Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Yourself On-line Carol Taylor Skye Hagen Assistant Professor Asst Director Computer Science Office of Information EWU Technology, EWU 1QSI Conference.

Published byJody Melina Greene Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting Yourself On-line Carol Taylor Skye Hagen Assistant Professor Asst Director Computer Science Office of Information EWU Technology, EWU 1QSI Conference."— Presentation transcript:

1 Protecting Yourself On-line Carol Taylor Skye Hagen Assistant Professor Asst Director Computer Science Office of Information EWU Technology, EWU 1QSI Conference August 26-27, 2008

2 2 Overview Security User Responses Motivation Drive-by Downloads Defining the problem Examples Recommendations

3 User Survey How many people use Anti-virus? Do you keep it up to date? How many people use Spyware programs? Do you use firewall programs? Windows Firewall, Comodo Firewall Pro (others) Do you back up the data on your computer? QSI Conference August 26-27, 20083

4 4 Motivation Why should you be concerned with Web security? I only shop at legitimate sites, I don’t ever visit sites with questionable content Is that enough to keep you safe? That’s not enough to keep you safe in the current Web environment Surfing regular e-commerce sites can infect your computer

5 QSI Conference August 26-27, 20085 Motivation Statistics show that Web security is getting worse ScanSafe reported a 220 % increase in the amount of Web-based malware over the period between 2007-2008 The volume of backdoor and password- stealing malware blocked by the firm increased by an order of magnitude 855 % between May 2007 to May 2008

6 QSI Conference August 26-27, 20086 Motivation A website infected with malware is detected every five seconds (2008) That represents a dramatic increase over the last 12 months Websites poisoned with malware capable of infecting visitors' machines are being discovered at a rate of 16,173 per day Three times faster than in 2007 http://www.reuters.com/article/pressRelease/idUS120735+23-Jul- 2008+BW20080723

7 More Motivation Antivirus firm Sophos found that more than 90 % of web pages capable of spreading Trojan horses and spyware are legitimate websites Recent infected websites include those of ITV, Sony PlayStation, golf page on the BBC site, and a variety of other commercial Blogspot.com, the blog publishing system owned by Google, was found to be hosting two per cent of the world's web-based malware in June 2008 QSI Conference August 26-27, 20087

8 Motivation Summary The threats are real!!!! The Internet is an amazing collection of Entertainment, knowledge, social opportunities and goods but … The Internet is also a mirror for society Crime, fraud, personal safety and privacy threats are real, just like in the real world The main difference is that the threats are hidden, risk is not obvious You must protect yourself from these real dangers QSI Conference August 26-27, 20088

9 Drive-by Downloads This attack takes advantage of known vulnerabilities in browsers and operating systems In a drive by an unsuspecting user (you) downloads and installs software without ever knowing it while they surf the web Can happen when you agree to install browser plugins, run a Java Applet, or Java Script or launch Active-X applications However it can also happen without you doing anything There are Web pages modified with code that redirects visitors to another site infected with malware that can break into your PC, without you even realizing it QSI Conference August 26-27, 20089

10 Definitions Active X Control or Active X: A program, developed which can be embedded in a web page or downloaded from a web page and executed from within the browser itself. A browser must support ActiveX controls for this to work Javascript: A scripting language, based on both Java and C++, used to create code that is commonly embedded into HTML on web pages for enhanced functionality For instance validation of user typed input on a form 10

11 Definitions Java Applet: An applet is a small program, usually embedded in a web page, which can perform a number of duties such as playing audio or video clips and querying a database. These programs are normally written in Java QSI Conference August 26-27, 200811

12 Drive-by Downloads Unsuspecting users are victimized by simply doing what they do hundreds of times each day Visiting a Web page Then, while you browse content normally, A computer virus or Trojan horse program is silently installed QSI Conference August 26-27, 200812

13 Drive-by Downloads Drive-by downloads are not new, but criminals have seized on the tactic lately because their success rate with traditional e-mail viruses has tapered off Avoiding e-mail viruses is not always easy, but more likely as long as you follow clear rules like "don't click on any attachments" But drive-by downloads are much more sinister No user interaction is generally required beyond opening an infected site in a Web browser QSI Conference August 26-27, 200813

