1 / 0

Behind the Plug

Behind the Plug. 1010: Viruses, Phishes, & Firewalls. What is a Virus ? Worm?. A small piece of software that: Installs itself on your computer Attempts to replicate itself in some way A virus technically only tries to replicate itself on your computer

hang
Télécharger la présentation

Behind the Plug

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Behind the Plug

    1010: Viruses, Phishes, & Firewalls
  2. What is a Virus? Worm? A small piece of software that: Installs itself on your computer Attempts to replicate itself in some way A virus technically only tries to replicate itself on your computer A worm technically tries to infect any other computer your computer connects to But these terms are often used interchangeably Does something other than what you intend with the computer This could be malicious —or not
  3. What is a Trojan Horse? A “Trojan Horse” technically isn’t a virus Any “apparently innocent” software Installed by the user Doesn’t normally self-replicate Could, however, do something like send out emails asking other users to install the same software Does something other than what you intend with the computer This could be malicious, or not
  4. Spyware? Malware? Spyware Logs keystrokes, copies files to a “dead drop” More complex software could embed private information in pictures you post on the Internet, for instance Malware Attempts to make your computer unusable Disables the network connection, deletes critical files, etc. A “Denial of Service” (DoS) attack
  5. Rootkit? Bot? Rootkit Allows the attacker access to the “root” of your computer any time they want Generally used as a sort of spyware or to install other software as the attacker desires Bot A piece of software that executes on some external signal Can be used to do just about anything Mostly used as a way to attack other computers or networks
  6. How is a Bot Used? Suppose a hacker wanted to attack a given server… But the link the attacker uses to get to the Internet is smaller than the server’s link What can the attacker do? 1 MB/sec 10 MB/sec
  7. How is a Bot Used? Install a bot on a lot of other computers Build a “bot net” The computers taken over are called “zombies” Each of these bots can be commanded by the “control” to attack the server at the same time 1 MB/sec 10 MB/sec
  8. How is a Bot Used? Such an attack can be used to make a particular service or server unreachable A “denial of service” (DoS) attack This can be applied to networks as well… Bots can also be used to… Send spam from a lot of places at once Send phishes from a lot of places at once Collect information on a company or organization Just about anything else…
  9. Famous Outbreaks Melissa (1999) Infected more than 100,000 hosts That was a lot of in 1999! A macro (a small piece of software) embedded in a Microsoft Word file Used the user’s address book to email itself to others ILOVEYOU (2000) Fastest spreading virus of all time A visual basic (vbs) script Rewrote all existing vbs scripts, jpg files, and mp3 files with copies of itself Used the user’s address book to email itself to others
  10. Famous Outbreaks Code Red (2001) Infected Microsoft web servers Spread through clients of the web sites, web server to web server communication, etc Two stages First stage is infection Second stage was using the infected computers as a bot network to perform DoS attacks Bugbear (2002) Infected computers through the network and by sending emails based on the user’s address book Used a trick to cause email attachments to be opened when an email was opened Copied passwords and keystrokes to a “dead drop”
  11. Famous Outbreaks Blaster (2003) “Installer” retrieves the virus from a server and installs it Puts up a fake “shut down” message Uses the computer’s network connection to try to find other computers to infect Infected 500,000 computers Cornficker (2008) Installed a “root kit” on impacted computers Spread in multiple ways Infected up to 15 million computers worldwide
  12. Protection How do you protect yourself against viruses, worms, etc.? The first line of defense is a good firewall But what does a firewall do … (?) I’m glad you asked!
  13. Firewalls A firewall’s primary job is to only allow sessions to be created from one side A can open connections to B B cannot open connections to A This keeps outsiders from connecting to your computer A B
  14. Firewalls Firewalls can do a number of other things as well… Prevent connections to specific ports In other words, if people scream all the time, the firewall can be like a set of earmuffs Monitor inbound and outbound traffic for specific known viruses, etc. Translate IP addresses
  15. Protection Your second line of defense is anti-virus software Scan all inbound and outbound traffic for viruses, worms, and trojans Scan programs for viruses, worms, and trojans as they are copied from the hard drive into memory How can it tell what’s a virus and what’s not?
