Chapter 5: Computer Fraud

perpetrators are often called white-collar

criminals.

AIS Threats

Different Types of Frauds

1. Natural and political disasters

2. Software Errors and equipment
malfunction
3. Unintentional acts- are caused by
human carelessness, failure to follow
established procedures and poorly
trained or supervised personnel.
4. Intentional acts (computer crimes) fraud, or sabotage, which is deliberate
destruction or harm to a system.
Criminal activity through the use of the
computer or the internet:

Hacking, in which a perpetrator uses

sophisticated
technological
tools
to
remotely access a secure computer or
internet location.
Illegally intercepting an electronic
transmission- This may result in the
interception of private information such as
passwords, credit card information, or other
types of so-called identity theft.
Computer fraud - use of a computer to
create a dishonest misrepresentation of fact
as an attempt to induce another to do or
refrain from doing something which causes
loss.

1. Corruption- dishonest conduct by those

in power which often involves actions
that are illegitimate, immoral, or
incompatible with ethical standards.
2. Investment Fraud- misrepresenting or
leaving out facts in order to promote an
investment that promises fantastic
profits with little or no risk.
Two Categories of Fraud that are important
to business
Misappropriation of assets- theft of company
assets by employees. Sometimes called
employee fraud.
Elements
Perpetrator

Fraud= gaining an unfair advantage over

another person. Legally for an act to be
fraudulent there must be:
1. A false statement, representation, or
disclosure
2. A material fact, which is something that
includes a person to act
3. An intent to deceive
4. A justifiable reliance; that is, the person
relies on the misrepresentation to take
an action
5. An injury or loss suffered by the victim
Most
fraud
perpetrators
are
knowledgeable insiders with the requisite
access, skills, and resources. Because
employees understand a companys system
and its weaknesses, they are better able to
commit and conceal a fraud. Fraud

or

Characteristics

of

the

Gains the trust or confidence of the

entity being defrauded
Uses trickery, cunning
Conceals the fraud by falsifying
records or other information
Rarely
terminates
the
fraud
voluntarily
Sees how easy it is to get extra
money;
Spends the ill-gotten gains. Rarely
does the perpetuator save or invest
the money. For these reasons, there
are no small frauds- only large ones
that are detected early.
Gets greedy and take ever larger
amounts of money at intervals that
are more frequent;
Grows careless or overconfident as
time passes.

Fraudulent Financial Reporting- sometimes

called Management Fraud. It is defined as an
intentional or reckless conduct, whether by act
or omission, that results in materially
misleading financial statements.
Four Actions to reduce Fraudulent Financial
Reporting

1. Establish an organizational environment

that contributes to the integrity of the
financial reporting process.
2. Identify and understand the factors that
lead to fraudulent financial reporting.
3. Assess the risk of fraudulent financial
reporting within the company.
4. Design and implement internal controls to
provide
reasonable
assurance
of
preventing fraudulent financial reporting.
SAS No.99: The Auditors Responsibility to
Detect Fraud
Consideration of Fraud in a Financial
Statement Audit
This section establishes standards and
provides guidance to auditors in fulfilling the
responsibility to plan and perform the audit to
obtain reasonable assurance about whether
the financial statements are free of material
misstatement as it relates to fraud in an audit
of
financial
statements
conducted
in
accordance with generally accepted auditing
standards.
Auditors are required to:
1. Understand Fraud.
2. Discuss the risk of material fraudulent
misstatements.
3. Obtain Information.
4. Identify, assess, and respond to risks.
5. Evaluate the results of their audit tests.
6. Document and communicate findings.
7. Incorporate a technology.
Who Perpetrates Fraud and Why

Researchers have found significant

differences between violent and white-collar
criminals but few differences between whitecollar criminals and the general public. Whitecollar criminals tend to mirror the general
public in education, age, religion, marriage,
length of employment, and psychological
makeup.

Perpetrators of computer fraud tend to

be younger and possess more computer
knowledge, experience, and skills. Hackers

and computer fraud perpetrators tend to be

more motivated by curiosity.

Another motivation may be to gain

stature in the hacking community. Some see
themselves as revolutionaries spreading a
message of anarchy and freedom.

