Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Phishing, Pharming, and the latest potholes on the Information Highway


Published on

Ian Loe from IBM speaks at our COM125 Internet class on the latest trends in Internet Security.

Published in: Technology
  • Be the first to comment

Phishing, Pharming, and the latest potholes on the Information Highway

  1. 1. Phishing, Pharming, and the latest potholes on the Information Highway A Presentation by Ian Loe, CISSP
  2. 2. Agenda <ul><li>Malware </li></ul><ul><li>Latest potholes on the Information Highway </li></ul><ul><ul><li>Spyware </li></ul></ul><ul><ul><li>Phishing </li></ul></ul><ul><ul><li>Pharming </li></ul></ul><ul><li>Security industry approach to emerging Malware </li></ul><ul><li>Corporate Information Security Office approach </li></ul><ul><li>Recommendations </li></ul><ul><li>Q & A </li></ul>
  3. 3. Malware <ul><li>Short for mal icious soft ware </li></ul><ul><li>Any software designed </li></ul><ul><li>specifically </li></ul><ul><li>to damage or disrupt </li></ul><ul><li>a system </li></ul>
  4. 4. Traditional Types of Malware <ul><li>Virus </li></ul><ul><ul><li>Attaches itself to a program or file and reproduces itself </li></ul></ul><ul><ul><li>Cannot be spread without a human action </li></ul></ul><ul><li>Worm </li></ul><ul><ul><li>Spreads without human intervention </li></ul></ul><ul><ul><li>Could send out thousands of copies of itself </li></ul></ul><ul><ul><li>Tunnels into a system to control it remotely </li></ul></ul><ul><li>Trojan Horse </li></ul><ul><ul><li>Appears to be useful software/files from a legit source </li></ul></ul><ul><ul><li>Could delete files and destroy information on a system </li></ul></ul><ul><ul><li>Creates a back door for malicious access spread </li></ul></ul><ul><ul><li>Do not reproduce by infecting files nor self-replicate </li></ul></ul>
  5. 5. <ul><li>Phishing and Pharming </li></ul><ul><li>belong to the family of Spyware </li></ul><ul><li>Along with many others: </li></ul><ul><li>Adware </li></ul><ul><li>Key loggers </li></ul><ul><li>Dialers </li></ul><ul><li>Downloaders </li></ul><ul><li>Back doors </li></ul>Latest Types of Malware
  6. 6. What is Spyware? <ul><li>Any software that covertly gathers </li></ul><ul><li>information on user activities </li></ul><ul><li>through the user's Internet connection </li></ul><ul><li>without his or her knowledge </li></ul><ul><li>and ships it off to an </li></ul><ul><li>unknown third-party server </li></ul><ul><li>over the Internet </li></ul>
  7. 7. What is Adware? <ul><li>Adware is Commercial Spyware </li></ul><ul><ul><li>Developed by commercial </li></ul></ul><ul><ul><li>advertising companies </li></ul></ul><ul><li>who claim “not malicious intent” </li></ul><ul><li>Usually created for </li></ul><ul><li>advertising/marketing purposes </li></ul>
  8. 8. How does Spyware work? <ul><li>Independent executable able to: </li></ul><ul><ul><li>Deliver unsolicited advertising – pop-up ads </li></ul></ul><ul><ul><li>Monitor keystrokes </li></ul></ul><ul><ul><li>Scan files on the hard drive </li></ul></ul><ul><ul><li>Snoop other apps (e.g. chat, word processors) </li></ul></ul><ul><ul><li>Install other Spyware programs </li></ul></ul><ul><ul><li>Read cookies </li></ul></ul><ul><ul><li>Change the default home page on the browser </li></ul></ul><ul><li>Consistently relays info back to source for: </li></ul><ul><ul><li>Advertising/marketing purposes </li></ul></ul><ul><ul><li>Selling the information to another party </li></ul></ul>
  9. 9. Spyware Concerns <ul><li>Ethics and privacy </li></ul><ul><li>Computer’s resources </li></ul><ul><li>Internet connection bandwidth </li></ul><ul><li>System crashes or general instability </li></ul><ul><li>Licensing agreements for software downloads may not always be read </li></ul><ul><li>The notice of a Spyware installation is couched in hard-to-read legal disclaimers </li></ul><ul><li>Producers of Adware also produce Anti-Spyware tools – It is a profitable industry </li></ul>
  10. 10. Getting Spyware is Easy <ul><li>Drive-By Installations </li></ul><ul><ul><li>Social engineering </li></ul></ul><ul><ul><li>Spoof certificates </li></ul></ul><ul><li>Web Exploits </li></ul><ul><ul><li>Every MS Security Bulleting that “Could Allow Code Execution” can be used to install Spyware </li></ul></ul><ul><li>Bundles </li></ul><ul><ul><li>Users unwittingly install the product when they install something else – freeware/shareware </li></ul></ul><ul><ul><ul><li>> Kazaa > Games </li></ul></ul></ul><ul><ul><ul><li>> Pirated Software > Screensavers </li></ul></ul></ul><ul><ul><ul><li>> Smileys > Anti-Spyware programs </li></ul></ul></ul>
  11. 11. Malicious Spyware Types <ul><li>Key-loggers </li></ul><ul><ul><li>Log keystrokes and send over the Internet </li></ul></ul><ul><ul><li>It steals information including passwords </li></ul></ul><ul><li>Dialers </li></ul><ul><ul><li>Cause a user’s modem to dial a 900 or 976 number </li></ul></ul>
