Security Key Terms Worm Greyware Virus Spyware Trojan

  • Slides: 44
Download presentation
 Security

Security

Key Terms Worm Greyware Virus Spyware Trojan bot Phishing Adware Blended threat

Key Terms Worm Greyware Virus Spyware Trojan bot Phishing Adware Blended threat

Malware Malicious software Software written to damage or disrupt a computer, such as a

Malware Malicious software Software written to damage or disrupt a computer, such as a virus or a trojan horse.

What is it? It is a Word macro xxxxx delivered via e-mail in an

What is it? It is a Word macro xxxxx delivered via e-mail in an attached Word document. The e-mail message contains the subject line "Important Message From "User. Name" and/or contains the message body "Here is that document you asked for. . . don't show anyone else ; -)". If the attached Word document is opened and the macro xxxxx is enabled (that is, it is allowed to run), it can propagate itself by sending e-mail with the infected document to a number of recipients. The xxxxx reads the list of members from each Outlook Address Book and sends an e-mail message to the first 50 recipients programmatically.

Virus A computer virus is a small program written to alter the way a

Virus A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus usually meets two criteria: › It will place its own code in the path of execution of another program. › It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.

Virus…… Some viruses are programmed to damage the computer by damaging programs, deleting files,

Virus…… Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

What is it? Win 32/Nuwar, refers to a family of xxxxxx droppers that install

What is it? Win 32/Nuwar, refers to a family of xxxxxx droppers that install a distributed peer-to-peer (P 2 P) downloader xxxx. This downloader xxxx in turn downloads a copy of the email xxx component of the Storm Worm may download and install additional malicious software, thus manual removal is not recommended. To detect and remove this xxxx and other malicious software that may have been installed, run a full-system scan with an up-to-date xxx product

Trojans? What are they? Trojan horses are impostors--files that claim to be something desirable

Trojans? What are they? Trojan horses are impostors--files that claim to be something desirable but, in fact, are malicious. A very important distinction from true viruses is that they do not replicate themselves, as viruses do. Trojans contain malicious code, that, when triggered, cause loss, or even theft, of data. In order for a Trojan horse to spread, you must, in effect, invite these programs onto your computers--for example, by opening an email attachment. The main objective of this type of malware is to install other applications on the infected computer, so it can be controlled from other computers. Trojans do not spread by themselves, and as their name suggests, these malicious codes reach computers in the guise of an apparently harmless program, which, in many cases, when executed releases a second program, the Trojan itself. http: //www. pandasecurity. com

Trojan…. . The effects of Trojans can be highly dangerous. Like viruses, they can

Trojan…. . The effects of Trojans can be highly dangerous. Like viruses, they can destroy files or information on hard disks. They can also capture and resend confidential data to an external address or open communication ports, allowing an intruder to control the computer remotely. Additionally, they can capture keystrokes or record passwords entered by users. Given all these characteristics, they are frequently used by cybercrooks, for example, to steal confidential banking information.

What is it? Blaster is a type of computer xxxx that generally spreads without

What is it? Blaster is a type of computer xxxx that generally spreads without user action and that distributes complete copies (possibly modified) of itself across networks (such as the Internet). Generally known as "Blaster, " this new xxxxxx exploits the vulnerability that was addressed by Microsoft Security Bulletin MS 03 -026 (823980) to spread itself over networks by using open Remote Procedure Call (RPC) ports on computers.

What is it? If your computer is infected with this xxxxxx, you may not

What is it? If your computer is infected with this xxxxxx, you may not experience any symptoms, or you may experience any of the following symptoms: You may receive the following error messages: The Remote Procedure Call (RPC) service terminated unexpectedly. The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITYSYSTEM. The computer may shut down, or may restart repeatedly, at random intervals. You may find a file that is named Msblast. exe, Nstask 32. exe, Penis 32. exe, Teekids. exe, Winlogin. exe, Win 32 sockdrv. dll, or Yuetyutr. dll in the WindowsSystem 32 folder. You may find unusual TFTP* files on your computer

Worms? What are they? Worms are programs that replicate themselves from system to system

Worms? What are they? Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. In contrast to viruses, worms are standalone software and do not require a host program or human help to propagate. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.