Some fraud perpetrators are disgruntled

and unhappy with their jobs and are seeking
revenge against their employers.
The average fraud perpetrator has no prior
fraud charges or convictions, according to new
research by the Association of Certified Fraud
Examiners (ACFE), the world's largest provider
of anti-fraud training and education. The
offender is commonly between the age of 3145, and somewhat more likely to be male than
female.
High-level perpetrators cause the
greatest damage to their organizations. Frauds
committed by owners/executives were more
than three times as costly as frauds committed
by managers, and more than nine times as
costly as employee frauds. Executive-level
frauds also took much longer to detect.
The Fraud Triangle
These three conditions must be present for
fraud to occur:
1. Pressures
Pressure is the persons incentive or
motivation for committing fraud. Pressure is
what causes a person to commit fraud.
Pressure can include almost anything including
medical bills, expensive tastes, addiction
problems, etc.

Pressures that can lead to Employee Fraud

Financial

Living beyond means

High personal debt/expenses

Inadequate salary/income

Poor credit ratings

Heavy financial losses

Bad investments

Tax avoidance

Meet unreasonable quotas/goals

Emotional

Greed

Unrecognized performance

Job dissatisfaction

Fear of losing job

Power or control

Pride or ambition

Beating the system

Frustration

Non-conformity

Envy, resentment

Arrogance, dominance

Non-rules oriented

Lifestyle

Support gambling habit

Drug or alcohol addiction

Support sexual relationships

Family/peer pressure

2. Opportunity
Is the condition or situation, including ones
personal abilities that allow perpetrator to do
three things:

Commit Fraud- the theft of assets is the

most
common
type
of
misrepresentations.
Conceal the Fraud- To prevent detection
when assets are stolen FS are
overstated, perpetrators must keep the
accounting equation in balance by

inflating other assets or decreasing

liabilities or equity. Lapping is
concealing the theft of cash by means of
a series of delays in posting collections
to accounts receivable. An individual, for
his own personal gain or in behalf of a
company, can hide the theft of cash
using check-kiting scheme- creating
cash using the lag between the time a
check is deposited and the time it clears
the bank.
Convert the theft or misrepresentations
to personal gain- In a misappropriation,
fraud perpetrators who do not steal cash
or us the stolen assets personally must
convert them to a spendable form.

Opportunities Permitting Employee

Financial Statement Fraud

and

A. Internal Control Factors

a. Failure
to
enforce/monitor
internal controls
b. Management not involved in
control system
c. Management
override
of
controls and guidelines
d. Managerial
carelessness/inattention
to
details
e. Dominant
and
unchallenged
management
f. Ineffective oversight by board of
directors
g. No effective internal auditing staff
h. Infrequent third-party reviews
i. Insufficient
separation
of
authorization,
custody,
and
record-keeping duties
j. Too much trust in key employees
k. Inadequate supervision
l. Unclear lines of authority
m. Lack of proper authorization
procedures
n. No independent checks on
performance
o. Inadequate
documents
and
records
p. Inadequate
system
for
safeguarding assets

q. No physical or logical security

system
r. No audit trails
s. Failure to conduct background
checks
t. No policy of annual vacations,
rotation of duties

s. Low employee morale and loyalty

3. Rationalizations
The
excuse
that
fraud
perpetrators use to justify their illegal behavior
Justification of illegal behavior

B. Other Factors
a. Large, unusual,
transactions

r. Failure to prosecute dishonest

employees

or

complex

1. Justification

b. Numerous adjusting entries at

year end

I am not being dishonest.

I am only borrowing and

will pay it back

2. Attitude

c. Related-party transactions
d. Accounting
department
understaffed and overworked

I dont need to be honest.

3. Lack of personal integrity

e. Incompetent personnel

f. Rapid turnover of key employees

Theft is valued higher than

honesty or integrity.

Other forms of rationalization

g. Lengthy tenure in a key job

h. Unnecessarily
complex
organizational structure
i. No code of conduct, conflict of
interest statements, or definitions
of unacceptable behavior
j. Frequently
auditors/legal counsel

changing

I was just borrowing the money.

It wasnt really hurting anyone.
Everybody does it.
I was only taking what was
owed to me.

