© 2006 Consumer Jungle Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers

© 2006 Consumer Jungle

Malware: Spam, Viruses, Spyware,

Phishing, Pharming, Trojans, Worms, Backdoors, and

Zombie Computers


Estimating the Threat of Malware

• 1-in-3 chance of suffering:– computer damage– financial loss

• Viruses & Spyware– $2.6 Billion to Protect yet $9 Billion to Replace


Spam


What is Spam?

• An e-mail that is:– Unsolicited– Advertising something

• Similar to:– Junk mail delivered in

the mail– Telemarketing calls on

the phone


CAN SPAM Act of 2003• Acronym stands for:

– Controlling the Assault of Non-Solicited Pornography And Marketing

• Allows spam as long as it contains:

– an opt-out mechanism– a valid subject line and header

(routing) information– the legitimate physical address of

the mailer– a label if the content is for adults

only • Regulated by the FTC, but has

made little impact to curb Spam.


Virus


What is a Virus?

• A program that can replicate itself and spreads itself by means of a transferable host.

• How a virus spreads:– Removable Medium– Network Connection


Why is it Called a Virus?

• Similar to a biological virus that spreads itself into living cells.– Insertion of a virus is

called an infection– Infected file is called a

host.


Virus Tricks: What to Look For


The Infected Document

• Subject line includes the name of the sender– Probably someone you know

• Message tempts you to open attachment• Attachment is a legitimate Word file that is infected with

a macro


The Misleading File Name

• Look at the attachment's name "LOVE-LETTER-FOR-YOU.TXT.vbs

– Looks like a harmless text (TXT) file, but it is a vbs file with a windows script

– The suffix (.vbs) might be completely hidden – appearing to be a type of file you’d willingly open i.e. JPEG, MP3,or PDF.


The Offer You Can’t Refuse

• Gives a compelling message – get rid of a computer virus

• Doesn’t disguise that the attachment is a program• The program is a worm that sends itself to e-mail

addresses it finds on your computer


The Fake Web Link

• Subject and message suggest that opening attachment will take you to a web page containing party photos.

• Attachments name resembles a web address– Actually a program that sends itself to people in your address book

• Designed to tie up your e-mail; can also be designed to destroy data


Spyware


What is Spyware?

• Malicious software that– Subverts the computer’s

operation for the benefit of a third party

• Designed to exploit infected computers for commercial gain via:– Unsolicited pop-up

advertisements– Theft of personal

information– Monitoring of web-

browsing for marketing purposes

– Re-routing of http requests to advertising sites


Example of Spyware

• According to an October 2004 study by America Online and the National Cyber-Security Alliance:

– 80% of surveyed users had some form of spyware on their computer.


Phishing


What is Phishing?• An attempt to fraudulently acquire

confidential information, such as:– passwords– credit card details

• By masquerading as a trustworthy:

– Business– Financial Institution– Government Agency– Internet Service Provider– Online Payment Service– Person

• In an apparently official electronic communication, such as:

– an email– an instant message.


Why is it called Phishing?

• Hackers coined the phrase– “Fish” for accounts– Ph is a common

hacker replacement for the letter “f”.


How does Phishing Work?

• E-mail contains a link to a “look alike” website.

• Website asks the consumer to :– Confirm – Re-enter– Validate (or)– Verify

Their personal info, i.e.– Social Security Number– Bank Account Number– Credit Card Number– Password


PayPal Phishing

• Look for spelling mistakes:– Choise– Temporaly

• Presence of an IP address in the link visible under the yellow box ("Click here to verify your account")


Phishing for eBay Customers

• Phishing e-mails from eBay’s online payment company PayPal is very popular.

• However, eBay no longer sends out e-mails.– They created an online e-

mail account for customers to receive e-mails after they’ve logged into the secure website.


Advanced Phishing Techniques

• Instead of sending an e-mails persuading consumers to visit websites, the e-mail deploys a key-logging Trojan.

• As soon as the user visits their bank’s website all the typed keys are logged and sent back to the hacker with the account number, passwords, and other critical data.


