Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers © 2006 Consumer Jungle.

Published bySalvador Cruz García Modified over 6 years ago

Similar presentations

Presentation on theme: "Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers © 2006 Consumer Jungle."— Presentation transcript:

1 Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers
© 2006 Consumer Jungle

2 Estimating the Threat of Malware
Malware: Software designed to infiltrate or damage a computer system, without the owner's consent and most commonly in the form of a virus, trojan, or spyware. 1-in-3 chance of suffering: Consumers have a 1-in-3 chance of suffering computer damage, financial loss, or both because of a computer virus or spyware that sneaks onto their computer Consumer Reports State of the Net survey of online consumers. In a nationally representative survey of more than 3,200 households with at-home Internet access, Viruses & Spyware Although American consumers invested more than $2.6 billion in protection software over the past two years, they still spent more than $9 billion for computer repairs, parts, and replacement to solve problems caused by viruses and spyware. Those problems were so extensive and so serious that they prompted almost 8 percent of all computer purchases by consumers during 2003 and Consumer Reports State of the Net survey of online consumers. Source: “Net threat rising,” Consumer Reports, September 2005. 1-in-3 chance of suffering: computer damage financial loss Viruses & Spyware $2.6 Billion to Protect yet $9 Billion to Replace © 2006 Consumer Jungle

3 Spam © 2006 Consumer Jungle

4 What is Spam? An e-mail that is: Similar to: Unsolicited
Advertising something Similar to: Junk mail delivered in the mail Telemarketing calls on the phone Spam: An unsolicited sent via bulk . Spamming is the abuse of any electronic communications medium to send unsolicited messages in bulk. While its definition usually extends to any unsolicited bulk electronic communication, some exclude from the definition of the term "spam" messages considered by the receiver (or even just the sender) to be targeted, non-commercial, or wanted. In the popular eye, the most common form of spam is that delivered in as a form of commercial advertising. However, over the short history of electronic media, people have spammed for many purposes other than the commercial, and in many media other than . Spammers have developed a variety of spamming techniques, which vary by media: spam, instant messaging spam, Usenet newsgroup spam, Web search engines spam, weblogs spam, and mobile phone messaging spam. Spamming is economically viable because advertisers have effectively no operating costs beyond the management of their mailing lists. Because the barrier to entry is so low, the volume of unsolicited mail has produced other costs which are borne by the public (in terms of lost productivity and fraud) and by Internet service providers, which must add extra capacity to cope with the deluge. Spamming is widely reviled, and has been the subject of legislation in a number of jurisdictions. Source: Wikipedia – The Free Encyclopedia, “Spam (electronic),” January 2006. © 2006 Consumer Jungle

5 CAN SPAM Act of 2003 Acronym stands for:
Controlling the Assault of Non-Solicited Pornography And Marketing Allows spam as long as it contains: an opt-out mechanism a valid subject line and header (routing) information the legitimate physical address of the mailer a label if the content is for adults only Regulated by the FTC, but has made little impact to curb Spam. The CAN-SPAM Act of 2003 (Public Law No , was S.877 of the 108th Congress), signed into law by President Bush on December 16, 2003, establishes the United States' first national standards for the sending of commercial and requires the Federal Trade Commission (FTC) to enforce its provisions. The acronym CAN-SPAM derives from the bill's full name: Controlling the Assault of Non-Solicited Pornography and Marketing Act of Critics of the law's perceived weaknesses sometimes refer to it as You CAN SPAM. It also requires the FTC to promulgate rules to shield consumers from unwanted mobile service commercial messages. CAN-SPAM defines spam as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)." It exempts "transactional or relationship messages." The FTC has yet to clarify what "primary purpose" means; it has already delayed rule-making for this terminology. Previous state laws had used bulk (a number threshold), content (commercial), or unsolicited to define spam. The bill permits marketers to send unsolicited commercial as long as it contains all of the following: an opt-out mechanism; a valid subject line and header (routing) information; and the legitimate physical address of the mailer. a label if the content is adult If a user opts out, a sender has ten days to remove the address. The legislation also prohibits the sale or other transfer of an address after an opt-out request. Use of automated means to register for multiple accounts from which to send spam compound other violations. It prohibits sending sexually-oriented spam without the label later determined by the FTC of SEXUALLY-EXPLICIT. This label replaced the similar state labeling requirements of ADV:ADLT or ADLT. Labeling regulations for general spam will be commented on by the FTC this summer. CAN-SPAM pre-empts existing state anti-spam laws that do not deal with fraud. It makes it a misdemeanor to send spam with falsified header information. A host of other common spamming practices can make a CAN-SPAM violation an "aggravated offense," including harvesting, dictionary attacks, Internet protocol spoofing, hijacking computers through Trojan horses or worms, or using open mail relays for the purpose of sending spam. Source: Wikipedia – The Free Encyclopedia, “CAN-SPAM Act of 2003,” January 2006. © 2006 Consumer Jungle

