SlideShare a Scribd company logo

Thou shalt not

Download as PPT, PDF
T
taftosterone

Old Testament-style Exhortation about malware and viruses.

1 of 28
“Thou Shalt Not” The Moses Guide to Internet Security By Devin Christensen
TSN Install Spyware! • “According to a new report from EarthLink and Webroot Software, there's an average of almost 28 spyware programs running on each computer. More serious, Trojan horse or system monitoring programs were found on more than 30 percent of all systems scanned, raising fears of identity theft. • “The report presents the results of scans of over 1 million Internet- connected computers. Many of the 29 million spyware programs that were found were harmless "adware" programs that display advertising banners or track Web surfing behaviors. However, the companies also found more than 300,000 instances of programs that are capable of stealing personal information or providing unauthorized access to computers, the companies say.”—Paul Roberts (PCWorld)
Spyware Attack Vectors "I LOVE GATOR! It is the GREATEST! I love how it remembers and fills in all of my passwords at the various websites that I visit. And of course I also love how it fills in the forms for me. I also love GATOR because it is very easy to use. I learned how to use it in seconds. GATOR RULES!" Thanks, DF Las Vegas, Nevada
What Else Does Gator Do? • Gator (iegator.dll and others) Gator is the main software, which autocompletes Web forms [which is completely unnecessary]... • OfferCompanion This is the advertising spyware module. It is responsible for spying on your Web browsing habits, downloading and displaying pop-up ads, and transmitting (personal?) information to Gator. • Trickler (fsg.exe, fsg-ag.exe, fsg*.exe) Trickler is an "install stub", a small program that is installed with the application you really wanted. (Gator almost always appears on your system due to installing OTHER software, and not the installer available from Gator's website.) When installed, Trickler inserts a Run key in your Registry so that it is silently and automatically loaded every time you start your computer. Trickler runs hidden and very slowly downloads the rest of Gator/OfferCompanion onto your system. It is suggested that this "trickling" activity is intended to slip under the user's radar, the steady, low usage of bandwidth going unnoticed (cexx.org).
Attack Vectors [cont] Antivirus company Symantec last week reported the presence of "spyware" bundled with Grokster and Limewire, two popular file-swapping downloads. The code evidently does not damage computers, but it surreptitiously sends personal information such as user ID names and the Internet address of computers to another Web address. Advertising software called "Clicktilluwin" that comes bundled with the file-swapping programs carries a program called "W32.DIDer," which Symantec has classified as a Trojan horse-- a piece of code that takes over parts of a person's computer unseen in order to carry out its own instructions. (news.com)
Attack Vectors [cont] From: Unsuspecting Person [unsuspecting@comcast.net] RE: Spyware - Virtual Bouncer - installed on PC as trial - getting more popup ads than ever - unable to remove software from PC I mistakenly allowed spyware/virtual bouncer to install its software on my computer on a trial basis to remove popup ads and detect parasites. Before the trial was over, I seemed to be get more popup ads than ever...I decided not to purchase the software. Despite numerous attempts to remove the software from my computer, it finds its way back when I log on to my computer, reminding me to register and purchase the software. It's now acting like a parasite that I was trying to remove!!!! I've contacted the computer [company] several times but no one there has offered any real solution to address my issue.
So... What To Do (Preemptive)? 1. Cultivate an attitude of distrust! 2. Know that Nothing is Free! 3. Unless you’re willing to read the entire license agreement very carefully, Do Not Install Freeware! 4. Beware of the peer-to-peer services. They’ve got to make $$ somehow!
What do I do?
What do I do?
I Failed to “Shalt Notted” What do I do Now? 1. Blood Sacrifice is still probably avoidable… 2. Start | All Programs (XP) or Programs (Win2k)| Spybot Search & Destroy. 3. If this does not exist, double-click on My Computer & navigate to T:Spybotspybotsd1.3.exe. Follow the prompts to install Spybot.
I Failed to “Shalt Notted”[cont]! 4. Update Spybot by clicking on ‘Search For Updates’:
