Embed Size (px)
Citation preview
What Does It Mean To You?
Internet Security
1. Use you to spread their worms and viruses.2. Install spyware programs on your computer so they
can monitor everything you do on the Internet.3. Alter your browser, forcing it to visit websites you
don't want to visit.4. Get your personal information so they can steal
your money and identity.
Hackers want to…
Goal 1 is usually about “FUN”Goals 2, 3 and 4 are usually about MONEY!
How You Get Hacked:
Via email attachments Trojan/viruses Trojan/worms
Via malicious websites Spyware Browser hijacking
Via email Phishing Pharming
Greeks bearing gifts…
TROJAN HORSES Gifts you want that contain things you don’t want…
A Trojan horse is a normal application, such as a game or self-displaying photo, that contains a hidden program – often a virus - that executes when the Trojan is executed.
Trojan horses are usually email attachments
VIRUSES
A program that attaches itself to another program so that it can reproduce without the victim’s knowledge Much like the common cold, it wants to spread – often
using the victim’s email address book as a source for new victims to whom it sends itself Viruses generally spread via email-attached Trojans or
embedded in illicitly downloaded software.
eMail Viruses
Open the attachment, enjoy your infection.
Antivirus 2010, 2011
Antivirus 2010 properties:• Changes browser settings• Shows commercial adverts• Connects itself to the Internet• Stays resident in background
It is distributed through online advertisements that are disguised as anti-virus scanners. If user clicks on such a banner, he or she is receives false reports about infections detected. Antivirus2010 tries to intimidate people by reporting nonexistent threats in order to get them interested in downloading this application.
The Internet Is Not A Virus Scanner
Tried to go to a Website and got redirected and warned that you had a virus?
More than likely the legitimate site you were going to was involved in DNS hijacking.
DNS hijacking, also known as DNS poisoning merely manipulates the numeric resolver to a new address.
WORMS
A specially written program that replicates itself Unlike a virus, it does not attach itself to other
programs Worms, in general are resource hogs; some have
bogged down major portions of the Internet Worms generally spread via server vulnerabilities (e.g.
buffer overflows) – not via email attached TrojansThe Blaster Worm infected multiple systems in the mid 2000s causing an overflow within Windows NT 5.x based systems (XP, 2003). It had no other use than to replicate and cease productivity.
Conflicker
Little is known about the use of conflicker other than it easily replicates to insecure machines and has multiple open ports.
It is assumed the usage is as a Zombie to be used in large scale DDOS attacks.
Viruses vs.Worms
In the final analysis, most people who are affected by a virus or worm could care less about the distinctions between them.
Most viruses and worms are launched into the Internet by attackers who have no particular target in mind
They just want to see what will happen – or they seek notoriety among their “colleagues”
Spyware
Spyware: Any software that covertly gathers user information. Monitors victim’s Internet activity and transmits that
information via the Internet to the hacker, who sells it. Often bundled as a hidden component of “free”
programs that are downloaded from the Internet
Symptoms: SLOW Web browsing PCs are often infested with 50 -1000 spyware
programs The more you surf, the more invested you become Real time protection is free and readily available
Spyware
RealPlayer tracks and “phoneshome” your listening habits
Kazaa - You are trusting infected users to share their music and files with you – enough said.
Comet Systems has over 160,000 customers to whom it sells the data collected by its spyware
Wild (Tangent) Games are “free” but you agree to a lot when you accept them!
Browser Hijacking
Symptoms: Your browser’s default start page is changed Porn and gambling links are added to your favorites
list Porn sites pop up on your screen
Goal: To force your browser – and entice you - to visit
websites whose owners pay the hacker for sending people to their sites
Spyware, browser hijacking, and phishing are all about MONEY!
Browser Hijacking
The malicious website makes changes to your computer via known vulnerabilities, for which patches exist
Sometimes, the changes are easily reversed More often, a “cleaner” tool is needed to fix things It’s often necessary to manually edit the Windows
registry Often, the hijacking software redoes the hacked settings
every time you reboot the computer
Phishing
Phishing: The act of sending an email that falsely claims to be from a bank or other E-commerce enterprise
The e-mail: Directs the user to visit a cloned website where they are asked to “update” personal information.
Goal: To trick the recipient into surrendering private information that will be used for identity theft.
Usernames/passwords; credit card, social security, and bank account numbers
Perpetrators: Increasingly used by organized crime syndicates, many based in central and eastern Europe. Those who have been arrested were young, American males.
A bad day phishin’, beats a good day workin’
• 2,000,000 emails are sent• 5% get to the end user – 100,000 (Anti-Phishing Working
Group)• 5% click on the phishing link – 5,000 (APWG)• 2% enter data into the phishing site –100 (FTC)• $1,200 from each person who enters data (FTC)• Potential reward: $120,000
In 2005 David Levi made over $360,000 from 160 people using an eBay Phishing scam
Phishing
From can easily be spoofed
Not a match
Images from Anti-Phishing Working Group’s Phishing Archive
Typical Phishing Site
Not https – not secure
An IP address, not a resolved name
Images from Anti-Phishing Working Group’s Phishing Archive
Typical Phishing Site
Images from Anti-Phishing Working Group’s Phishing Archive
Fake Site
Not https:No security lock
Images from Anti-Phishing Working Group’s Phishing Archive
Real Site
Images from Anti-Phishing Working Group’s Phishing Archive
Corporate Phishing/Spear Phishing
Spear-Phishing: Improved Target Selection
• Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to
the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises
• Context-aware attacks “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”
Another Example
Images from Anti-Phishing Working Group’s Phishing Archive
But Wait!!
WHOIS 210.104.211.21:
Location: Korea, Republic Of
Even bigger problem:
I don’t have an account with US Bank!
Images from Anti-Phishing Working Group’s Phishing Archive
Pharming
How To Tell If An E-mail Message is Fraudulent
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
• "Verify your account."Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail from anyone asking you to update your credit card information, do not respond: this is a phishing scam.
• "If you don't respond within 48 hours, your account will be closed."These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.
Continued
• "Dear Valued Customer."Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.
• "Click the link below to gain access to your account."HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.