6 Virus © 2006 Consumer Jungle

7 What is a Virus? A program that can replicate itself and spreads itself by means of a transferable host. How a virus spreads: Removable Medium Network Connection Virus: A program that can replicate itself and spreads itself by means of a transferable host. In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Viruses are one of the several types of malicious software or malware. In a common parlance, the term virus is often extended to refer to worms, trojan horses and other sorts of malware, however, this can confuse computer users, since viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware. This confusion can have serious consequences, because it may lead to a focus on preventing one genre of malware over another, potentially leaving computers vulnerable to future damage. However, a basic rule is that computer viruses cannot directly damage hardware, but only software. A virus is a type of program that can replicate itself by making (possibly modified) copies of itself. The main criterion for classifying a piece of executable code as a virus is that it spreads itself by means of 'hosts'. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with worms. A worm, however, can spread itself to other computers without needing to be transferred as part of a host. Many personal computers are now connected to the Internet and to local-area networks, facilitating their spread. Today's viruses may also take advantage of network services such as the World Wide Web, , and file sharing systems to spread, blurring the line between viruses and worms. Source: Wikipedia – The Free Encyclopedia, “Computer Virus” January 2006. © 2006 Consumer Jungle

8 Why is it Called a Virus? Similar to a biological virus that spreads itself into living cells. Insertion of a virus is called an infection Infected file is called a host. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an infection, and the infected file (or executable code that is not part of a file) is called a host. The term "virus" was first used in an academic publication by Fred Cohen in his 1984 paper Experiments with Computer Viruses, where he credits Len Adleman with coining it. However, a 1972 science fiction novel by David Gerrold, When H.A.R.L.I.E. Was One, includes a description of a fictional computer program called "VIRUS" that worked just like a virus (and was countered by a program called "ANTIBODY"); and John Brunner's 1975 novel The Shockwave Rider describes programs known as "tapeworms" which spread through a network for deleting data. The term "computer virus" with current usage also appears in the comic book "Uncanny X-Men" No. 158, published in Therefore, we may conclude that although Cohen's use of "virus" may, perhaps, have been the first "academic" use, the term had been used earlier. The term "virus" is often used in common parlance to describe all kinds of malware (malicious software), including those that are more properly classified as worms or trojans. Most popular anti-virus software packages defend against all of these types of attack. Source: Wikipedia – The Free Encyclopedia, “Computer Virus” January 2006. © 2006 Consumer Jungle

9 Virus Tricks: What to Look For
Most malevolent software won't infect your machine unless you open an attachment. So virus distributors use various tricks, which experts call "social engineering," to con you into clicking. A common way to draw you in is to have the come from a family member or friend. These illustrations show other basic types of tricks that have been used by well-known viruses and worms. Antidotes were developed for all of them. If you receive messages like these, delete them and run a virus check before doing anything else with the computer. Source: “How to outsmart computer viruses,” Consumer Reports, July 2005. © 2006 Consumer Jungle

