March “Malware” Madness by Micah Van Maanen Sioux County IT Director.
-
Upload
matthew-hutchinson -
Category
Documents
-
view
213 -
download
1
Transcript of March “Malware” Madness by Micah Van Maanen Sioux County IT Director.
March March “Malware” “Malware” MadnessMadness
by
Micah Van MaanenSioux County IT Director
Game #1Game #1Inbox vs. spamInbox vs. spam
spam facts Who sends it? Why do they send it? Who does it affect? How did they get my E-mail address? An ounce of prevention Tracing and Reporting spam Blocking spam Identifying spam Sioux County E-mail statistics
Sizing up the competition
spam factsspam facts spam is… Unsolicited Commercial E-mail In 1978 the first internet E-mail spam was sent* More than 50% of all spam originates in the U.S** 50% to 85% of all E-mail is spam*** CAN-SPAM (Controlling the Assault of Non-Solicited
Pornography and Marketing Act) – has not helped****
Approximately 45% of Sioux County’s E-mail is spam What does Hormel, makers of SPAM think of spam?
http://www.spam.com/ci/ci_in.htm
*http://www.templetons.com/brad/spamterm.html**http://www.internetnews.com/stats/article.php/3376331***http://www.metafilter.com/mefi/34180****http://www.computerweekly.com/Article130765.htm
Illegitimate businesses that advertise*:Chain lettersPyramid schemes“Get Rich Quick” or “Make Money Fast” schemesOffers for phone sex lines and ads for pornographyOffers of software collecting E-mail addresses and
sending spamOffers of bulk E-mailing servicesStock offerings for unknown start-up corporationsQuack health products or remedies Illegally pirated software (“Wares”)
*http://www.cauce.org/about/problem.shtml
Who sends it?Who sends it?
Why do they send Why do they send it?it?
These types of companies send spam because: It is effective. Over a four-week period 6,000 people
responded to E-mail ads and placed orders for a supplement at $50 per bottle*
It is inexpensive (for the sender). A dialup connection and a PC can send hundreds of thousands of messages per hour**
It could be you!As much as 30% of all spam is relayed by
compromised computers***
*http://www.wired.com/news/business/0,1367,59907,00.html**http://www.cauce.org/about/problem.shtml***http://www.ftc.gov/bcp/conline/pubs/alerts/whospamalrt.htm
Who does it Who does it affect?affect?
Everyone that uses the Internet.* Here is how:The cost is shifted from the spammer to you
Your ISP must process the spam using up bandwidth and processor time that you pay for
They fraudulently change the headers of a message and relay off unsuspecting users
Other ISPs must also process and forward the spam using up their bandwidth and processor time
Your normal E-mail is displaced. Similar to Junk-Faxing, which without the Anti-Junk-Fax law, would make your fax machine almost useless
Your E-mail address belongs to you! You pay for it. You should have the choice to opt-in to receive spam.
*http://www.wired.com/news/business/0,1367,59907,00.html
How did they get How did they get my E-mail my E-mail address?address? From a newsgroup posting containing your E-mail address
From a mailing list that contains your E-mail address From a website that shows your E-mail address From various website and paper forms From your web browser From IRC and chat rooms From AOL Profiles By guessing and cleaning (using spam beacons http://tinyurl.com/4vxvp) From white and yellow pages Social engineering Viruses and worms Hacking into sites
*http://www.wired.com/news/business/0,1367,59907,00.html
An ounce of An ounce of preventionprevention
Never respond to spam. They will not remove you from their mailing list*
Don’t post your address on your website Use a second E-mail address in newsgroups Don’t give out your E-mail address without knowing how it
will be used Use a spam filter Never buy anything advertised in spam Keep your anti-virus / anti-spyware software up to date Use a firewall on high-speed Internet connections
*http://www.spamrecycle.com/antispamthings.htm
Tracing and Tracing and reporting spamreporting spam
1. Look at E-mail headers for the true sender of the E-mail
2. Run a tracert on the spammers IP Address
3. Send a nice E-mail to postmaster@<isp.com> or abuse@<isp.com>
4. Search Google newsgroups to find extent of spam (just for fun)
Or
Buy a tool such as SpamCop http://www.spamcop.net/
*http://www.spamrecycle.com/antispamthings.htm
Blocking spamBlocking spam Use an E-mail client with built-in spam filtering such as
Mozilla Thunderbird Buy software to scan your E-mail before you receive it For the enterprise:
Server-based products Client-based products Anti-spam services Appliances
Create acceptable use policies for E-mail and network Close open SMTP relay servers An alternative for really large networks (not Bayesian):
www.turntide.com
*http://www.spamrecycle.com/antispamthings.htm
Identifying spam*Identifying spam* Host-based filtering
Real-time Black Holes
Rule-based filtering Spam Assassin
Bayesian statistical analysis Statistical probability
White lists Trusted hosts
*Inside the Spam Cartel by Spammer-X
Sioux County E-Sioux County E-mail statisticsmail statistics