Worms… Worms have also been adapted to fit the new malware dynamic. Previously, worms

Worms… Worms have also been adapted to fit the new malware dynamic. Previously, worms were designed largely to achieve notoriety for the creators, and were therefore programmed to spread massively and infect computers around the world. Now, however, worms are more geared towards generating financial gain. They are used to create botnets which control thousands of computers around the world.

What is it? Are often ordinary computers sitting on desktops in homes and offices

What is it? Are often ordinary computers sitting on desktops in homes and offices around the world. Typically, computers become nodes in a xxx when attackers illicitly install malware that secretly connects the computers to the xxxx and they perform tasks such as sending spam, hosting or distributing malware or other illegal files, or attacking other computers. Attackers usually install xxx by exploiting vulnerabilities in software or by using social engineering tactics to trick users into installing the malware. Users are often unaware that their computers are being used for malicious purposes.

What is it? perfect base of operations for computer criminals. XXX are designed to

What is it? perfect base of operations for computer criminals. XXX are designed to operate in the background, often without any visible evidence of their existence. Victims who detect suspicious activity on their computers are likely to take steps to find and fix the problem, perhaps by running an on-demand malware scan or by updating the signature files for their existing real-time malware protection. Depending on the nature of the xxx, the attacker may have almost as much control over the victim’s computer.

Bots A malicious bot is self-propagating malware designed to infect a host and connect

Bots A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command control (C&C) center for an entire network of compromised devices, or "botnet. " With a botnet, attackers can launch broad-based, "remote-control, " flood-type attacks against their target(s). In addition to the wormlike ability to self-propagate, bots can include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch Do. S attacks, relay spam, and open back doors on the infected host. They have been known to exploit back doors opened by worms and viruses, which allows them to access networks that have good perimeter control.

What is it? First, an attacker hacks a legitimate website—often with automated tools—to place

What is it? First, an attacker hacks a legitimate website—often with automated tools—to place the malware. Next, the attacker uses a botnet to send malicious spam messages to end users, often in low volumes to avoid detection. These messages, rather than containing an actual malware attachment, include graphics, URL links, or IP addresses that point to the malicious website. This bypasses traditional Email antivirus gateways which do not identify these features as threats. Finally, assuming the Email passes by spam detection; the user receives the Email and clicks the embedded link, taking them to the infected web page, activating the malware. The malware is deployed as a “drive by download” without any user interaction, or as a result of the user being lured into initiating the installation, often under the pretense of media codec updates, or browser plugins.

Blended Threats Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious

Blended Threats Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage.

Blended Threats Characteristics of blended threats include the following: Causes harm Launches a Denial

Blended Threats Characteristics of blended threats include the following: Causes harm Launches a Denial of Service (Do. S) attack at a target IP address, defaces Web servers, or plants Trojan horse programs for later execution. Propagates by multiple methods Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment. Attacks from multiple points Injects malicious code into the. exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files. Spreads without human intervention Continuously scans the Internet for vulnerable servers to attack. Exploits vulnerabilities Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.

Greyware is malicious software. Considered to fall in the "grey area" between normal software

Greyware is malicious software. Considered to fall in the "grey area" between normal software and a virus. Greyware is a term for which all other malicious or annoying software such as adware, spyware, trackware, and other malicious code and malicious shareware fall under.

Spyware Any software that covertly gathers user information through the user's Internet connection without

Spyware Any software that covertly gathers user information through the user's Internet connection without his or her knowledge. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers.

Adware A form of spyware that collects information about the user in order to

Adware A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns. Some do this with your knowledge.