I Failed to “Shalt Notted”[cont]! 5. Now ‘Check for problems’. [Note: This can take a while as there are about 17,000 bad boys out there now...]
I’ve Got 65 Problems!
I Failed to “Shalt Notted”[cont]! 5. Now ‘Fix Selected Problems’. [Note: This might render some of your ‘freeware’ inoperable...] 6. If some of the malware is ‘resident’ in your operating system’s memory (i.e., it is running at the time), Spybot will not be able to fix this issue, and you may continue to get popups and general system instability. 7. For this you will need to call me.
Conclusion • Freeware is seldom Free (unless you are using Linux...) • If it is not worth it to you to read the entire license agreement (maybe 10-15 minutes), it is definitely not worth my 60+ minutes trying to get all the spyware off afterwards! • If you wish to install something, call me first and I will check it out! • Otherwise, Choose X or No or Cancel! • And if you don’t, yes, odds are we will remain friends afterward...
TSN Execute Viruses! • Mass Emailing Viruses & Hoaxes • File Sharing Programs
Mailing Tactics • Interesting Attachments – AnnaKournikova.jpg.vbs • Interesting Subjects – New bonus in your cash account – [Fwd: look] ;-) • Good Samaritan Abuse – Please Help me with Script!! – Leukemia: Please Forward
Mailing Tactics [Cont] • Panic Attack IMPORTANT, URGENT - ALL SEEING EYE VIRUS! PASS THIS ON TO ANYONE YOU HAVE AN E-MAIL ADDRESS FOR. If you receive an email titled "We Are Watching You!" DO NOT OPEN IT! It will erase everything on your hard drive. This information was announced yesterday morning from IBM, FBI and Microsoft states that this is a very dangerous and malicious virus, much worse than the "I Love You," virus and that there is NO remedy for it at this time.
FileSharing Tactics – C:Program FilesKaZaAMy Shared Folder – C:Program FilesICQshared files – C:Program FilesEdonkey2000Incoming – C:Program FilesBearshareShared – C:Program FilesMorpheusMy Shared Folder – C:Program FilesGroksterMy Grokster
What are they Appealing To? El Mejor Sexo.pif KaZaA Antivirus Era 2003.exe UnTouChabLeS KoRn.scr New Morpheus Edition 2003.exe Deftones Live in concert.scr Xbox Emulator V2.1.exe Play2 All Tricks BoX.pif Gatorade Screen Saver.scr THE EMINEM SHOW.pif
And What Else Do They Do... 1. Scan your entire hard drive and any network drives for email addresses 2. Intentionally corrupt common document types (Excel, Word, etc.). 3. Disable virus protection & prevent liveupdates. 4. Disable Personal Firewalls 5. Copy themselves all over your hard drive. 6. Render an operating system unusable.
So What Do We Do? • First, Be Aware of What I do: – Every Night at 11:00 PM I have a server go out & get the latest virus updates. Every machine in the building will get these definitions within the hour. – The Bottom Line: Your Protection is Current! – If a really bad virus appears on the radar screen, I will send out an alert email.
Nonetheless... Inevitably there will be a gap between the creation of a virus, its identification when out in the wild, and the creation of a filter to detect it. • Therefore, se precisa que: – Never (and Never does mean Never) open an attachment unless you are explicitly expecting the exact attachment from the exact individual who has sent it to you. *And the Extension (.pdf, .xls, .doc) must match the kind of file you are expecting!
Nonetheless [continued]... • Se precisa que: [cont] – We never open ANY attachment that ends in: • .com • .exe • .pif • .vbs • .scr – In our own emails we explicitly identify the attachment we are intentionally sending (i.e., “I have attached an excel/word/pdf document detailing...”). This is known as “good netiquette”.
Nonetheless [continued]... • Also, though this is lamentable, our instinct must be one of distrust! • “Unless it is a Known Good, it must be considered to be bad.” • Distrust all executables. • Be aware that all filesharing services are delivery mechanisms for many modern viruses.
Conclusion • Never open the unknown attachment, even when it is coming from an associate. • Do not forward the hoax (they always ask you to do just this!). If forward you must, forward it to me first!! • All executables (.exe, .com, .pif, .vbs) are to be distrusted! Absolutely!
Various “Shalts” • TS Save onto the “S” Drive. • TS keep critical data in more than one place (particularly if one of the places is a floppy, or, worse yet, a zip disk). • TS “stop” USB flash drives before removing them. • TS Lock your computer when you leave it for prolonged amounts of time [ctrl-alt-del | enter].
Any Q’s?