Traffic stats: August 2004 – 11,638 E-mails received September 2004 – 10,644 E-mails received January 2005 – 14,390 E-mails received February 2005 – 13,794 E-mails received
spam stats: August 2004 – 6,083 spam E-mails, 6,942 spam beacons September 2004 – 5,464 spam E-mails, 5,583 spam beacons January 2005 – 6,907 spam E-mails, 522 spam beacons February 2005 – 6,162 spam E-mails, 876 spam beacons
*http://www.spamrecycle.com/antispamthings.htm
spam resourcesspam resources• On the web:
– http://www.cauce.org/index.phtml - Coalition Against Unsolicited Commercial E-mail
– http://spam.abuse.net/ - A lot of spam info
– http://tinyurl.com/6zyc7 - Best practices for Outlook
– http://www.bath.ac.uk/bucs/email/anatomy.shtml - Anatomy of an E-mail message
– http://www.xintercept.com/pkpeek.htm - Pocketknife Peek for Outlook
– http://www.dnsstuff.com - Excellent DNS site
– http://antispam.radio-showtime.com/ - How to report spam
– http://www.mozilla.com - Firefox / Thunderbird website
– http://tinyurl.com/3vzv8 - InfoWorld enterprise anti-spam review
– http://tinyurl.com/3r72k - Network World enterprise anti-spam review
– http://tinyurl.com/59pc8 - Inside the Spam Cartel book on Amazon.com
Game #2Game #2Privacy vs. SpywarePrivacy vs. Spyware
Defining spyware Spyware facts Finding and removing spyware Spyware test results How did I get spyware? Blocking spyware An ounce of prevention Sioux County spyware statistics
Sizing up the competition
Defining spywareDefining spyware Spyware, which includes malware, trackware and adware, is the
categorical name for any application that may track your online and/or offline PC activity and is capable of locally saving or transmitting those findings for third parties sometimes with but more often without your knowledge or consent.*
The differences between spyware and viruses*
*http://www.webroot.com
Spyware Viruses
Profit motivation Harmful Intention
Monitor online activities for commercial gain
Damage computer system, corrupt files and destroy data
Undetectable with anti-virus software
Detectable with anti-virus software
New technology (less than 5 years) Old technology (more than 20 years)
Spyware factsSpyware facts Four in five users (80%) have spyware or adware programs on
their computer* The average infected user has 93 spyware / adware
components on their computer and the most found on a single computer during the scan was 1,059*
An overwhelming majority of users (89%) who were infected said they didn’t know the programs were on their computer*
90% didn’t know what the programs are or do* 95% never gave permission for the programs to be installed* 86% asked the technicians performing the study to remove
the programs*
*http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf
Finding and removing Finding and removing spywarespyware
You can use any or all of these programs: Ad-aware Spybot Search and Destroy Microsoft AntiSpyware beta Webroot Spy Sweeper CWShredder
Even these programs may not find all spyware. In a recent test of these programs the results are interesting…
*http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf
Spyware test results*Spyware test results*
*http://www.windowssecrets.com
Product Spyware Fixed False Positives
Giant AntiSpyware (now MS) 63% 0
Webroot Spy Sweeper 48% 0
Ad-Aware SE Personal 47% 0
Pest Patrol 41% 10
SpywareStormer 35% 0
Intermute SpySubtract Pro 34% 0
PC Tools Spyware Doctor 33% 0
Spybot Search and Destroy 33% 0
McAfee AntiSpyware 33% 9
Xblock X-Cleaner Deluxe 31% 1
XoftSpy 27% 3
NoAdware 24% 0
More results on site….
How did I get How did I get spyware?spyware?
Piggybacked software installationDrive-by downloadsBrowser add-onsMasquerading as anti-spyware
*http://computer.howstuffworks.com/spyware2.htm
Blocking spywareBlocking spyware Many of today’s anti-spyware products also include
permanent protection of your systemHome page shield Internet Explorer bad-download blockerHosts file protectionSystem startup protectionWindows registry protectionMSN Messenger protectionTracking cookie protectionBad website protection
*http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf
An ounce of An ounce of preventionprevention
Use Mozilla Firefox web browser Adjust Internet Explorer security settings Surf safely Keep Windows up to date Keep your anti-virus / anti-spyware software up to date Use a firewall on high-speed Internet connections
*http://www.spamrecycle.com/antispamthings.htm
Sioux County Sioux County spyware statisticsspyware statistics
Out of 61 machines 31 had spyware One machine had 41 pieces of spyware Most frequent visitors: Comet cursor, CWS
*http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf
Spyware Spyware resourcesresources
• On the web:– http://www.nwfusion.com/reviews/2004/121304rev.html - Enterprise spyware review
– http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml - Sysinternals autoruns
– http://www.benedelman.org/ - Interesting spyware site
– http://spywarewarrior.com/asw-test-guide.htm - spyware test results
– http://www.nwnetworks.com/iezones.htm - configuring IE zones