  12. 12. Malicious Spyware Types (cont…) <ul><li>Back doors </li></ul><ul><ul><li>Provide hacker with complete control (e.g. Back orifice) </li></ul></ul><ul><li>Downloaders </li></ul><ul><ul><li>Download and install Spyware, Adware, key loggers, dialers, back doors, etc </li></ul></ul><ul><ul><li>Most commonly installed using web exploits </li></ul></ul><ul><li>Phishing & Pharming </li></ul>
  13. 13. What is Phishing? <ul><li>The act </li></ul><ul><li>of sending a message to a user </li></ul><ul><li>falsely claiming to be an established </li></ul><ul><li>legitimate enterprise in an attempt to </li></ul><ul><li>scam the user into surrendering </li></ul><ul><li>private information that will be used </li></ul><ul><li>for identity theft </li></ul>
  14. 14. Phishing Purpose <ul><li>They will cast the bait and if you bite, </li></ul><ul><li>they can lure your personal </li></ul><ul><li>information out of you </li></ul><ul><li>ID & Passwords </li></ul><ul><li>Credit Card Information </li></ul><ul><li>NRIC / Passport Information </li></ul><ul><li>Bank Account Numbers </li></ul>
  15. 15. Bogus Websites <ul><li>to which victims are redirected </li></ul><ul><li>without their knowledge or consent, </li></ul><ul><li>look the same as </li></ul><ul><li>a genuine website </li></ul><ul><li>But </li></ul><ul><li>information like </li></ul><ul><li>login name and password </li></ul><ul><li>is captured by </li></ul><ul><li>criminals </li></ul>
  16. 16. Pharming Out-Scams Phishing <ul><li>First came Phishing, </li></ul><ul><li>in which con artists hooked unwary </li></ul><ul><li>internet users one by one into </li></ul><ul><li>compromising their personal data </li></ul><ul><li>Pharmers </li></ul><ul><li>can scoop up many victims </li></ul><ul><li>in a single pass </li></ul>
  17. 17. What is Pharming? <ul><li>New use for a relatively old concept: </li></ul><ul><li>domain spoofing </li></ul><ul><li>Pharmers </li></ul><ul><li>simply redirect as many users as </li></ul><ul><li>possible from </li></ul><ul><li>legitimate commercial websites </li></ul><ul><li>to malicious ones </li></ul>
  18. 18. Pharming most alarming threat <ul><li>DNS poisoning </li></ul><ul><li>Large group of users to be silently shuttled to a bogus website even when typing in the correct URL </li></ul><ul><li>You no longer have to click </li></ul><ul><li>a URL link </li></ul><ul><li>to hand over your information to </li></ul><ul><li>identity thieves </li></ul>
  19. 19. Technical Challenges <ul><li>New and evolving technology </li></ul><ul><li>Quickly adopts all latest techniques from Viruses, Worms and Trojans </li></ul><ul><li>Attracts the best & brightest hackers </li></ul><ul><li>Application level threat – existing enterprise defenses lack granularity </li></ul>
  20. 20. Spyware Market Place <ul><li>Many providers have started to offer products </li></ul><ul><li>Market still resembles the wild west and the early days of the Internet </li></ul><ul><li>Standards and Commercial winners-&-losers have yet to emerge </li></ul>
  21. 21. Enterprise Solutions Emerging <ul><li>Spyware specific desktop tools </li></ul><ul><ul><li>Desktop agent with no centralized management </li></ul></ul><ul><ul><li>Use of signatures </li></ul></ul><ul><li>Desktop Antivirus </li></ul><ul><ul><li>Detecting a small subset of known Spyware </li></ul></ul><ul><ul><li>Use of signatures </li></ul></ul><ul><li>URL Filtering </li></ul><ul><ul><li>Gateway solution </li></ul></ul><ul><ul><li>Blocks known Spyware sources – change often </li></ul></ul><ul><li>Proxy Appliance </li></ul><ul><ul><li>Stop drive-by installation </li></ul></ul><ul><ul><li>URL filtering and use of signatures </li></ul></ul>
  22. 22. Industry Approach - Phishing <ul><li>Based on social engineering – Self defense relies on common sense of the user </li></ul><ul><li>The automated detection of new Phishing fraud is very difficult </li></ul><ul><li>Only an extensive forensic analysis by law enforcement can prove the evidence of Phishing </li></ul><ul><li>Try to mitigate by </li></ul><ul><ul><li>URL blocking of known URLs of Phishing websites </li></ul></ul><ul><ul><li>Spam blocking of emails of Phishing scams that are sent en mass </li></ul></ul>
  23. 23. Industry Approach - Pharming <ul><li>Browsers that could authenticate website identity </li></ul><ul><li>Browser toolbars displaying the true physical location of a website's host (e.g. Russia) </li></ul><ul><li>Some financial institutions are experimenting with &quot;multi-factor authentication&quot; logins, including: </li></ul><ul><ul><li>single-use passwords (e.g. tokens) </li></ul></ul><ul><ul><li>automatic telephone call-backs </li></ul></ul>
  24. 24. Security Recommendations <ul><li>Do not open e-mail attachments unless you know the source and are expecting the attachment </li></ul><ul><li>Do not reply to the e-mail from an unknown source </li></ul><ul><li>Do not click on entrusted hyperlinks to the Internet </li></ul><ul><li>Do not download unapproved software from the Internet </li></ul><ul><li>Do not respond or visit the website indicated by an instant message or e-mail </li></ul><ul><li>Do not give out personal information over the Internet </li></ul><ul><li>Before revealing any identifying information, ask how it will be used and secured. </li></ul>
  25. 25. Questions?
  26. 26. Thank You!