Recommended

Hack the book Mini
Hack the book MiniHack the book Mini
Hack the book MiniKhairi Aiman
 
Hackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeHackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeUtkarsh Sengar
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationJeff Zahn
 
14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses14 household ways to protect your computer from viruses
14 household ways to protect your computer from virusesar-rifke.com
 
Spyware
SpywareSpyware
Spywarenorazokkar
 
How to protect your computer from viruses.
How to protect your computer from viruses.How to protect your computer from viruses.
How to protect your computer from viruses.Acageron
 
Information of Virus
Information of VirusInformation of Virus
Information of Virusjazz_306
 

Recommended

Hack the book Mini
Hack the book MiniHack the book Mini
Hack the book MiniKhairi Aiman
 
Hackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeHackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeUtkarsh Sengar
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
 
Thane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationThane Barnier MACE 2016 presentation
Thane Barnier MACE 2016 presentationJeff Zahn
 
14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses14 household ways to protect your computer from viruses
14 household ways to protect your computer from virusesar-rifke.com
 
Spyware
SpywareSpyware
Spywarenorazokkar
 
How to protect your computer from viruses.
How to protect your computer from viruses.How to protect your computer from viruses.
How to protect your computer from viruses.Acageron
 
Information of Virus
Information of VirusInformation of Virus
Information of Virusjazz_306
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineeringTiago Henriques
 
Dosearches virus removal
Dosearches virus removalDosearches virus removal
Dosearches virus removalsakthiprime2
 
Virus presentation1
Virus presentation1Virus presentation1
Virus presentation1Sameep Sood
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineJinger Jarrett
 
Information security
Information securityInformation security
Information securityJAMEEL AHMED KHOSO
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100737728_ahmed
 
Computer virus
Computer virus Computer virus
Computer virus AshishVasan
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you thinkNathan Winters
 
Viruses and antiviruses
Viruses and antivirusesViruses and antiviruses
Viruses and antivirusesSarhad Baez
 
Computer Viruses
Computer VirusesComputer Viruses
Computer VirusesMikaPriya
 
Malware and malicious programs
Malware and malicious programsMalware and malicious programs
Malware and malicious programsAmmar Hasayen
 
Viruses, Spyware, and Internet Security
Viruses, Spyware, and Internet SecurityViruses, Spyware, and Internet Security
Viruses, Spyware, and Internet Securityinternetsecurity201002
 
Computer viruses. - Free Online Library
Computer viruses. - Free Online LibraryComputer viruses. - Free Online Library
Computer viruses. - Free Online Librarywirelessbroadbandinternet57
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedZoltan Balazs
 
Linux
LinuxLinux
LinuxYara Shousha
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Bruce Wolfe
 
Defending Against Botnets
Defending Against BotnetsDefending Against Botnets
Defending Against BotnetsJim Lippard
 
How safe is your computer?
How safe is your computer?How safe is your computer?
How safe is your computer?Sunjoonah Kambbs
 
Iloveyou virus
Iloveyou virusIloveyou virus
Iloveyou virusssuser1eca7d
 
Artist tech rider
Artist tech riderArtist tech rider
Artist tech riderfreemusiccontracts
 
