Malware from the Consumer Jungle

3,445 views

Published on

This is a great PowerPoint to help individuals identify and prevent infecting their computers and identity from Malware programs. I found it on the internet and thought it was so good for people to view. The original document was created by the Consumer Jungle and can be found at: http://www.consumerjungle.org/content/view/55/1146/

Published in: Technology, News & Politics
  • Be the first to comment

Malware from the Consumer Jungle

  1. 1. Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers
  2. 2. Estimating the Threat of Malware <ul><li>1-in-3 chance of suffering: </li></ul><ul><ul><li>computer damage </li></ul></ul><ul><ul><li>financial loss </li></ul></ul><ul><li>Viruses & Spyware </li></ul><ul><ul><li>$2.6 Billion to Protect yet $9 Billion to Replace </li></ul></ul>
  3. 3. Spam
  4. 4. What is Spam? <ul><li>An e-mail that is: </li></ul><ul><ul><li>Unsolicited </li></ul></ul><ul><ul><li>Advertising something </li></ul></ul><ul><li>Similar to: </li></ul><ul><ul><li>Junk mail delivered in the mail </li></ul></ul><ul><ul><li>Telemarketing calls on the phone </li></ul></ul>
  5. 5. CAN SPAM Act of 2003 <ul><li>Acronym stands for: </li></ul><ul><ul><li>C ontrolling the A ssault of N on- S olicited P ornography A nd M arketing </li></ul></ul><ul><li>Allows spam as long as it contains: </li></ul><ul><ul><li>an opt-out mechanism </li></ul></ul><ul><ul><li>a valid subject line and header (routing) information </li></ul></ul><ul><ul><li>the legitimate physical address of the mailer </li></ul></ul><ul><ul><li>a label if the content is for adults only </li></ul></ul><ul><li>Regulated by the FTC, but has made little impact to curb Spam. </li></ul>
  6. 6. Virus
  7. 7. What is a Virus? <ul><li>A program that can replicate itself and spreads itself by means of a transferable host. </li></ul><ul><li>How a virus spreads: </li></ul><ul><ul><li>Removable Medium </li></ul></ul><ul><ul><li>Network Connection </li></ul></ul>
  8. 8. Why is it Called a Virus? <ul><li>Similar to a biological virus that spreads itself into living cells. </li></ul><ul><ul><li>Insertion of a virus is called an infection </li></ul></ul><ul><ul><li>Infected file is called a host. </li></ul></ul>
  9. 9. Virus Tricks: What to Look For
  10. 10. The Infected Document <ul><li>Subject line includes the name of the sender </li></ul><ul><ul><li>Probably someone you know </li></ul></ul><ul><li>Message tempts you to open attachment </li></ul><ul><li>Attachment is a legitimate Word file that is infected with a macro </li></ul>
  11. 11. The Misleading File Name <ul><li>Look at the attachment's name </li></ul><ul><ul><li>&quot;LOVE-LETTER-FOR-YOU.TXT. vbs </li></ul></ul><ul><ul><li>Looks like a harmless text (TXT) file, but it is a vbs file with a windows script </li></ul></ul><ul><ul><li>The suffix (.vbs) might be completely hidden – appearing to be a type of file you’d willingly open i.e. JPEG, MP3,or PDF. </li></ul></ul>
  12. 12. The Offer You Can’t Refuse <ul><li>Gives a compelling message – get rid of a computer virus </li></ul><ul><li>Doesn’t disguise that the attachment is a program </li></ul><ul><li>The program is a worm that sends itself to e-mail addresses it finds on your computer </li></ul>
  13. 13. The Fake Web Link <ul><li>Subject and message suggest that opening attachment will take you to a web page containing party photos. </li></ul><ul><li>Attachments name resembles a web address </li></ul><ul><ul><li>Actually a program that sends itself to people in your address book </li></ul></ul><ul><li>Designed to tie up your e-mail; can also be designed to destroy data </li></ul>
  14. 14. Spyware
  15. 15. What is Spyware? <ul><li>Malicious software that </li></ul><ul><ul><li>Subverts the computer’s operation for the benefit of a third party </li></ul></ul><ul><li>Designed to exploit infected computers for commercial gain via: </li></ul><ul><ul><li>Unsolicited pop-up advertisements </li></ul></ul><ul><ul><li>Theft of personal information </li></ul></ul><ul><ul><li>Monitoring of web-browsing for marketing purposes </li></ul></ul><ul><ul><li>Re-routing of http requests to advertising sites </li></ul></ul>
