What is the difference between passive and active security threats?

Security Threats

Computer viruses are actually rare in true virus form. The term refers to a malicious program that inserts itself into another program and runs when that program executes. A virus usually has a destructive payload designed to attack data or system files. Because most malware today is designed to provide remote access to a networked system for financial gain, true viruses are not as common as they once were. The intent of today's malware is not to destroy the target, but to expropriate it without the owner's knowledge.

Malware commonly called Viruses:
Many types of malware are referred to as viruses, even though few fit the definition. Here are some of the most common types of malware that people refer to as viruses:

E-mail Attachment Viruses:
Less common now than a few years ago (often due to automated filtering software), email attachment viruses pose as documents such as MSWord or Excel files, and frequently image files. This type of attack relies on social engineering for its success. It tries to convince you that a malicious executable is an interesting, yet harmless, document. Because the message appears to have been sent by a trusted correspondent, you are more likely to assume that the attachment is legitimate. In fact, the malware installed on the machine that sent you the email harvested all the email addresses on that system and generated the email entirely on its own. Double clicking on the attachment will run the code, resulting in a malware installation on your computer. The malware then starts harvesting your email contacts and sending messages with the attachment out to everyone on your distribution lists.

One of the odd by products of all this rotten email is that a completely innocent person will receive a notice that an email they allegedly tried to send was bounced or rejected, when in fact they never sent the email in the first place. Worse, the person may be accused of sending out the infected attachment. What has happened is that a computer with the innocent person's email address stored in a distribution list has been infected and the malware has spoofed (falsified) its source email address when it sends itself out to everyone on the infected machine's distribution lists. If the recipients have filtering set up, the message will be rejected and the individual whose email account was spoofed will get the notification rather than the true source of the malicious email.

Since most e-mail providers now automatically scan and strip malicious email attachments, attacks of this type have diminished.

Spamming Viruses:
Normally a worm by design, spamming viruses is designed to send massive amounts of e-mail from the computers they infect. Trojan horses sometimes carry a spamming worm or virus. Most of the spam clogging the Internet comes from unknowing individuals who have had their computers compromised. Occasionally, the University at Albany's network is flooded by an individual infected with a spamming virus. When this happens, some mail servers will block mail sent from albany.edu, most notably, AOL. Spammers on our network are quickly caught and disconnected to protect other network users and to prevent our domain (albany.edu) from getting blocked.

Trojan Horses:
Named after the famous wooden horse that hid the Greek warriors as it was dragged inside the walls of Troy, a Trojan horse is a program that looks benign but is not. Often a Trojan horse will take the form of a popular file or program that is available for download. Other times, a software cracker will insert malicious code into a real copy of a file or application. Either way, once a Trojan horse file is downloaded, it unleashes its payload. The payload may be a virus, rootkit, worm, bot, or nearly any other type of malicious software. As such, it is always important to only download files from trusted sources.

Worms:
Whereas viruses must be physically transported from one host to another, a worm propagates itself, usually over a network. A worm may or may not have a destructive payload. The payload is independent of the worm itself which is designed to replicate and spread as quickly as possible, taking advantage of a widespread vulnerability. Worms are often used to carry a payload like a back door. The worm exploits a vulnerability to install the back door giving its author remote access to the target machine. The worm component then looks for additional vulnerable systems to take advantage of. Worms can bury a network by generating huge volumes of traffic. This is what happened with the Blaster Worm in 2003. Commonly, new worms are written shortly after new vulnerabilities are discovered. This is one of the reasons why it is important to keep all software on your computer up to date.

Other:
Occasionally, spyware and other forms of malware are called viruses although strictly speaking, they are not. As anti-virus vendors continually add new types of threats to their definitions, "computer virus" is becoming more of a blanket term.

What is the difference between passive and active security threats?

Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.