Attack Vectors?

The "catalog of threats" menu over in the right column leads to more specific information on vectors.

Virtually all software has defects — bugs and bad design — that make computers vulnerable to attack. Windows, office suites, media players, browsers and browser plug-ins are just a few examples of software that is open to attack.

Attack vector (or just vector): a specific computer-system vulnerability, along with the path and method used to exploit it. It's just a particular way to gain access to a computer in order to install malware, gain external control, or extract user data.

There are other places to attack computer systems besides the software, for example the BIOS. The human element — the component between the chair and the keyboard — is often the most vulnerable part of a computer system. ;-)

Email attachments have been the classic vector to use against humans. Email messages that entice or alarm will often get users to open malicious attachments. Once opened, the attachment does the dirty work, often with the willing permission of the victim. Many other attacks also rely on deception to get past defense systems.

Along with attachments, email messages, downloaded files, infected webpages, videos, popup windows, instant messages, and social media (blogs, Facebook, Twitter) are vehicles for many popular attack vectors.

Don't confuse attack vectors with payloads. For example, worms attack through the network connection to get in. That's just the first step. Worms usually carry an installer for malware, such as spyware or botware as their payload. The worm's work is done when the payload is installed and running on the computer.