Malware Spam Viruses Spyware Phishing Pharming Trojans Worms
- Slides: 60
Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers © 2006 Consumer Jungle
Estimating the Threat of Malware • 1 -in-3 chance of suffering: – computer damage – financial loss • Viruses & Spyware – $2. 6 Billion to Protect yet $9 Billion to Replace © 2006 Consumer Jungle
Spam © 2006 Consumer Jungle
What is Spam? • An e-mail that is: – Unsolicited – Advertising something • Similar to: – Junk mail delivered in the mail – Telemarketing calls on the phone © 2006 Consumer Jungle
CAN SPAM Act of 2003 • Acronym stands for: – Controlling the Assault of Non. Solicited Pornography And Marketing • Allows spam as long as it contains: – an opt-out mechanism – a valid subject line and header (routing) information – the legitimate physical address of the mailer – a label if the content is for adults only • Regulated by the FTC, but has made little impact to curb Spam. © 2006 Consumer Jungle
Virus © 2006 Consumer Jungle
What is a Virus? • A program that can replicate itself and spreads itself by means of a transferable host. • How a virus spreads: – Removable Medium – Network Connection © 2006 Consumer Jungle
Why is it Called a Virus? • Similar to a biological virus that spreads itself into living cells. – Insertion of a virus is called an infection – Infected file is called a host. © 2006 Consumer Jungle
Virus Tricks: What to Look For © 2006 Consumer Jungle
The Infected Document • Subject line includes the name of the sender – Probably someone you know • Message tempts you to open attachment • Attachment is a legitimate Word file that is infected with a macro © 2006 Consumer Jungle
The Misleading File Name • Look at the attachment's name "LOVE-LETTER-FOR-YOU. TXT. vbs – Looks like a harmless text (TXT) file, but it is a vbs file with a windows script – The suffix (. vbs) might be completely hidden – appearing to be a type of file you’d willingly open i. e. JPEG, MP 3, or PDF. © 2006 Consumer Jungle
The Offer You Can’t Refuse • Gives a compelling message – get rid of a computer virus • Doesn’t disguise that the attachment is a program • The program is a worm that sends itself to e-mail addresses it finds on your computer © 2006 Consumer Jungle
The Fake Web Link • Subject and message suggest that opening attachment will take you to a web page containing party photos. • Attachments name resembles a web address – Actually a program that sends itself to people in your address book • Designed to tie up your e-mail; can also be designed to destroy data © 2006 Consumer Jungle
Spyware © 2006 Consumer Jungle
What is Spyware? • Malicious software that – Subverts the computer’s operation for the benefit of a third party • Designed to exploit infected computers for commercial gain via: – Unsolicited pop-up advertisements – Theft of personal information – Monitoring of web-browsing for marketing purposes – Re-routing of http requests to advertising sites © 2006 Consumer Jungle
Example of Spyware • According to an October 2004 study by America Online and the National Cyber-Security Alliance: – 80% of surveyed users had some form of spyware on their computer. © 2006 Consumer Jungle
Phishing © 2006 Consumer Jungle
What is Phishing? • An attempt to fraudulently acquire confidential information, such as: – passwords – credit card details • By masquerading as a trustworthy: – – – • Business Financial Institution Government Agency Internet Service Provider Online Payment Service Person In an apparently official electronic communication, such as: – an email – an instant message. © 2006 Consumer Jungle
Why is it called Phishing? • Hackers coined the phrase – “Fish” for accounts – Ph is a common hacker replacement for the letter “f”. © 2006 Consumer Jungle
How does Phishing Work? • E-mail contains a link to a “look alike” website. • Website asks the consumer to : – – Confirm Re-enter Validate (or) Verify Their personal info, i. e. – – Social Security Number Bank Account Number Credit Card Number Password © 2006 Consumer Jungle
Pay. Pal Phishing • Look for spelling mistakes: – Choise – Temporaly • Presence of an IP address in the link visible under the yellow box ("Click here to verify your account") © 2006 Consumer Jungle
Phishing for e. Bay Customers • Phishing e-mails from e. Bay’s online payment company Pay. Pal is very popular. • However, e. Bay no longer sends out e-mails. – They created an online email account for customers to receive e-mails after they’ve logged into the secure website. © 2006 Consumer Jungle
Advanced Phishing Techniques • Instead of sending an emails persuading consumers to visit websites, the e-mail deploys a key-logging Trojan. • As soon as the user visits their bank’s website all the typed keys are logged and sent back to the hacker with the account number, passwords, and other critical data. © 2006 Consumer Jungle