I didnt take it for myself. I

needed it to pay my childs
medical bills.

k. Operating on a crisis basis

l. Close
association
suppliers/customers

with

m. Assets highly susceptible

misappropriation
n. Questionable
practices

to

accounting

o. Pushing accounting principles to

the limit
p. Unclear company policies and
procedures
q. Failing to teach
corporate honesty

and

stress

COMPUTER FRAUD
If a computer is used to commit fraud it
is called computer fraud.The U.S.
Department of Justice defines computer
fraud as any illegal act for which
knowledge of computer technology is
essential for its perpetration, investigation;
or prosecution.
Computer
systems
are
particularly
vulnerable to computer crimes for
several reasons:

Individuals can steal, destroy,

or alter massive amounts of data
in very little time.

Access provided to customers

and vendors creates added
vulnerability.

Computer programs only need

to be altered once, and they will
operate that way until the system
is no longer in use or someone
notices.

Modern systems are accessed

by PCs, which are inherently
more vulnerable to security risks
and difficult to control.

Computer systems face a

number of unique challenges.
Economic espionage, the theft
information and intellectual property.

of

Computer Fraud Classifications

Input Fraud
The simplest and most common
way to commit a fraud is to alter
computer input. It requires little
computer skills; perpetrator only needs
to understand how the system operates
so they can cover their tracks.

Processor fraud
Involves
computer
fraud
committed through unauthorized system
use. It includes theft of computer time
and services.
Computer instruction fraud
Involves tampering with the
software that processes company data.
It may include modifying the software,
making illegal copies, using it in an
unauthorized manner, or developing a
software program or module to carry out
an unauthorized activity. Computer
instruction fraud used to be one of the
least common types of frauds because it
required specialized knowledge.

Output fraud
Involves stealing or misusing
system
output.
Unless
properly
safeguarded, screen output can easily
be read from a remote location using
inexpensive electronic gear. This output
is also subject to prying eyes and
unauthorized copying.
PREVENTING AND DETECTING COMPUTER
FRAUD
1. Make fraud less likely to occur
2. Increase the difficulty of committing
fraud - By designing strong internal
controls, segregating duties
3. Improve detection methods - By
creating an audit trail
4. Reduce Fraud Losses - By maintaining
adequate insurance, developing disaster
recovery plans, backing up
Key Terms

Data fraud
Involves altering or damaging a
companys data files; or copying, using,
or searching the data files without
authorization.

Sabotage- an international act where

the intent is to destroy a system or some
of its components.
Cookie- a text file created by a Web site
and stored on a visitors hard drive.
Cookies store information about who the
user is and what the user has done on
the site.
Fraud- is gaining an unfair advantage
over another person
White-Collar Criminals- business people
who commit fraud.
Corruption- dishonest conduct by those
in power which often involves actions
that are illegitimate, immoral, or
incompatible with ethical standards.
Investment Fraud- misrepresenting or
leaving out facts in order to promote an
investment that promises fantastic
profits with little or no risk.
Misappropriation of assets- theft of
company assets by employees.
Fraudulent Financial Reporting- an
intentional or reckless conduct, whether
by act or omission, that results in

materially
misleading
financial
statements.
Pressure- is the persons incentive or
motivation for committing fraud.
Opportunity- condition or situation that
allows a person or organization to
commit and conceal a dishonest act and
convert it to personal gain.
Lapping- is concealing the theft of cash
by means of a series of delays in
posting
collections
to
accounts
receivable.
Check-kiting scheme- creating cash
using the lag between the time a check
is deposited and the time it clears the
bank.
Rationalization- The excuse that fraud
perpetrators use to justify their illegal
behavior.
Computer Fraud- any type of fraud that
requires
computer
technology to
perpetrate.
Economic espionage- the theft of
information and intellectual property

Input Fraud- The simplest and most

common way to commit a fraud is to
alter computer input

Processor fraud- Involves computer

fraud committed through unauthorized
system use.
It includes theft of
computer time and services
Computer instruction fraud- Involves
tampering with the software that
processes company data.
Data fraud- Involves altering or
damaging a companys data files; or
copying, using, or searching the data
files without authorization.
Output fraud- Involves stealing or
misusing system output. Output is
usually displayed on a screen or printed
on paper.

Chapter 6: Computer Fraud and Abuse

Techniques

COMPUTER ATTACKS AND ABUSE

The following are the more common attack
techniques:
Hacking is the unauthorized access,
modification or use of an electronic device or
some element of a computer system.
Hijacking is gaining control of a computer to
carry out illicit activities without the users
knowledge
Botnet short for robot network, is a powerful
network of hijacked computers, called
zombies that are used to attack systems or
spread malware.
Botnets are used to perform a denial-ofservice (DoS) attack, which is designed to
make a resource unavailable to its users.
Bot herders install software that
responds to the hackers electronic
instructions on unwitting PCs.
Spamming is simultaneously sending the
same unsolicited message to many people at
the same time, often in an attempt to sell
something.