Phishing The act of sending an e-mail to a user falsely claiming to be

Phishing The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. How can you recognize a phishing website? What should you do if you are or think you have been a victim of a phishing website? Source http: //www. webopedia. com

Spam "Spam" is unsolicited email sent in massive quantities simultaneously to numerous users, generally

Spam "Spam" is unsolicited email sent in massive quantities simultaneously to numerous users, generally trying to advertise or publicize certain products or services. This junk mail is also often used as a bridgehead for other types of cyber-crime, such as phishing or email scams.

Spam can be classified into different groups, largely in accordance with the content of

Spam can be classified into different groups, largely in accordance with the content of the messages: Advertising spam. This is really the pioneer of all the other types. It involves advertising products or services, normally at knockdown prices. The advertising itself and the products advertised (fake designer products, pharmaceuticals, music, etc. ) often infringe intellectual property rights, patents or health and safety legislation. Hoaxes. These are simply false or trick messages. They are often ‘chain emails’, asking the recipient to forward the message to a certain number of contacts. They contain unlikely stories of social injustice or formulas to achieve success. The real aim of the hoax is to collect email addresses (accumulated as the message is forwarded) which are then used for other types of spam. Sending of these messages is not a crime in itself, as they have no apparent commercial aim, but the relation with cyber-crime is evident, and they are exploiting a legal loophole. Fraudulent spam. As mentioned above, spam is also often used to launch phishing attacks, scams and other types of fraud through email messages sent massively to millions of users.

More…. Drive by download- If your computer has a bug in the OS or

More…. Drive by download- If your computer has a bug in the OS or program your PC may become infected with malware simply by visiting a malicious website. You do not even have to download anything, but just visit the page. Denial of Service (DOS)- Attack that can crash a vulnerable program or computer (denies the service). Remote code execution- Allows an attacker to run any command on a computer such as installing remote control software. Holes of this nature are very dangerous.

…. Zero Day- refers to a flaw that surfaces before a fix is available.

…. Zero Day- refers to a flaw that surfaces before a fix is available. Proof of concept- A flaw or attack that researchers have discovered but has yet been used to exploit computers. Some never get used to exploit computers. In the wild- Opposite of proof of concept. When an exploit is in the wild it is being used to attack vulnerable computers.

Preventative Methods No one thing will make computers and networks completely safe. Instead users

Preventative Methods No one thing will make computers and networks completely safe. Instead users and administrators must apply a variety of methods to decrease the risk to threats. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Physical Security Passwords Windows Updates Antivirus, adware spyware Software Firewalls Wireless access points Attachments and downloads Storage of sensitive data. Proper disposal of old hard drives, CD’s, DVD’S and other mediums. Turn off Your Computer Backup of data

Physical Security Store computer(s) in a private location that limits who has physical access

Physical Security Store computer(s) in a private location that limits who has physical access to it. Servers are in a locked temperature controlled room. http: //www. cbc. ca/news/canada/ottawa/story/ 2013/01/25/ottawa-free-credit-checks-afterstudent-loans-data-loss. html

 Passwords Make sure that the computer is password protected. Just having a password

Passwords Make sure that the computer is password protected. Just having a password set is not enough. Passwords should consist of at least three of the following traits: 1. Upper case letters Lower case letters Alphanumeric characters (numbers) Special characters (!@#%&* and so on) 2. 3. 4. It is also a good idea for passwords to be 6 -8 characters in length A good Example of this would be WPG 05!uw or Pass##99.

Passwords It is also a good idea to use different passwords for different accounts.

Passwords It is also a good idea to use different passwords for different accounts. If one password is compromised then all of your accounts will not be vulnerable (school account, bank account, email, web mail, and so on). Password aging- Change your password often. Use different passwords for account sign ups.

Run Windows Updates Microsoft releases patches/fixes to problems and vulnerabilities that are discovered. http:

Run Windows Updates Microsoft releases patches/fixes to problems and vulnerabilities that are discovered. http: //v 4. windowsupdate. microsoft. com/en/d efault. asp In it recommended to check for security updates as often as possible, or set your computer to accept automatic updates (inside control panel).

