1 / 30

Phishing, Pharming, and the latest potholes on the Information Highway

Phishing, Pharming, and the latest potholes on the Information Highway. A Presentation by Ian Loe, CISSP. Agenda. Malware Latest potholes on the Information Highway Spyware Phishing Pharming Security industry approach to emerging Malware Security Recommendations Q & A. Malware.

Download Presentation

Phishing, Pharming, and the latest potholes on the Information Highway

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Phishing, Pharming, and the latest potholes on the Information Highway A Presentation by Ian Loe, CISSP

  2. Agenda • Malware • Latest potholes on the Information Highway • Spyware • Phishing • Pharming • Security industry approach to emerging Malware • Security Recommendations • Q & A COM125: Intro to Internet

  3. Malware Short for malicious software Any software designed specifically to damage or disrupt a system COM125: Intro to Internet

  4. Traditional Types of Malware • Virus • Attaches itself to a program or file and reproduces itself • Cannot be spread without a human action • Worm • Spreads without human intervention • Could send out thousands of copies of itself • Tunnels into a system to control it remotely • Trojan Horse • Appears to be useful software/files from a legit source • Could delete files and destroy information on a system • Creates a back door for malicious access spread • Do not reproduce by infecting files nor self-replicate COM125: Intro to Internet

  5. Latest Types of Malware Phishing and Pharming belong to the family of Spyware Along with many others: Adware Key loggers Dialers Downloaders Back doors COM125: Intro to Internet

  6. What is Spyware? Any software that covertly gathers information on user activities through the user's Internet connection without his or her knowledge and ships it off to an unknown third-party server over the Internet COM125: Intro to Internet

  7. What isAdware? Adware is Commercial Spyware Developed by commercial advertising companies who claim “not malicious intent Usually created for advertising/marketing purposes COM125: Intro to Internet

  8. How does Spyware work? • Independent executable able to: • Deliver unsolicited advertising – pop-up ads • Monitor keystrokes • Scan files on the hard drive • Snoop other apps (e.g. chat, word processors) • Install other Spyware programs • Read cookies • Change the default home page on the browser • Consistently relays info back to source for: • Advertising/marketing purposes • Selling the information to another party COM125: Intro to Internet

  9. Spyware Concerns • Ethics and privacy • Computer’s resources • Internet connection bandwidth • System crashes or general instability • Licensing agreements for software downloads may not always be read • The notice of a Spyware installation is couched in hard-to-read legal disclaimers • Producers of Adware also produce Anti-Spyware tools – It is a profitable industry COM125: Intro to Internet

  10. Getting Spyware is Easy • Drive-By Installations • Social engineering • Spoof certificates • Web Exploits • Every MS Security Bulleting that “Could Allow Code Execution” can be used to install Spyware • Bundles • Users unwittingly install the product when they install something else – freeware/shareware > Kazaa> Games > Pirated Software> Screensavers > Smileys> Anti-Spyware programs COM125: Intro to Internet

  11. Malicious SpywareTypes • Key-loggers • Log keystrokes and send over the Internet • It steals information including passwords • Dialers • Cause a user’s modem to dial a 900 or 976 number COM125: Intro to Internet

  12. Malicious SpywareTypes (cont…) • Back doors • Provide hacker with complete control (e.g. Back orifice) • Downloaders • Download and install Spyware, Adware, key loggers, dialers, back doors, etc • Most commonly installed using web exploits • Phishing & Pharming COM125: Intro to Internet

  13. What is Phishing? The act of sending a message to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft COM125: Intro to Internet

  14. Phishing Purpose They will cast the bait and if you bite, they can lure your personal information out of you ID & Passwords Credit Card Information NRIC / Passport Information Bank Account Numbers COM125: Intro to Internet

  15. Bogus Websites to which victims are redirected without their knowledge or consent, look the same as a genuine website But information like login name and password is captured by criminals COM125: Intro to Internet

  16. Example of a Phishing email COM125: Intro to Internet

  17. Anti-Phishing Groups COM125: Intro to Internet

  18. Pharming Out-Scams Phishing First came Phishing, in which con artists hooked unwary internet users one by one into compromising their personal data Pharmers can scoop up many victims in a single pass COM125: Intro to Internet

  19. What is Pharming? New use for a relatively old concept: domain spoofing Pharmers simply redirect as many users as possible from legitimate commercial websites to malicious ones COM125: Intro to Internet

  20. Pharming most alarming threat DNS poisoning Large group of users to be silently shuttled to a bogus website even when typing in the correct URL You no longer have to click a URL link to hand over your information to identity thieves COM125: Intro to Internet

  21. Certificate Mismatch COM125: Intro to Internet

  22. Technical Challenges • New and evolving technology • Quickly adopts all latest techniques from Viruses, Worms and Trojans • Attracts the best & brightest hackers • Application level threat – existing enterprise defenses lack granularity COM125: Intro to Internet

  23. Latest News – Feb 12, 2007 COM125: Intro to Internet

  24. Spyware Market Place • Many providers have started to offer products • Market still resembles the wild west and the early days of the Internet • Standards and Commercial winners-&-losers have yet to emerge COM125: Intro to Internet

  25. Enterprise Solutions Emerging • Spyware specific desktop tools • Desktop agent with no centralized management • Use of signatures • Desktop Antivirus • Detecting a small subset of known Spyware • Use of signatures • URL Filtering • Gateway solution • Blocks known Spyware sources – change often • Proxy Appliance • Stop drive-by installation • URL filtering and use of signatures COM125: Intro to Internet

  26. Industry Approach - Phishing • Based on social engineering – Self defense relies on common sense of the user • The automated detection of new Phishing fraud is very difficult • Only an extensive forensic analysis by law enforcement can prove the evidence of Phishing • Try to mitigate by • URL blocking of known URLs of Phishing websites • Spam blocking of emails of Phishing scams that are sent en mass COM125: Intro to Internet

  27. Industry Approach - Pharming • Browsers that could authenticate website identity. (CardSpace, OpenID) • Browser toolbars displaying the true physical location of a website's host (e.g. Russia) • Some financial institutions are experimenting with "multi-factor authentication" logins, including: • single-use passwords (e.g. tokens) • automatic telephone call-backs COM125: Intro to Internet

  28. Security Recommendations • Do not open e-mail attachments unless you know the source and are expecting the attachment • Do not reply to the e-mail from an unknown source • Do not click on entrusted hyperlinks to the Internet • Do not download unapproved software from the Internet • Do not respond or visit the website indicated by an instant message or e-mail • Do not give out personal information over the Internet • Before revealing any identifying information, ask how it will be used and secured. COM125: Intro to Internet

  29. Questions? COM125: Intro to Internet

  30. Thank You! Ian Loe, CISSP Senior IT Architect, Asia/Pacific, EIS SOA Advanced Technologies IBM Software Group Email: ianl@sg.ibm.com

More Related