Spammers also stage dictionary

attacks (also called direct harvesting
attacks).Spammers use special software
to guess e-mail addresses at a company
and send blank e-mail messages.
Splogs (combination of spam and blog) with
links to website they own to increase their
Google Page Rank, which is how often a web
page is referenced by other web pages.
Spoofing is making an electronic
communication as if someone else sent it to
gain the trust of the recipient. Spoofing can
take various forms, includes the following:
E-mail spoofing
Caller ID spoofing
IP address spoofing is creating the
Internet Protocol packets with a forged
source IP address to conceal the
identity of the sender or to impersonate
another computer system. It is most
frequently used in DoS attacks.
Address Resolution Protocol (APS)
spoofing is sending fake ARP
messages to the Ethernet LAN. It
allows an attacker to associate his
MAC address (Media Access Control
address, a hardware address that
uniquely identifies each node on a

network) with the IP address of another

node.
SMS spoofing
Web Page spoofing also called
phishing.
DNS spoofing is sniffing the ID of a
Domain Name System (DNS, the
phone book of the Internet that
converts a domain, or website name to
an IP address) request and replying
before the real DNS server can.
Zero-day attack is an attack between the
time a new software vulnerability is discovered
and the time a software developer releases a
patch that fixes the problem.
Cross-site scripting is a vulnerability in
dynamic web pages that allows an attacker to
bypass a browsers security mechanisms and
instruct the victims browser to execute code,
thinking it came from desired website.
Buffer Overflow Attack happens when the
amount of data entered into a program is
greater than the amount of the memory (the
input buffer) set aside to receive it. The input
overflow usually overwrites the next computer
instruction, causing the system to crash.
SQL Injection (Insertion) attack malicious
code in the form of an SQL query is inserted
into input so it can be passed to and executed
by an application program.
Man-in-the-middle attack places a hacker
between a client and a host and intercepts
network traffic between them. It is often called
a session hijacking attack. MITM attacks are
used to attack public-key encryption systems
where sensitive and valuable information is
passed back and forth.

Password cracking is penetrating a

systems defenses, stealing the file containing
valid passwords, decrypting them, and using
them to gain access to programs, files, and
data.
War dialling is programming a computer to
dial a thousand of phone lines searching for
dial-up modem lines.
War driving driving around looking for
unprotected home or corporate wireless
networks.
War rocketing using rockets to let loose
wireless access points attached to parachutes
that detect unsecured wireless networks.
Phreaking attacking phone systems to
obtain free phone line access, use phone lines
to transmit malware, and to access, steal, and
destroy data.
Data diddling is changing data before or
during entry into a computer system in order
to delete, alter, add, or incorrectly update key
system data.
Data leakage is the unauthorized copying of
company data, often without leaving any
indication that it was copied.
Podslurping is using a small device with
storage capacity, such as an iPod or Flash
drive, to download unauthorized data.
Salami technique is used to embezzle
money a salami slice at a time from many
different accounts.
Round-down fraud all interest calculations
are truncated at two decimal places and the
excess decimals put into an account the
perpetrator controls.

Masquerading or impersonation is
pretending to be an authorized user to access
a system.

Economic espionage is the theft of

information, trade secrets, and intellectual
property.

Piggybacking- The clandestine use of a

neighbors Wi-Fi network; Tapping into a
communications line and electronically
latching onto a legitimate user; An
unauthorized person following an authorized
person

Cyber extortion is threatening to harm a

person or a company if a specified amount of
money is not paid.
Cyber-bullying is using the Internet, cell
phones or other communication technologies
to support deliberate, repeated and hostile
behavior that torments, threatens, harasses,