  16. Anti-Virus By comparing the software to a set of signatures… Remember that software is made up 0’s and 1’s… The “signature” is a piece of metadata The number of 0’s and 1’s A particular pattern of 0’s and 1’s The result of mathematical calculations run over the 0’s and 1’s, such as a “checksum”
  17. Anti-Virus Each known virus as a set of these signatures Calculated by the anti-virus vendor As anything is emailed, copied to memory from the hard drive, etc., the signatures of these bits are compared to the list of known viruses There are millions of these… And they change all the time… Which is why it’s important to keep your anti-virus software up to date
  18. Protection The best protection is a multilayered approach A firewall the network A firewall installed on each computer Anti-virus software installed on each computer
  19. What is Phishing? A form of social engineering “Fishing” for information Aims to convince you to provide information or do something you normally wouldn’t do Information gathering is targeted at identity theft Your account number can be combined with other information to clear out your bank account, make charges to your credit card, etc. Phishing Examples
  20. Phishing Example This is a phish! Don’t do anything but close the window…
  21. Phishing Example Tabbing You open your bank’s web page in your browser You open another tab, and go do something else The “something else” involves an untrusted site This untrusted site runs a script that replaces your bank’s web page with a look-alike login page for the bank You go back to your bank tab and enter your login information again You’ve just given out your bank account information!
  22. Common Scams The Nigerian 419 Scam So-called because of 900 like phone numbers that charge huge fees just for calling them The idea is to get a person to spend a lot of money trying to get some part of a huge fortune In the process, the person racks up tons of fees and expenses, all of which are paid to the scammer
  23. Common Scams My name is DanjumaSule, one of the sons of major Gen GumelDanjumaSule, The late Nigeria's former minister of mines and power in the regime of the late former Nigeria's military Head of state, Gen SanniAbacha. He married my mother on the agreement that my mother,AminaFausatSule, will maintain her family's name together with her children. Before he died in the German hospital on the 15th of November 1988 where he went to operate on the cancer of the knee, he fixed the Sum of $30,000.000.00 in the Central Bank of Nigeria under Intartrade Ventures Ltd on behalf of my mother. The 3 yrs maturity period placed on the money is due but the problem we are having now is that we lost the whole of the documents as a result of fire, which gutted our house 3 months ago. We have discussed with our family attorney on how to collect the money with out hitches, he advised us to liaise with a foreigner who will act as the foreign partner of Intartrade Ventures Ltd and will purport that The money in question is urgently needed overseas for an important project. It is on this basis I am seeking for assistance. Your percentage is negotiable. Please note; your age and profession doesn't really matter in this transaction. Waiting for your immediate response.
  24. Common Scams The Check Kiting Scam We’ll send you a check for $1000 You cash it, and write us a check for $900 You have three days to write the check and get it to us How this works… The original check bounces But… by the time the original check bounces, your check has already cleared So you’re out $900
  25. Common Scams Pump and Dump You receive an email talking about some up and coming stock The email is either sent to someone else, and seems to “bounce” to your address for some reason, or it’s to you directly How it works The scammer buys a lot of worthless stock He sends out an email to millions of people, some of whom are certain to buy the stock This demand increases the price He sells the stock at a much higher price
  26. Protection Always go through a process of checking before clicking on a link If the email is from a company you normally deal with, enter their URL manually, and jump through the links to log in, etc. Don’t trust the URL in any pretty much any email Check the email headers to make certain they look legitimate Is the email from the same domain as the company it’s supposed to be from?
  27. Protection Check email in plain text before trusting it Is there any hidden text, or other stuff? Open any sites where you enter personal information in a single session of your web browser Close the browser when you’re done Or use a different web browser to handle these sites, and never use tabs in that browser If you’re “trapped” in a web page, go to task manager and kill the browser Don’t try to “click through” to get back to where you started
More Related