I.T Security Threats

This is not a beginner’s presentation. Audience who take this
presentation are expected to be experienced in M.S office,
Internet, LAN,O/S (Windows) & general P.C troubleshooting.
They are expected to understand I.T Security problems like
Virus, Spyware, Malware & Botnet and their Remedies.

Presenation done by uK
Mishra,Your coments will be

What is Information?

It is not an easy task to define what is really meaning of the term "information".
instinctively, information is sequence of symbols, which have some meaning to the
person receiving it. People communicate by exchanging information among them.
The importance of information can be valued quantitatively, depending on the
context. Sometimes information can be valued through monetary amount and that
aspect makes exchange of information very important in today's human society.


Information Age

The human society is undergoing a fundamental transformation: from an industrial
society to the information society. Information age technologies increasingly pervade
all industrial and societal activities and are accelerating the globalization of
economies.
World's industrial competitiveness, its jobs, its quality of life and the sustainability of
growth depend on it being at the leading edge of the development and take-up of
information age technologies. At the same time, the technologies underpinning the
development of the information society are in rapid evolution. Advances in
information processing and communication are opening up exciting new possibilities.
There is a shift from stand-alone systems to networked information and processes.


Information Age and the Internet
In the age when communications and media have tremendous impact on our
lives,
information and information technologies are becoming more and more important.
Internet as a “network of networks” is becoming the most popular media for the
information transfer. In the age of information everybody needs and uses
information. That is why Internet is not only a tool of the modern age, it is also its
symptom. Fast information exchange in almost every segment of our daily life
helped the Internet to move on from an oddity to the most popular medium.The
Internet is growing faster than previously thought. Internet’s user population is
growing 175 % per year
The Internet is going commercial. Saving money and energy is an essential part
of every business. That is why electronic commerce and on-line money making is
becoming more and more popular


IT SECURITY
Information security is the process of protecting information. It protects its availability,
privacy and integrity. Access to stored information on computer databases has increased
greatly. More companies store business and individual information on computer than
ever before. Much of the information stored is highly confidential and not for public
viewing.
Information security means guarding information and information systems against
unauthorized access, disruption, disclosure, modification, use or destruction.
Many businesses are solely based on information stored in computers. Personal staff
details, client lists, salaries, bank account details, marketing and sales information may
all be stored on a database. Without this information, it would often be very hard for a
business to operate. Information security systems need to be implemented to protect this
information


Types of Threats
1. Adware
Adware, or advertising-supported software, displays advertising banners or pop-ups
on your computer when you use the application. This is not necessarily a bad thing.
Such advertising can fund the development of useful software, which is then
distributed free (for example, the Opera web browser).
•installs itself on your computer without your consent
•installs itself in applications other than the one it came with and
displays advertising
when you use those applications
•hijacks your web browser in order to display more ads (see Browser
hijackers)
•gathers data on your web browsing without your consent and sends it
to others via
the internet (see Spyware)

•is designed to be difficult to uninstall .
Adware can slow down your PC. It can also slow down your internet connection by
downloading advertisements. Sometimes programming flaws in the adware can make
your computer unstable.
Advertising pop-ups can also distract you and waste your time if they have to be closed
before you can continue using yourPresenation done by uK
PC.

2. Backdoor Trojans
A backdoor Trojan allows someone to take control of another user’s
computer via the internet without their permission.
A backdoor Trojan may pose as legitimate software, just as other Trojan horse programs
do, so that users run it. Alternatively – as is now increasingly common – users may
allow Trojans onto their computer by following a link in spam mail.
Once the Trojan is run, it adds itself to the computer’s startup routine. It can then
monitor the computer until the user is connected to the internet. When the computer
goes online, the person who sent the Trojan can perform many actions – for example,
run programs on the infected computer, access personal files, modify and upload files,
track the user’s keystrokes, or send out spam mail

Examples
Trojan-Spy.HTML.Smitfraud.c [Kaspersky], Phish-BankFraud.eml.a [McAfee],
Trj/Citifraud.A [Panda coments will be
Mishra,Your Software], generic5 [AVG

3. Bluejacking
Bluejacking is sending anonymous, unwanted messages to other users
with Bluetooth-enabled mobile phones or laptops.
Bluejacking depends on the ability of Bluetooth phones to detect and contact other
Bluetooth devices nearby. The Bluejacker uses a feature originally intended for
exchanging contact details or “electronic business cards”. He or she adds a new
entry
in the phone’s address book, types in a message, and chooses to send it via
Bluetooth.
The phone searches for other Bluetooth phones and, if it fi nds one, sends the
message