humiliates, embarrasses or otherwise harms

another person.
Sexting is exchanging sexually explicit text
messages and revealing pictures usually by
means of phone. One particularly degrading
from of cyber-bullying
Internet terrorism is using the Internet to
disrupt
electronic
commerce
and
communications and to harm computers
Internet misinformation is using the
internet to spread false or misleading
information.
E-mail threats threats sent to victims by email. The threats usually require some followup action, often at great expense to the victim.
Internet auction fraud using an internet
auction site to defraud another person.
Internet pump-and-dump fraud using the
internet to pump up the price of a stock and
then sell it.
Click fraud manipulating click numbers to
inflate advertising bills.
Web cramming offering a free website for a
month, developing a worthless website, and
charging the phone bill of the people who
accept the offer for months, whether they want
to continue using the website or not.
Software piracy - the unauthorized copying
or distribution of copyrighted software.
SOCIAL ENGINEERING
Social engineering is a component of
many- if not most- type of exploits to persuade
people
to
run
malware-laden
email
attachments, phishers use social engineering
to convince people to divulge sensitive
information, and scareware vendors use social
engineering to frighten people into running a
software that is useless at best and dangerous
at worst.
Cisco reported that fraudsters take
advantage of the following seven human traits
in order to entice a person to reveal
information or take a specific action:

1. Compassion- the desire to help others

who present themselves as really needing
your help
2. Greed- People are more likely to
cooperate if they get something free or
think they are getting a once-in-a-lifetime
deal.
3. Sex Appeal- people are more likely to
cooperate with someone who is flirtatious
or viewed as hot.
4. Sloth- few people want to do things the
hard way, waste time or do something
unpleasant; fraudsters take advantage of
our lazy habits and tendencies.
5. Trust- People are more likely to cooperate
with people who gain their trust.
6. Urgency- a sense of urgency or
immediate need that must be met leads
people to be more cooperative and
accommodating.
7. Vanity- People are more likely to
cooperate if you appeal to their vanity by
telling them they are going to be more
popular or successful.
SOCIAL ENGINEERING ISSUES AND
TECHNIQUES
Identity Theft is assuming someones
identity, usually for economic gain, by illegally
obtaining useful and confidential information
Pretexting using an invented scenario (the
pretext) that creates legitimacy in the targets
mind in order to increase the likelihood that a
victim will divulge information or do something.
Posing creating a seemingly legitimate
business, collecting personal information while
making a sale, and never delivering the
product.
Phishing sending an electronic message
pretending to be a legitimate company, usually
a financial institution, and requesting
information or verification of information and
often warning of a consequence if it is not
provided. Targeted versions of phishing, called
spear phishing, have emerged.
Pharming is a very popular social engineering
tool for two reasons. First, it is difficult to
detect because the users browser shows the
correct website. Antivirus and spyware
removal software are currently ineffective
protection
against
pharming.
Instead

complicated anti pharming techniques are

required. Second, is the ability to target many
people at a time through domain spoofing
rather than one at time with phishing e-mails.
An evil twin is a wireless network with
the same name(called Service Set Identifier or
SSID) as a legitimate wireless access point.
Typosquatting, or URL hijacking, is setting
up similarly named websites so users making
typographical errors when entering a website
name are sent to an invalid site. An incorrectly
entered URL could lead to a website operated
by a cybersquatter.
A QR (Quick Response) code is a twodimensional matrix barcode that, when
scanned by a smartphone, connects users to a
website. Fraudsters cover valid QR codes with
stickers containing QR barcode replacement
to fool people into going into unintended site,
such as a spoofed website or an adult website
that infects their phones with malware.
Tabnapping
is
a
computer exploit and phishing attack,
which
persuaded users to submit their login details
and passwords to
popular websites by
impersonating those sites and convincing the
user that the site is genuine; is secretly
changing an already open browser tab.
Scavenging or dumpster diving is searching
documents and records to gain access to
confidential information. Used by crackers
who dial up to the Internet hoping to find
connections left dangling when somebody
else abruptly hung up. They can then exploit
the connections. The term is also used to
describe the activity of hunting for Residual
Data on erased devices.
In shoulder surfing, as its name
suggests, perpetrators look over a persons
shoulder in a public place to get information
such as ATM PIN numbers or user IDs and
passwords.
In Lebanese looping, the perpetrator
inserts a sleeve into an ATM that prevents the
ATM from ejecting the card. When it is obvious
that the card is trapped, the perpetrator
approaches the victim and pretends to help,
tricking the person into entering her pin again.

