Malware Spam Viruses Spyware Phishing Pharming Trojans Worms

  • Slides: 60
Download presentation
Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers © 2006

Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers © 2006 Consumer Jungle

Estimating the Threat of Malware • 1 -in-3 chance of suffering: – computer damage

Estimating the Threat of Malware • 1 -in-3 chance of suffering: – computer damage – financial loss • Viruses & Spyware – $2. 6 Billion to Protect yet $9 Billion to Replace © 2006 Consumer Jungle

Spam © 2006 Consumer Jungle

Spam © 2006 Consumer Jungle

What is Spam? • An e-mail that is: – Unsolicited – Advertising something •

What is Spam? • An e-mail that is: – Unsolicited – Advertising something • Similar to: – Junk mail delivered in the mail – Telemarketing calls on the phone © 2006 Consumer Jungle

CAN SPAM Act of 2003 • Acronym stands for: – Controlling the Assault of

CAN SPAM Act of 2003 • Acronym stands for: – Controlling the Assault of Non. Solicited Pornography And Marketing • Allows spam as long as it contains: – an opt-out mechanism – a valid subject line and header (routing) information – the legitimate physical address of the mailer – a label if the content is for adults only • Regulated by the FTC, but has made little impact to curb Spam. © 2006 Consumer Jungle

Virus © 2006 Consumer Jungle

Virus © 2006 Consumer Jungle

What is a Virus? • A program that can replicate itself and spreads itself

What is a Virus? • A program that can replicate itself and spreads itself by means of a transferable host. • How a virus spreads: – Removable Medium – Network Connection © 2006 Consumer Jungle

Why is it Called a Virus? • Similar to a biological virus that spreads

Why is it Called a Virus? • Similar to a biological virus that spreads itself into living cells. – Insertion of a virus is called an infection – Infected file is called a host. © 2006 Consumer Jungle

Virus Tricks: What to Look For © 2006 Consumer Jungle

Virus Tricks: What to Look For © 2006 Consumer Jungle

The Infected Document • Subject line includes the name of the sender – Probably

The Infected Document • Subject line includes the name of the sender – Probably someone you know • Message tempts you to open attachment • Attachment is a legitimate Word file that is infected with a macro © 2006 Consumer Jungle

The Misleading File Name • Look at the attachment's name "LOVE-LETTER-FOR-YOU. TXT. vbs –

The Misleading File Name • Look at the attachment's name "LOVE-LETTER-FOR-YOU. TXT. vbs – Looks like a harmless text (TXT) file, but it is a vbs file with a windows script – The suffix (. vbs) might be completely hidden – appearing to be a type of file you’d willingly open i. e. JPEG, MP 3, or PDF. © 2006 Consumer Jungle

The Offer You Can’t Refuse • Gives a compelling message – get rid of

The Offer You Can’t Refuse • Gives a compelling message – get rid of a computer virus • Doesn’t disguise that the attachment is a program • The program is a worm that sends itself to e-mail addresses it finds on your computer © 2006 Consumer Jungle

The Fake Web Link • Subject and message suggest that opening attachment will take

The Fake Web Link • Subject and message suggest that opening attachment will take you to a web page containing party photos. • Attachments name resembles a web address – Actually a program that sends itself to people in your address book • Designed to tie up your e-mail; can also be designed to destroy data © 2006 Consumer Jungle

Spyware © 2006 Consumer Jungle

Spyware © 2006 Consumer Jungle

What is Spyware? • Malicious software that – Subverts the computer’s operation for the

What is Spyware? • Malicious software that – Subverts the computer’s operation for the benefit of a third party • Designed to exploit infected computers for commercial gain via: – Unsolicited pop-up advertisements – Theft of personal information – Monitoring of web-browsing for marketing purposes – Re-routing of http requests to advertising sites © 2006 Consumer Jungle

Example of Spyware • According to an October 2004 study by America Online and

Example of Spyware • According to an October 2004 study by America Online and the National Cyber-Security Alliance: – 80% of surveyed users had some form of spyware on their computer. © 2006 Consumer Jungle

Phishing © 2006 Consumer Jungle

Phishing © 2006 Consumer Jungle

What is Phishing? • An attempt to fraudulently acquire confidential information, such as: –

What is Phishing? • An attempt to fraudulently acquire confidential information, such as: – passwords – credit card details • By masquerading as a trustworthy: – – – • Business Financial Institution Government Agency Internet Service Provider Online Payment Service Person In an apparently official electronic communication, such as: – an email – an instant message. © 2006 Consumer Jungle

Why is it called Phishing? • Hackers coined the phrase – “Fish” for accounts

Why is it called Phishing? • Hackers coined the phrase – “Fish” for accounts – Ph is a common hacker replacement for the letter “f”. © 2006 Consumer Jungle

How does Phishing Work? • E-mail contains a link to a “look alike” website.

