docViruses, Worms, Spyware, Phishing, Pharming
download 
Report Transcription
Viruses, Worms, Spyware, Phishing, Pharming
Viruses, Worms, Spyware, Phishing, Pharming 10/12/2005 1 Viruses, Spyware, Phishing, Pharming The Internet can be a minefield for the unwary! Hackers want to… 1. Use you to spread their worms and viruses. 2. Install spyware programs on your computer so they can monitor everything you do on the Internet. 3. Alter your browser, forcing it to visit websites you don't want to visit. 4. Get your personal information so they can steal your money and identity. Goal 1 is usually about “FUN” Goals 2, 3 and 4 are usually about MONEY! 10/12/2005 2 Viruses, Spyware, Phishing, Pharming How You Get Hacked: – Via email attachments • Trojan/viruses • Trojan/worms – Via malicious websites – 10/12/2005 • Spyware • Browser hijacking Via email • Phishing • Pharming 3 Hacked via Email Attachments! Greeks bearing gifts… TROJAN HORSES Gifts you want that contains things you don’t want… A Trojan horse is a normal application, such as a game or self-displaying photo, that contains a hidden program – often a virus - that executes when the Trojan is executed. Trojan horses are usually email attachments 10/12/2005 4 Hacked via Email Attachments! VIRUSES • A program that attaches itself to another program so that it can reproduce without the victim’s knowledge • Much like the common cold, it wants to spread – often using the victim’s email address book as a source for new victims to whom it sends itself • Viruses generally spread via email-attached Trojans 10/12/2005 5 Click on the attachment and you have a virus! 10/12/2005 6 Click on the attachment and you have a virus! 10/12/2005 7 Hacked via Email Attachments! WORMS • A specially written program that replicates itself • Unlike a virus, it does not attach itself to other programs • Worms, in general are resource hogs; some have bogged down major portions of the Internet • Worms generally spread via server vulnerabilities (e.g. buffer overflows) – not via email attached Trojans 10/12/2005 8 Hacked via Email Attachments! Viruses vs. Worms • In the final analysis, most people who are affected by a virus or worm could not care less about the distinctions between them • Most viruses and worms are launched into the Internet by attackers who have no particular target in mind • They just want to see what will happen – or they seek notoriety among their “colleagues” 10/12/2005 9 Hacked via Malicious Websites! • • • • • SPYWARE Spyware: Any software that covertly gathers user information. Spyware: Monitors victim’s Internet activity and transmits that information via the Internet to the hacker, who sells it. Spyware: Often bundled as a hidden component of “free” programs that are downloaded from the Internet Symptoms: SLOW Web browsing • PCs are often infested with 50 -1000 spyware programs • The more you surf, the more invested you become #1 Problem for 2005! 10/12/2005 10 Hacked via Malicious Websites! A typical EULA (End User License Agreement): "You grant to us the right ... to provide to you the Service of downloading and causing to be displayed advertising material on your computer, through ‘popup’ or other display while you use your browser. You acknowledge and agree that installation of the Software may automatically modify toolbars and other settings of your browser. By installing the Software you agree to such modifications..." "You also grant permission to collect and store information of your internet usage habit, including but not limited to information about every web page you view and the content of web page. You understand and accept that Uniform Resource Locators and the content of web pages you view may include your personally identifiable information. You grant permission to collect and store information on which toolbar buttons you click on, your response to advertising, the search terms you entered on the toolbar and/or all other information relates to your internet usage habits..." 10/12/2005 11 Hacked via Malicious Websites! Spyware RealPlayer tracks – and “phones home” - your listening habits Kazaa – need I say more? Wild (Tangent) Games are “free” – but you agree to a lot when you accept them! Comet Systems has over 60,000 customers to whom it sells the data collected by its spyware –your children become spies! 10/12/2005 12 Hacked via Malicious Websites! BROWSER HIJACKING Symptoms: • Your browser’s default start page is changed • Porn and gambling links are added to your favorites list • Porn sites pop up on your screen Goal: • To force your browser – and entice you - to visit websites whose owners pay the hacker for sending people to their sites Spyware, browser hijacking, and phishing are all about MONEY! 