4. Bluesnarfing

Bluesnarfing is the theft of data from a Bluetooth phone.
Like Bluejacking, Bluesnarfing depends on the ability of Bluetooth-enabled devices to
detect and contact others nearby.
In theory, a Bluetooth user running the right software on their laptop can discover a
nearby phone, connect to it without your confirmation, and download your phonebook,
pictures of contacts and calendar.
Your mobile phone’s serial number Presenation be downloaded and used to clone the
can also done by uK
phone. Mishra,Your coments will be

5. Boot Sector Viruses
Boot sector viruses spread by modifying the program that enables your
computer to start up.
When you switch on a computer, the hardware looks for the boot sector program –
which is usually on the hard disk, but can be on a floppy disk or CD – and runs it.
This
program then loads the rest of the operating system into memory.
A boot sector virus replaces the original boot sector with its own, modified version
(and
usually hides the original somewhere else on the hard disk). When you next start up,
the infected boot sector is used and the virus becomes active


6. Browser Hijackers
Browser hijackers change the default home and search pages in your
internet browser.Some websites run a script that changes the settings in your browser
without your permission. This hijacker can add shortcuts to your “Favorites” folder or,
more seriously,can change the page that is first displayed when you open the browser


7. Chain Letters
An electronic chain letter is an email that urges you to forward copies
to other people.Chain letters, like virus hoaxes, depend on you, rather than on
computer code, to propagate themselves.
The main types are:
1. Hoaxes about terrorist attacks, premium-rate phone line scams, thefts from
ATMs and so forth.
2. False claims that companies are offering free flights, free mobile phones,
or cash rewards if you forward email.
3. Petitions. Even if genuine, they continue to circulate long after their expiry
date.
4. Jokes and pranks, e.g. the claim that the internet would be closed for
maintenance
on 1 April.

The solution to the Mishra,Your coments will be
chain letter problem is simple: don’t forward such mail

8. Denial of Service attack(DoS)

denial-of-service (DoS) attack prevents users from accessing a computer or
website.
In a DoS attack, a hacker attempts to overload or shut down a computer, so that
legitimate users can no longer access it. Typical DoS attacks target web servers
and aim to make websites unavailable. No data is stolen or compromised, but the
interruption to the service can be costly for a company.
The most common type of DoS attack involves sending more traffic to a computer than
it can handle. Rudimentary methods include sending outsized data packets or sending
email attachments with names that are longer than permitted by the mail programs


9. Cookies

Cookies are files on your computer that enable websites to remember
your details.
When you visit a website, it can place a fi le called a cookie on your computer. This
enables the website to remember your details and track your visits. Cookies can be a
threat to confidentiality, but not to your data.
Cookies were designed to be helpful. For example, if you submit your ID when you visit
a website, a cookie can store this data, so that you don’t have to re-enter it next time.
Cookies also have benefits for webmasters, as they show which web pages are well used,
providing useful input when planning a redesign of the site.
If you prefer to remain anonymous, use the security settings on your internet browser to
disable cookies.


10. Dialers

Dialers change the number used for dial-up internet access to a premium-rate
number.
Dialers are not always malicious. Legitimate companies that offer downloads or games
may expect you to use a premium-rate line to access their services. A pop-up prompts
you to download the dialer and tells you how much calls will cost.
Other dialers may install themselves without your knowledge when you click on a
pop-up message (for example, a message warning you about a virus on your computer
and offering a solution). These do not offer access to any special services – they simply
divert your connection so that you access the internet via a premium-rate number


11. Document Viruses

Document or “macro” viruses take advantage of macros – commands that are
embedded in files and run automatically.
Many applications, such as word processing and spreadsheet programs, use
macros.
A macro virus is a macro program that can copy itself and spread from one file to
another. If you open a file that contains a macro virus, the virus copies itself into the
application’s startup files. The computer is now infected.


12. Email Viruses

Many of the most creative viruses distribute themselves automatically by email.
Typically, email-aware viruses depend on the user double-clicking on an attachment.
This runs the malicious code, which will then mail itself to other people from that
computer. The Netsky virus, for example, searches the computer for files that may
contain email addresses, and then uses the email client on your computer to send
itself to those addresses. Some viruses, like Sobig-F, don’t even need to use your email
client; they include their own “SMTP engine” for constructing and sending the email
messages.