How does Phishing Work? • E-mail contains a link to a “look alike” website. • Website asks the consumer to : – – Confirm Re-enter Validate (or) Verify Their personal info, i. e. – – Social Security Number Bank Account Number Credit Card Number Password © 2006 Consumer Jungle

Pay. Pal Phishing • Look for spelling mistakes: – Choise – Temporaly • Presence

Pay. Pal Phishing • Look for spelling mistakes: – Choise – Temporaly • Presence of an IP address in the link visible under the yellow box ("Click here to verify your account") © 2006 Consumer Jungle

Phishing for e. Bay Customers • Phishing e-mails from e. Bay’s online payment company

Phishing for e. Bay Customers • Phishing e-mails from e. Bay’s online payment company Pay. Pal is very popular. • However, e. Bay no longer sends out e-mails. – They created an online email account for customers to receive e-mails after they’ve logged into the secure website. © 2006 Consumer Jungle

Advanced Phishing Techniques • Instead of sending an emails persuading consumers to visit websites,

Advanced Phishing Techniques • Instead of sending an emails persuading consumers to visit websites, the e-mail deploys a key-logging Trojan. • As soon as the user visits their bank’s website all the typed keys are logged and sent back to the hacker with the account number, passwords, and other critical data. © 2006 Consumer Jungle

How to Avoid Phishing • Be skeptical • Ignore the “dire consequences” warning. •

How to Avoid Phishing • Be skeptical • Ignore the “dire consequences” warning. • Don’t reply • Don’t click on the link – Contact the company directly via a: • Legitimate 1 -800 telephone number • Website • Look at the “address bar” – Often a different domain name © 2006 Consumer Jungle

More Tips on Avoiding Phishing • Don’t e-mail personal or financial information. • Open

More Tips on Avoiding Phishing • Don’t e-mail personal or financial information. • Open a new browser and look for secure indicators: – Secure lock – https: (s stands for secure) © 2006 Consumer Jungle

What to do with Phishing E-mails • Forward to spam@uce. gov and cc the

What to do with Phishing E-mails • Forward to spam@uce. gov and cc the group that the e-mail impersonates. • Mark as “Junk Mail” in your Spam Software • Delete immediately • File a complaint with the Federal Trade Commission (FTC) – www. ftc. gov – 1 -877 -FTC-HELP (1 -877 -382 -4357) © 2006 Consumer Jungle

Pharming © 2006 Consumer Jungle

Pharming © 2006 Consumer Jungle

What is Pharming? • Exploitation of a vulnerability in the hosts’ file or DNS

What is Pharming? • Exploitation of a vulnerability in the hosts’ file or DNS server software that allows a hacker to: – Acquire the domain name for a site – Redirect that website’s traffic to another website • For gaining access to usernames, passwords, etc. © 2006 Consumer Jungle

Pharming Techniques • The criminal uses a virus or Trojan to modify a user’s

Pharming Techniques • The criminal uses a virus or Trojan to modify a user’s ‘Hosts’ file. – OR • The criminal sends out a spam for www. phishsite. com, and the message links to an illegitimate site. – AND • When the user opens the browser and enters the website address, they get sent to the phishing site instead. © 2006 Consumer Jungle

Trojans © 2006 Consumer Jungle

Trojans © 2006 Consumer Jungle

What is a Trojan? • A malicious program that is disguised as a legitimate

What is a Trojan? • A malicious program that is disguised as a legitimate program. • Usually has a useful function that camouflages undesired functions. • Can not replicate or spread itself. © 2006 Consumer Jungle

Why is it Called a Trojan? • Derived from myth. – Greeks left large

Why is it Called a Trojan? • Derived from myth. – Greeks left large wooden horse outside the city of Troy. – Trojans thought it was a gift and moved the horse inside the city wall. – The horse was hollow and filled with Greek soldiers. – Greek soldiers opened the city gates at night for the remaining army to attack. • Application: Greeks gained malicious access to the city of Troy just like a Trojan program gains malicious access to your computer. © 2006 Consumer Jungle

Example of a Trojan • Program posted on a website: – Called FREEMP 3.

