User guide
114
6.1.7 Packers
Packer is a runtime self-extracting executable that rolls up several kinds of malware into a single package.
The most common packers are UPX, PE_Compact, PKLite and ASPack. The same malware may be detected
differently when compressed using a different packer. Packers also have the ability to make their "signatures"
mutate over time, making malware more difficult to detect and remove.
6.1.8 Potentially unsafe applications
There are many legitimate programs whose function is to simplify the administration of networked computers.
However, in the wrong hands, they may be misused for malicious purposes. ESET Smart Security provides the option
to detect such threats.
Potentially unsafe applications is the classification used for commercial, legitimate software. This classification
includes programs such as remote access tools, password-cracking applications, and keyloggers (a program that
records each keystroke a user types).
If you find that there is a potentially unsafe application present and running on your computer (and you did not
install it), please consult your network administrator or remove the application.
6.1.9 Potentially unwanted applications
Potentially unwanted applications (PUAs) are not necessarily intended to be malicious, but may affect the
performance of your computer in a negative way. Such applications usually require consent before installation. If
they are present on your computer, your system behaves differently (compared to the state before their
installation). The most significant changes are:
New windows you haven’t seen previously (pop-ups, ads),
Activating and running of hidden processes,
Increased usage of system resources,
Changes in search results,
Application communicates with remote servers.
6.2 Types of remote attacks
There are many special techniques which allow attackers to compromise remote systems. These are divided into
several categories.
6.2.1 DoS attacks
DoS, or Denial of Service, is an attempt to make a computer or network unavailable for its intended users. The
communication between afflicted users is obstructed and can no longer continue in a functional way. Computers
exposed to DoS attacks usually need to be restarted in order to work properly.
In most cases, the targets are web servers and the aim is to make them unavailable to users for a certain period of
time.
6.2.2 DNS Poisoning
Using DNS (Domain Name Server) poisoning, hackers can trick the DNS server of any computer into believing that
the fake data they supplied is legitimate and authentic. The fake information is cached for a certain period of time,
allowing attackers to rewrite DNS replies of IP addresses. As a result, users trying to access Internet websites will
download computer viruses or worms instead of their original content.