Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spyware & Phishing Enrique Escribano

Published byOphelia Johnson Modified over 9 years ago

Similar presentations

Presentation on theme: "Spyware & Phishing Enrique Escribano"— Presentation transcript:

1 Spyware & Phishing Enrique Escribano eescriba@hawk.iit.edu

2 Nowadays Millions of people use Internet nowadays, so we must be aware of the different risks users are exposed to. There are many ways of cyber attacks:  - new techniques are continuously released: smart attackers and smart tools  - intense fight between cyber-security vendors and cyber criminals: long race updating and discovering new tools to mitigate contemporaneous attacks.  - difficult to prevent, remove and defend against malware. Viruses, trojan horses, worms…

3 Spyware

4 What is Spyware? “Software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.” Wikipedia: http://en.wikipedia.org/wiki/Spyware

5 History The first recorded use of the term spyware occurred on 16 October 1995, denoting espionage issues. In 2005, AOL and National Cyber-Security Alliance stated that 61% of the computers in their experiment were infected with spyware. 92% of the total number of users surveyed claimed they did not know of the presence of the spyware. In 2006, spyware became one of the principal security threats for all the systems running Microsoft Windows OS and using Internet Explorer

6 How Spyware works Symptons:  Unwanted behavior and degradation of system performance  Undesired CPU and disk activity  Applications freezing  Slower network traffic Main target: victim’s web browser  Installing undesired plugins or toolbars  Redirecting user’s traffic  Changing web browser’s configuration: home URL, search engine…

7 Example: Keylogger - Keyloggers are usually hidden in downloaded content from the web or manually install by the admin of the system. -They capture every keyboard keystroke that the victim is typing in his computer. -Some keyloggers are also able to secretly take screenshots of the victim’s system. -Actually, it is very easy to find this type of malware on the web: free or commercialized.

8 Types of Spyware AdWare (render advertisements in order to generate revenue for its author) Keyloggers Trojan downloaders (install additional software) Browser hijackers (modify web browsers’ configurations and redirect traffic) Dialers (use victim’s modem to make calls)

9 Spyware Infection Different from viruses and worms. Secretly Installation:  Without victim’s authorization  Without victim’s knowledge 2 ways:  Trojan horse (hidden in desired benign downloaded content)  Exploiting some security bug of the web browser: attacker infects the victim, redirect traffic to a controlled website and monitor his movements

10 Spyware on the web (1/2) Interesting research: “Alexander Moshchuk, Tanya Bragin, Steven D. Gribble, and Henry M. Levy A Crawler-based Study of Spyware on the Web Proceedings of NDSS'2006”.A Crawler-based Study of Spyware on the Web Abstract: study the Spyware risk on the web. Steps:  1) crawl thousands of random websites  2) find executable files in the sites  3) downloading exec files and installing them on VM, prepared with Spyware managing tools (AD-Aware SE, limitations)

11 Spyware on the web (2/2) Some interesting results 13% of the exec files were infected with Spyware Spyware programs rare are diverse:  Over 80 different types of Spyware were found  Only about 15 spywares were installed in more than 20 files (over more than 2000 exec files)  Most of the computers were infected by more than one spyware Conclusion: wide variety of this kind of malware, which complicates its extinction

12 Spyware Prevention & Detection Costly problem: it sometimes can only be repaired by reinstalling the whole OS Prevent or block these attacks  Scanning all incoming data  Anti-spyware programs (needed to be constantly updated) How? Inspecting the performance of the OS and installed applications, and remove everything which is considered a threat But, how do we make sure it is a real spyware threat? …

13 Is it a threat? First approach: the system may have a database of threats installed. This requires to oftenly update the database to detect newer versions of spyware. Costly. Second approach: presented in the reseacrh project of the Tech. Univ. of Vienna: “Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, and Richard A. Kemmerer, Behavior-based Spyware Detection, Proceedings of USENIX Security'2006”.Behavior-based Spyware Detection

14 Second approach Focused on Browser Helper Object (BHO) and toolbar sypware programs on Internet Explorer. Main point: because of the tight interaction between Internet Explorer and Microsoft Windows OS. Exploiting BHO calls to IE’s interfaces to interact with the OS. Gaining access to restricted parts of the OS.

15 How to detect the threat? When simultaneously:  Victim’s behavior is being monitored  AND  Windows API calls that can potentially leak information are anomally invoked When both, they state that it is a Spyware attack

16 Security practices Avoid Internet Explorer, although no web browser is completely safe Install firewalls and proxies to block access to some sites categorized as possible threats Avoid file-sharing applications In the first research commented before, it is stated that some web categories are more dangerous than others: “GAMES” (1 out of 5 files were infected), “CELEBRITIES” (1 out of 7). Signatured-based tools (scanning) and Blacklisting (firewalls).