14 Scope of the Problem http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html Google crawled billions of Web pages and found … More than 3,000,000 unique URLs on over 180,000 web sites automatically installing malware 14 Graph is % of daily Google queries that contain at least one harmful site in 2007 QSI Conference August 26-27, 2008

15 Drive-by Downloads How Web Sites get infected One injection technique, gain access to the Web Server that hosts the site Attacker injects new content to the compromised website Typically, injected content is a link that redirects visitors of these websites to a URL that hosts a script crafted to exploit the browser To avoid visual detection by website owners, attackers use invisible HTML components e.g., zero pixel IFRAMEs hide injected content 15QSI Conference August 26-27, 2008

16 Example of Web Server Compromise – “Italian Job” 2007- Online criminals launched a Web attack that compromised thousands of legitimate Web sites Infected Web sites contain HTML "iFrame" code that redirects victim's browser to server that attempts to infect victim's computer Internet Explorer, Firefox, and Opera are vulnerable Keyloggers and Trojan downloader program found on compromised PCs so attackers can monitor victim's activity and run other unauthorized programs on the computer “They can turn your computer into anything they want” http://www.networkworld.com/news/2007/061907-italian-job-web-attack.html 16

17 Example of Web Server Compromise – iFrame Example Following code is injected into web pages Size of the in-line frame is 1 pixel by 1 pixel, so it is not visible to the visitor of the site unless the person looks at the source code: Above server, remote.example.com index.html file contained JavaScript code that attempted to exploit a recent Internet Explorer vulnerability to download, install, and run a malicious executable on the website visitor's computer Executable was recognized by about half of anti-virus tools as a spyware trojan 17

18 Steps for Drive-by Download 18 Browser gets redirected by hidden link, remote.example.com Downloads and executes hidden malware, from index.html http://research.google.com/archive/provos-2008a.pdf QSI Conference August 26-27, 2008

19 Drive-by Downloads How Web Sites get infected Another common injection technique Use websites that allow users to contribute their own content Postings to forums or blogs User contributed content may be restricted to text but often can also contain HTML such as links to images or other external content Adversary can simply inject the exploit URL without the need to compromise the web server QSI Conference August 26-27, 200819

20 Example of User Contributed Content Compromise - Blog WordPress is the most popular software for blogs Should use the the current installation of WordPress (WP) Version 2.5.1 There is an increasing number of blogs, all with version WP 2.3 and earlier Getting “hit” by the well known iFrame exploit that infects website visitors with a trojan download Advice from Marc Liron – Sitebuilder pro QSI Conference August 26-27, 200820

21 Example of User Contributed Content Compromise - Blog Author, Marc Liron had trouble loading a site from well known Internet Marketer, Stu McLaren So, he attempted to access Stu’s blog (June 2008) http://myideaguy.com/blog/ (DO NOT GO THERE) A few moments after visiting the section: http://myideaguy.com/blog/category/products/ (DO NOT GO THERE) His installation of Kaspersky Security Suite ALERTED that a TROJAN infection trying to infect his computer!!! The culprit was: Trojan-Downloader.HTML.Agent.is http://www.marcliron.co.uk/sitebuilditreview/ stu-mclarens-blog-gets-infected-by-hackers 21

22 Google Flags Malicious Sites Site has repeated problems http://www.wowstatus.net/ World of Warcraft site Google flagged it as hosting malicious content http://www.google.com/interstitial?url=http://www.wowstatus.net/ One way sites are being flagged to alert you However not all sites are flagged …. QSI Conference August 26-27, 200822

23 Signs You are Infected Spyware alerts after you have visited a site See a program pop up that you never loaded Asks you to do something (don’t do it!) Web browser’s home page changed Browser has new book marks Pop-up window advertisements Unusual files on your computer QSI Conference August 26-27, 200823

24 How to Protect Yourself QSI Conference August 26-27, 200824

25 User Behavior If you think you have been infected, Don’t say yes to anything Close pop-up windows that appear You get an offer to help you clean up your computer, remove spyware As one researcher put it “I rob you, then I run back and offer to help identify the culprit that did it” Not too helpful … QSI Conference August 26-27, 200825

26 Example Problem Pop-UP QSI Conference August 26-27, 200826 If you click "Yes," spyware is installed. Note the presence of a security certificate is no guarantee that something is not spyware.

