Viruses, Worms, Spyware, Phishing, Pharming

Comments

Transcription

Viruses, Worms, Spyware, Phishing, Pharming
Viruses, Worms, Spyware, Phishing, Pharming
10/12/2005
1
Viruses, Spyware, Phishing, Pharming
The Internet can be a minefield for the unwary!
Hackers want to…
1.
Use you to spread their worms and viruses.
2.
Install spyware programs on your computer so they can
monitor everything you do on the Internet.
3.
Alter your browser, forcing it to visit websites you don't
want to visit.
4.
Get your personal information so they can steal your
money and identity.
Goal 1 is usually about “FUN”
Goals 2, 3 and 4 are usually about MONEY!
10/12/2005
2
Viruses, Spyware, Phishing, Pharming
How You Get Hacked:
–
Via email attachments
• Trojan/viruses
• Trojan/worms
–
Via malicious websites
–
10/12/2005
• Spyware
• Browser hijacking
Via email
• Phishing
• Pharming
3
Hacked via Email Attachments!
Greeks bearing gifts…
TROJAN HORSES
Gifts you want that
contains things you
don’t want…
A Trojan horse is a normal application, such as a game or
self-displaying photo, that contains a hidden program – often
a virus - that executes when the Trojan is executed.
Trojan horses are usually email attachments
10/12/2005
4
Hacked via Email Attachments!
VIRUSES
• A program that attaches itself to
another program so that it can
reproduce without the victim’s
knowledge
• Much like the common cold, it
wants to spread – often using the
victim’s email address book as a
source for new victims to whom
it sends itself
• Viruses generally spread via
email-attached Trojans
10/12/2005
5
Click on the
attachment and
you have a virus!
10/12/2005
6
Click on the
attachment and
you have a virus!
10/12/2005
7
Hacked via Email Attachments!
WORMS
• A specially written program that
replicates itself
• Unlike a virus, it does not attach
itself to other programs
• Worms, in general are resource
hogs; some have bogged down
major portions of the Internet
• Worms generally spread via
server vulnerabilities (e.g. buffer
overflows) – not via email
attached Trojans
10/12/2005
8
Hacked via Email Attachments!
Viruses vs. Worms
• In the final analysis, most
people who are affected by a
virus or worm could not care
less about the distinctions
between them
• Most viruses and worms are
launched into the Internet by
attackers who have no particular
target in mind
• They just want to see what will
happen – or they seek notoriety
among their “colleagues”
10/12/2005
9
Hacked via Malicious Websites!
•
•
•
•
•
SPYWARE
Spyware: Any software that covertly
gathers user information.
Spyware: Monitors victim’s Internet
activity and transmits that information via
the Internet to the hacker, who sells it.
Spyware: Often bundled as a hidden component of
“free” programs that are downloaded from the Internet
Symptoms: SLOW Web browsing
• PCs are often infested with 50 -1000 spyware
programs
• The more you surf, the more invested you become
#1 Problem for 2005!
10/12/2005
10
Hacked via Malicious Websites!
A typical EULA (End User License Agreement):
"You grant to us the right ... to provide to you the Service of downloading and
causing to be displayed advertising material on your computer, through ‘popup’ or other display while you use your browser. You acknowledge and agree
that installation of the Software may automatically modify toolbars and other
settings of your browser. By installing the Software you agree to such
modifications..."
"You also grant permission to collect and store information of your internet
usage habit, including but not limited to information about every web page you
view and the content of web page. You understand and accept that Uniform
Resource Locators and the content of web pages you view may include your
personally identifiable information. You grant permission to collect and store
information on which toolbar buttons you click on, your response to
advertising, the search terms you entered on the toolbar and/or all other
information relates to your internet usage habits..."
10/12/2005
11
Hacked via Malicious Websites!
Spyware
RealPlayer tracks
– and “phones
home” - your
listening habits
Kazaa – need
I say more?
Wild (Tangent) Games
are “free” – but you
agree to a lot when you
accept them!
Comet Systems has over
60,000 customers to whom
it sells the data collected
by its spyware –your
children become spies!
10/12/2005
12
Hacked via Malicious Websites!
BROWSER HIJACKING
Symptoms:
• Your browser’s default start page is changed
• Porn and gambling links are added to your favorites list
• Porn sites pop up on your screen
Goal:
• To force your browser – and entice you - to visit
websites whose owners pay the hacker for sending
people to their sites
Spyware, browser hijacking, and phishing are all about
MONEY!
10/12/2005
13
Hacked via Malicious Websites!
Browser Hijacking
–
The malicious website makes changes to your computer
via known vulnerabilities, for which patches exist
–
Sometimes, the changes are easily reversed
–
More often, a “cleaner” tool is needed to fix things
–