How to Avoid Phishing • Be skeptical • Ignore the “dire consequences” warning. • Don’t reply • Don’t click on the link – Contact the company directly via a: • Legitimate 1 -800 telephone number • Website • Look at the “address bar” – Often a different domain name © 2006 Consumer Jungle
More Tips on Avoiding Phishing • Don’t e-mail personal or financial information. • Open a new browser and look for secure indicators: – Secure lock – https: (s stands for secure) © 2006 Consumer Jungle
What to do with Phishing E-mails • Forward to spam@uce. gov and cc the group that the e-mail impersonates. • Mark as “Junk Mail” in your Spam Software • Delete immediately • File a complaint with the Federal Trade Commission (FTC) – www. ftc. gov – 1 -877 -FTC-HELP (1 -877 -382 -4357) © 2006 Consumer Jungle
Pharming © 2006 Consumer Jungle
What is Pharming? • Exploitation of a vulnerability in the hosts’ file or DNS server software that allows a hacker to: – Acquire the domain name for a site – Redirect that website’s traffic to another website • For gaining access to usernames, passwords, etc. © 2006 Consumer Jungle
Pharming Techniques • The criminal uses a virus or Trojan to modify a user’s ‘Hosts’ file. – OR • The criminal sends out a spam for www. phishsite. com, and the message links to an illegitimate site. – AND • When the user opens the browser and enters the website address, they get sent to the phishing site instead. © 2006 Consumer Jungle
Trojans © 2006 Consumer Jungle
What is a Trojan? • A malicious program that is disguised as a legitimate program. • Usually has a useful function that camouflages undesired functions. • Can not replicate or spread itself. © 2006 Consumer Jungle
Why is it Called a Trojan? • Derived from myth. – Greeks left large wooden horse outside the city of Troy. – Trojans thought it was a gift and moved the horse inside the city wall. – The horse was hollow and filled with Greek soldiers. – Greek soldiers opened the city gates at night for the remaining army to attack. • Application: Greeks gained malicious access to the city of Troy just like a Trojan program gains malicious access to your computer. © 2006 Consumer Jungle
Example of a Trojan • Program posted on a website: – Called FREEMP 3. EXE – Promise “free mp 3 files” • Instead, when run: – Erases all the files on your computer – Displays a taunting message © 2006 Consumer Jungle
What Can a Trojan Do? • • Erase or overwrite data on a computer Corrupt files in a subtle way Spread other malware, such as viruses. In this case the Trojan horse is called a 'dropper'. Set up networks of zombie computers in order to launch “Denial of Service” attacks or send out spam. Spy on the user of a computer and covertly reports data like browsing habits to other people. Log keystrokes to steal information such as passwords and credit card numbers. Phish for bank or other account details. © 2006 Consumer Jungle Install a backdoor on a computer system.
Where Do Trojans Come From? • Infected Programs • Websites • Email • Direct Connection to the Internet © 2006 Consumer Jungle
Worms © 2006 Consumer Jungle
What is a Worm? • Computer program – self-replicating – self-contained • Designed to exploit the file transmission capabilities on your computer © 2006 Consumer Jungle
Why is it Called a Worm? • Word taken from a 1970’s science fiction novel: – The Shockwave Rider • By John Brunner • Researchers found that their selfreplicating program was similar to the worm program described in the book. © 2006 Consumer Jungle
What Can a Worm Do? • Delete files on a host system • Send documents via e -mail • Create excessive network traffic • Install a backdoor © 2006 Consumer Jungle
What is a Backdoor? • Method of remaining hidden on a computer while: – bypassing normal authentication – Securing remote access to a computer • Can be installed by a worm © 2006 Consumer Jungle
What is a Zombie Computer? • Computer attached to the internet that: – Is under remote direction of an illegitimate user • Check your computer – www. ordb. org © 2006 Consumer Jungle
Zombie Computers & Spam • Used to send e-mail spam – 50% to 80% of all spam worldwide is now sent by zombie computers. • Allows spammers to: – Avoid detection – Have zombie computers pay for their bandwidth. © 2006 Consumer Jungle
Suspicion = Prevention • Best prevention is awareness • Be suspicious of everything to avoid: – – – – Spam Viruses Spyware Phishing Pharming Trojans Worms Backdoors © 2006 Consumer Jungle
Minimizing Online Risks © 2006 Consumer Jungle
15 Steps to Minimizing Online Risks 1. 2. 3. 4. Update your operating system Use a firewall Adjust browser security settings Consider an ISP or e-mail provider that offers security 5. Use antivirus software 6. Use antispam software 7. Use at least one antispyware program Good online practices 8. Regularly back up personal files 9. Be on the alert while browsing 10. Create strong passwords 11. Don’t post your e-mail address 12. Use e-mail cautiously 13. Use multiple e-mail addresses 14. Don’t buy from spammers 15. Look for secure Web sites © 2006 Consumer Jungle