10 The Infected Document Subject line includes the name of the sender
Probably someone you know Message tempts you to open attachment Attachment is a legitimate Word file that is infected with a macro Macro: An invisible, embedded program that runs when Microsoft Word opens up a document. Here, the subject line includes the name of the sender, probably someone you know. The message itself tempts you to open the attached Microsoft Word document ("don't show to anyone else"). The attachment is a legitimate Word file--but infected with a macro, an invisible, embedded program that runs when Word opens the document. Source: “How to outsmart computer viruses,” Consumer Reports, July 2005. © 2006 Consumer Jungle

11 The Misleading File Name
Look at the attachment's name "LOVE-LETTER-FOR-YOU.TXT.vbs Looks like a harmless text (TXT) file, but it is a vbs file with a windows script The suffix (.vbs) might be completely hidden – appearing to be a type of file you’d willingly open i.e. JPEG, MP3,or PDF. Windows script: A rudimentary computer program that an intruder writes to run on your Windows operating system. If you aren't familiar with the way Windows names files, you can easily mistake the attachment's name, "LOVE-LETTER-FOR-YOU.TXT.vbs," for that of a harmless text file. In fact, the file's "vbs" suffix is the real one, which identifies it as a type of program known as a Windows script--a rudimentary computer program that an intruder writes to run on your Windows operating system. The suffix may be hidden entirely on your computer, thus appearing to be a type of file you'd willingly open, such as a JPEG image, MP3 music, or PDF document. Source: “How to outsmart computer viruses,” Consumer Reports, July 2005. © 2006 Consumer Jungle

12 The Offer You Can’t Refuse
Gives a compelling message – get rid of a computer virus Doesn’t disguise that the attachment is a program The program is a worm that sends itself to addresses it finds on your computer This example relies on a message so compelling--an offer to rid your computer of a virus--that it doesn't need to disguise the fact that the attachment is a program. Unfortunately, the program is a worm that sends itself to addresses it finds on your computer. Source: “How to outsmart computer viruses,” Consumer Reports, July 2005. © 2006 Consumer Jungle

13 The Fake Web Link Subject and message suggest that opening attachment will take you to a web page containing party photos. Attachments name resembles a web address Actually a program that sends itself to people in your address book Designed to tie up your ; can also be designed to destroy data This example uses several tricks. The subject and message suggest that opening the attachment will take you to a web page containing party photos. The attachment's name resembles a web address, but there's no web site involved. This is actually a program that sends itself to your friends and colleagues. This particular intrusion was designed to tie up your ; it could easily have been designed to destroy data. Source: “How to outsmart computer viruses,” Consumer Reports, July 2005. © 2006 Consumer Jungle

14 Spyware © 2006 Consumer Jungle

15 What is Spyware? Malicious software that
Subverts the computer’s operation for the benefit of a third party Designed to exploit infected computers for commercial gain via: Unsolicited pop-up advertisements Theft of personal information Monitoring of web-browsing for marketing purposes Re-routing of http requests to advertising sites Spyware: Malicious software that subverts the computer’s operation for the benefit of a third party. Spyware is a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party. Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware is designed to exploit infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. Source: Wikipedia – The Free Encyclopedia, “Spyware,” January 2006. © 2006 Consumer Jungle

16 Example of Spyware As of 2005, spyware has become one of the pre-eminent security threats for computers running Microsoft Windows operating systems. According to an October 2004 study by America Online and the National Cyber-Security Alliance, 80% of surveyed users had some form of spyware on their computer. Source: Wikipedia – The Free Encyclopedia, “Spyware,” January 2006. According to an October 2004 study by America Online and the National Cyber-Security Alliance: 80% of surveyed users had some form of spyware on their computer. © 2006 Consumer Jungle