It’s often necessary to manually edit the windows registry
–
Often, the hijacking software redoes the hacked settings
every time you reboot the computer
• So, no matter how often you fix your settings, they are
hacked again the next time you reboot
10/12/2005
14
Cleaning Up Spyware & Browser Hijackers
Voted BEST
by some…
10/12/2005
15
Cleaning Up Spyware & Browser Hijackers
There are at least 10 other spyware removers
out there. I like Spybot Search & Destroy
because it’s Free at:
http://www.safer-networking.org/en/download/
But my favorite of all is free from Microsoft:
AntiSpyware (Beta) - download at:
http://www.microsoft.com/athome/security/spy
ware/software/default.mspx
10/12/2005
16
What About Firewalls?
• Firewalls, in general, simply alert you and ask your permission
when any program wants to sends Internet traffic into or out of your
computer. ZoneAlarm is one of best easy-to-use firewalls - and it's
free! Visit http://www.zonealarm.com.
• Firewalls do not stop users from:
• Reading malicious email; executing email attachments
• Visiting malicious web sites
10/12/2005
17
Hacked via Email!
PHISHING
• Phishing: The act of sending an email that falsely claims to
be from a bank or other E-commerce enterprise
• The e-mail: Directs the user to visit a cloned website where
they are asked to “update” personal information.
• Goal: To trick the recipient into surrendering private
information that will be used for identity theft.
– Usernames/passwords; credit card, social security, and
bank account numbers
• Perpetrators: Increasingly used by organized crime
syndicates, many based in central and eastern Europe. Those
who have been arrested were young, American males.
10/12/2005
18
Hacked via Email!
Phishing:
It’s a matter of Authentication!
https://
s = secure!
On-line Secrecy: Encryption + Authentication
SSL
(Secure Sockets Layer)
10/12/2005
19
Commerce
Bank
phishing
email
The
From:
address is
easily
spoofed!
Not a match!
10/12/2005
20
Commerce
Bank
phishing
email
An IP
address
No ‘s’
No
yellow
lock!
10/12/2005
21
Commerce
Bank
phishing
email
10/12/2005
22
Spoofed email address
eBay phishing email
A fake link!
10/12/2005
23
eBay
phishing email
10/12/2005
24
SSN!
eBay
phishing email
10/12/2005
25
Spoofed email address
Another eBay
phishing email
10/12/2005
26
Making Your Way Though the Minefield
Still more tricky!
10/12/2005
27
Another bank
phishing email
Yellow lock is UOP’s
https://login… !
http://mistral… !
10/12/2005
Not a match!
mail.pacific.edu
28
No ‘s’
after the
“http”!
FAKE!
No
yellow
lock!
Another
bank
phishing
email
10/12/2005
29
REAL!
Washington
Mutual’s
real
website
10/12/2005
‘s’ after
the http”!
Yellow
lock!
30
A new
“window”
can be
placed over
the address
window!
10/12/2005
A new “window” can be
placed over the blank
yellow lock window!
31
Make
sure
this
matches
this!
When you
doubleclick on
an
authentic
yellow
lock, a
digital
certificate
appears.
10/12/2005
32
PHARMING
10/12/2005
33
E-COMMERCE
E-Commerce is SAFE as long as you:
• Initiate the connection!
• Ensure that you're using a secure website before submitting
credit card or other sensitive information.
• Check the beginning of the Web address in your browsers
address bar - it should be ‘https://’ rather than just ‘http://’
• Make sure the yellow lock is in place.
Double-click on yellow
lock and check digital
certificate
10/12/2005
34
Viruses, Spyware, Phishing, Pharming
Identity Theft Statistics
Method:
• 30% via lost wallet, checkbook, or credit card
• 11% via the Internet = 0.3% of all Internet fraud
• 71% of Internet fraud occurs via online auctions
• 5% via garbage browsing
• 54% via other or unknown means
When the perpetrator was caught:
• 32% a relative
54% of the time, it’s
• 18% a friend
someone the victim knew!
• 4% a fellow worker
• 13% a worker who had access to personal data
• 33% other
Source: BBB survey, published 1/30/05
10/12/2005
35
SUMMING UP
1. Keep your programs patched!
• Windows: Enable automatic updates
• See following slide
10/12/2005
36
10/12/2005
37
SUMMING UP
1. Keep your programs patched!
• Windows: Enable automatic updates
• See following slide
2. Use Microsoft AntiSpyware
• See following slide
10/12/2005
38
10/12/2005
39
SUMMING UP
1. Keep your programs patched!
• Windows: Enable automatic updates
• See following slide
2. Use Microsoft AntiSpyware
• See following slide
3. Beware accepting “free” software (e.g. games)
10/12/2005
40
SUMMING UP
1. Keep your programs patched!
• Windows: Enable automatic updates
• See following slide
2. Use Microsoft AntiSpyware
• See following slide
3. Beware accepting “free” software (e.g. games)
4. Use one anti-virus program (e.g. McAfee, Norton)
10/12/2005
41
SUMMING UP
1. Keep your programs patched!
• Windows: Enable automatic updates
• See following slide
2. Use Microsoft AntiSpyware
• See following slide
3. Beware accepting “free” software (e.g. games)
4. Use one anti-virus program (e.g. McAfee, Norton)
5. If it will make you feel better, use a firewall (e.g.
ZoneAlarm, XP SP2 Firewall)
10/12/2005
42