17 BHO or Toolbar Spyware Infection on IE

18 Phishing

19 What is phishing? “The attempt to acquire sensitive information such as usernames, passwords, and credit card details by masqueradingas a trustworthy entity in an electronic communication.” http://en.wikipedia.org/wiki/Phishing

20 Functionality Based on emails (or instant messages) which may contain links or URLs to websites that are designed and infected with malware. These emails often direct victims to login at a fake website which is identical to the legitimate one. Attackers usually use social networks like Facebook, Twitter or Google Apps to attack people. It is used to simulate the site the user often visits without letting the victim notice that is faked. Once the victim enters his personal information (unaware that it is not the legitimate site) the attacker have full control over this information: passwords, pin numbers, credit card information…

21 Potential of phishing attacks 2004-2005: 1.2 million users in the US lost approximately $929 million. In general, US businesses lose S2 billion per year due to their clients being phishing victims. According to a Microsoft Safer Index Report released in February 2014, the annual worldwide impact of phishing could be as high as $5 billion.

22 How Phishing works

23 Targets or potential victims Most common targeted users are those people who use banks and online payment services. Once interecepted their security credentials, phishers get control over the access of their credit card managing systems. Social networking sites:  used by millions of people  Many personal details and information posted in social networks that can be exploited by phishers

24 Why does phishing work? It seems it can be easily prevented and detected. However the research project by Harvard and Berkeley students showed this assumption is not correct. “Rachna Dhamija, J. D. Tygar and Marti Hearst, Why Phishing Works, Proceedings of ACM CHI'2006”.Why Phishing Works Basically, 22 users carried out the experiment of being phished and the results are interesting.

25 Phishing research A very good designed phishing website can deceive over 90% of its visitors Existing anti-phishing browsing cues are ineffective: 23% of participants did not look at the address bar, status bar, or other security indicators. Pop-ups warnings are not usually taken into account. No social differences: results may not vary depending on age, sex, etc They established 3 different categories to phish

26 Lack of computer system knowledge Many users lack the knowledge needed to understand how operating systems, emails, web applications… work. This vulnerability, very common among internet users, is exploited by phishing attackers For example: changing url domains  http://www.facebook.com http://www.facebook.com  http://www.secure-facebook.com http://www.secure-facebook.com

27 Visual deception Phishers mimic text, images and web browsers’ windows to deceive users For example:  http://www.paypal.com http://www.paypal.com  http://www.paypa1.com http://www.paypa1.com  Windows underlying other windows. Users do not notice they are clicking on the fake window and are being redirected to a phishing website.

28 Bounded attention Users must be aware of the presence of security indicators. For example: the SSL padlock icon Also, user must be aware of the ABSENCE of security indicators too

29 Techniques (1/2) Spear phishing:  Attackers may collect personal information about their specific target to increase their probability of success when attacking.  91% of phishing attacks use this techniques, and it is clearly the most widely used by phishers. Clone phishing:  The content of a legitimate and previously delivered email is identically cloned except that the attachment in the email of the redirection link is replaced with a malicious destination.  It appears to be sent by the original legitimate sender, it can seem it is a forwarding email or an updated version to the original email.

30 Techniques (2/2) Whaling:  Attacks that have been directed specifically at senior executives and other high profile targets within businesses  As a curiousity, the term derives from casinos in Las Vegas, where big spenders (whales) get special personal treatment. Man in the Middle (MITM):  Gaining access to the WiFi Router, attacker can monitor all the WiFi’s users’ traffic Link manipulation:  like examples previously shown Website forgery:  using JavaScript commands in order to alter the address bar to hide the fake link the victim has been redirected to

31 Detection & Prevention Dealing with phishing attacks is not an easy task. The human factor is crucial But there are some existing tools designed to enforce security and help users to avoid phishing attacks. Add-ons or plugins that can be installed on web browsers:  they add a toolbar or a special box into the web browser’s window in which they will show information about the websites the user is visiting.

32 Examples of anti-phishing tools of IE

33 Effectiveness of anti-phishing tools (1/3) Taking into account the results of the research of the Carnegie Mellon Institute: “Yue Zhang, Serge Egelman, Lorrie Cranor, and Jason Hong, Phinding Phish: Evaluating Anti-Phishing Tools Proceedings of NDSS'2007”.Phinding Phish: Evaluating Anti-Phishing Tools We have previously commented dealing with phishing attacks is a hard task. Let’s see:

34 Effectiveness of anti-phishing tools (2/3)

35 Effectiveness of anti-phishing tools (3/3) Average percentage of success is around 50%, which means that one every two malicious pages is not detected by anti-phishing programs. SpoofGuard program seems to work really well, averaging a 97% of success. However, SpoofGuard also incorrectly identified 42% of legitimate URLs as phish. Reassuring the idea of how difficult is dealing with phishing techniques, not only because the human factor involved, but also the smart abilities of hackers to mimic and deceive users and anti-phsihing tools

36 Conclusion Spyware and phishing techniques: very dangerous for internet users’ privacy We all must be aware of the risks we are exposed to when navigating on the web, and must take the needed countermeasures to prevent and defend against these attacks:  Increasing our attention  Following security principles and avoiding unnecessary risks  Installing defensive software to increase security

37 Questions

Download ppt "Spyware & Phishing Enrique Escribano"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Threats To A Computer Network

Threats To A Computer Network
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Quiz Review.

Quiz Review.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Similar presentations

Ads by Google