TCEA Workshop 6898: Phishing for Worms – Why is my

TCEA Workshop 6898:
Phishing for Worms – Why is my
Computer so Slow?
A brief look at some annoying and
sometimes dangerous creatures
inhabiting cyberspace
William Ball, Technology Coordinator
Holli Horton, Technology Trainer
Calallen ISD
Corpus Christi, TX
1
How prevalent are viruses and
things?
More than two thirds of home users think
they are safe from online threats.
2
Viruses, worms, and Trojan Horses
are malicious programs that can
cause damage to your computer
and information on your computer.
3
With an ounce of prevention and
some good common sense, you are
less likely to fall victim to these
threats.
4
Be a Critical Thinker
5
What is a virus?
Virus (n.) Code written with the
express intention of replicating
itself. A virus attempts to spread
from computer to computer by
attaching itself to a host program.
It may damage hardware, software,
or information.
6
What is a worm?
Worm (n.) A subclass of virus. A
worm generally spreads without
user action and distributes
complete copies (possibly
modified) of itself across networks.
A worm can consume memory or
network bandwidth, thus causing a
computer to stop responding.
7
What is a Trojan Horse?
Trojan Horse (n.) A computer
program that appears to be useful but
that actually does damage.
One of the most insidious types of Trojan horse is a
program that claims to rid your computer of viruses
but instead introduces viruses onto your computer.
8
How do these spread?
Many of the most dangerous
viruses are primarily spread
through e-mail
9
Tip:
Never open anything that is
attached to an e-mail unless you
were expecting the attachment and
you know the exact contents of that
file.
10
Be a Critical Thinker
11
12
Googling the phone number (703)
482-0623 gets:
• Phonebook results for 703-482-0623:
United States Government, Central
Intelligence Agency, (703) 482-0623,
Lean, VA 22101
Mc
• This is not the CIA Office of Public Affairs
in Washington, D.C., as the email reports.
13
FBI Warns of Email Scam
The Federal Bureau of Investigation issued an alert about a scam involving
unsolicited e-mails, purportedly sent by the FBI, that tell computer users
that their Internet surfing is being monitored by the agency. The users are
told they have visited illegal Web sites and are instructed to open an
attachment to answer questions, reports CNN.
This email virus is a variant of the Sober Y worm which was originally
discovered on November 16th, 2005. Like the previous variants, this one
sends itself inside a ZIP archive as an attachment in e-mail messages with
English or German texts.
It should be noted that along with the "usual" messages that look like
fake bounces, password change notification requests, Paris Hilton video ads
and so on, the worm sends messages that look like they come from FBI or
CIA. The From field of such messages contains any of the following:
[email protected] (also can be Office@, Admin@, Mail@, Post@)
[email protected] (also can be Office@, Admin@, Mail@, Post@)
The Subject field contains any of the following:
You visit illegal websites
Your IP was logged
The FBI is investigating the scam.
14
15
The reason this email was successful
was because:
• It came from a perceived important or
powerful person
• Accused wrongdoing; plays on guilt
• Gave an opportunity to right a wrong
This is called…
16
Social Engineering
17
In the field of computer security,
social engineering is the practice
of obtaining confidential
information by manipulation of
legitimate users.
18
By this method, social engineers
exploit the natural tendency of a
person to trust his or her word,
rather than exploiting computer
security holes. It is generally
agreed upon that “users are the
weak link” in security and this
principle is what makes social
engineering possible.
19
Beware of messages that request
password or credit card information
in order to “set up their account” or
“reactivate settings”.
20
Do not divulge sensitive
information, passwords or
otherwise, to people claiming to
be administrators.
21
System administrators do not
need to know your password to
do any work on the servers.
22
Social engineering works — in
an Infosecurity survey, 90% of
office workers gave away their
password in exchange for a
cheap pen!
23
Be a Critical Thinker
24
What is Phishing?
Phishing (v.) is a high-tech scam
that uses spam or pop-up messages
to deceive you into disclosing your
credit card numbers, bank account
information, Social Security
number, passwords, or other
sensitive information.
25
• In 2005, phishing represented an average of
one in every 304 emails, compared to one in
every 943 in 2004.
26
27
Dear Citibank Customer,
When signing on to Citibank Online, you or somebody else
have made several login attempts and reached your daily
attempt limit. As an additional security measure your access to
Online Banking has been limited. This Web security measure
does not affect your access to phone banking or ATM banking.