17 Phishing © 2006 Consumer Jungle

18 What is Phishing? An attempt to fraudulently acquire confidential information, such as: passwords credit card details By masquerading as a trustworthy: Business Financial Institution Government Agency Internet Service Provider Online Payment Service Person In an apparently official electronic communication, such as: an an instant message. Phishing: An attempt to fraudulently acquire confidential information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an or an instant message. The appears to come from a legitimate financial institution or business. Many of these schemes contain links to “look-alike” websites that are loaded with actual trademarked images. The websites then instruct consumers to “re-enter,” “verify” or “confirm” their personal information such as Social Security numbers, bank account or credit card numbers. Source: Wikipedia – The Free Encyclopedia, “Phishing,” January 2006. © 2006 Consumer Jungle

19 Why is it called Phishing?
Hackers coined the phrase “Fish” for accounts Ph is a common hacker replacement for the letter “f”. The first recorded mention of phishing is on the alt.2600 hacker newsgroup in January 1996, although the term may have appeared even earlier in the printed edition of the hacker newsletter "2600 Magazine". The term phishing was coined by hackers attempting to "fish" for accounts from unsuspecting AOL members; ph is a common hacker replacement for f, and is a nod to an older form of hacking known as "phone phreaking." Source: Wikipedia – The Free Encyclopedia, “Phishing,” January 2006. © 2006 Consumer Jungle

20 How does Phishing Work? contains a link to a “look alike” website. Website asks the consumer to : Confirm Re-enter Validate (or) Verify Their personal info, i.e. Social Security Number Bank Account Number Credit Card Number Password contain links to “look-alike” websites that are loaded with actual trademarked images. The websites then instruct consumers to “re-enter,” “verify” or “confirm” their personal information such as Social Security numbers, bank account or credit card numbers. Source: Wikipedia – The Free Encyclopedia, “Phishing,” January 2006. © 2006 Consumer Jungle

21 PayPal Phishing Look for spelling mistakes:
Choise Temporaly Presence of an IP address in the link visible under the yellow box ("Click here to verify your account") Source: Wikipedia – The Free Encyclopedia, “Phishing,” January 2006. © 2006 Consumer Jungle

22 Phishing for eBay Customers
Phishing s from eBay’s online payment company PayPal is very popular. However, eBay no longer sends out s. They created an online account for customers to receive s after they’ve logged into the secure website. Source: Wikipedia – The Free Encyclopedia, “Phishing,” January 2006. © 2006 Consumer Jungle

23 Advanced Phishing Techniques
Instead of sending an s persuading consumers to visit websites, the deploys a key-logging Trojan. As soon as the user visits their bank’s website all the typed keys are logged and sent back to the hacker with the account number, passwords, and other critical data. Source: McAfee White Paper Report, “Understanding Phishing and Pharming,” August 2005. © 2006 Consumer Jungle

24 How to Avoid Phishing Be skeptical
Ignore the “dire consequences” warning. Don’t reply Don’t click on the link Contact the company directly via a: Legitimate telephone number Website Look at the “address bar” Often a different domain name Don’t get hooked. Consumers can use these tips to spot suspicious phishing Be skeptical of warnings that accounts will be shut down if you “confirm” your billing information. Don’t click on the link – contact the company directly using a legitimate telephone number or website. A legitimate company won’t ask for this information via anyways. Look at the “address bar” at the top of the browser; it is often a different domain name than the firm being represented. © 2006 Consumer Jungle

25 More Tips on Avoiding Phishing
Don’t personal or financial information. Open a new browser and look for secure indicators: Secure lock https: (s stands for secure) Don’t personal or financial information. is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “ (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons. © 2006 Consumer Jungle

26 What to do with Phishing E-mails
Forward to and cc the group that the impersonates. Mark as “Junk Mail” in your Spam Software Delete immediately File a complaint with the Federal Trade Commission (FTC) 1-877-FTC-HELP ( ) Forward spam that is phishing for information to and to the company, bank, or organization impersonated in the phishing . Most organizations have information on their websites about where to report problems. If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s Identity Theft website at Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See for details on ordering a free annual credit report. The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit or call toll-free, FTC-HELP ( ); TTY: The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. Source: FTC, January 2006. Contact the legitimate company with information on the phishing scam. © 2006 Consumer Jungle

