An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.
Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat rooms, and deception. All of these methods involve programming (or, in a few cases, hardware), except deception, in which a human operator is fooled into removing or weakening system defenses.
To some extent, firewalls and anti-virus software can block attack vectors. But no protection method is totally attack-proof. A defense method that is effective today may not remain so for long, because hackers are constantly updating attack vectors, and seeking new ones, in their quest to gain unauthorized access to computers and servers.
The most common malicious payloads are viruses (which can function as their own attack vectors), Trojan horses, worms, and spyware. If an attack vector is thought of as a guided missile, its payload can be compared to the warhead in the tip of the missile.
Some common vectors
- buffer overflows — this is how the Blaster worm was able to propagate
- HTML email with JavaScript or other scripting enhancements
- networking protocol flaws