1 / 45

Tips to Help Prevent the Spread of Malware

Tips to Help Prevent the Spread of Malware. When Anti-Virus alone Can’t!. Scott Finlon, CISSP, GCIA, GCIH Information Security Engineer. What we’re going to talk about. Brief introduction Common methods of Infections Ways we can prevent these infections

trula
Download Presentation

Tips to Help Prevent the Spread of Malware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tips to Help Prevent the Spread of Malware When Anti-Virus alone Can’t! Scott Finlon, CISSP, GCIA, GCIH Information Security Engineer

  2. What we’re going to talk about • Brief introduction • Common methods of Infections • Ways we can prevent these infections • How can I tell if I’m already infected? • Let’s play a game!

  3. So what do you mean when AV Can’t? • AV is an industry! Why can’t they do better? • Malware used to be coded by “script kiddies” who were bored and just looking to have some fun • Now the malware realm belongs to organized crime • Because of this, malware numbers have grown exponentially!

  4. What is this a graph of?

  5. That’s a lot of malware! • If an entire industry can’t keep up, what can we do? • Well, the bad guys don’t spend a lot of money coming up with brand new ideas. • Why fix what isn’t broken? • Because of this, malware uses a lot of the same common infection vectors • So, if we are more careful in just a few areas, we can prevent most common types of infections!

  6. Tell me what I can do! • Run up-to-date security software • Even with what I just said, up-to-date antivirus software is really important • Make sure your firewall is turned on • Get all of the latest software updates • Operating system critical updates • Third party software updates are just as important! • Secunia PSI is free for personal use, to help automate keeping everything up to date! http://secunia.com/vulnerability_scanning/personal/ • Limit user privileges • Understand how malware and the schemes to get you to install it work

  7. Common Methods of Infection • Websites • Pop Ups • Software Downloads • E-mails • Physical Media • (Il)Legal P2P Services • Phone Calls

  8. Websites • A lot of times a website will tell you that you need to install special software to continue to view or use something on their site • Other times they are compromised and have an exploit just waiting for you to browse to their site • These can be: • Malicious redirects – that point you to fake software that is laced with malware • Their server was Hacked • Their advertising service was hacked • Pop-ups! • The best defenses are: • To use a alternative browser, like Chrome or Firefox • Keep your browsers up to date, • Keep your third party software up to date (especially Java and Flash)

  9. Pop-Ups • Some pop-ups will try to corner you into making a decision to buy software or pay for a service or scan • These scare tactics are one of the more common tactics that the bad guys are using • They make it difficult to close the window • Some even “force” you to accept something by only giving you one button to click • Never click anything in these windows • Close them by clicking the ‘X’ on the window, in Windows Task Manager, or by pressing ‘Alt+F4’

  10. Fake Alerts

  11. Ransomware http://www.f-secure.com/weblog/archives/multiple_ransomware_warnings.gif

  12. Software • Be cognizant of where you download software • Only download software from their official site • To update/install Flash Player go to Adobe.com • To update/install iTunes to go Apple.com • To install any browser add-ons use their official browser stores • “Free” software is laced with malware, so the software isn’t free when they are stealing all of your information • Be careful of what boxes you are selecting and unselecting when installing known good software

  13. “Opt-out” software installs

  14. Would anyone install this?

  15. Software • What do Osama Bin Laden, the new Royal Baby, and the Riots in Egypt have in common? • The bad guys prey on world events, and human curiosity • They send links via email, Facebook messages, IM, and any other way they can • They try to entice you to click on a link to see a video or pictures • When you click on the link to see the pictures or video it’ll ask you to install an updated or specialized media player • If you aren’t sure if you’re up to date, go to the official website!

  16. Peer to Peer • There are some legitimate P2P uses • However, if you try to download movies or music, you are on your own • There is no quality control • You can’t be sure what you are actually downloading • Anyone can name any software anything

  17. Emails • “The University of Scranton will never ask you for your username or password in an email. All requests to update or change user information will be done through my.Scranton.edu” • Does this look or sound familiar? • I hope so!

  18. http://oregonstate.edu/helpdocs/sites/default/files/phishing_example_02.jpghttp://oregonstate.edu/helpdocs/sites/default/files/phishing_example_02.jpg

  19. Emails • Don’t trust any email! • Be suspicious about links from people you know, but never click a link from someone you don’t! • It’s incredibly easy to spoof emails to make it look like one came from someone else • If you get a link from someone you know, look to see if there is any context associated with the link • Look at the what the top level domain is (e.g. .com .co.uk.ly .cn .co) • Don’t click links about unexpected UPS/FedEx deliveries • Never buy anything promoted in a spam email • Don’t bother clicking the “unsubscribe” button, this can notify them that your address is active and they will use it to send more spam

  20. Phishing • A phishing scheme is a type of social engineering where a bad guy send you an email phishing for information • They might claim to be a bank, credit card company and ask you to click a link and log in • If you do this, you are handing them your credentials • Sadly, some banks legitimately do this, so the best protection is to skip clicking the link and type the banks address in a browser manually • Or better yet, call the bank or credit card company and verify it with them! Use the number you know, or the one on the back of your card, not one you get in an email • They might pretend to be a foreign nation saying you are a long lost descendant of royalty, and to send your information so they can give you your millions and millions of dollars • Look for spelling and grammatical errors, the bad guys don’t seem to know how to spell check yet!

  21. Physical Media • Have you heard of Stuxnet? • Iran’s most secure computer system was breached by USB drives • It’s an increasing trend for bad guys to “drop” USB drives in parking lots • Well intentioned people pick them up and plug them in to see if any identifying information is on them • And they get infected immediately for their trouble • Sometimes friends/family might try to share a legitimate file, but may be unknowingly sharing their malware infections too

  22. Phone calls • Tech support scams • Their goals: • Trick you into installing malicious software • Getting you to pay them to remove the software • Getting your bank or credit card info so they can bill you for as much as the bank/card will allow them to • They claim to be from “Windows Helpdesk” “Windows Service Center” “Microsoft Tech Support” “Microsoft Support” “Windows Technical Department Support Group” “Microsoft Research and Development Team” • More information here: • http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx • Report phone scams here: • http://www.consumer.ftc.gov/articles/0076-telemarketing-scams

  23. How can I tell if I’m infected? • Your default homepage or search engine has been changed • Your firewall or antivirus is disabled • You can’t browse to any security related website, or can’t update your antivirus • Pop-ups! • Sound or music played at random times • Unexpected programs are now installed, or important files are missing

  24. Let’s play spot the phish!

  25. REAL!

  26. REAL!

  27. Questions? Comments, and/or snide remarks are welcomed too

More Related