Corporate identity mix with assignment v2
Corporate identity mix with assignment v2Corporate identity mix with assignment v2
Corporate identity mix with assignment v2Communication Knowledge Center
 

More Related Content

What's hot

Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineeringTiago Henriques
 
Dosearches virus removal
Dosearches virus removalDosearches virus removal
Dosearches virus removalsakthiprime2
 
Virus presentation1
Virus presentation1Virus presentation1
Virus presentation1Sameep Sood
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineJinger Jarrett
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you thinkNathan Winters
 
Viruses and antiviruses
Viruses and antivirusesViruses and antiviruses
Viruses and antivirusesSarhad Baez
 
Computer Viruses
Computer VirusesComputer Viruses
Computer VirusesMikaPriya
 
Malware and malicious programs
Malware and malicious programsMalware and malicious programs
Malware and malicious programsAmmar Hasayen
 
Viruses, Spyware, and Internet Security
Viruses, Spyware, and Internet SecurityViruses, Spyware, and Internet Security
Viruses, Spyware, and Internet Securityinternetsecurity201002
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedZoltan Balazs
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Bruce Wolfe
 
Defending Against Botnets
Defending Against BotnetsDefending Against Botnets
Defending Against BotnetsJim Lippard
 
How safe is your computer?
How safe is your computer?How safe is your computer?
How safe is your computer?Sunjoonah Kambbs
 

What's hot (20)

Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
 
Dosearches virus removal
Dosearches virus removalDosearches virus removal
Dosearches virus removal
 
Virus presentation1
Virus presentation1Virus presentation1
Virus presentation1
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
 
Information security
Information securityInformation security
Information security
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
Computer virus
Computer virus Computer virus
Computer virus
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you think
 
Viruses and antiviruses
Viruses and antivirusesViruses and antiviruses
Viruses and antiviruses
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Malware and malicious programs
Malware and malicious programsMalware and malicious programs
Malware and malicious programs
 
Viruses, Spyware, and Internet Security
Viruses, Spyware, and Internet SecurityViruses, Spyware, and Internet Security
Viruses, Spyware, and Internet Security
 
Computer viruses. - Free Online Library
Computer viruses. - Free Online LibraryComputer viruses. - Free Online Library
Computer viruses. - Free Online Library
 
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automatedTest & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automated
 
Linux
LinuxLinux
Linux
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?
 
Defending Against Botnets
Defending Against BotnetsDefending Against Botnets
Defending Against Botnets
 
How safe is your computer?
How safe is your computer?How safe is your computer?
How safe is your computer?
 
Iloveyou virus
Iloveyou virusIloveyou virus
Iloveyou virus
 

Viewers also liked

Corporate image and identity
Corporate image and identityCorporate image and identity
Corporate image and identityBorna Roy
 
Logo? Identity? Brand? - Getting the right idea & Getting the idea right
Logo? Identity? Brand? - Getting the right idea & Getting the idea rightLogo? Identity? Brand? - Getting the right idea & Getting the idea right
Logo? Identity? Brand? - Getting the right idea & Getting the idea rightZwan Tb
 
Kapferer Model Brand Identity Prism
Kapferer Model Brand Identity PrismKapferer Model Brand Identity Prism
Kapferer Model Brand Identity Prismnitin59
 
Marketing mix the 7 p's of marketing
Marketing mix the 7 p's of marketingMarketing mix the 7 p's of marketing
Marketing mix the 7 p's of marketingEli Santos
 

Viewers also liked (7)

Artist tech rider
Artist tech riderArtist tech rider
Artist tech rider
 
Corporate identity mix with assignment v2
Corporate identity mix with assignment v2Corporate identity mix with assignment v2
Corporate identity mix with assignment v2
 
Brand Identity
Brand IdentityBrand Identity
Brand Identity
 
Corporate image and identity
Corporate image and identityCorporate image and identity
Corporate image and identity
 