27 Pharming © 2006 Consumer Jungle

28 What is Pharming? Exploitation of a vulnerability in the hosts’ file or DNS server software that allows a hacker to: Acquire the domain name for a site Redirect that website’s traffic to another website For gaining access to usernames, passwords, etc. Pharming: The exploitation of a vulnerability in the hosts’ file or DNS server software that allows a hacker to: acquire the domain name for a site and redirect that website’s traffic to another website for the purpose of gaining access to usernames, passwords, etc. Criminals can fool your computer into visiting websites that you don’t want to. The criminals are fooling your computer, not you. The end result is that you send private information to someone who isn’t legitimate. Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the Domain name for a site, and to redirect, for instance, that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses — the "signposts" of the internet. Every host on the Internet has a so-called IP Address which consists of four numbers, each between 0 and 255, which are separated by . (dots), for example " ". These IP Addresses are comparable to the telephone numbers on a telephone system. As it would be very difficult to remember these numbers, websites usually also have a domain name, for example "wikipedia.org". The domain name server acts as a "phone book" to associate the domain name of a website with its IP Address ("resolving the domain name"). If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to "phish" or steal a computer user's passwords, PIN number or account number. Source: Wikipedia – The Free Encyclopedia, “Pharming January 2006. © 2006 Consumer Jungle

29 Pharming Techniques The criminal uses a virus or Trojan to modify a user’s ‘Hosts’ file. OR The criminal sends out a spam for and the message links to an illegitimate site. AND When the user opens the browser and enters the website address, they get sent to the phishing site instead. The use of virus or Trojan to modify the user’s ‘Hosts’ file. This file is left over from the early days of the Internet and is used to relate a web address (URL) to a specific machine address (IP address) and is a simple text file. The Pharming technique modifies this file to include the web address of well known banks and financial institutions with the IP address of the phishing site. So when the user opens the browser and enters the address of the bank, they get sent to the phishing site instead. No clicking on links in s, etc. The second technique is equally sinister and again relies on an obsolete piece of functionality, this time implemented in DNS. DNS replaced the local hosts file as the mechanism for resolving a web address to a specific IP address. When a user enters an address, it is looked up in the DNS server; if that DNS server doesn’t know the IP address, it asks other DNS servers for the address and then gets the result. The problem is that part of the protocol allows extra information to be passed back as well. So the phisher sends and that contains a link to a website. When the DNS lookup for that address is done, this extra information is included with the URL of the bank, but directed at a phishing site. Source: McAfee White Paper Report, “Understanding Phishing and Pharming,” August 2005. © 2006 Consumer Jungle

30 Trojans © 2006 Consumer Jungle

31 What is a Trojan? A malicious program that is disguised as a legitimate program. Usually has a useful function that camouflages undesired functions. Can not replicate or spread itself. Trojan: A malicious program that is disguised as a legitimate program. A Trojan horse program has a useful and desired function, or at least it has the appearance of having such. In most cases the program performs other, undesired functions, but not always. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent. In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unbeknownst to the owner, to be remotely controlled from the network, creating a "zombie computer". Because Trojan horses often have these harmful functions, there often arises the misunderstanding that such functions define a Trojan Horse. Packet Sniffer: A software program that can intercept and log traffic passing over a digital network or part of a network. The basic difference from computer viruses is: a Trojan horse is technically a normal computer program and does not possess the means to spread itself. Originally Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed. Trojans of recent times also contain functions and strategies that enable their spreading. This moves them closer to the definition of computer viruses, and it becomes difficult to clearly distinguish such mixed programs between Trojan horses and viruses. Source: Wikipedia – The Free Encyclopedia, “Trojan Horse (computing),” January 2006. © 2006 Consumer Jungle

