Spyware

Spam

Phishing

Your Computer could be watching

your every move

Spyware – What is it?

Also called adware, any software that covertly

gathers user information through the user's Internet

connection without his or her knowledge, usually for advertising purposes

Many flavors of Spyware!

Malware Hijacker

Dialer Trojan Horse

Malware

Modifies your PC’s settings and performs undesirable

tasks without your knowledge or

permission!!!!!!!

Hijacker

Takes you to Websites that you don’t want

to go to!

Dialer

Dials a service, most likely porn sites, and bills

you!

Trojan Horse

Internet Downloads that are activated from

programs you run - they can take control over your

PC!

Spyware runs in the background behind the scenes, where you can

not see it!

Spyware Symptoms

•Delivers Pop-Up Adds to your PC on a regular basis

•Sends you customized spam to your e-mail address

•Slows down your Computer sometimes to a crawl

•Crashes your Computer and/or causes major damage

•Changes the Home page of your Internet Browser

Today’s Top SpywareGator Bonzai Buddy

CoolWeb Toolbar N-Case

My Search Toolbar Jupiter

N-Case Double Click

E-Zula Alexa

Comet Cursor Hotbar

Statistics 40 Million people have Spyware on their PC’s

45 % of files downloaded through Kazaa contain malicious code

There are more than 25,000 spyware progams and more growing exponentially

The number of malicious code attacks used to steal sensitive information rose 50% in 2004

Free SoftwareHidden Costs

Productivity

Technician Fees

Identity Theft

How do you get Gator?

E-Wallet – Software

Date Time Precision Manager

Weatherbug

Driveby Spyware?Sometimes all you do is visit a

site and and spyware downloads to your PC automatically.

50% of all Free Software is bundled with spyware. “Data Mining“ companies pay a lot of $$ to the smaller developers to include spyware with their products . This offer is very enticing for small companies, it helps them survive.

Some people believe that Spyware has advantages, like delivering “wanted“

advertisements to you while you are surfing the net sort of like TV. Data analysis of

Spyware data (your personal information) is now a big

thriving enterprise. Examples are your Value

Cards from Ukrops!

Gator has 300 clients as of 2003, including four of the

top six automotive companies and businesses that sell everything from mortgages to diapers. It

sends an average of 100 ads per week per person to more

than 15 million people!

Have you ever noticed how some people have things attached to the bottom of their E-mails? One of these products is called Hotbar –

it can be very damaging and people are enticed by the cute little smiley faces

they can get for free!

Coolsavings and Free Coupon Offers Online

They install software on your PC and collect your

information and then they e-mail it back to other

companies.

Do you read a lot?

Most EULAs or End User License Agreements would take you the

rest of this evening to read! This is where they ask for permission to install their spyware, steal your

personal information and change settings in your PC and by checking

“OK” - you have given them permission to change your PC and

its settings.

Kazaa Popular File Swapping Program

The terms of service contract states: “Brilliant might tap the unused computing power and

storage space of your Computer”

Some Spyware can actually can turn your company into a node or a

“Bot” and run a peer to peer network which is controlled by another company. They can use

your PC to help them analyze and store other people’s data! Kazza

and AudioGalaxy are just a few that do this!

Will keep track of all your keystrokes and can record credit card information, passwords, addresses, etc.

Keyloggers

Summary of Effects• Collection of Data from your PC without your consent

• Execution of Malicious code without your knowledge

• Collects data pertaining to your habitual use and sells it to marketing companies

• Makes it impossible to remove their software by standard methods and sometimes not at all

• Performs other undesirable tasks on your PC such as using your PC as a go between between other PC’s and their servers

Damage your PC – How?• Control Panel will not open up or take 5-10 minutes to

open

• Internet Explorer can stop working or not access particular websites. Some even keep you from accessing Microsoft.com

• You change your Home Page and when you reboot it has changed back to an Adult Links Pornographic Site

• Why? Badly written programs often corrupt windows system files.

• Your computer will have too many processes running on it to be operational. In this case it is often necessary to wipe it clean and start new. This can range between $100 - $250 depending on where you take your PC to be fixed. Many simply buy a new PC thinking there PC is not working.

What can I do ?

Fortunately there is software out there that can aid you in :

1. Removing existing Spyware

2. Keep Spyware from Infecting your PC in the first place

What can I do ?

Be Cautious about what Sites you Visit

Search the Site before you Surf there

If you suspect spyware is downloading – unhook your Internet Connection

Always Turn off your PC at night

Be Careful of hitting the Red X!