Logo? Identity? Brand? - Getting the right idea & Getting the idea right
Logo? Identity? Brand? - Getting the right idea & Getting the idea rightLogo? Identity? Brand? - Getting the right idea & Getting the idea right
Logo? Identity? Brand? - Getting the right idea & Getting the idea right
 
Kapferer Model Brand Identity Prism
Kapferer Model Brand Identity PrismKapferer Model Brand Identity Prism
Kapferer Model Brand Identity Prism
 
Marketing mix the 7 p's of marketing
Marketing mix the 7 p's of marketingMarketing mix the 7 p's of marketing
Marketing mix the 7 p's of marketing
 

Similar to Thou shalt not

How Computer Viruses Work
How Computer Viruses WorkHow Computer Viruses Work
How Computer Viruses WorkCerise Anderson
 
Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Joel May
 
Safety Plano Library June 4 Main
Safety Plano Library June 4 MainSafety Plano Library June 4 Main
Safety Plano Library June 4 Mainsmeech
 
Computer Malware
Computer MalwareComputer Malware
Computer Malwareaztechtchr
 
Trojan horsies prez
Trojan horsies prezTrojan horsies prez
Trojan horsies prezStudio Sheen
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Remove Clickhoofind.com
Remove Clickhoofind.com Remove Clickhoofind.com
Remove Clickhoofind.comkingh05
 
Remove Coup alert
Remove Coup alert Remove Coup alert
Remove Coup alertkingh05
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)ainizbahari97
 
How To Protect Your Home PC
How To Protect Your Home PCHow To Protect Your Home PC
How To Protect Your Home PCthatfunguygeek
 
ransomware presentation in detail explaination
ransomware presentation in detail explainationransomware presentation in detail explaination
ransomware presentation in detail explainationsr99536254
 
ratzan2.ppt
ratzan2.pptratzan2.ppt
ratzan2.pptamyray28
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 

Similar to Thou shalt not (20)

Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your Enemies
 
How Computer Viruses Work
How Computer Viruses WorkHow Computer Viruses Work
How Computer Viruses Work
 
Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!
 
Safety Plano Library June 4 Main
Safety Plano Library June 4 MainSafety Plano Library June 4 Main
Safety Plano Library June 4 Main
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
 
Computervirus
Computervirus Computervirus
Computervirus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Trojan horsies prez
Trojan horsies prezTrojan horsies prez
Trojan horsies prez
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
 
Remove Clickhoofind.com
Remove Clickhoofind.com Remove Clickhoofind.com
Remove Clickhoofind.com
 
Remove Coup alert
Remove Coup alert Remove Coup alert
Remove Coup alert
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
 
How To Protect Your Home PC
How To Protect Your Home PCHow To Protect Your Home PC
How To Protect Your Home PC
 
ransomware presentation in detail explaination
ransomware presentation in detail explainationransomware presentation in detail explaination
ransomware presentation in detail explaination
 
ratzan2.ppt
ratzan2.pptratzan2.ppt
ratzan2.ppt
 
How to-remove- virus
How to-remove- virusHow to-remove- virus
How to-remove- virus
 
anti_virus
anti_virusanti_virus
anti_virus
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 

