as well as other virus and malicious
code attacks are:

 Backup important data frequently and keep the backup data disconnected from the computer

 Refrain from visiting suspicious websites or downloading any files from them

 Do not open any suspicious emails or instant messages, as well as the attachments and hyperlinks inside

 Check and keep your anti-malware program and signatures are up-to-date

 Install the latest patches for software in use

 Disable macros for Microsoft Word, Excel and other office applications by default

 Enable security features of the system and browser

 Install software and mobile apps from trusted sources, do not install those apps if suspicious permission rights
are required

 For business operations with a higher risk of exposure to malware infection such as customer enquiry emails
handling, a dedicated computer with no shared drives and restricted network connectivity to internal network
should be used to minimise the impact of infection and the handling staff should keep alert of possible infection.

 Seek advice from the Hong Kong Computer Emergency Response Team Coordination Centre if there is any doubt
how to react to suspicious activities.

In case a computer device is infected, users should consider to take immediate actions to:

 Disconnect the network cable of the computer to avoid affecting network drives and other computers

 Power off the computer to stop the ransomware encrypting more files
  Jot down what have been accessed (such as programs, files, emails and websites) before discovering the issue;

 Report to the Hong Kong Police Force the criminal offence

 Recover the data from backup to a clean computing device

Others

Virus Hoax

A virus hoax is a false virus warning, usually in the form of an email message. It suggests the reader to forward the
message to others, resulting in a rapidly growing proliferation of emails that may overload systems.

Mobile Device Virus / Worms

Like any computing platform, mobile devices are also susceptible to malicious code attacks. Although at present,
malicious codes for handheld devices and smart phones are not that common, there is likely to be an increase as the
functionality of mobile applications increase and with the wider deployment of these devices.

The open architecture of mobile application development environments, often with extensive software development
documentation and tools, also allow attackers to create malicious code for these platforms quite easily.

Malicious code can infect mobile devices in several ways. These include:

 Via email SMS or MMS: a message containing a hyperlink to a malicious code is sent to entice a user to select
the link and download the code. Alternatively, the code can be sent in an email as an attached file and infect the
device when executed. Similarly, malicious code can also be propagated via MMS messages. SymbOS /
Commwarrior.M is a worm that is capable of spreading via MMS messages on Symbian Series 60 devices.

 Via desktop synchronisation: the worm Cxover is one such an example. Cxover is a proof-of-concept worm that
can affect both Windows PC and Windows Mobile devices. If it is executed on a Windows Mobile device, it will
copy itself to the computer over an ActiveSync connection. If it is executed on a Windows PC, it will search for
any handled devices connected over ActiveSync and copy itself to the device.

 Via Bluetooth, Infra-red or Wi-Fi: the first worm capable of spreading via Bluetooth was discovered in June 2004
and was named Cabir. It was a proof-of-concept worm for Symbian OS Series 60 smart phones but it has not
been found in the wild since then. The worm required several interactive steps on the part of the recipient in
order to execute. An attacker who intentionally sends a malicious program to trick the recipient into accepting it
can also exploit the potential weakness of Bluetooth.

Logic Bombs

A logic bomb is a program code which is embedded in another program, and can be activated when a certain predefined
criteria are met.

For instance, a time bomb will attack a system and erase all data if a licence key or another program code is not found in
the system. In some cases, a logic bomb will inform the attacker via the Internet that the bomb is ready to attack the
victim.

Trap Door
A trap door is a secret entry point into a program that is intentionally included in the program code. While it can
facilitate debugging during program development, it may be used for malicious purposes as well.

Common Obfuscation Techniques

The following are common obfuscation techniques used by malicious code developers and writers to evade detection
and destruction:

 Binders and Packers

Most virus signature files are created based on the checksum value which makes use of the file properties and
first few bytes of the malicious code binaries. The binders technique is to bind the virus and malicious code file
on to another file, which changes its form. The packers technique is to compress the virus code before it is
embedded.

 Self-Encryption and Self-Decryption

Malicious code may encrypt and decrypt itself, even using several layers of encryption and decryption and/or
using random keys in encryption and decryption. This makes them harder to examine directly.

 Polymorphism
Malicious code can change its default encryption settings as well as the decryption code during self-encryption.
These make it much more difficult to detect.

 Metamorphism
Malicious code change its form by, for instance, rearranging its code fragments or/and by adding useless lines of
code into its source, and recompiling itself into a new form.

 Code conversion to a VB (Visual Basic) script

This method converts an executable program (.exe) into a visual basic script (.vbs) file that can be attached to a
document, data files or email messages.

 Stealth
The technique is designed to evade anti-virus software detection by hiding the code itself. One example is to
monitor system calls to files; the malicious code then modifies the return information to the process call by
returning only original information.
Computer Related Crime

The use of computer, the Internet and telecommunication or information devices has brought us much convenience in
all kinds of our daily pursuits, from learning, leisure, personal communication to conducting business activities.
However, at the same time, the convenience of this virtual space has created a great potential for abuse by criminals.

Statistics show that there has been a significant increase in criminal activities that are computer and Internet based. In
1993 the Police handled just 4 cases of computer crime, but by 2000 the figure had risen to 368 cases. The problem has
become a major public concern and its nature is complex.

Impacts

In the information age, the use of computers or information systems is applied nearly everywhere in our modern
society. It includes critical infrastructures such as power supply systems, fresh water supply systems, public
transportation, communications networks, etc, to all kinds of business operations. Criminal damages to these systems
create much greater impact than that of conventional criminal attacks.

 Loss of data and information

 Damage of IT resources
 Time wasting in reading, checking, verifying ( e.g. hoax) and re-setting the system
 Wasting bandwidth
 Unavailability of service
 Unauthorised use or misuse of computer systems
 Loss of customer trust
 Loss of public confidence
 Disruption of Production
 Financial Loss
 Reputation of Companies

Types of Computer Related Crimes

 Hacking (Unauthorised access, access with criminal intent)

 Criminal Damage
 Internet Fraud
 Misuse of Accounts
 Online Theft
 Illegal Materials/Websites
 Offences Relating to the Use of Instant Messaging Tools