32 Why is it Called a Trojan?
Derived from myth. Greeks left large wooden horse outside the city of Troy. Trojans thought it was a gift and moved the horse inside the city wall. The horse was hollow and filled with Greek soldiers. Greek soldiers opened the city gates at night for the remaining army to attack. Application: Greeks gained malicious access to the city of Troy just like a Trojan program gains malicious access to your computer. The term is derived from the classical myth of the Trojan horse. In the siege of Troy, the Greeks left a large wooden horse outside the city. The Trojans were convinced that it was a gift, and moved the horse to a place within the city walls. It turned out that the horse was hollow, containing Greek soldiers who opened the city gates of Troy at night, making it possible for the Greek army to pillage the city. Trojan horse programs work in a similar way: they may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Often the term is shortened to simply Trojan, even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans). Source: Wikipedia – The Free Encyclopedia, “Trojan Horse (computing),” January 2006. © 2006 Consumer Jungle

33 Example of a Trojan Program posted on a website: Instead, when run:
Called FREEMP3.EXE Promise “free mp3 files” Instead, when run: Erases all the files on your computer Displays a taunting message Example of a simple Trojan horse A simple example of a Trojan horse would be a program named “FREEMP3.EXE" that is posted on a website with a promise of “free mp3 files"; but, when run, it instead erases all the files on the computer and displays a taunting message. Source: Wikipedia – The Free Encyclopedia, “Trojan Horse (computing),” January 2006. © 2006 Consumer Jungle

34 What Can a Trojan Do? Erase or overwrite data on a computer
Corrupt files in a subtle way Spread other malware, such as viruses. In this case the Trojan horse is called a 'dropper'. Set up networks of zombie computers in order to launch “Denial of Service” attacks or send out spam. Spy on the user of a computer and covertly reports data like browsing habits to other people. Log keystrokes to steal information such as passwords and credit card numbers. Phish for bank or other account details. Install a backdoor on a computer system. Keystroke Logger: Software that captures the user's keystrokes providing a means to obtain passwords or encryption keys. Types of Trojan horses Trojan horses are almost always designed to do various harmful things. Examples are: erasing or overwriting data on a computer corrupting files in a subtle way spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper'. setting up networks of zombie computers in order to launch DDoS attacks or send spam. spying on the user of a computer and covertly reporting data like browsing habits to other people logging keystrokes to steal information such as passwords and credit card numbers phish for bank or other account details, which can be used for criminal activities. installing a backdoor on a computer system. Source: Wikipedia – The Free Encyclopedia, “Trojan Horse (computing),” January 2006. © 2006 Consumer Jungle

35 Where Do Trojans Come From?
Infected Programs Websites Direct Connection to the Internet Infected Programs: The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why you're not supposed to open attachments on s -- the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn't have to arrive via , though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. Furthermore, an infected program could come from someone who sits down at your computer and loads it manually. Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. is vulnerable to many of the same problems that Internet Explorer has. The same vulnerabilities exist since contains HTML and images just like a web browser. Direct Connection to the Internet: This allows data to be received by a computer without anyone requesting it. A firewall may be used to limit access to the internet from outside criminals. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either. Source: Wikipedia – The Free Encyclopedia, “Trojan Horse (computing),” January 2006. © 2006 Consumer Jungle

36 Worms © 2006 Consumer Jungle

37 What is a Worm? Computer program
self-replicating self-contained Designed to exploit: the file transmission capabilities on your computer Worm: A self-replicating computer program that is self-contained and does not need to be part of another program to propagate itself. Source: Wikipedia – The Free Encyclopedia, “Computer Worms,” January 2006. © 2006 Consumer Jungle