10/12/2005 13 Hacked via Malicious Websites! Browser Hijacking – The malicious website makes changes to your computer via known vulnerabilities, for which patches exist – Sometimes, the changes are easily reversed – More often, a “cleaner” tool is needed to fix things – It’s often necessary to manually edit the windows registry – Often, the hijacking software redoes the hacked settings every time you reboot the computer • So, no matter how often you fix your settings, they are hacked again the next time you reboot 10/12/2005 14 Cleaning Up Spyware & Browser Hijackers Voted BEST by some… 10/12/2005 15 Cleaning Up Spyware & Browser Hijackers There are at least 10 other spyware removers out there. I like Spybot Search & Destroy because it’s Free at: http://www.safer-networking.org/en/download/ But my favorite of all is free from Microsoft: AntiSpyware (Beta) - download at: http://www.microsoft.com/athome/security/spy ware/software/default.mspx 10/12/2005 16 What About Firewalls? • Firewalls, in general, simply alert you and ask your permission when any program wants to sends Internet traffic into or out of your computer. ZoneAlarm is one of best easy-to-use firewalls - and it's free! Visit http://www.zonealarm.com. • Firewalls do not stop users from: • Reading malicious email; executing email attachments • Visiting malicious web sites 10/12/2005 17 Hacked via Email! PHISHING • Phishing: The act of sending an email that falsely claims to be from a bank or other E-commerce enterprise • The e-mail: Directs the user to visit a cloned website where they are asked to “update” personal information. • Goal: To trick the recipient into surrendering private information that will be used for identity theft. – Usernames/passwords; credit card, social security, and bank account numbers • Perpetrators: Increasingly used by organized crime syndicates, many based in central and eastern Europe. Those who have been arrested were young, American males. 10/12/2005 18 Hacked via Email! Phishing: It’s a matter of Authentication! https:// s = secure! On-line Secrecy: Encryption + Authentication SSL (Secure Sockets Layer) 10/12/2005 19 Commerce Bank phishing email The From: address is easily spoofed! Not a match! 10/12/2005 20 Commerce Bank phishing email An IP address No ‘s’ No yellow lock! 10/12/2005 21 Commerce Bank phishing email 10/12/2005 22 Spoofed email address eBay phishing email A fake link! 10/12/2005 23 eBay phishing email 10/12/2005 24 SSN! eBay phishing email 10/12/2005 25 Spoofed email address Another eBay phishing email 10/12/2005 26 Making Your Way Though the Minefield Still more tricky! 10/12/2005 27 Another bank phishing email Yellow lock is UOP’s https://login… ! http://mistral… ! 10/12/2005 Not a match! mail.pacific.edu 28 No ‘s’ after the “http”! FAKE! No yellow lock! Another bank phishing email 10/12/2005 29 REAL! Washington Mutual’s real website 10/12/2005 ‘s’ after the http”! Yellow lock! 30 A new “window” can be placed over the address window! 10/12/2005 A new “window” can be placed over the blank yellow lock window! 31 Make sure this matches this! When you doubleclick on an authentic yellow lock, a digital certificate appears. 10/12/2005 32 PHARMING 10/12/2005 33 E-COMMERCE E-Commerce is SAFE as long as you: • Initiate the connection! • Ensure that you're using a secure website before submitting credit card or other sensitive information. • Check the beginning of the Web address in your browsers address bar - it should be ‘https://’ rather than just ‘http://’ • Make sure the yellow lock is in place. Double-click on yellow lock and check digital certificate 10/12/2005 34 Viruses, Spyware, Phishing, Pharming Identity Theft Statistics Method: • 30% via lost wallet, checkbook, or credit card • 11% via the Internet = 0.3% of all Internet fraud • 71% of Internet fraud occurs via online auctions • 5% via garbage browsing • 54% via other or unknown means When the perpetrator was caught: • 32% a relative 54% of the time, it’s • 18% a friend someone the victim knew! • 4% a fellow worker • 13% a worker who had access to personal data • 33% other Source: BBB survey, published 1/30/05 10/12/2005 35 SUMMING UP 1. Keep your programs patched! • Windows: Enable automatic updates • See following slide 10/12/2005 36 10/12/2005 37 SUMMING UP 1. Keep your programs patched! • Windows: Enable automatic updates • See following slide 2. Use Microsoft AntiSpyware • See following slide 10/12/2005 38 10/12/2005 39 SUMMING UP 1. Keep your programs patched! • Windows: Enable automatic updates • See following slide 2. Use Microsoft AntiSpyware • See following slide 3. Beware accepting “free” software (e.g. games) 10/12/2005 40 SUMMING UP 1. Keep your programs patched! • Windows: Enable automatic updates • See following slide 2. Use Microsoft AntiSpyware • See following slide 3. Beware accepting “free” software (e.g. games) 4. Use one anti-virus program (e.g. McAfee, Norton) 10/12/2005 41 SUMMING UP 1. Keep your programs patched! • Windows: Enable automatic updates • See following slide 2. Use Microsoft AntiSpyware • See following slide 3. Beware accepting “free” software (e.g. games) 4. Use one anti-virus program (e.g. McAfee, Norton) 5. If it will make you feel better, use a firewall (e.g. ZoneAlarm, XP SP2 Firewall) 10/12/2005 42