How to Avoid Phishing

• Be skeptical• Ignore the “dire

consequences” warning.• Don’t reply• Don’t click on the link

– Contact the company directly via a:

• Legitimate 1-800 telephone number

• Website

• Look at the “address bar”– Often a different domain

name


More Tips on Avoiding Phishing

• Don’t e-mail personal or financial information.

• Open a new browser and look for secure indicators:– Secure lock– https: (s stands for

secure)


What to do with Phishing E-mails

• Forward to [email protected] and cc the group that the e-mail impersonates.

• Mark as “Junk Mail” in your Spam Software

• Delete immediately

• File a complaint with the Federal Trade Commission (FTC)– www.ftc.gov– 1-877-FTC-HELP

(1-877-382-4357)


Pharming


What is Pharming?

• Exploitation of a vulnerability in the hosts’ file or DNS server software that allows a hacker to: – Acquire the domain name

for a site– Redirect that website’s

traffic to another website

• For gaining access to usernames, passwords, etc.


Pharming Techniques

• The criminal uses a virus or Trojan to modify a user’s ‘Hosts’ file.– OR

• The criminal sends out a spam for www.phishsite.com, and the message links to an illegitimate site.– AND

• When the user opens the browser and enters the website address, they get sent to the phishing site instead.


Trojans


What is a Trojan?

• A malicious program that is disguised as a legitimate program.

• Usually has a useful function that camouflages undesired functions.

• Can not replicate or spread itself.


Why is it Called a Trojan?

• Derived from myth.– Greeks left large wooden

horse outside the city of Troy.– Trojans thought it was a gift

and moved the horse inside the city wall.

– The horse was hollow and filled with Greek soldiers.

– Greek soldiers opened the city gates at night for the remaining army to attack.

• Application: Greeks gained malicious access to the city of Troy just like a Trojan program gains malicious access to your computer.


Example of a Trojan

• Program posted on a website:– Called FREEMP3.EXE– Promise “free mp3

files”

• Instead, when run:– Erases all the files on

your computer– Displays a taunting

message


What Can a Trojan Do?

• Erase or overwrite data on a computer • Corrupt files in a subtle way • Spread other malware, such as viruses. In this case the Trojan horse is called a

'dropper'. • Set up networks of zombie computers in order to launch “Denial of Service” attacks or

send out spam.• Spy on the user of a computer and covertly reports data like browsing habits to other

people.• Log keystrokes to steal information such as passwords and credit card numbers.• Phish for bank or other account details.• Install a backdoor on a computer system.


Where Do Trojans Come From?

• Infected Programs

• Websites

• Email

• Direct Connection to the Internet


Worms


What is a Worm?

• Computer program– self-replicating– self-contained

• Designed to exploit the file transmission capabilities on your computer


Why is it Called a Worm?

• Word taken from a 1970’s science fiction novel:– The Shockwave Rider

• By John Brunner

• Researchers found that their self-replicating program was similar to the worm program described in the book.


What Can a Worm Do?

• Delete files on a host system

• Send documents via e-mail

• Create excessive network traffic

• Install a backdoor


What is a Backdoor?

• Method of remaining hidden on a computer while:– bypassing normal authentication– Securing remote access to a computer

• Can be installed by a worm


What is a Zombie Computer?

• Computer attached to the internet that:– Is under remote

direction of an illegitimate user

• Check your computer– www.ordb.org


Zombie Computers & Spam

• Used to send e-mail spam– 50% to 80% of all spam worldwide is now sent by zombie

computers.

• Allows spammers to:– Avoid detection– Have zombie computers pay for their bandwidth.


Suspicion = Prevention

• Best prevention is awareness

• Be suspicious of everything to avoid:– Spam– Viruses– Spyware– Phishing– Pharming– Trojans– Worms– Backdoors

Documents

© 2006 Consumer Jungle Malware: Spam, Viruses, Spyware, Phishing, Pharming, Trojans, Worms, Backdoors, and Zombie Computers