Please verify your information here, before trying to sign on
again. You will be able to attempt signing on to Citibank Online
within twenty-four hours after you verify your information. (You
do not have to change your Password at this time.)
Citibank Online Customer Service
Copyright © 2004 Citicorp
28
<font color="#000000" face="Arial">
<p>When signing on to Citibank Online, you or somebody else have made several login attempts
and reached your daily attempt limit. As an additional security measure your access to Online
Banking has been limited. This Web security measure does not affect your access to phone
banking or ATM banking. </p>
<p>Please verify your information <a href="http://200.189.70.90/citi">here</a>, before trying to
sign on again. You will be able to attempt signing on to Citibank Online within twenty-four hours
after you verify your information. (You do not have to change your Password at this time.)</p>
<p>&nbsp;</p>
<p><b>Citibank Online Customer Service</b></p>
<br>
</td>
29
Dear valued customer
Dear valued
customer
Need
Help?
We regret to inform you that your eBay account could be suspended if you don't reupdate your account information. To resolve this problems please click here and reenter your account information. If your problems could not be resolved your account
will be suspended for a period of 3-4 days, after this period your account will be
terminated.
Dear valued customer
For the User Agreement, Section 9, we may immediately issue a warning, temporarily
suspend, indefinitely suspend or terminate your membership and refuse to provide our
services to you if we believe that your actions may cause financial loss or legal liability
for you, our users or us. We may also take these actions if we are unable to verify or
authenticate any information you provide to us.
Due to the suspension of this account, please be advised you are prohibited from using
eBay in any way. This includes the registering of a new account. Please note that this
suspension does not relieve you of your agreed-upon obligation to pay any fees you may
owe to eBay.
Regards,Safeharbor Department eBay, Inc
30
<DIV style="width: 605; height: 224"><STRONG><FONT
face=arial> We regret to inform you that your eBay account
could be suspended if you don't
re-update your account information. To resolve this problems
please </FONT>
<a target="_blank" a
href="http://211.239.171.57/alfa/eBayISAPI.php?MfcISAPIComm
and=SignInFPP&UsingSSL=1&email=&userid="><FONT
face=arial color=#0000ff>click
here</FONT></a></STRONG><FONT face=arial>
and re-enter your account information. If your problems could
not be resolved your account will be suspended for a period of 3-4
days, after
this period your account will be terminated.
31
32
33
The code disguises the real target of this link:
href="http://wordart.co.jp/.onli
href="http://wordart.co.jp/.online/co/login.php">https://service.capitalone.com/oas/lo
ne/co/login.php">https://servic
gin.do?objectclicked=LoginSplash</a></FONT></TD>
e.capitalone.com/oas/login.do?
objectclicked=LoginSplash</a
></FONT></TD>
34
Where is this taking you?
Is this a secure site?
35
Where is this taking you?
Is this a secure site?
36
How Not to Get Hooked by a
Phishing Scam
from the Federal Trade Commission
37
Do not reply or click the link
Legitimate companies don’t ask for
account information via email. If
you are concerned about your
account, contact the organization in
the email using a telephone number
you know to be genuine, or open a
new Internet browser session and
type in the company’s correct Web
address.
38
Don’t email personal or financial
information
Email is not a secure method of
transmitting personal information.
Period.
39
Review credit card and bank
statements as soon as you receive
them
Determine whether there are any
unauthorized charges. If your
statement is late by more than a
couple of days, call your credit
card company or bank to confirm
your billing address and account
balances.
40
Use anti-virus software and keep it
up to date
Some phishing emails contain
software that can harm your
computer or track your activities
on the Internet without your
knowledge.
41
Be cautious about opening any
attachment regardless of who sent
them
Have you heard this before?
42
Report suspicious activity to the
FTC
If you get spam that is phishing for
information, forward it to
[email protected] If you believe
you’ve been scammed, file your
complaint at www.ftc.gov.
43
Be a Critical Thinker
44
What is spyware?
Spyware is Internet jargon for
Advertising Supported software.
It is a way for shareware authors to
make money from a product, other
than by selling it to the users.
45
Spyware is any technology that
aids in gathering information about
a person or organization without
their knowledge.
46
Drive-by Download?
A drive-by download is a program
that is automatically downloaded
to your computer, often without
your consent or even your
knowledge.
47
Unlike a pop-up download, which
asks for assent (albeit in a
calculated manner likely to lead to
a "yes"), a drive-by download is
carried out invisibly to the user: it
can be initiated by simply visiting
a Web site or viewing an HTML email message.