Even an attachment that appears to be a safe type of file, e.g. a file with a .txt
extension, can pose a threat. That file may be a malicious VBS script with the real file
type (.vbs) hidden from view


13. Internet Worms

Worms are programs that create copies of themselves and spread via internet
connections.
Worms differ from computer viruses because they can propagate themselves, rather
than using a carrier program or file. They simply create exact copies of themselves and
use communication between computers to spread.
Internet worms can travel between connected computers by exploiting security “holes”
in the computer’s operating system. The Blaster worm, for example, takes advantage of
a weakness in the Remote Procedure Call service that runs on unpatched Windows NT,
2000 and XP computers and uses it to send a copy of itself to another computer


14. Mousetrapping
Mouse trapping prevents you from leaving a website.
If you are redirected to a bogus website, you may find that you cannot quit with the
back or close buttons. In some cases, entering a new web address does not enable
you
to escape either.
The site that mousetraps you will either not allow you to visit another address, or will
open another browser window displaying the same site. Some mousetraps let you quit
after a number of attempts, but others do not. To escape, use a bookmark or
“Favorite”, or open the list of recently-visited addresses
and select the next-to-last. You can also press Ctrl+Alt+Del and use the Task Manager
to shut down the browser or, if that fails, restart the computer.
To reduce the risk of mousetrapping, you can disable Javascript in your internet
browser. This prevents you from being trapped at sites that use this script, but it also
affects the look and feel of websites.


15. Obfuscated spam
Obfuscated spam is email that has been disguised in an attempt to fool anti-
spam software.
Spammers are constantly trying to find ways to modify or conceal their messages
so that
your anti-spam software can’t read them, but you can.
The simplest example of this “obfuscation” is putting spaces between the letters of
words, hoping that anti-spam software will not read the letters as one word, for
example
VIAGRA
Another common technique is to use misspellings or non-standard characters, for
example
V!agra


16. Parasitic viruses
Pharming redirects you from a legitimate website to a bogus copy, allowing
criminals to steal the information you enter.
Pharming exploits the way that website addresses are composed.
Each computer on the internet has a numerical “IP address”, e.g. 127.0.0.1.
However,
these are not easy to remember, so web addresses also have a domain name, like
sophos.com. Every time you type in an address, the domain name has to be turned
back into the IP address. A DNS or Domain Name Server on the internet handles
this,
unless a “local host file” on your computer has already done it
To avoid pharming, make sure that you use secure web connections when you
access
sensitive sites. Just look for the https:// prefix in the web address. If a hacker tries to
mimic a secure site, a message will warn you that the site’s certificate does not
match
the address being visited.


17. Page-jacking
Page-jacking is the use of replicas of reputable web pages to catch users and
redirect them to other websites.
Scammers copy pages from an established website and put them on a new site that
appears to be legitimate. They register this new site with major search engines, so that
users doing a search find and follow links to it. When the user arrives at the website,
they are automatically redirected to a different site that displays advertising or offers
of different services. They may also find that they cannot escape from the site without
restarting their computer (just like mousetrapping).


18. Phishing
Phishing is the use of bogus emails and websites to trick you into supplying
confi dential or personal information.
Typically, you receive an email that appears to come from a reputable organization,
such as a bank. The email includes what appears to be a link to the organization’s
website. However, if you follow the link, you are connected to a replica of the
website.
Any details you enter, such as account numbers, PINs or passwords, can be stolen
and
used by the hackers who created the bogus site.


19.Botnet
A botnet or robot network is a group of computers running a computer application
controlled and manipulated only by the owner or the software source. The botnet may
refer to a legitimate network of several computers that share program processing
amongst them.
Different Types of Bots

XtremBot, Agobot, Forbot, Phatbot.

Botnets may range from one thousand drones to tens of thousands of drones.
The larger the botnet, the more recognition and potential there is for financial
gain. The source computer can rent services of the botnet to third parties.
Common uses of botnets include:
• Spamming – After taking advantage of a victims’ computer systems, the
botnet commander may use the drones to harvest email addresses and send
spam or phishing mails.