Spyware Detection +

Removal Tools

Spybot – Search and Destroy

Adaware – Lavasoft

Spysweeper and Pest Control

Spam - Coming to an Inbox near you

!Spam – Unsolicited email that

you did not sign up for or want to receive. Technically it does

not include Email that you have “opted-in” for even if by

accident .

Who is sending Spam?

Hackers who make $

Students are paid $ to operate Spam servers.

Jobless people trying to make $ sending bulk emails

Why do they Spam?

- 5000 out of every million people respond to Spam

- They only need one out of 10,000 to break even

- 200 million messages can be delivered by one Spammer per day

- 100 million addresses can cost less than $100.00

Spam Facts• 30 billion $ is spent currently to fight Spam corporate wide

• 75% of all Email is Spam

• In one Month at VBMB we received 47,000 Known Spam E-mails

•1/3 of all Spam is sent from Home PC’s unwillingly

How do they get your address?

Software programs cost less than $50.00 can mine addresses from the Internet

Personal Information you gave to an untrusted site

You were infected with Spyware at one point

You volunteered personal information when someone went Phishing

Forwarding a joke containing yours and your friends address

Brute Force AttackSpammers use automated software that

looks for domains through out the internet such as VBMB.org

Next they use the software to generate dictionaries of every possible user name

That is why you see some spam that doesn’t have your name spelled correctly

Some internet worms collect personnel info also

If you are lucky your email addy is the only thing the worm took from you.

How to Protect yourself from

Spam For Home – buy a spam filter if your ISP doesn’t provide you with one

Watch where you buy things from online – research all companies

Don’t post your email address anywhere!

When buying things online – use another email account such as a Hotmail account – free from MSN

Never reply or buy something from a Spam Email

Protecting your PC

1000s of PCs have been infected by Viruses and Spyware that turn your PC into a Spam Relay Server!

Keep Spyware out by installing Spysweeper which can monitor your PC constantly against threats!

Keep your Virus Definitions List up to Date!

Spam Prevention Use common sense to detect the veracity behind an email message

If an email seems suspicious it probably is – check out Http:.//hoaxbusters.ciac.org

Never forward a chain letter of any type

Never click on a Image or URL on a Spam Email they use Embedded Images and can watch you do it

Never Reply to a Request to be removed from an Email List – this only verifies the Email address. There are some exceptions.

Going Phishing Anyone?

Phishing attacks use 'spoofed' e-mails and fraudulent websites and are designed to fool recipients into

divulging personal data such as credit card numbers, account usernames

and passwords, social security numbers, etc.

Phishing Report

First Phishing attacks started in 2002

From Nov 2003 – May 2004 # of attacks rose by 4000%

Phishers Catch between 5 and 20% of all Users

Subject: eBay Account VerificationDate: Fri, 20 Jun 2003 07:38:39 -0700From: "eBay" <accounts@ebay.com>Reply-To:

accounts@ebay.comTo: Dear eBay member, As part of our continuing commitment to protect your account and to

reduce the instance of fraud on our website, we are undertaking a period review of our member accounts.

You are requested to visit our site by following the link given below http://arribba.cgi3.ebay.com/aw-cgi/ebayISAPI.dll?UpdateInformationConfirm&bpuser=1

Please fill in the required information. This is required for us to continue to offer you a safe and risk free

environment to send and receive money online, and maintain the eBay Experience.

Thank you Accounts Management As outlined in our User Agreement, eBay will periodically send you information about site changes and

enhancements. Visit our Privacy Policy and User Agreement if you have any questions.

Phishing Emails pretend to be from a Legitimate Bank, agency or even

eBay!

“Phishing" spam messages use legitimate 'From:' email addresses, logos, and links to

reputable businesses such as AOL, PayPal, Best Buy, EarthLink and eBay in the message. But

the message instructs you to click on a web link that sends you to a fake website where you are

asked to provide personal information to the scam artists. If you click on a link in an e-mail message from a company be aware that many

scam artists are making forgeries of company's sites that look like the real thing. Beware the

entire Email is one big link to steal information from you!

What to do if you think you have responded to one by

accident

If you have provided your personal information in response to a phishing email, you should assume that you will become a victim of identity theft.

If you provided your bank account or credit card number, you should cancel that account and open a new one immediately

Phishing can occur

By Phone

Door to Door

Potential Employers

Preventing PhishingNEVER respond to an Email asking for Personal

Information

Always Check a Site first to see if it is Secure

Retype a Websites address in, never click on the link of an address as it can be forged

Keep your PC secure with Anti-Spam and Anti-Virus Software

Check your Bank accounts regularly

Always take your time when responding to an email - Be extra cautious about all emails that want you to reply to them in some way!