Update your operating system • Windows XP users – Enable Automatic Windows Update feature – Download & install Service Pack 2 @ www. microsoft. com/protect • Keep your computer updated with the latest security measures. © 2006 Consumer Jungle
Use a firewall • Enable built-in firewall on Windows XP and Mac OS • With older systems, install firewall – Software (protection for incoming and outgoing) – Hardware (most routers have firewalls) © 2006 Consumer Jungle
Adjust browser security settings • On Internet Explorer 6 – Set security level to medium or high. • This will prevent many security issues. © 2006 Consumer Jungle
Consider an ISP or E-Mail Provider that Offers Security • E-mail providers that offer spam filtering, virus scanning at no extra charge: – – – AOL Earthlink MSN Yahoo Gmail (offered by Google) • Use as first layer of defense. © 2006 Consumer Jungle
Use Antivirus Software • Will detect viruses or worms that have been in circulation for at least a couple of days. – May fail to detect brandnew viruses. • Enable – Auto-protect – Automatic update features • Keep your subscription current • Keep your guard up! © 2006 Consumer Jungle
Use Antispam Software • Enable spam blocking from your ISP. • Buy antispam software • On web-based e-mail services like Hotmail or Yahoo: – enable built-in blockers. © 2006 Consumer Jungle
Use at Least One Antispyware Program • No product will catch every spyware variant • Good combo: – Free spyware – Purchased spyware • Use real-time protection on one product. • Use the automatic update feature • Keep your subscription current • Download at official sites • Mac users at less risk © 2006 Consumer Jungle
Regularly Back Up Personal Files • Safegaurds data • Use a plug-in external hard drive as: – Backup storage or – Main storage • If the computer crashes, your files are already off the machine © 2006 Consumer Jungle
Be on The Alert While Browsing • Be wary of ad-sponsored or “free”: – – – – screen savers Games Videos Toolbars Music Movie file-sharing programs Other giveaways • They probably have spyware © 2006 Consumer Jungle
Create strong passwords A good password is at least 8 characters, includes a number and a symbol, and is not a common word. © 2006 Consumer Jungle
Don’t post your e-mail • Don’t post your e-mail in its normal form on a public website – No: info@consumerjungle. org – Yes: info at consumerjungle DOT org. © 2006 Consumer Jungle
Use E-Mail Cautiously • Never: – Open an attachment that you weren’t expecting – Respond to e-mail asking for personal information – Reply to spam or click on its “unsubscribe” link • Report phishing to companies that are being misrepresented © 2006 Consumer Jungle
Use Multiple E-Mail Addresses • Primary e-mail for family and friends • Secondary e-mail for: – Online purchases – Sending e-cards – Everything else • Create e-mails with embedded digits – info 4 u@consumerjung le. org © 2006 Consumer Jungle
Don’t Buy From Spammers • Don’t buy anything promoted in a spam message – Even if it isn’t a scam – If you do, you are financing & encouraging spam © 2006 Consumer Jungle
Look for Secure Websites • Look for an icon in the bottom right of your browser of: – An unbroken key or – A lock that’s: • Closed • Golden • Glowing • Make sure the site’s address begins with “https: ” © 2006 Consumer Jungle
- Trojan horses spyware and worms are all forms of
- Https://m..com/watch?v=nqecciuc7jy
- Youtube . com / watch v = roxnvcaezjs
- Cuckoo sandbox online
- Trojan workout
- Knark hides
- Trusted officer of odysseus
- Lkm trojan
- Beware of backdoor trojans
- Pharming biologia
- Why is pharming controversial
- Define molecular farming
- Gene pharming
- Pharming ict
- Contoh spyware
- Example of spyware
- The spyware used in intimate partner violence
- 2spyware
- Spyware dr
- Viruset ne kompjuter
- Anti spyware 101
- Application software antivirus
- Types of phishing attacks
- Anti phishing phil
- Knowyourmeme
- Super phisher
- Mobi fish
- Spear phishing kali
- Phishing
- Ics phishing sms
- Phishing
- Security incident response playbook
- Email phishing
- Howsecureismypassword phishing
- How do fake social media accounts breach the cia triad?
- Halloween phishing
- Webroot cyber security training
- Phishing austin texas
- Bacteria and viruses chapter 7 lesson 1 answer key
- Jobpair
- Chapter 18 section 2 viruses and prions
- General characteristics of viruses
- Computer viruses presentation
- Virus
- Baltimore classification of viruses
- General characters of viruses
- What does dna have that rna doesnt
- Section 19-3 diseases caused by bacteria and viruses
- Egrette chapter 21
- Section 1 studying viruses and prokaryotes
- Hepatotropic viruses
- Are viruses alive yes or no
- Spherical virus
- Replication of viruses
- General characteristics of viruses
- Are viruses decomposers
- Plant viruses
- General properties of viruses
- Biosynthesis of rna viruses
- Best viruses
- Cultivation of viruses