1 Protecting your On-Line Privacy and PC. 2 Viruses, Worms, Trojan Horses, Spam, and Hoaxes Of the...
-
date post
21-Dec-2015 -
Category
Documents
-
view
216 -
download
0
Transcript of 1 Protecting your On-Line Privacy and PC. 2 Viruses, Worms, Trojan Horses, Spam, and Hoaxes Of the...
2
Viruses, Worms, Trojan Viruses, Worms, Trojan Horses, Spam, and HoaxesHorses, Spam, and Hoaxes
Of the billions of e-mail messages per year, an increasing proportion of which is unpleasant.
An e-mail security firm scanned 413 million e-mails in August 2003. Three percent contained a virus, 52 percent were spam, and in many cases contained some kind of pornographic image.
3
VirusesViruses Designed to replicate themselves and
potentially cause harmful actions. Often hidden inside innocuous programs. Viruses in e-mails often masquerade as
games or pictures and use beguiling subject lines (e.g., "My girlfriend nude") to encourage users to open and run them.
Try to replicate themselves by infecting other programs on your computer.
4
WormsWorms Like viruses, worms attempt to
replicate themselves, but they are programmed to use one’s mail list and send out e-mails rather than simply infecting programs on a single computer.
5
Trojan HorsesTrojan Horses Malicious programs that pose as
benign applications (do not replicate like viruses and worms).
Trojan horses are used to smuggle viruses and worms inside your computer.
6
SpamSpam Spam, or unsolicited commercial e-
mail, wastes bandwidth and time. The sheer volume of it can be overwhelming, and it can be a vehicle for viruses. Much of it is of an explicit sexual nature, which can create an oppressive working environment and, potentially, legal liabilities if companies do not take steps to stop it.
7
Hoax e-mailsHoax e-mails Hoax e-mails, such as fake virus
warnings, chain letters, or implausible free offers, waste readers' time. Hoax e-mails often contain viruses or Trojan horses.
8
Common Security Common Security Threats Against Threats Against NetworksNetworks
Attackers have different motivations—profit, mischievousness, glory—but they all work in similar ways.
The Basic Threats (infinite variation): Spoofing Tampering Repudiation Information disclosure Denial of Service Elevation of privilege
9
SpoofingSpoofing IP spoofing means creating
packets that look as though they have come from a different IP address.
E-mail spoofing means forging an e-mail so that the From address does not indicate the true address of the sender.
10
TamperingTampering Altering the contents of packets
as they travel over the Internet or altering data on computer disks after a network has been penetrated.
11
RepudiationRepudiation The ability of a user to falsely deny
having performed an action that other parties cannot prove otherwise.
For example, a user that deleted a file can successfully deny doing so if no mechanism (such as audit records) can prove otherwise.
12
Information DisclosureInformation Disclosure Information disclosure consists of
the exposure of information to individuals who normally would not have access to it.
13
Denial of Service (DoS)Denial of Service (DoS) DoS attacks are computerized
assaults launched by an attacker in an attempt to overload or halt a network service, such as a Web server or a file server.
For example, clogging a server with superfluous requests and thus making it impossible for legitimate inquiries to get through.
14
Elevation of PrivilegeElevation of Privilege A process by which a user
misleads a system to grant unauthorized rights, usually for the purpose of compromising or destroying the system.
For example, attacker exploits a weakness in the software that lets her/him change the guest privileges to administrative privileges.
15
SpywareSpyware Spyware is the latest threat
to computers and its users. It joins a host of parasites, such as, viruses, worms, spam, plus e-mail, and network attacks.
16
Spyware Spyware Spyware is a self installing
software that presents varying degrees of maliciousness that range from a program running on your computer in the background (without your knowledge) to a simple tracking cookie.
17
Spyware ActivitiesSpyware Activities Monitors Web-browsing
patterns Triggers related pop-up ads Resets Home Page or Search
Engines Adds links to Bookmarks Attempts to capture personal
information
18
AdwareAdware Adware is another form of
spyware that monitors users’ Web-browsing patterns and displays related pop-up and pop-under ad windows based on this information.
Adware may also send the gathered information back to its creator.
19
Spyware Scanning Tools
Computer Associates’ eTrust PestPatrol
FBM Software ZeroSpyware and ZeroAds
LavaSoft Ad-Aware McAfee Anti-Spyware Trend Micro’s InterScan Web
Security Suite
21
Finding Spyware
Step 1: Scanning for spyware Requires antispyware tools Consider several categories
of spyware scanning tools (do not run the tools concurrently)
22
Step 2: Eliminating Spyware Since Spyware programs are
constantly modified (DLL and registry settings) use a variety of tools and in hard cases manual removal may also be necessary.
Reformatting the HD and reinstalling the OS may be less work than manually looking for Spyware.
23
Step 3: Install Spyware-blocking Software Install at least two
Spyware-blocking applications and run them one at a time.
Enlist users in the fight against Spyware
24
ReferencesReferences CDW-G Higher Education March
2005 An Introduction to Criminal Hacking,
Viruses, and Malicious Activities. Retrieved March 28th, 2005. http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/an_introduction_to_criminal_hacking_viruses_and_malicious_activities.mspx