Thou shalt not

  • 1. “Thou Shalt Not” The Moses Guide to Internet Security By Devin Christensen
  • 2. TSN Install Spyware! • “According to a new report from EarthLink and Webroot Software, there's an average of almost 28 spyware programs running on each computer. More serious, Trojan horse or system monitoring programs were found on more than 30 percent of all systems scanned, raising fears of identity theft. • “The report presents the results of scans of over 1 million Internet- connected computers. Many of the 29 million spyware programs that were found were harmless "adware" programs that display advertising banners or track Web surfing behaviors. However, the companies also found more than 300,000 instances of programs that are capable of stealing personal information or providing unauthorized access to computers, the companies say.”—Paul Roberts (PCWorld)
  • 3. Spyware Attack Vectors "I LOVE GATOR! It is the GREATEST! I love how it remembers and fills in all of my passwords at the various websites that I visit. And of course I also love how it fills in the forms for me. I also love GATOR because it is very easy to use. I learned how to use it in seconds. GATOR RULES!" Thanks, DF Las Vegas, Nevada
  • 4. What Else Does Gator Do? • Gator (iegator.dll and others) Gator is the main software, which autocompletes Web forms [which is completely unnecessary]... • OfferCompanion This is the advertising spyware module. It is responsible for spying on your Web browsing habits, downloading and displaying pop-up ads, and transmitting (personal?) information to Gator. • Trickler (fsg.exe, fsg-ag.exe, fsg*.exe) Trickler is an "install stub", a small program that is installed with the application you really wanted. (Gator almost always appears on your system due to installing OTHER software, and not the installer available from Gator's website.) When installed, Trickler inserts a Run key in your Registry so that it is silently and automatically loaded every time you start your computer. Trickler runs hidden and very slowly downloads the rest of Gator/OfferCompanion onto your system. It is suggested that this "trickling" activity is intended to slip under the user's radar, the steady, low usage of bandwidth going unnoticed (cexx.org).
  • 5. Attack Vectors [cont] Antivirus company Symantec last week reported the presence of "spyware" bundled with Grokster and Limewire, two popular file-swapping downloads. The code evidently does not damage computers, but it surreptitiously sends personal information such as user ID names and the Internet address of computers to another Web address. Advertising software called "Clicktilluwin" that comes bundled with the file-swapping programs carries a program called "W32.DIDer," which Symantec has classified as a Trojan horse-- a piece of code that takes over parts of a person's computer unseen in order to carry out its own instructions. (news.com)
  • 6. Attack Vectors [cont] From: Unsuspecting Person [unsuspecting@comcast.net] RE: Spyware - Virtual Bouncer - installed on PC as trial - getting more popup ads than ever - unable to remove software from PC I mistakenly allowed spyware/virtual bouncer to install its software on my computer on a trial basis to remove popup ads and detect parasites. Before the trial was over, I seemed to be get more popup ads than ever...I decided not to purchase the software. Despite numerous attempts to remove the software from my computer, it finds its way back when I log on to my computer, reminding me to register and purchase the software. It's now acting like a parasite that I was trying to remove!!!! I've contacted the computer [company] several times but no one there has offered any real solution to address my issue.
  • 7. So... What To Do (Preemptive)? 1. Cultivate an attitude of distrust! 2. Know that Nothing is Free! 3. Unless you’re willing to read the entire license agreement very carefully, Do Not Install Freeware! 4. Beware of the peer-to-peer services. They’ve got to make $$ somehow!
  • 8. What do I do?
  • 9. What do I do?
  • 10. I Failed to “Shalt Notted” What do I do Now? 1. Blood Sacrifice is still probably avoidable… 2. Start | All Programs (XP) or Programs (Win2k)| Spybot Search & Destroy. 3. If this does not exist, double-click on My Computer & navigate to T:Spybotspybotsd1.3.exe. Follow the prompts to install Spybot.
  • 11. I Failed to “Shalt Notted”[cont]! 4. Update Spybot by clicking on ‘Search For Updates’:
  • 12. I Failed to “Shalt Notted”[cont]! 5. Now ‘Check for problems’. [Note: This can take a while as there are about 17,000 bad boys out there now...]
