Spyware • Spam • Phishing
Your Computer could be watching your every move
Spyware– What is it? Also called adware, any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes
Many flavors of Spyware! Malware Hijacker Dialer Trojan Horse
Malware Modifies your PC’s settings and performs undesirable tasks without your knowledge or permission!!!!!!!
Hijacker Takes you to Websites that you don’t want to go to!
Dialer Dials a service, most likely porn sites, and bills you!
Trojan Horse Internet Downloads that are activated from programs you run - they can take control over your PC!
Spyware runs in the background behind the scenes, where you can not see it!
Spyware Symptoms • Delivers Pop-Up Adds to your PC on a regular basis • Sends you customized spam to your e-mail address • Slows down your Computer sometimes to a crawl • Crashes your Computer and/or causes major damage • Changes the Home page of your Internet Browser
Today’s Top Spyware Gator Bonzai Buddy CoolWeb Toolbar N-Case My Search Toolbar Jupiter N-Case Double Click E-Zula Alexa Comet Cursor Hotbar
Statistics 40 Million people have Spyware on their PC’s 45 % of files downloaded through Kazaa contain malicious code There are more than 25,000 spyware progams and more growing exponentially The number of malicious code attacks used to steal sensitive information rose 50% in 2004
Free Software Hidden Costs Productivity Technician Fees Identity Theft
How do you get Gator? E-Wallet – Software Date Time Precision Manager Weatherbug
Driveby Spyware? Sometimes all you do is visit a site and and spyware downloads to your PC automatically.
50% of all Free Software is bundled with spyware. “Data Mining“ companies pay a lot of $$ to the smaller developers to include spyware with their products . This offer is very enticing for small companies, it helps them survive.
Some people believe that Spyware has advantages, like delivering “wanted“ advertisements to you while you are surfing the net sort of like TV. Data analysis of Spyware data (your personal information) is now a big thriving enterprise. Examples are your Value Cards from Ukrops!
Gator has 300 clients as of 2003, including four of the top six automotive companies and businesses that sell everything from mortgages to diapers. It sends an average of 100 ads per week per person to more than 15 million people!
Have you ever noticed how some people have things attached to the bottom of their E-mails? One of these products is called Hotbar – it can be very damaging and people are enticed by the cute little smiley faces they can get for free!
Coolsavings and Free Coupon Offers Online They install software on your PC and collect your information and then they e-mail it back to other companies.
Do you read a lot? Most EULAs or End User License Agreements would take you the rest of this evening to read! This is where they ask for permission to install their spyware, steal your personal information and change settings in your PC and by checking “OK” - you have given them permission to change your PC and its settings.
Kazaa Popular File Swapping Program The terms of service contract states: “Brilliant might tap the unused computing power and storage space of your Computer”
Some Spyware can actually can turn your company into a node or a “Bot” and run a peer to peer network which is controlled by another company. They can use your PC to help them analyze and store other people’s data! Kazza and AudioGalaxy are just a few that do this!
Keyloggers Will keep track of all your keystrokes and can record credit card information, passwords, addresses, etc.
Summary of Effects • Collection of Data from your PC without your consent • Execution of Malicious code without your knowledge • Collects data pertaining to your habitual use and sells it to marketing companies • Makes it impossible to remove their software by standard methods and sometimes not at all • Performs other undesirable tasks on your PC such as using your PC as a go between between other PC’s and their servers
Damage your PC – How? • Control Panel will not open up or take 5-10 minutes to open • Internet Explorer can stop working or not access particular websites. Some even keep you from accessing Microsoft.com • You change your Home Page and when you reboot it has changed back to an Adult Links Pornographic Site • Why? Badly written programs often corrupt windows system files. • Your computer will have too many processes running on it to be operational. In this case it is often necessary to wipe it clean and start new. This can range between $100 - $250 depending on where you take your PC to be fixed. Many simply buy a new PC thinking there PC is not working.
