Phishing, Pharming, and the latest potholes on the Information Highway


Published on

Ian Loe from IBM speaks at our COM125 Internet class on the latest trends in Internet Security.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Phishing, Pharming, and the latest potholes on the Information Highway

    1. 1. Phishing, Pharming, and the latest potholes on the Information Highway A Presentation by Ian Loe, CISSP
    2. 2. Agenda <ul><li>Malware </li></ul><ul><li>Latest potholes on the Information Highway </li></ul><ul><ul><li>Spyware </li></ul></ul><ul><ul><li>Phishing </li></ul></ul><ul><ul><li>Pharming </li></ul></ul><ul><li>Security industry approach to emerging Malware </li></ul><ul><li>Corporate Information Security Office approach </li></ul><ul><li>Recommendations </li></ul><ul><li>Q & A </li></ul>
    3. 3. Malware <ul><li>Short for mal icious soft ware </li></ul><ul><li>Any software designed </li></ul><ul><li>specifically </li></ul><ul><li>to damage or disrupt </li></ul><ul><li>a system </li></ul>
    4. 4. Traditional Types of Malware <ul><li>Virus </li></ul><ul><ul><li>Attaches itself to a program or file and reproduces itself </li></ul></ul><ul><ul><li>Cannot be spread without a human action </li></ul></ul><ul><li>Worm </li></ul><ul><ul><li>Spreads without human intervention </li></ul></ul><ul><ul><li>Could send out thousands of copies of itself </li></ul></ul><ul><ul><li>Tunnels into a system to control it remotely </li></ul></ul><ul><li>Trojan Horse </li></ul><ul><ul><li>Appears to be useful software/files from a legit source </li></ul></ul><ul><ul><li>Could delete files and destroy information on a system </li></ul></ul><ul><ul><li>Creates a back door for malicious access spread </li></ul></ul><ul><ul><li>Do not reproduce by infecting files nor self-replicate </li></ul></ul>
    5. 5. <ul><li>Phishing and Pharming </li></ul><ul><li>belong to the family of Spyware </li></ul><ul><li>Along with many others: </li></ul><ul><li>Adware </li></ul><ul><li>Key loggers </li></ul><ul><li>Dialers </li></ul><ul><li>Downloaders </li></ul><ul><li>Back doors </li></ul>Latest Types of Malware
    6. 6. What is Spyware? <ul><li>Any software that covertly gathers </li></ul><ul><li>information on user activities </li></ul><ul><li>through the user's Internet connection </li></ul><ul><li>without his or her knowledge </li></ul><ul><li>and ships it off to an </li></ul><ul><li>unknown third-party server </li></ul><ul><li>over the Internet </li></ul>
    7. 7. What is Adware? <ul><li>Adware is Commercial Spyware </li></ul><ul><ul><li>Developed by commercial </li></ul></ul><ul><ul><li>advertising companies </li></ul></ul><ul><li>who claim “not malicious intent” </li></ul><ul><li>Usually created for </li></ul><ul><li>advertising/marketing purposes </li></ul>
    8. 8. How does Spyware work? <ul><li>Independent executable able to: </li></ul><ul><ul><li>Deliver unsolicited advertising – pop-up ads </li></ul></ul><ul><ul><li>Monitor keystrokes </li></ul></ul><ul><ul><li>Scan files on the hard drive </li></ul></ul><ul><ul><li>Snoop other apps (e.g. chat, word processors) </li></ul></ul><ul><ul><li>Install other Spyware programs </li></ul></ul><ul><ul><li>Read cookies </li></ul></ul><ul><ul><li>Change the default home page on the browser </li></ul></ul><ul><li>Consistently relays info back to source for: </li></ul><ul><ul><li>Advertising/marketing purposes </li></ul></ul><ul><ul><li>Selling the information to another party </li></ul></ul>
    9. 9. Spyware Concerns <ul><li>Ethics and privacy </li></ul><ul><li>Computer’s resources </li></ul><ul><li>Internet connection bandwidth </li></ul><ul><li>System crashes or general instability </li></ul><ul><li>Licensing agreements for software downloads may not always be read </li></ul><ul><li>The notice of a Spyware installation is couched in hard-to-read legal disclaimers </li></ul><ul><li>Producers of Adware also produce Anti-Spyware tools – It is a profitable industry </li></ul>
    10. 10. Getting Spyware is Easy <ul><li>Drive-By Installations </li></ul><ul><ul><li>Social engineering </li></ul></ul><ul><ul><li>Spoof certificates </li></ul></ul><ul><li>Web Exploits </li></ul><ul><ul><li>Every MS Security Bulleting that “Could Allow Code Execution” can be used to install Spyware </li></ul></ul><ul><li>Bundles </li></ul><ul><ul><li>Users unwittingly install the product when they install something else – freeware/shareware </li></ul></ul><ul><ul><ul><li>> Kazaa > Games </li></ul></ul></ul><ul><ul><ul><li>> Pirated Software > Screensavers </li></ul></ul></ul><ul><ul><ul><li>> Smileys > Anti-Spyware programs </li></ul></ul></ul>
    11. 11. Malicious Spyware Types <ul><li>Key-loggers </li></ul><ul><ul><li>Log keystrokes and send over the Internet </li></ul></ul><ul><ul><li>It steals information including passwords </li></ul></ul><ul><li>Dialers </li></ul><ul><ul><li>Cause a user’s modem to dial a 900 or 976 number </li></ul></ul>
    12. 12. Malicious Spyware Types (cont…) <ul><li>Back doors </li></ul><ul><ul><li>Provide hacker with complete control (e.g. Back orifice) </li></ul></ul><ul><li>Downloaders </li></ul><ul><ul><li>Download and install Spyware, Adware, key loggers, dialers, back doors, etc </li></ul></ul><ul><ul><li>Most commonly installed using web exploits </li></ul></ul><ul><li>Phishing & Pharming </li></ul>
