Post on 31-Dec-2015
description
Phishing, Pharming, and the latest potholes on the Information Highway
A Presentation by Ian Loe, CISSP
04/19/23 COM125: Intro to Internet 2
Agenda
Malware Latest potholes on the Information Highway
Spyware Phishing Pharming
Security industry approach to emerging Malware
Security Recommendations Q & A
04/19/23 COM125: Intro to Internet 3
Malware
Short for malicious software
Any software designed
specifically
to damage or disrupt a system
04/19/23 COM125: Intro to Internet 4
Traditional Types of Malware
Virus Attaches itself to a program or file and reproduces itself Cannot be spread without a human action
Worm Spreads without human intervention
Could send out thousands of copies of itself Tunnels into a system to control it remotely
Trojan Horse Appears to be useful software/files from a legit source Could delete files and destroy information on a system Creates a back door for malicious access spread Do not reproduce by infecting files nor self-replicate
04/19/23 COM125: Intro to Internet 5
Phishing and Pharming
belong to the family of Spyware
Along with many others:
Adware
Key loggers
Dialers
Downloaders
Back doors
Latest Types of Malware
04/19/23 COM125: Intro to Internet 6
What is Spyware?
Any software that covertly gathers information on user activities
through the user's Internet connection without his or her knowledge
and ships it off to an unknown third-party server
over the Internet
04/19/23 COM125: Intro to Internet 7
What is Adware?
Adware is Commercial Spyware
Developed by commercial
advertising companies
who claim “not malicious intent
Usually created for
advertising/marketing purposes
04/19/23 COM125: Intro to Internet 8
How does Spyware work?
Independent executable able to: Deliver unsolicited advertising – pop-up ads Monitor keystrokes Scan files on the hard drive Snoop other apps (e.g. chat, word processors) Install other Spyware programs Read cookies Change the default home page on the browser
Consistently relays info back to source for: Advertising/marketing purposes Selling the information to another party
04/19/23 COM125: Intro to Internet 9
Spyware Concerns
Ethics and privacy Computer’s resources Internet connection bandwidth System crashes or general instability Licensing agreements for software downloads may not
always be read The notice of a Spyware installation is couched in hard-to-
read legal disclaimers Producers of Adware also produce Anti-Spyware tools – It
is a profitable industry
04/19/23 COM125: Intro to Internet 10
Getting Spyware is Easy
Drive-By Installations Social engineering Spoof certificates
Web Exploits Every MS Security Bulleting that “Could Allow Code
Execution” can be used to install Spyware Bundles
Users unwittingly install the product when they install something else – freeware/shareware> Kazaa > Games> Pirated Software > Screensavers> Smileys > Anti-Spyware programs
04/19/23 COM125: Intro to Internet 11
Malicious Spyware Types
Key-loggers Log keystrokes and send over the Internet It steals information including passwords
Dialers Cause a user’s modem to dial a 900 or 976
number
04/19/23 COM125: Intro to Internet 12
Malicious Spyware Types (cont…)
Back doors Provide hacker with complete control (e.g. Back orifice)
Downloaders Download and install Spyware, Adware, key loggers,
dialers, back doors, etc Most commonly installed using web exploits
Phishing & Pharming
04/19/23 COM125: Intro to Internet 13
What is Phishing?
The act
of sending a message to a user
falsely claiming to be an established
legitimate enterprise in an attempt to
scam the user into surrendering
private information that will be used
for identity theft
04/19/23 COM125: Intro to Internet 14
Phishing Purpose
They will cast the bait and if you bite,
they can lure your personal information out of you
ID & Passwords
Credit Card Information
NRIC / Passport Information
Bank Account Numbers
04/19/23 COM125: Intro to Internet 15
Bogus Websites
to which victims are redirected without their knowledge or consent,
look the same as a genuine website
But information like
login name and passwordis captured by
criminals
04/19/23 COM125: Intro to Internet 16
Example of a Phishing email
04/19/23 COM125: Intro to Internet 17
Anti-Phishing Groups
04/19/23 COM125: Intro to Internet 18
Pharming Out-Scams Phishing
First came Phishing, in which con artists hooked unwary
internet users one by one into compromising their personal data
Pharmers can scoop up many victims
in a single pass
04/19/23 COM125: Intro to Internet 19
What is Pharming?
New use for a relatively old concept: domain spoofing
Pharmers simply redirect as many users as
possible from legitimate commercial websites
to malicious ones
04/19/23 COM125: Intro to Internet 20
Pharming most alarming threatDNS poisoning
Large group of users to be silently shuttled to a bogus website even when typing in the correct URL
You no longer have to click
a URL link
to hand over your information to
identity thieves
04/19/23 COM125: Intro to Internet 21
Certificate Mismatch
04/19/23 COM125: Intro to Internet 22
Technical Challenges
New and evolving technology
Quickly adopts all latest techniques from Viruses, Worms and Trojans
Attracts the best & brightest hackers
Application level threat – existing enterprise defenses lack granularity
04/19/23 COM125: Intro to Internet 23
Latest News – Feb 12, 2007
04/19/23 COM125: Intro to Internet 24
Spyware Market Place
Many providers have started to offer products
Market still resembles the wild west and the early days of the Internet
Standards and Commercial winners-&-losers have yet to emerge
04/19/23 COM125: Intro to Internet 25
Enterprise Solutions Emerging
Spyware specific desktop tools Desktop agent with no centralized management Use of signatures
Desktop Antivirus Detecting a small subset of known Spyware Use of signatures
URL Filtering Gateway solution Blocks known Spyware sources – change often
Proxy Appliance Stop drive-by installation URL filtering and use of signatures
04/19/23 COM125: Intro to Internet 26
Industry Approach - Phishing
Based on social engineering – Self defense relies on common sense of the user
The automated detection of new Phishing fraud is very difficult
Only an extensive forensic analysis by law enforcement can prove the evidence of Phishing
Try to mitigate by URL blocking of known URLs of Phishing websites Spam blocking of emails of Phishing scams that are sent en
mass
04/19/23 COM125: Intro to Internet 27
Industry Approach - Pharming
Browsers that could authenticate website identity. (CardSpace, OpenID)
Browser toolbars displaying the true physical location of a website's host (e.g. Russia)
Some financial institutions are experimenting with "multi-factor authentication" logins, including: single-use passwords (e.g. tokens) automatic telephone call-backs
04/19/23 COM125: Intro to Internet 28
Security Recommendations
Do not open e-mail attachments unless you know the source and are expecting the attachment
Do not reply to the e-mail from an unknown source Do not click on entrusted hyperlinks to the Internet Do not download unapproved software from the
Internet Do not respond or visit the website indicated by an
instant message or e-mail Do not give out personal information over the Internet Before revealing any identifying information, ask how it
will be used and secured.
04/19/23 COM125: Intro to Internet 29
Questions?
Thank You!
Ian Loe, CISSPSenior IT Architect, Asia/Pacific, EIS SOA Advanced TechnologiesIBM Software GroupEmail: ianl@sg.ibm.com