  16. 16. Example of Spyware <ul><li>According to an October 2004 study by America Online and the National Cyber-Security Alliance: </li></ul><ul><ul><li>80% of surveyed users had some form of spyware on their computer. </li></ul></ul>
  17. 17. Phishing
  18. 18. What is Phishing? <ul><li>An attempt to fraudulently acquire confidential information, such as: </li></ul><ul><ul><li>passwords </li></ul></ul><ul><ul><li>credit card details </li></ul></ul><ul><li>By masquerading as a trustworthy: </li></ul><ul><ul><li>Business </li></ul></ul><ul><ul><li>Financial Institution </li></ul></ul><ul><ul><li>Government Agency </li></ul></ul><ul><ul><li>Internet Service Provider </li></ul></ul><ul><ul><li>Online Payment Service </li></ul></ul><ul><ul><li>Person </li></ul></ul><ul><li>In an apparently official electronic communication, such as: </li></ul><ul><ul><li>an email </li></ul></ul><ul><ul><li>an instant message. </li></ul></ul>
  19. 19. Why is it called Phishing? <ul><li>Hackers coined the phrase </li></ul><ul><ul><li>“ Fish” for accounts </li></ul></ul><ul><ul><li>Ph is a common hacker replacement for the letter “f”. </li></ul></ul>
  20. 20. How does Phishing Work? <ul><li>E-mail contains a link to a “look alike” website. </li></ul><ul><li>Website asks the consumer to : </li></ul><ul><ul><li>Confirm </li></ul></ul><ul><ul><li>Re-enter </li></ul></ul><ul><ul><li>Validate (or) </li></ul></ul><ul><ul><li>Verify </li></ul></ul><ul><li>Their personal info, i.e. </li></ul><ul><ul><li>Social Security Number </li></ul></ul><ul><ul><li>Bank Account Number </li></ul></ul><ul><ul><li>Credit Card Number </li></ul></ul><ul><ul><li>Password </li></ul></ul>
  21. 21. PayPal Phishing <ul><li>Look for spelling mistakes: </li></ul><ul><ul><li>Choise </li></ul></ul><ul><ul><li>Temporaly </li></ul></ul><ul><li>Presence of an IP address in the link visible under the yellow box (&quot;Click here to verify your account&quot;) </li></ul>
  22. 22. Phishing for eBay Customers <ul><li>Phishing e-mails from eBay’s online payment company PayPal is very popular. </li></ul><ul><li>However, eBay no longer sends out e-mails. </li></ul><ul><ul><li>They created an online e-mail account for customers to receive e-mails after they’ve logged into the secure website. </li></ul></ul>
  23. 23. Advanced Phishing Techniques <ul><li>Instead of sending an e-mails persuading consumers to visit websites, the e-mail deploys a key-logging Trojan. </li></ul><ul><li>As soon as the user visits their bank’s website all the typed keys are logged and sent back to the hacker with the account number, passwords, and other critical data. </li></ul>
  24. 24. How to Avoid Phishing <ul><li>Be skeptical </li></ul><ul><li>Ignore the “dire consequences” warning. </li></ul><ul><li>Don’t reply </li></ul><ul><li>Don’t click on the link </li></ul><ul><ul><li>Contact the company directly via a: </li></ul></ul><ul><ul><ul><li>Legitimate 1-800 telephone number </li></ul></ul></ul><ul><ul><ul><li>Website </li></ul></ul></ul><ul><li>Look at the “address bar” </li></ul><ul><ul><li>Often a different domain name </li></ul></ul>
  25. 25. More Tips on Avoiding Phishing <ul><li>Don’t e-mail personal or financial information. </li></ul><ul><li>Open a new browser and look for secure indicators: </li></ul><ul><ul><li>Secure lock </li></ul></ul><ul><ul><li>https: (s stands for secure) </li></ul></ul>
  26. 26. What to do with Phishing E-mails <ul><li>Forward to [email_address] and cc the group that the e-mail impersonates. </li></ul><ul><li>Mark as “Junk Mail” in your Spam Software </li></ul><ul><li>Delete immediately </li></ul><ul><li>File a complaint with the Federal Trade Commission (FTC) </li></ul><ul><ul><li>www.ftc.gov </li></ul></ul><ul><ul><li>1-877-FTC-HELP </li></ul></ul><ul><ul><ul><li>(1-877-382-4357) </li></ul></ul></ul>
  27. 27. Pharming
  28. 28. What is Pharming? <ul><li>Exploitation of a vulnerability in the hosts’ file or DNS server software that allows a hacker to: </li></ul><ul><ul><li>Acquire the domain name for a site </li></ul></ul><ul><ul><li>Redirect that website’s traffic to another website </li></ul></ul><ul><li>For gaining access to usernames, passwords, etc. </li></ul>
  29. 29. Pharming Techniques <ul><li>The criminal uses a virus or Trojan to modify a user’s ‘Hosts’ file. </li></ul><ul><ul><li>OR </li></ul></ul><ul><li>The criminal sends out a spam for www.phishsite.com , and the message links to an illegitimate site. </li></ul><ul><ul><li>AND </li></ul></ul><ul><li>When the user opens the browser and enters the website address, they get sent to the phishing site instead. </li></ul>