Use Anti Virus Software. Have antivirus software installed. › Have it running. › Be

Use Anti Virus Software. Have antivirus software installed. › Have it running. › Be sure to have its virus definitions updated. › Protect system startups. Make sure to configure anti-virus software to launch automatically and run constantly, ensuring that you’re always protected.

Use a Firewall The primary method for keeping a computer secure from intruders. A

Use a Firewall The primary method for keeping a computer secure from intruders. A firewall allows or blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a company's public Web server from its internal network. Windows XP service pack 2 and up (XP-7) comes with a software firewall http: //www. microsoft. com/windowsxp/using/security/internet/sp 2_wfintr o. mspx

Home Wireless Use Encryption › Limit Access to Your Network › › Two main

Home Wireless Use Encryption › Limit Access to Your Network › › Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router, and other equipment must use the same encryption. WPA 2 is strongest; use it if you have a choice. It should protect you against most hackers. Allow only specific computers to access your wireless network. Every computer that is able to communicate with a network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses to access to the network. Some hackers have mimicked MAC addresses, so don't rely on this step alone For home networks be sure to secure all wireless access points via a password. Change the name of your router from the default. The name of your router (often called the service set identifier or SSID) is likely to be a standard, default ID assigned by the manufacturer. Change the name to something unique that only you know. Change your router's pre-set password. The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something only you know. Use passwords that are at least 10 characters long: the longer the password, the tougher it is to crack.

Sensitive Data Store Sensitive data offline. Eliminate threat by storing the data on a

Sensitive Data Store Sensitive data offline. Eliminate threat by storing the data on a computer isolated from the Internet or on a external hard drive/usb drive.

 Open Attachments With Care Don’t open email attachments unless you know who they

Open Attachments With Care Don’t open email attachments unless you know who they are from.

Proper disposal of old hard drives, CD’s, DVD’S and other mediums. When disposing of

Proper disposal of old hard drives, CD’s, DVD’S and other mediums. When disposing of old hard drives be sure to either dispose by physically destroying or erase the hard drive. It is possible to recover old information that you may have though was “gone” either because you deleted it or the computer is “broken”. Deploy wiping software

Give Personal Information Over Encrypted Websites Only If you’re shopping or banking online, stick

Give Personal Information Over Encrypted Websites Only If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in.

Wi-Fi Hotspot Don’t Assume a Wi-Fi Hotspot is Secure Most Wi-Fi hotspots don’t encrypt

Wi-Fi Hotspot Don’t Assume a Wi-Fi Hotspot is Secure Most Wi-Fi hotspots don’t encrypt the information you send over the internet and are not secure. If you use an unsecured network to log in to an unencrypted site – or a site that uses encryption only on the sign-in page – other users on the network can see what you see and what you send. They could hijack your session and log in as you. › New hacking tools – available for free online – make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.

Protect Yourself When Using Public Wi-Fi So what can you do to protect your

Protect Yourself When Using Public Wi-Fi So what can you do to protect your information? Here a few tips: When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. To be secure, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away. Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out. Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.

……. . Many web browsers alert users who try to visit fraudulent websites or

……. . Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date. Installing browser add-ons or plug-ins can help, too. For example, Force-TLS and HTTPS-Nowhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don’t protect you on all websites – look for https in the URL to know a site is secure. http: //www. onguardonline. gov

Backup Data It is a god idea of backup all data in case you

Backup Data It is a god idea of backup all data in case you need to restore it.

Sources http: //www. onguardonline. gov http: //www. pandasecurity. com http: //www. webopedia. com http:

Sources http: //www. onguardonline. gov http: //www. pandasecurity. com http: //www. webopedia. com http: //www. symantec. com/business/suppo rt/index? page=content&id=TECH 98539 http: //www. hpenterprisesecurity. com/collater al/infographics/HP_Ponemon_Infographic. pd f