Example of a Trojan • Program posted on a website: – Called FREEMP 3. EXE – Promise “free mp 3 files” • Instead, when run: – Erases all the files on your computer – Displays a taunting message © 2006 Consumer Jungle

What Can a Trojan Do? • • Erase or overwrite data on a computer

What Can a Trojan Do? • • Erase or overwrite data on a computer Corrupt files in a subtle way Spread other malware, such as viruses. In this case the Trojan horse is called a 'dropper'. Set up networks of zombie computers in order to launch “Denial of Service” attacks or send out spam. Spy on the user of a computer and covertly reports data like browsing habits to other people. Log keystrokes to steal information such as passwords and credit card numbers. Phish for bank or other account details. © 2006 Consumer Jungle Install a backdoor on a computer system.

Where Do Trojans Come From? • Infected Programs • Websites • Email • Direct

Where Do Trojans Come From? • Infected Programs • Websites • Email • Direct Connection to the Internet © 2006 Consumer Jungle

Worms © 2006 Consumer Jungle

Worms © 2006 Consumer Jungle

What is a Worm? • Computer program – self-replicating – self-contained • Designed to

What is a Worm? • Computer program – self-replicating – self-contained • Designed to exploit the file transmission capabilities on your computer © 2006 Consumer Jungle

Why is it Called a Worm? • Word taken from a 1970’s science fiction

Why is it Called a Worm? • Word taken from a 1970’s science fiction novel: – The Shockwave Rider • By John Brunner • Researchers found that their selfreplicating program was similar to the worm program described in the book. © 2006 Consumer Jungle

What Can a Worm Do? • Delete files on a host system • Send

What Can a Worm Do? • Delete files on a host system • Send documents via e -mail • Create excessive network traffic • Install a backdoor © 2006 Consumer Jungle

What is a Backdoor? • Method of remaining hidden on a computer while: –

What is a Backdoor? • Method of remaining hidden on a computer while: – bypassing normal authentication – Securing remote access to a computer • Can be installed by a worm © 2006 Consumer Jungle

What is a Zombie Computer? • Computer attached to the internet that: – Is

What is a Zombie Computer? • Computer attached to the internet that: – Is under remote direction of an illegitimate user • Check your computer – www. ordb. org © 2006 Consumer Jungle

Zombie Computers & Spam • Used to send e-mail spam – 50% to 80%

Zombie Computers & Spam • Used to send e-mail spam – 50% to 80% of all spam worldwide is now sent by zombie computers. • Allows spammers to: – Avoid detection – Have zombie computers pay for their bandwidth. © 2006 Consumer Jungle

Suspicion = Prevention • Best prevention is awareness • Be suspicious of everything to

Suspicion = Prevention • Best prevention is awareness • Be suspicious of everything to avoid: – – – – Spam Viruses Spyware Phishing Pharming Trojans Worms Backdoors © 2006 Consumer Jungle

Minimizing Online Risks © 2006 Consumer Jungle

Minimizing Online Risks © 2006 Consumer Jungle

15 Steps to Minimizing Online Risks 1. 2. 3. 4. Update your operating system

15 Steps to Minimizing Online Risks 1. 2. 3. 4. Update your operating system Use a firewall Adjust browser security settings Consider an ISP or e-mail provider that offers security 5. Use antivirus software 6. Use antispam software 7. Use at least one antispyware program Good online practices 8. Regularly back up personal files 9. Be on the alert while browsing 10. Create strong passwords 11. Don’t post your e-mail address 12. Use e-mail cautiously 13. Use multiple e-mail addresses 14. Don’t buy from spammers 15. Look for secure Web sites © 2006 Consumer Jungle

Update your operating system • Windows XP users – Enable Automatic Windows Update feature

Update your operating system • Windows XP users – Enable Automatic Windows Update feature – Download & install Service Pack 2 @ www. microsoft. com/protect • Keep your computer updated with the latest security measures. © 2006 Consumer Jungle

Use a firewall • Enable built-in firewall on Windows XP and Mac OS •

Use a firewall • Enable built-in firewall on Windows XP and Mac OS • With older systems, install firewall – Software (protection for incoming and outgoing) – Hardware (most routers have firewalls) © 2006 Consumer Jungle

Adjust browser security settings • On Internet Explorer 6 – Set security level to

Adjust browser security settings • On Internet Explorer 6 – Set security level to medium or high. • This will prevent many security issues. © 2006 Consumer Jungle

Consider an ISP or E-Mail Provider that Offers Security • E-mail providers that offer

Consider an ISP or E-Mail Provider that Offers Security • E-mail providers that offer spam filtering, virus scanning at no extra charge: – – – AOL Earthlink MSN Yahoo Gmail (offered by Google) • Use as first layer of defense. © 2006 Consumer Jungle

Use Antivirus Software • Will detect viruses or worms that have been in circulation

Use Antivirus Software • Will detect viruses or worms that have been in circulation for at least a couple of days. – May fail to detect brandnew viruses. • Enable – Auto-protect – Automatic update features • Keep your subscription current • Keep your guard up! © 2006 Consumer Jungle

Use Antispam Software • Enable spam blocking from your ISP. • Buy antispam software

Use Antispam Software • Enable spam blocking from your ISP. • Buy antispam software • On web-based e-mail services like Hotmail or Yahoo: – enable built-in blockers. © 2006 Consumer Jungle

Use at Least One Antispyware Program • No product will catch every spyware variant

Use at Least One Antispyware Program • No product will catch every spyware variant • Good combo: – Free spyware – Purchased spyware • Use real-time protection on one product. • Use the automatic update feature • Keep your subscription current • Download at official sites • Mac users at less risk © 2006 Consumer Jungle

Regularly Back Up Personal Files • Safegaurds data • Use a plug-in external hard

Regularly Back Up Personal Files • Safegaurds data • Use a plug-in external hard drive as: – Backup storage or – Main storage • If the computer crashes, your files are already off the machine © 2006 Consumer Jungle

Be on The Alert While Browsing • Be wary of ad-sponsored or “free”: –

Be on The Alert While Browsing • Be wary of ad-sponsored or “free”: – – – – screen savers Games Videos Toolbars Music Movie file-sharing programs Other giveaways • They probably have spyware © 2006 Consumer Jungle

Create strong passwords A good password is at least 8 characters, includes a number

Create strong passwords A good password is at least 8 characters, includes a number and a symbol, and is not a common word. © 2006 Consumer Jungle

Don’t post your e-mail • Don’t post your e-mail in its normal form on

Don’t post your e-mail • Don’t post your e-mail in its normal form on a public website – No: info@consumerjungle. org – Yes: info at consumerjungle DOT org. © 2006 Consumer Jungle

Use E-Mail Cautiously • Never: – Open an attachment that you weren’t expecting –

Use E-Mail Cautiously • Never: – Open an attachment that you weren’t expecting – Respond to e-mail asking for personal information – Reply to spam or click on its “unsubscribe” link • Report phishing to companies that are being misrepresented © 2006 Consumer Jungle

Use Multiple E-Mail Addresses • Primary e-mail for family and friends • Secondary e-mail

Use Multiple E-Mail Addresses • Primary e-mail for family and friends • Secondary e-mail for: – Online purchases – Sending e-cards – Everything else • Create e-mails with embedded digits – info 4 u@consumerjung le. org © 2006 Consumer Jungle

Don’t Buy From Spammers • Don’t buy anything promoted in a spam message –

Don’t Buy From Spammers • Don’t buy anything promoted in a spam message – Even if it isn’t a scam – If you do, you are financing & encouraging spam © 2006 Consumer Jungle

Look for Secure Websites • Look for an icon in the bottom right of

Look for Secure Websites • Look for an icon in the bottom right of your browser of: – An unbroken key or – A lock that’s: • Closed • Golden • Glowing • Make sure the site’s address begins with “https: ” © 2006 Consumer Jungle