  • 13. I’ve Got 65 Problems!
  • 14. I Failed to “Shalt Notted”[cont]! 5. Now ‘Fix Selected Problems’. [Note: This might render some of your ‘freeware’ inoperable...] 6. If some of the malware is ‘resident’ in your operating system’s memory (i.e., it is running at the time), Spybot will not be able to fix this issue, and you may continue to get popups and general system instability. 7. For this you will need to call me.
  • 15. Conclusion • Freeware is seldom Free (unless you are using Linux...) • If it is not worth it to you to read the entire license agreement (maybe 10-15 minutes), it is definitely not worth my 60+ minutes trying to get all the spyware off afterwards! • If you wish to install something, call me first and I will check it out! • Otherwise, Choose X or No or Cancel! • And if you don’t, yes, odds are we will remain friends afterward...
  • 16. TSN Execute Viruses! • Mass Emailing Viruses & Hoaxes • File Sharing Programs
  • 17. Mailing Tactics • Interesting Attachments – AnnaKournikova.jpg.vbs • Interesting Subjects – New bonus in your cash account – [Fwd: look] ;-) • Good Samaritan Abuse – Please Help me with Script!! – Leukemia: Please Forward
  • 18. Mailing Tactics [Cont] • Panic Attack IMPORTANT, URGENT - ALL SEEING EYE VIRUS! PASS THIS ON TO ANYONE YOU HAVE AN E-MAIL ADDRESS FOR. If you receive an email titled "We Are Watching You!" DO NOT OPEN IT! It will erase everything on your hard drive. This information was announced yesterday morning from IBM, FBI and Microsoft states that this is a very dangerous and malicious virus, much worse than the "I Love You," virus and that there is NO remedy for it at this time.
  • 19. FileSharing Tactics – C:Program FilesKaZaAMy Shared Folder – C:Program FilesICQshared files – C:Program FilesEdonkey2000Incoming – C:Program FilesBearshareShared – C:Program FilesMorpheusMy Shared Folder – C:Program FilesGroksterMy Grokster
  • 20. What are they Appealing To? El Mejor Sexo.pif KaZaA Antivirus Era 2003.exe UnTouChabLeS KoRn.scr New Morpheus Edition 2003.exe Deftones Live in concert.scr Xbox Emulator V2.1.exe Play2 All Tricks BoX.pif Gatorade Screen Saver.scr THE EMINEM SHOW.pif
  • 21. And What Else Do They Do... 1. Scan your entire hard drive and any network drives for email addresses 2. Intentionally corrupt common document types (Excel, Word, etc.). 3. Disable virus protection & prevent liveupdates. 4. Disable Personal Firewalls 5. Copy themselves all over your hard drive. 6. Render an operating system unusable.
  • 22. So What Do We Do? • First, Be Aware of What I do: – Every Night at 11:00 PM I have a server go out & get the latest virus updates. Every machine in the building will get these definitions within the hour. – The Bottom Line: Your Protection is Current! – If a really bad virus appears on the radar screen, I will send out an alert email.
  • 23. Nonetheless... Inevitably there will be a gap between the creation of a virus, its identification when out in the wild, and the creation of a filter to detect it. • Therefore, se precisa que: – Never (and Never does mean Never) open an attachment unless you are explicitly expecting the exact attachment from the exact individual who has sent it to you. *And the Extension (.pdf, .xls, .doc) must match the kind of file you are expecting!
  • 24. Nonetheless [continued]... • Se precisa que: [cont] – We never open ANY attachment that ends in: • .com • .exe • .pif • .vbs • .scr – In our own emails we explicitly identify the attachment we are intentionally sending (i.e., “I have attached an excel/word/pdf document detailing...”). This is known as “good netiquette”.
  • 25. Nonetheless [continued]... • Also, though this is lamentable, our instinct must be one of distrust! • “Unless it is a Known Good, it must be considered to be bad.” • Distrust all executables. • Be aware that all filesharing services are delivery mechanisms for many modern viruses.
  • 26. Conclusion • Never open the unknown attachment, even when it is coming from an associate. • Do not forward the hoax (they always ask you to do just this!). If forward you must, forward it to me first!! • All executables (.exe, .com, .pif, .vbs) are to be distrusted! Absolutely!
  • 27. Various “Shalts” • TS Save onto the “S” Drive. • TS keep critical data in more than one place (particularly if one of the places is a floppy, or, worse yet, a zip disk). • TS “stop” USB flash drives before removing them. • TS Lock your computer when you leave it for prolonged amounts of time [ctrl-alt-del | enter].