Threat Detection 101

1. Threat Detection 101 Avoiding Malware and Viruses

2. Outline Section 1: Knowing the Enemy Section 2: Establishing a Defense Section 3: Additional Resources

3. Section 1: Knowing the Enemy Section 1 Why me? Goals of Attackers How does this stuff work? Viruses Worms Trojan Horses Other Malicious Social Engineering Phishing Vishing Baiting Quid Pro Quo

4. Dear God, why me? What do I have that attackers want? Identity Credit card fraud Phone or utilities fraud Bank/finance fraud Government documents fraud Miscellaneous fraud Resources Zombies and Botnets A breakable heart Identity Those things listed under “Identity” are the major uses of stolen identity information as listed by the FTC on their site http://www.ftc.gov/bcp/edu/microsites/idtheft/. Botnets are headed by a “bot herder” and are generally accessed through IRC (Internet Relay Chat) as the programs installed on these zombie machines are manifested in IRC rooms as IRC bots which can receive and execute commands on host machines. Nowadays, Twitter and AIM are also making an appearance in botnets. The BBC reports that up to a quarter of the computers attached to the Internet may be parts of botnets. The Conficker virus, which many may have heard of, generated a botnet of over 10 million machines with the capacity to send more than 10 billion spam messages a day. Identity Those things listed under “Identity” are the major uses of stolen identity information as listed by the FTC on their site http://www.ftc.gov/bcp/edu/microsites/idtheft/. Botnets are headed by a “bot herder” and are generally accessed through IRC (Internet Relay Chat) as the programs installed on these zombie machines are manifested in IRC rooms as IRC bots which can receive and execute commands on host machines. Nowadays, Twitter and AIM are also making an appearance in botnets. The BBC reports that up to a quarter of the computers attached to the Internet may be parts of botnets. The Conficker virus, which many may have heard of, generated a botnet of over 10 million machines with the capacity to send more than 10 billion spam messages a day.

5. Woah. How does this work? Viruses A virus is self-replicating through a host and must be transferred from computer to computer. Worms Worms are self-replicating AND self-propagating, exploiting security holes in software. Trojan Horses Trojan horses trick you into believing they are something they are not.

6. Anything else? Social Engineering Pretexting Creating and using invented scenarios or manipulating existing scenarios to establish legitimacy in the mind of the target. Phishing Feigning communication by a legitimate business through the Internet (e-mail, Web sites, etc.) in order to obtain private information. Vishing Use of a rogue IVR (interactive voice response) system to mimic a legitimate system after prompting a user to call in via phishing or other means. Baiting Use of physical media and reliance on curiosity or greed. Quid Pro Quo Using the guise of assistance to trick the victim into a trap.

7. I’m scared Don’t be. Regain composure. We can handle this.

8. Section 2: Establishing a Defense Section 2 General Defense Applies to Viruses and Worms Engagement with the Enemy General Software Rules Trojan Horses Phishing Vishing Baiting and Quid Pro Quo

9. Mass effect General Defense: GET RID OF WINDOWS XP. NOW. Get familiar with Microsoft Update and ensure you are up to date with ALL updates for Windows and other Microsoft software. Keep other software up to date Common software updated frequently Adobe Apple products Java Know what’s installed on your computer and how to keep it updated. A good antivirus program Microsoft Security Essentials Symantec Endpoint Protection 11

10. Engagement with the enemy General Software Rules If you didn’t purchase it, it better be from Google or Microsoft. Your friends are not smart. You do not need a codec. Control+Alt+Delete is your Atma Weapon Atma Weapon: