computer system crashes. Unlike viruses, worms do not infect files but instead seize control of the CPU and operating system, resulting in data and programs being erased. Worms take advantage of vulnerabilities in applications or operating systems to infect computers. They have the capability to reproduce themselves and propagate across networks to other computers.

It does not require human interaction to spread to other computers. A well-known example is the Morris Worm, also known as the Great Worm, created by Cornell University student Robert Tappan Morris in 1968. The Morris Worm consisted of 99 lines of code and was created by Morris to determine the size of the Internet. Although the creator did not intend any harm, the worm caused significant stability issues and rendered many systems unusable.

The damage caused by the worm resulted in over 6,000 infected UNIX machines and incurred costs ranging from $10,000,000 to $100,000,000 in America. This scenario presents an ethical dilemma as the creator had no malicious intent in creating the worm but it still had detrimental effects on a majority of people. According to the psychological egoism theory, this dilemma can be considered ethical since Robert Morris acted based on his selfish motives, making him morally responsible. From the perspective of the hedonism theory, Morris' actions were deemed ethical as he was simply performing his duty without foreseeing the negative consequences they would bring. 1. 1. 3 Trojan Horse

The Trojan horse gets its name from the Trojan horse of Troy, which was used as a disguise to infiltrate enemy territory. Likewise, a Trojan horse appears to be something else, such as a program or

file, but it contains harmful code. Similar to viruses, the Trojan horse becomes active when the infected file is opened or when the program with malicious code is executed. The consequences of a Trojan horse can vary from minor actions like changing the desktop to more severe outcomes like deleting files, stealing data, or spreading other malware within the victim's software.

Trojan horses are a method utilized by hackers to obtain unauthorized entry into a computer system. Their objective is to create a 'back door' within the operating system. These Trojans lack the capability to reproduce or self-replicate, necessitating user involvement for dissemination. A notable example is iServices, a Trojan horse found in the pirated edition of Apple's software suite, iWork. Once activated, this specific Trojan notifies users about their Mac being infected and grants the hacker access to the system.

The presence of a Trojan horse in pirated software like iWork poses an ethical dilemma because buyers are unaware of it. The sellers' unethical behavior is evident as they insert the Trojan horse without their customers' consent, which goes against deontological principles that prohibit vendors from invading customers' systems. Furthermore, this action disregards the well-being of others who will suffer as a result, making it unethical from an altruistic perspective.

The unethical actions of vendors, such as hacking and infiltrating private property, may be seen as morally acceptable under utilitarianism, a theory that prioritizes the consequences. Nevertheless, these actions are deemed unlawful according to the social contract theory. A logic bomb, which resembles a Trojan horse, becomes active when specific events occur like keystrokes or file changes. Additionally, botnets consist of

infected computers that are governed by bots.

A bot, or robot, is a type of malware that allows an attacker to manipulate a compromised computer. Through this control, criminals can engage in harmful activities like spamming, virus spreading, and launching attacks on other computers. These actions can result in crimes and frauds without the computer's owner noticing. Bots are often called computer zombies because they operate under hackers' command, taking away the computer's autonomy. An example of a bot-related attack is the Distributed Denial-of-Service Attack (DDoS Attack), where a malicious hacker controls multiple computers via the Internet.

The article discusses the attempt to restrict a computer owner's use of network resources or machine through a collaborative effort to disable an individual host's internet connection. This collaborative effort involves a team of individuals working together. The term "rootkits" refers to a collection of programs named after the words 'root' and 'kit'. The word 'root' indicates the target, whether it is the administrator or the source, while 'kit' refers to the assortment of programs involved. By utilizing a rootkit, an unauthorized user can gain administrator-level access to a computer without consent or detection.

The owner of the rootkit has the ability to execute files, change system configurations, access log files, and monitor activity on the target machine without being detected. Rootkit malware is difficult to detect in computer systems. 1. 1. 7Spam E-mail spam involves sending unsolicited emails to a large number of people. Spam often includes cheap advertisements for things like pornography or 'get-rich-quick' schemes. It can also be used to distribute harmful worms or malware. . 1. 8Phishing Phishing is a method

used to trick users into entering personal identity data on a fake website. 1. 2Types of Perpetrators 1. 2. 1Hackers and Crackers Hackers are individuals who test system limits, identify vulnerabilities, and see what data they can access. They acquire knowledge from various sources, typically the internet. While they are not inherently bad, the term has become negative due to some hackers using their knowledge to cause harm to systems.

A more appropriate term for these individuals is crackers. 1. 2. 2 Malicious Insiders refer to people who acquire goods, services, or property through deception or trickery, also known as fraud. In simpler terms, they lie to attain something. 1. 2. 3 Industrial Spies are individuals who unlawfully acquire information from competitors on behalf of their sponsor. This act is known as industrial espionage, and the opposing action of legally obtaining information is called competitive intelligence.

In 1993, Opel accused rival Volkswagen of industrial espionage after several executives, including the former chief of production, moved to Volkswagen due to missing documents. (Julian, 2011) Cybercriminals, such as Albert Gonzalez, who is one of the world's most notorious hackers, hack into company systems and manipulate information to gain financial benefits. Gonzalez used his hacking skills to steal and resell millions of card and ATM numbers over a three-year period. This act raises ethical concerns as it goes against deontological theory, which states that hackers should not steal information. However, under hedonism in the utilitarian theory, the act may be considered ethical as Gonzalez found pleasure in the process. Nevertheless, both social contract theory and virtue theory deem this act unethical. Hacktivists, a combination of "hacking" and "activist,"

are individuals who hack for political activism purposes.

Cyberterrorists aim to gain the government's attention by carrying out politically motivated attacks. The hacktivist group, Anonymous, has become well-known for their use of Guy Fawkes masks and appearances in media outlets. They actively challenge Internet censorship, government corruption, and homophobia, focusing on different government websites. However, Anonymous encounters an ethical dilemma as they utilize their hacking abilities to infiltrate systems while expressing solidarity with those who desire to be acknowledged by the government.

This action can be seen as ethical from two perspectives. From a deontological standpoint, it is their duty to make the government listen to their voice. It can also be viewed as ethical from an altruistic point of view since more people will benefit from their act. However, according to the social contract theory, this act is considered unethical because it violates the law.

The 3 Laws for Prosecuting Computer Attacks include the Electronic Commerce Act of 2000 (RA 8792), which involves computerized business transactions in which consumers and businesses buy and sell goods electronically.

This act aims to safeguard individuals engaging in business activities through various communication networks on the Internet. The law identifies three main elements: electronic data messages, electronic documents, and electronic signatures. Electronic data messages refer to information exchanged in business transactions, while electronic documents are similar but contain specific text or symbols. Electronic signatures are marks used by individuals or entities to approve transactions electronically.

The law also has implications for other laws like Intellectual Property Rights and Copyright Protection that offer protection for business activities conducted through electronic means. Fraud is another

related issue as government charges can be brought against individuals illegally accepting payments by disguising their websites as trustworthy payment options.

In terms of e-commerce cases, censorship plays a crucial role in determining website moral standards and company cooperation in recognizing and adhering to these standards.

Google's operations in China faced backlash when the company agreed to censor websites supporting democracy. However, in 2010, Google chose to move its Chinese operations to Hong Kong, effectively avoiding China's censorship rules. Supporters argue that Google shouldn't comply with oppressive policies, although critics believe that the withdrawal deprived millions of Chinese citizens access to Google and weakened its presence in a major market. The case raises significant ethical concerns, particularly regarding Google's relocation to Hong Kong.

The jurisdiction of China’s censorship policy has made it difficult to access certain content, allowing them to exert more control over their assets. However, this has left Chinese citizens longing for a search engine that can benefit them. From Google's perspective, this tradeoff allows them to maximize their services in a lucrative market like Hong Kong, but it also means they could have served the needs of the citizens and maintained their reputation for improving global life, as they promised with their famous slogan "Don't be evil".

I disagree with their decision to relocate because they could have followed updated utilitarianism and provided their services to those who needed them the most. However, they acted in accordance with ethical egoism by censoring pro-democracy sites which they viewed as morally good. Another example involving Google is that the company gathers a large amount of data on users of its

search engine. According to the company's website as of 2011, it stores search records for the purpose of improving corporate efficiency, but makes them anonymous after nine months and deletes visitor tracking cookies after two years.

Despite concerns about privacy issues with Google Earth's photograph collection, the government can use Google's data to investigate individuals who visit specific websites. In 2008, a couple sued Google claiming that online images of their home violated their privacy rights, but the case was dismissed by a judge in the following year. This example demonstrates how Google's search engine records can assist the government in apprehending fugitives, suspects, and criminals for the benefit of society. However, if this power is abused, it can result in privacy violations.

The judge may dismiss the couple's lawsuit, but ethical theories support their claim. Specifically, rights-based theories recognize social contracts that acknowledge their right to privacy. While it may be legal for Google Earth to store their photos, they should limit their power. Duty-based theories also support the couple's case, as Google has a daily task of improving corporate efficiency and providing unlimited knowledge. The Cybercrime Prevention Act of 2012 (RA 10175) is the first law in the Philippines that criminalizes computer-related crimes. It was approved on September 12, 2012, and was authored by Representative Susan Tap-Sulit and signed into law by President Benigno Aquino III.The purpose of this Act is to safeguard individuals from cybercrimes and their negative consequences. The state acknowledges the significance of the information and communications industries and aims to protect its citizens and the integrity of computers and users. Additionally, the state recognizes the importance of creating a

conducive environment for the development and rational use of information and communications technology. The Act includes 10 punishable acts, each with associated penalties, which will be briefly discussed. These acts pertain to offenses against the confidentiality, integrity, and availability of computer data and systems, such as illegal access to computers or their parts without authorization.

Illegal Interception refers to the act of intercepting non-public transmission of data to or from a computer system using any technical device without the legal right to do so. This includes capturing electromagnetic emissions containing such data from a computer system.

Data Interference involves intentionally or recklessly altering, damaging, deleting, or deteriorating computer data, electronic documents, or electronic data messages without proper authorization. This includes transmitting or transferring viruses into a system. A notable example of this is the infamous ILOVEYOU message sent through electronic mail in the year 2000.

D. System Interference – the intentional or reckless hindering or interference with a functioning computer system or network by inputting, transmitting, damaging, deleting, deteriorating, altering, or supressing computer data or programs without proper authority.

E. Misuse of Devices – the unauthorized use of any material, including production, manufacturing, selling, and distribution.

F. Cyber-squatting – the act of identity theft, whereby another person's identity is used for personal gain or to deceive others on the internet.

Computer-related Forgery encompasses the illegal copying of work and unauthorized access to computer systems or databases. Computer-related Fraud involves the unauthorized manipulation, deletion, or interference with computer data, programs, or systems. Computer-related Identity Theft is the intentional acquisition, use, transfer, or possession of someone else's identifying information. These categories are

followed by Cybersex and Child Pornography.

The text discusses the definition of libel, which is described as a public and malicious imputation of a crime, vice, defect, or any acts, omissions, conditions, statuses, or circumstances that discredit or cause dishonor or contempt towards a natural or juridical person. This can be committed through a computer system or any similar means. The law enforces punishments for such acts, including imprisonment or a fine. The penalties can range from at least two hundred thousand pesos (Php. 00,000. 00) to an amount corresponding to the damage caused. Imprisonment can range from six years and one day to twelve years. The text also presents an ethical/moral dilemma involving a 16-year-old male named "Josh Evans" who used an account to send bullying messages to a girl named Megan Mier. It is revealed that Lori Drew, the mother of Sarah, a former friend of Mier, admitted to creating the MySpace account with the assistance of Sarah and Ashley Grills, an 18-year-old employee of Drew's.

The senior Drew and several others operated a fake account in order to gather information about Megan, with the intention of using that information against her and causing humiliation. This led to the spreading of gossip about Megan, resulting in a traumatic experience for both her and her family. When analyzing this situation using the Four Major Ethical Theories, specifically the Duty-based Theory, it becomes evident that this action is not ethical. Creating and spreading false rumors cannot be considered a good intention.

Acquiring personal information with malicious intent is deemed unethical. From the viewpoint of Duty-Based Theory, gathering information about Megan without good intentions is

considered unethical. However, Utilitarianism Theory posits that an action can only be ethical if it results in positive outcomes. In this situation, the consequence was that Megan and her family experienced trauma.

According to this theory, the outcome is deemed unethical. The group's actions have caused harm to both their target and individuals connected to Megan. As per the social contract theory, an action is ethical as long as it does not infringe upon any laws or regulations. The Civil Code of the Philippines, specifically Chapter 2 comprising Articles 19, 20, and 21 concerning Human Relations, addresses people's rights and their proper exercise.

Chapter 2 Article 19 highlights the essential principles for upholding fairness in the relationship between individuals and societal stability. Meanwhile, Chapter 2 Article 20 establishes that individuals bear responsibility for any harm inflicted upon others, regardless of intent or negligence. Furthermore, Chapter 2 Article 26 underscores the importance of not exploiting rights since their validity diminishes once they are abused. Moreover, according to the Virtue theory, an action is considered ethical if it arises from a morally upright principle.

Considering the situation, it is unethical as it not only harms the individuals involved but also questions the suspect's moral principles. 1. 3 Trustworthy Computing 1. 4. 1 Microsoft’s 4 Pillars of trustworthy Computing The 4 Pillars of trustworthy computing play a crucial role in identifying the key elements in computing, particularly in organizations with numerous employees. Guidance is essential for implementing a solid and stable system, and these pillars serve as a guide for both Microsoft employees and users. 1. 4. . 1 Security: Establishing a trustworthy environment for

safe computing. 1. 4. 2. 2 Privacy: Preserving the confidentiality and protection of design, development, and testing within organizations to remain competitive in today's market. 1. 4. 2. 3 Reliability: Ensuring that the system works as expected or promised by the developers and their organization. 1. 4. 2. 4 Business Integrity: Assuming responsibility and transparency in duties and expectations as part of a workforce dedicated to excellence, acknowledging that mistakes can occur.

In order to initiate the learning process, it is crucial to acknowledge errors. The General Security Risk Assessment Process, also known as Risk Assessment, evaluates security risks that may impact an organization's computers and networks from both internal and external sources (Reynolds, 2011). This procedure involves identifying potential dangers and analyzing their potential outcomes (Federal Emergency Management Agency, 2013). Through a thorough risk assessment, the IT security team can adequately prepare for any possible attacks.

To establish a security policy for IT assets, it is crucial to follow these steps. Firstly, identify and prioritize the most significant assets. Next, assess potential threats and risks while considering their probability of occurrence. Then, determine the impact of each threat on the assets and explore strategies to prevent or block them. Evaluate the effectiveness of each prevention method and conduct a cost benefit analysis before taking action. Finally, based on thorough research and development, make an informed decision whether to implement or not implement the chosen risk prevention method.

The significance of having a security policy in organizations is emphasized, along with its ability to enhance operations. The National Institute of Standards and Technology (NIST) establishes security standards that organizations should adhere to. Educating employees,

contractors, and part-time workers is crucial for maintaining security, as studies reveal that insufficient awareness about security policies leads to numerous security issues.

It is essential to teach proper security practices, such as not sharing passwords and avoiding interference in various departments, in order to promote responsible computer use and guide workplaces. To establish a threat prevention system, multiple layers of security systems are employed to make it more challenging for hackers to infiltrate the system. These measures include using a firewall to safeguard the internal network from the internet and employing Intrusion Prevention Systems that block viruses, malformed packets, and other threats from accessing a protected network.

To ensure the protection of personal computers, it is recommended to install antivirus software and regularly scan disk drives and memory for viruses. When employees leave, IT staff should promptly delete their active user accounts to eliminate potential threats. The United States Computer Emergency Network Team (US-CERT) and the SysAdmin, Audit, Network, System (SANS) Institute provide frequent updates on common threats like viruses and worms. A security audit is crucial as it evaluates an organization's security policy implementation and adherence. For instance, enforcing regular password changes enhances security compared to companies without such requirements. Through a security audit, organizations can comprehensively test and review their system's vulnerability. However, relying solely on preventive measures may not always suffice in safeguarding data.

An intrusion detection system, whether in the form of software or hardware, is responsible for monitoring both system and network resources. It alerts a system administrator when an intrusion occurs. There are two types of intrusion systems: knowledge-based and behavior-based systems. In a knowledge-based system, there

is stored information about attacks and vulnerabilities within the system. If there are repeated login attempts or data events, it triggers an alarm. On the other hand, a behavior-based system compares a user's behavior with an admin-created model and detects any deviations from expected behavior. It then generates an alarm to notify abnormal activities such as accessing data from another department (e.g., HR accessing IT), which results in a response of 1, 4, 8.

In the event of a worst-case scenario, such as a system attack that disrupts operations and steals company data, an organization must be prepared. The primary objective during an attack is to regain control and protect any remaining assets. It is crucial to inform the necessary parties about the security breach while carefully considering who should not be notified. Any breach poses a risk to the organization's reputation and credibility; therefore, it is essential for the company to document all breach details for future analysis. While eradicating compromised information is vital, maintaining a log of the process is also necessary.

If a member of a large IT security support group in a manufacturing company discovers that their organization's website has been defaced and there was an attempt to access files containing new product development information, the next steps would involve investigating the hacker with utmost efficiency.

References:

1.Electronic Commerce - StudyMode.com (1999, October). Retrieved from http://www.studymode.com/essays/Electronic-Commerce-731.tml

2.THE ELECTRONIC COMMERCE ACT (R.A.8792) AN OVERVIEW OF ITS IMPACT ON THE PHILIPPINE LEGAL SYSTEM (2005 006).

Definition of a Rootkit:

A rootkit is a form of malicious software that allows unauthorized access to a computer system without detection. It is designed to hide and manipulate an attacker's actions

on the system, making it difficult to detect and defend against. Rootkits pose a significant threat to internet and network security, emphasizing the need for understanding their operation in order to protect computer systems.

The hyperlinks in the text are:

Retrieved from http://netsecurity.about.com/od/frequentlyaskedquestions/f/faq_rootkit.htm * Julian. (2011). 10 Most Notorious Acts of Corporate Espionage. Retrieved from http://www.businesspundit.com/10-most-notorious-acts-of-corporate-espionage/ * Katich, A. (2013). Anonymous (Annie Katich). Retrieved from http://socialactive.wordpress.com/2013/02/25/anonymous-annie-katich/

* Verini, J. (2010). The Great Cyberheist. Retrieved from htttps: //w-w-w.n-y-t-i-m-e-s.c-o-m//2///0///2/////0////1///1////1///4//m-a-g-a-z-i-n-e-/1////////4///H-a-c-k-e-r--t-.h-t-m-l-