48
Why is it called spyware?
While this may be a great concept,
the downside is that the advertising
companies also install additional
tracking software on your system,
which is continuously "calling
home", using your Internet
connection and reports statistical
data to the "mothership".
49
Is spyware illegal?
Even though the name may
indicate so, Spyware is not an
illegal type of software in any way.
However there are certain issues
that a privacy oriented user may
object to and therefore prefer not to
use the product.
50
What is adware?
Generically, adware is any
software application in which
advertising banners are displayed
while the program is running.
51
Adware has been criticized
because it usually includes code
that tracks a user's personal
information and passes it on to
third parties, without the user's
authorization or knowledge.
52
In addition to privacy and security
concerns, resource-hogging adware
and spyware can cause system and
browser instability and slowness.
For users paying for dialup
services by time used, ad-loading
and hidden communications with
servers can be costly.
53
Adware isn't necessarily spyware.
Registered shareware without ads
may be spyware. Purchased out-ofthe-box software may contain
adware and may also be spyware.
54
All this makes for a confusing
mess and users need to be on guard
when installing any type of
software.
55
Be a Critical Thinker
56
Top 10 Cyber Security Tips
from StaySafeOnline.com
57
1. Use anti-virus software and keep
it up to date
Anti-virus software is designed to
protect you and your computer against
known viruses so you don’t have to
worry. But with new viruses emerging
daily, anti-virus programs need regular
updates, like annual flu shots, to
recognize these new viruses. Be sure to
update your anti-virus software
regularly.
58
2. Don’t open emails or attachments
from unknown sources
A simple rule of thumb is that if
you don't know the person who is
sending you an email, be very
careful about opening the email
and any file attached to it. Should
you receive a suspicious email, the
best thing to do is to delete the
entire message, including any
attachment.
59
3. Protect your computer from
Internet intruders – use firewalls
Firewalls create a protective wall between
your computer and the outside world. They
come in two forms, software firewalls that
run on your personal computer and
hardware firewalls that protect a number of
computers at the same time. They work by
filtering out unauthorized or potentially
dangerous types of data from the Internet,
while still allowing other (good) data to
reach your computer.
60
4. Regularly download updates and
patches for your OS and other
software
Most major software companies
today release updates and patches
to close newly discovered
vulnerabilities in their software.
61
5. Use hard-to-guess passwords
Mix upper case, lower case,
numbers, or other characters not
easy to find in a dictionary, and
make sure they are at least eight
characters long. Don’t share your
password, and don’t use the same
password in more than one place.
62
6. Back-up your data on disks or
CDs regularly
Back up small amounts of data on
floppy diskettes and larger
amounts on CDs or DVDs. If you
have access to a network, save
copies of your data on another
computer in the network.
63
7. Don’t share access to your
computers with strangers
Your computer operating system may allow
other computers on a network, including the
Internet, to access the hard-drive of your
computer in order to “share files”. This
ability to share files can be used to infect
your computer with a virus or look at the
files on your computer if you don’t pay
close attention. (Music sharing programs
like Kazaa, Napster, and Gnutella are
common music file sharing programs.)
64
8. Disconnect from the Internet
when not in use
Disconnecting your computer from
the Internet when you’re not online
lessens the chance that someone
will be able to access your
computer.
65
9. Check your security on a regular
basis
You should evaluate your computer
security at least twice a year. Look
at the settings on applications that
you have on your computer. Your
browser software, for example,
typically has a security setting in
its preferences area.
66
10. Make sure you know what to do
if your computer becomes infected
It’s important that everyone who uses a
computer be aware of proper security
practices. People should know how to
update virus protection software, how
to download security patches from
software vendors and how to create a
proper password.
(If in doubt, contact the nearest 14 year-old.)
67
Be a Critical Thinker
68
Free Tools
69
Microsoft Anti-Spyware
70
Lavasoft’s AdAware
71
Spybot Search and Destroy
Be careful – none of these sites is what you want!
72
Spybot Search and Destroy
Tucows is a safe site to download from.
73
How do you fix this mess?
• Be aware of Social Engineering techniques
• Never share your password with anyone
• Protect your computer:
• Keep your OS updates current
• Use antivirus software and keep it up-todate
• Use programs like Adaware and Spybot
Search and Destroy to keep your
computer free from malware
74
Be a Critical Thinker
75