  30. 30. Trojans
  31. 31. What is a Trojan? <ul><li>A malicious program that is disguised as a legitimate program. </li></ul><ul><li>Usually has a useful function that camouflages undesired functions. </li></ul><ul><li>Can not replicate or spread itself. </li></ul>
  32. 32. Why is it Called a Trojan? <ul><li>Derived from myth. </li></ul><ul><ul><li>Greeks left large wooden horse outside the city of Troy. </li></ul></ul><ul><ul><li>Trojans thought it was a gift and moved the horse inside the city wall. </li></ul></ul><ul><ul><li>The horse was hollow and filled with Greek soldiers. </li></ul></ul><ul><ul><li>Greek soldiers opened the city gates at night for the remaining army to attack. </li></ul></ul><ul><li>Application : Greeks gained malicious access to the city of Troy just like a Trojan program gains malicious access to your computer. </li></ul>
  33. 33. Example of a Trojan <ul><li>Program posted on a website: </li></ul><ul><ul><li>Called FREEMP3.EXE </li></ul></ul><ul><ul><li>Promise “free mp3 files” </li></ul></ul><ul><li>Instead, when run: </li></ul><ul><ul><li>Erases all the files on your computer </li></ul></ul><ul><ul><li>Displays a taunting message </li></ul></ul>
  34. 34. What Can a Trojan Do? <ul><li>Erase or overwrite data on a computer </li></ul><ul><li>Corrupt files in a subtle way </li></ul><ul><li>Spread other malware, such as viruses. In this case the Trojan horse is called a 'dropper'. </li></ul><ul><li>Set up networks of zombie computers in order to launch “Denial of Service” attacks or send out spam. </li></ul><ul><li>Spy on the user of a computer and covertly reports data like browsing habits to other people. </li></ul><ul><li>Log keystrokes to steal information such as passwords and credit card numbers. </li></ul><ul><li>Phish for bank or other account details. </li></ul><ul><li>Install a backdoor on a computer system. </li></ul>
  35. 35. Where Do Trojans Come From? <ul><li>Infected Programs </li></ul><ul><li>Websites </li></ul><ul><li>Email </li></ul><ul><li>Direct Connection to the Internet </li></ul>
  36. 36. Worms
  37. 37. What is a Worm? <ul><li>Computer program </li></ul><ul><ul><li>self-replicating </li></ul></ul><ul><ul><li>self-contained </li></ul></ul><ul><li>Designed to exploit: the file transmission capabilities on your computer </li></ul>
  38. 38. Why is it Called a Worm? <ul><li>Word taken from a 1970’s science fiction novel: </li></ul><ul><ul><li>The Shockwave Rider </li></ul></ul><ul><ul><ul><li>By John Brunner </li></ul></ul></ul><ul><li>Researchers found that their self-replicating program was similar to the worm program described in the book. </li></ul>
  39. 39. What Can a Worm Do? <ul><li>Delete files on a host system </li></ul><ul><li>Send documents via e-mail </li></ul><ul><li>Create excessive network traffic </li></ul><ul><li>Install a backdoor </li></ul>
  40. 40. What is a Backdoor? <ul><li>Method of remaining hidden on a computer while: </li></ul><ul><ul><li>bypassing normal authentication </li></ul></ul><ul><ul><li>Securing remote access to a computer </li></ul></ul><ul><li>Can be installed by a worm </li></ul>
  41. 41. What is a Zombie Computer? <ul><li>Computer attached to the internet that: </li></ul><ul><ul><li>Is under remote direction of an illegitimate user </li></ul></ul><ul><li>Check your computer </li></ul><ul><ul><li>www.ordb.org </li></ul></ul>
  42. 42. Zombie Computers & Spam <ul><li>Used to send e-mail spam </li></ul><ul><ul><li>50% to 80% of all spam worldwide is now sent by zombie computers. </li></ul></ul><ul><li>Allows spammers to: </li></ul><ul><ul><li>Avoid detection </li></ul></ul><ul><ul><li>Have zombie computers pay for their bandwidth. </li></ul></ul>
  43. 43. Suspicion = Prevention <ul><li>Best prevention is awareness </li></ul><ul><li>Be suspicious of everything to avoid: </li></ul><ul><ul><li>Spam </li></ul></ul><ul><ul><li>Viruses </li></ul></ul><ul><ul><li>Spyware </li></ul></ul><ul><ul><li>Phishing </li></ul></ul><ul><ul><li>Pharming </li></ul></ul><ul><ul><li>Trojans </li></ul></ul><ul><ul><li>Worms </li></ul></ul><ul><ul><li>Backdoors </li></ul></ul>

×