38 Why is it Called a Worm? Word taken from a 1970’s science fiction novel: The Shockwave Rider By John Brunner Researchers found that their self-replicating program was similar to the worm program described in the book. The name 'worm' was taken from The Shockwave Rider, a 1970s science fiction novel by John Brunner. Researchers writing an early paper on experiments in distributed computing noted the similarities between their software and the program described by Brunner and adopted the name. Source: Wikipedia – The Free Encyclopedia, “Computer Worms,” January 2006. © 2006 Consumer Jungle

39 What Can a Worm Do? Delete files on a host system
Send documents via Create excessive network traffic Install a backdoor Payload: Any action taken by a virus or worm other than merely spreading itself. The term is used for all intended functions, whether they actually work or not. In addition to replication, a worm may be designed to do any number of things, such as delete files on a host system or send documents via . More recent worms may be multi-headed and carry other executables as a payload. However, even in the absence of such a payload, a worm can wreak havoc just with the network traffic generated by its reproduction. Mydoom, for example, caused a noticeable worldwide Internet slowdown at the peak of its spread. A common payload is for a worm to install a backdoor in the infected computer, as was done by Sobig and Mydoom. These zombie computers are used by spam senders for sending junk or to cloak their website's address. Spammers are thought to pay for the creation of such worms, and worm writers have been caught selling lists of IP addresses of infected machines. Others try to blackmail companies with threatened DoS attacks. The backdoors can also be exploited by other worms, such as Doomjuice, which spreads using the backdoor opened by Mydoom. Source: Wikipedia – The Free Encyclopedia, “Computer Worms,” January 2006. © 2006 Consumer Jungle

40 What is a Backdoor? Method of remaining hidden on a computer while:
bypassing normal authentication Securing remote access to a computer Can be installed by a worm Backdoor: Method of remaining hidden on a computer while bypassing normal authentication and securing remote access to a computer. The main purpose of a backdoor is to allow an illegitimate user to gain control of your computer. At that point, they can do anything they want to with it. Source: Wikipedia – The Free Encyclopedia, “Backdoors,” January 2006. © 2006 Consumer Jungle

41 What is a Zombie Computer?
Computer attached to the internet that: Is under remote direction of an illegitimate user Check your computer Zombie Computer: A computer attached to the Internet that is under remote direction by an illegitimate user. A zombie computer (abbreviated zombie) is a computer attached to the Internet that has been compromised by a cracker, a computer virus, or a trojan horse. Generally a compromised machine is only one of many in a "botnet", and will be used to perform malicious tasks of one sort or another, under remote direction. Most owners of zombie computers would be unaware that their system was being used in this way. Source: Wikipedia – The Free Encyclopedia, “Zombie Computers,” January 2006. The website ordb.org accumulates lists of computers that send out spam. ORDB stands for open relay data base. Go to the website and select “test an open relay”. Enter your computer’s ip address. You can find your computer’s ip address by browsing to Network Neighborhood/Properties. © 2006 Consumer Jungle

42 Zombie Computers & Spam
Used to send spam 50% to 80% of all spam worldwide is now sent by zombie computers. Allows spammers to: Avoid detection Have zombie computers pay for their bandwidth. Zombies have been used extensively to send spam; between 50% to 80% of all spam worldwide is now sent by zombie computers. This allows spammers to avoid detection of the source of spam, and presumably reduces their bandwidth costs, since the owners of zombies pay for their computers' use of bandwidth. Source: Wikipedia – The Free Encyclopedia, “Zombie Computers,” January 2006. © 2006 Consumer Jungle

43 Suspicion = Prevention
Best prevention is awareness Be suspicious of everything to avoid: Spam Viruses Spyware Phishing Pharming Trojans Worms Backdoors © 2006 Consumer Jungle

Download ppt "Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers © 2006 Consumer Jungle."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Threats To A Computer Network

Threats To A Computer Network
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
© 2006 Consumer Jungle Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers.

© 2006 Consumer Jungle Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber Crimes.

Cyber Crimes.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Hacker Zombie Computer Reflectors Target.

Hacker Zombie Computer Reflectors Target.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.

IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.

Similar presentations

Ads by Google