• Traffic Monitoring – The malware may also be created for the discovery and
interception of sensitive data passing through a drone machine. Such malware
would sniff for user IDs and passwords.
• Denial of Service Attacks – This refers to an attempt to make resources
unavailable to its users. For example, the botnet may attack a network in order to
disrupt a service through overloading the resources of the drone’s computer system.
Such attacks may be carried out to disable the web site of a competitor.
• Keylogging – Some bots install keylogging programs in drone computers. Such
programs filter for key sequences that come before or after keywords such as
“Gmail” or “PayPal.”
• Mass Identity Theft – Such thefts are often attributed to botnet attacks. This may
be a phishing attack, in which the perpetrator presents himself as a legitimate
company in order to obtain personal information, such as user IDs, account
numbers or passwords.
• Botnet Spread – Drones in the network are often used to spread other botnets to
other computers.
• Pay-per-Click Systems Abuse – Drone machines can be used to automatically
click on a site upon browser activation. By artificially increasing the click counter of
an ad, the botnet commander may benefit from Google Adsense, or other affiliate
programs.

20.Malware

Malware is an abbreviated term used to describe a "malicious
software" program. Malware includes things like spyware or adware
programs, such as tracking cookies, which are used to monitor your
surfing habits. It also includes more sinister items, such as
keyloggers, Trojan horses, worms, and viruses.


21 Spyware

Spyware refers to programs that use your Internet
connection to send information from your personal
computer to some other computer, normally without your
knowledge or permission. Most often this information is a
record of your ongoing browsing habits, downloads, or it
could be more personal data like your name and address
Some programs that have included spyware, like
RealPlayer, disclose this information in their terms and
conditions when RealPlayer is installed, though most
users don't read the terms and conditions when they
install software, particularly if it is free. KaZaA, a free file
sharing program, also includes spyware and there are
many others.


It is estimated that 90% of all computers on the Internet are infected with spyware.
Some telltale signs of spyware infection are:
•Your computer slows to a crawl due to several spyware programs using up your
memory resources.
•Advertisements pop up even when you are offline.
•You click on a link to go to one site, but your browser gets hijacked and you end
up at another site.
•Your computer is dialing up numbers on its own that show up on your phone bill.
•When you enter a search item, a new and unexpected site handles the search.
•Your bookmarks change on their own.
•You click your Home button but it takes you to a new site, and when you switch
the setting back, the new site appears again anyway.
•You get pop-up ads that address you by name even when you have not visited
site at which you have registered.


22.Social Media
A number of well-reputed social networking and Web 2.0 sites were
compromised in 2007. The hackers are able to glean very specific
information from site such as LinkedIn and Facebook and then use it to
disguise their attacks as friendly and authentic solicitations. Given the
popularity and interactivity of the social media sites, they tend to
expose their users to cyber criminals in nearly the same way as Instant
Messaging. We believe that Social Media sites will be one of the top 5
vulnerabilities in 2008

Social networking sites are ideal havens for online criminal activities as they
provide a combination of two key factors: a huge number of users and a high-
level of trust among these users,

Demerits.
1. Malware, 2. Spam, 3. Targeted attack through employees, 4. Phishing, 5.
Human error, leading to leaked corporate data.

Prevention better than cure
Despite the security risks social networks can bring into a
corporate environment, So disabling access to such sites is
not the best option as more and more businesses rely on
these tools to support their daily operations.
Enterprises then need to make sure its employees are
educated about security threats related to social networking
sites, and implement a comprehensive access and data
control strategy to prevent data loss.
"If the enterprise can govern the access of information to
only the right employees, loss of data by the attackers
getting into the network could be minimized," Organizations
can reap the benefits of social and business networking
online, while keeping the fraudsters at bay."


23.VoIP

With over 250 million Skype users today, and research that estimates 1.2 billion
VoIP users by 2012, the cyber criminals have found a large, attractive and easy
target. More than twice the number of VoIP-related vulnerabilities were reported in
2007 versus the previous year—several high-profile “vishing” attacks, and a
criminal phreaking (or fraud) conviction—so it’s clear that VoIP threats have arrived
and there’s no sign of a slowdown


24.Instant Messaging

The National Vulnerability Database reports more than twice the number of AIM
(AOL), YIM (Yahoo), and MSN Messenger vulnerabilities for 2007 over the prior
year. Even more significant is the finding that there were 10 high-severity risks in
2007, compared with zero in 2006. That’s not all, the top IM virus families of 2005
through 2007 are actively being replace with new and multiple versions making
signature based products ineffective. Although IM malware has existed for years, it is
likely that the cyber criminals will chose this avenue to attack un-protected PCs.


Q&A


Thank You


I.T Security Threats

More Related Content

What's hot

Viewers also liked

Similar to I.T Security Threats

I.T Security Threats