    13. 13. What is Phishing? <ul><li>The act </li></ul><ul><li>of sending a message to a user </li></ul><ul><li>falsely claiming to be an established </li></ul><ul><li>legitimate enterprise in an attempt to </li></ul><ul><li>scam the user into surrendering </li></ul><ul><li>private information that will be used </li></ul><ul><li>for identity theft </li></ul>
    14. 14. Phishing Purpose <ul><li>They will cast the bait and if you bite, </li></ul><ul><li>they can lure your personal </li></ul><ul><li>information out of you </li></ul><ul><li>ID & Passwords </li></ul><ul><li>Credit Card Information </li></ul><ul><li>NRIC / Passport Information </li></ul><ul><li>Bank Account Numbers </li></ul>
    15. 15. Bogus Websites <ul><li>to which victims are redirected </li></ul><ul><li>without their knowledge or consent, </li></ul><ul><li>look the same as </li></ul><ul><li>a genuine website </li></ul><ul><li>But </li></ul><ul><li>information like </li></ul><ul><li>login name and password </li></ul><ul><li>is captured by </li></ul><ul><li>criminals </li></ul>
    16. 16. Pharming Out-Scams Phishing <ul><li>First came Phishing, </li></ul><ul><li>in which con artists hooked unwary </li></ul><ul><li>internet users one by one into </li></ul><ul><li>compromising their personal data </li></ul><ul><li>Pharmers </li></ul><ul><li>can scoop up many victims </li></ul><ul><li>in a single pass </li></ul>
    17. 17. What is Pharming? <ul><li>New use for a relatively old concept: </li></ul><ul><li>domain spoofing </li></ul><ul><li>Pharmers </li></ul><ul><li>simply redirect as many users as </li></ul><ul><li>possible from </li></ul><ul><li>legitimate commercial websites </li></ul><ul><li>to malicious ones </li></ul>
    18. 18. Pharming most alarming threat <ul><li>DNS poisoning </li></ul><ul><li>Large group of users to be silently shuttled to a bogus website even when typing in the correct URL </li></ul><ul><li>You no longer have to click </li></ul><ul><li>a URL link </li></ul><ul><li>to hand over your information to </li></ul><ul><li>identity thieves </li></ul>
    19. 19. Technical Challenges <ul><li>New and evolving technology </li></ul><ul><li>Quickly adopts all latest techniques from Viruses, Worms and Trojans </li></ul><ul><li>Attracts the best & brightest hackers </li></ul><ul><li>Application level threat – existing enterprise defenses lack granularity </li></ul>
    20. 20. Spyware Market Place <ul><li>Many providers have started to offer products </li></ul><ul><li>Market still resembles the wild west and the early days of the Internet </li></ul><ul><li>Standards and Commercial winners-&-losers have yet to emerge </li></ul>
    21. 21. Enterprise Solutions Emerging <ul><li>Spyware specific desktop tools </li></ul><ul><ul><li>Desktop agent with no centralized management </li></ul></ul><ul><ul><li>Use of signatures </li></ul></ul><ul><li>Desktop Antivirus </li></ul><ul><ul><li>Detecting a small subset of known Spyware </li></ul></ul><ul><ul><li>Use of signatures </li></ul></ul><ul><li>URL Filtering </li></ul><ul><ul><li>Gateway solution </li></ul></ul><ul><ul><li>Blocks known Spyware sources – change often </li></ul></ul><ul><li>Proxy Appliance </li></ul><ul><ul><li>Stop drive-by installation </li></ul></ul><ul><ul><li>URL filtering and use of signatures </li></ul></ul>
    22. 22. Industry Approach - Phishing <ul><li>Based on social engineering – Self defense relies on common sense of the user </li></ul><ul><li>The automated detection of new Phishing fraud is very difficult </li></ul><ul><li>Only an extensive forensic analysis by law enforcement can prove the evidence of Phishing </li></ul><ul><li>Try to mitigate by </li></ul><ul><ul><li>URL blocking of known URLs of Phishing websites </li></ul></ul><ul><ul><li>Spam blocking of emails of Phishing scams that are sent en mass </li></ul></ul>
    23. 23. Industry Approach - Pharming <ul><li>Browsers that could authenticate website identity </li></ul><ul><li>Browser toolbars displaying the true physical location of a website's host (e.g. Russia) </li></ul><ul><li>Some financial institutions are experimenting with &quot;multi-factor authentication&quot; logins, including: </li></ul><ul><ul><li>single-use passwords (e.g. tokens) </li></ul></ul><ul><ul><li>automatic telephone call-backs </li></ul></ul>
    24. 24. Security Recommendations <ul><li>Do not open e-mail attachments unless you know the source and are expecting the attachment </li></ul><ul><li>Do not reply to the e-mail from an unknown source </li></ul><ul><li>Do not click on entrusted hyperlinks to the Internet </li></ul><ul><li>Do not download unapproved software from the Internet </li></ul><ul><li>Do not respond or visit the website indicated by an instant message or e-mail </li></ul><ul><li>Do not give out personal information over the Internet </li></ul><ul><li>Before revealing any identifying information, ask how it will be used and secured. </li></ul>
    25. 25. Questions?
    26. 26. Thank You!