Skimming is double-swiping a credit card

in a legitimate terminal or covertly swiping a
credit card in a small, hidden, handheld
card reader that records credit card data for
later use.
Chipping is posing as a service engineer
and planting a small chip that records
transaction data in a legitimate card reader.
The chip is later removed to access the
data recorded on it.
Eavesdropping is listening to private
communications or tapping into data
transmissions.
A. MALWARE
Short for malicious software, is any
software used to disrupt computer operations,
gather sensitive information, or gain access to
private computer systems. Malware is defined
by its malicious intent, acting against the
requirements of the computer user, and does
not include software that causes unintentional
harm due to some deficiency. The
term badware is sometimes used, and applied
to both true (malicious) malware and
unintentionally harmful software. Spyware or
other malware is sometimes found embedded
in programs supplied officially by companies,
e.g., downloadable from websites, that appear
useful or attractive, but may have, for
example,
additional
hidden
tracking
functionality that gathers marketing statistics
Malware is sometimes used broadly
against government or corporate websites to
gather guarded information, or to disrupt their
operation in general.
Spyware is software that aims to gather
information about a person or organization
without their knowledge and that may send
such information to another entity without the
consumer's consent, or that asserts control
over a computer without the consumer's
knowledge. Spyware" is mostly classified into
four types: system monitors, Trojans, adware,
and tracking cookies.
Adware is a spyware that can pop
banner ads on monitor, collect information

about the users web-surfing and spending

habits and forward it to the adware creator.
Torpedo software is a software that
destroys competing malware. This sometimes
results in malware warfare between
competing malware developers.
Scareware is software that is often
malicious, is of little or no benefit, and is sold
using scare tactics. It is a form of malicious
software that uses social engineering to cause
shock, anxiety, or the perception of a threat in
order
to
manipulate
users
into
buying unwanted software.
Ransomware often comes in the form
of fake antivirus software. It is a type
of malware that restricts access to a computer
system that it infects in some way, and
demands that the user pay a ransom to the
operators of the malware to remove the
restriction.
Key logger or Keystroke logging (often
called keylogging) is a diagnostic tool used in
software development that captures the user's
keystrokes. It can be useful to determine
sources of error in computer systems and is
sometimes used to measure employee
productivity
on
certain
clerical
tasks.
Trojan horse or Trojan, in computing is
any malicious computer
program which
misrepresents itself as useful, routine, or
interesting in order to persuade a victim to
install it
Time bombs and logic bombs are
Trojan horses that lie idle until triggered by a
specified date or time, by a change in the
system, by a message sent to the system, or
by an event that does not occur.
A trap door, or back door, is a set of
computer instructions that allows the user to
bypass the systems normal controls.

Packet sniffers capture data from

information packets as they travel over
networks.
Steganography program is a program
that can merge confidential information with a
seemingly harmless file, password protect the
file, send it anywhere in the world, where the
file is unlocked and the confidential information
is reassembled. The host file can still be heard
or viewed because humans are not sensitive
enough to pick up the slight decrease in image
or sound quality.
Rootkit is a means of concealing
system components and malware from the
operating system and other programs; can also
modify the operating system.
Superzapping is using software that
bypasses normal security constraints to allow
unauthorized access to data. For example,
such a program may issue commands directly
to the disk drivers without going through
normal file I/O routines, bypassing not only
security restrictions but also leaving no audit
trail.
A computer virus is a segment of selfreplicating, executable code that attaches itself
to a file or program. Viruses are sometimes
confused with computer worms and Trojan
horses. A worm can spread itself to other
computers without needing to be transferred as
part of a host, and a Trojan horse is a file that
appears harmless until executed.
A computer
worm
is
a
standalone malware computer
program that
replicates itself in order to spread to other
computers. Unlike a computer virus, it does not
need to attach itself to an existing
program. Worms almost always cause at least
some harm to the network, even if only by
consuming bandwidth, whereas viruses almost
always corrupt or modify files on a targeted
computer.

A computer worm is similar to a virus with

some exceptions:

Bluesnarfing is stealing contact lists, images

and other data using Bluetooth

1. A virus is a segment of code hidden in

or attached to host program or
executable file, whereas a worm is a
stand-alone program.

Bluebugging is taking control of someone

elses phone to make or listen to calls, send or
read text messages, connect to the Internet,
forward the victims calls and call numbers that
charge fees. It is a form of Bluetooth attack
often caused by a lack of awareness.

2. A virus requires a human to do

something, to replicate itself, whereas a
worm does not and actively seeks to
send copies of itself to other devices.
3. Worms harms networks (if only by
consuming bandwidth), whereas viruses
infect or corrupt files or data on a
targeted computer.