What can I do ? Fortunately there is software out there that can aid you in : 1. Removing existing Spyware 2. Keep Spyware from Infecting your PC in the first place
What can I do ? Be Cautious about what Sites you Visit Search the Site before you Surf there If you suspect spyware is downloading – unhook your Internet Connection Always Turn off your PC at night Be Careful of hitting the Red X!
Spyware Detection + Removal Tools • Spybot – Search and Destroy • Adaware – Lavasoft • Spysweeper and Pest Control
Spam - Coming to an Inbox near you ! Spam – Unsolicited email that you did not sign up for or want to receive. Technically it does not include Email that you have “opted-in” for even if by accident .
Who is sending Spam? Hackers who make $ Students are paid $ to operate Spam servers. Jobless people trying to make $ sending bulk emails
Why do they Spam? - 5000 out of every million people respond to Spam - They only need one out of 10,000 to break even - 200 million messages can be delivered by one Spammer per day - 100 million addresses can cost less than $100.00
Spam Facts • 30 billion $ is spent currently to fight Spam corporate wide • 75% of all Email is Spam • In one Month at VBMB we received 47,000 Known Spam E-mails • 1/3 of all Spam is sent from Home PC’s unwillingly
How do they get your address? • Software programs cost less than $50.00 can mine addresses from the Internet • Personal Information you gave to an untrusted site • You were infected with Spyware at one point • You volunteered personal information when someone went Phishing • Forwarding a joke containing yours and your friends address
Brute Force Attack • Spammers use automated software that looks for domains through out the internet such as VBMB.org • Next they use the software to generate dictionaries of every possible user name • That is why you see some spam that doesn’t have your name spelled correctly • Some internet worms collect personnel info also • If you are lucky your email addy is the only thing the worm took from you.
How to Protect yourself from Spam • For Home – buy a spam filter if your ISP doesn’t provide you with one • Watch where you buy things from online – research all companies • Don’t post your email address anywhere! • When buying things online – use another email account such as a Hotmail account – free from MSN • Never reply or buy something from a Spam Email
Protecting your PC • 1000s of PCs have been infected by Viruses and Spyware that turn your PC into a Spam Relay Server! • Keep Spyware out by installing Spysweeper which can monitor your PC constantly against threats! • Keep your Virus Definitions List up to Date!
Spam Prevention Use common sense to detect the veracity behind an email message If an email seems suspicious it probably is – check out Http:.//hoaxbusters.ciac.org Never forward a chain letter of any type Never click on a Image or URL on a Spam Email they use Embedded Images and can watch you do it Never Reply to a Request to be removed from an Email List – this only verifies the Email address. There are some exceptions.
Going Phishing Anyone? Phishing attacks use 'spoofed' e-mails and fraudulent websites and are designed to fool recipients into divulging personal data such as credit card numbers, account usernames and passwords, social security numbers, etc.
Phishing Report • First Phishing attacks started in 2002 • From Nov 2003 – May 2004 # of attacks rose by 4000% • Phishers Catch between 5 and 20% of all Users
“Phishing" spam messages use legitimate 'From:' email addresses, logos, and links to reputable businesses such as AOL, PayPal, Best Buy, EarthLink and eBay in the message. But the message instructs you to click on a web link that sends you to a fake website where you are asked to provide personal information to the scam artists. If you click on a link in an e-mail message from a company be aware that many scam artists are making forgeries of company's sites that look like the real thing. Beware the entire Email is one big link to steal information from you!
What to do if you think you have responded to one by accident If you have provided your personal information in response to a phishing email, you should assume that you will become a victim of identity theft. If you provided your bank account or credit card number, you should cancel that account and open a new one immediately
Phishing can occur By Phone Door to Door Potential Employers
Preventing Phishing NEVER respond to an Email asking for Personal Information Always Check a Site first to see if it is Secure Retype a Websites address in, never click on the link of an address as it can be forged Keep your PC secure with Anti-Spam and Anti-Virus Software Check your Bank accounts regularly Always take your time when responding to an email - Be extra cautious about all emails that want you to reply to them in some way!