27 Protection from Drive-by Downloads Keep Operating system patched and up to date Turn on automatic updates for OS Windows XP Settings, Choose Control Panel then System Open the System Tool Turn on Automatic Updates QSI Conference August 26-27, 200827

28 Protection from Drive-by Downloads Use the latest browser, Firefox, IE Explorer, Opera Keep browsers patched and up to date Turn on automated updates for Browser Firefox, current version, 2.0.0.16 and automatic update is enabled by default But to see the option type, Go to tools > Options > Advanced > Update IE Explorer is up to version 7 Was an automatic update by MS Use this latest version!!! Has phishing protection built in 28

29 Protection from Drive-by Downloads Install several programs for removing spyware and viruses – These are free!!! Adaware SE http://lavasoft.com/single/trialpay.php Spybot Search and Destroy http://www.safer-networking.org/en/index.html AVG – virus program http://free.avg.com/ Avira AntiVir – Another Virus program http://www.free-av.com/ http://www.viewpoints.com/Avira-AntiVir-Personal-Edition- Classic-review-5ed20 29

30 Protection from Drive-by Downloads Harden your Web browser Medium security is not good enough Set it to higher Disable active scripting or have it prompt you If have problems, add sites to an accepted list QSI Conference August 26-27, 200830 FirefoxIE7 Open the “Tools” menu Select “Options” Click “Content”. Click the check box to the left of “Disable JavaScript” so that a tick appears. Open the “Tools” menu. Select “Internet Options…”, Click the “Security” tab. Click the “Internet” symbol (a globe) Click the “Custom Level…” In the Settings list, scroll down to “Scripting”. Under Active Scripting, click “Disable”

31 Protection from Drive-by Downloads Another way to protect yourself is by virtualizing your Web session Using ZoneAlarm’s ForceField The virtualization technology in ForceField forms a "bubble of security" around the Web browser so that all unknown or unwanted changes from drive-by downloads, are made to a virtualized file system Disappear completely once the user is finished surfing ForceField's virtualization claims to offer additional security by protecting the browser session from any malware that might be on the PC http://www.zonealarm.com/store/content/catalog/products/zonealarm_forcefield.jsp 31

32 More protection using a free browser toolbar Haute Secure A company started by Microsoft employees Produce a free toolbar supposed to protect you from bad web sites Seems to be a good product Can try it and report back http://hautesecure.com/solutions.aspx QSI Conference August 26-27, 200832

33 Summary Internet is a scary place Great place to hang out but … Dangerous too Ignore Security? Sure …. Result is your computer can be used for spam or to commit crime Your sensitive data can be compromised You will be a victim of theft Your computer may be unusable Pay some attention, get or buy security software … Security is a process!!! 33

34 Resources EWU Security Awareness Site http://www.ewu.edu/securityawareness SANS Reading Room – lots of technical papers http://www.sans.org/reading_room/ Drive-by Download Video http://video.google.com/videoplay?docid=- 3351512772400238297&ei=IPK0SLreOZTcqgOWjum9DA&q=Driv e+by+download+%2B+watchgaurd&hl=en StopBadware.org – search for bad websites http://www.stopbadware.org/home/clearinghouse Re-installing Windows XP – last resort http://www.pcworld.com/article/129977/ how_to_reinstall_windows_xp.html 34

35 35 This presentation can be found at http://www.ewu.edu/securityawareness My email: ctaylor4214@comcast.net Questions

Download ppt "Protecting Yourself On-line Carol Taylor Skye Hagen Assistant Professor Asst Director Computer Science Office of Information EWU Technology, EWU 1QSI Conference."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
SPYWARE Presented by The State Security Office November 17, 2004.

SPYWARE Presented by The State Security Office November 17, 2004.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.

How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.

What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Spring 2008 www.umsl.edu/~iclabs. Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.

Spring Definitions  Virus  A virus is a piece of computer code that attaches itself to a program or file so it can spread.
Security. Physical security Protection from fire/water Protection from dust and extremes of temperature.

Security. Physical security Protection from fire/water Protection from dust and extremes of temperature.
Quiz Review.

Quiz Review.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.

Similar presentations

Ads by Google