1 / 14

April 20, 2007

How the Internet Works or “ Why malicious strategies are successful at deceiving general users and making money”. April 20, 2007. Sophos Security Threat Report 2007.

ianna
Download Presentation

April 20, 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How the Internet Worksor“Why malicious strategies are successful at deceiving general users and making money” April 20, 2007

  2. Sophos Security Threat Report 2007 “Money is by far the primary motivation for virus-writing and spamming done today. Whereas in the past, malware was written to show off to peers, today it is done to generate income through identity theft, phishing, planting adware, distributed denial-of-service attacks, and even ransomware.”

  3. Why Malicious Strategies Work • Anonymity • Low cost • Profitability • The law of large numbers • Unclear regulation • Users don’t know “the signs”. • Even when users “know the signs” good phishing sites fool a large percentage of users.

  4. Anonymity - Maybe • Your IP address • Your MAC address • Your identity or that of someone using your computer or network • They can learn more (a subpoena)

  5. Low Cost • Millions of people can be contacted at very little cost. • Large e-mail lists are routinely constructed, acquired and distributed. • Many of the transactions are executed on hijacked machines.

  6. Profitability • Doing business on the web has proven to be profitable. • Doing illegal and unethical business on the web has proven to be extraordinarily profitable. • Highly organized cybercriminals (crime syndicates, well established black markets, international consortiums).

  7. The Law of Large Numbers • If you can send out millions of e-mails at a very low cost, even a very small number of takers results in profit. • If you send out 10,000,000 e-mails, successful commerce with only 1/100th of a percent still can result in tens of thousands of dollars of profit.

  8. Unclear Regulation • Interstate commerce • International commerce • Unclear jurisdictions • Law has just not kept up • No consensus on what the “regulability” strategy should be

  9. Phishing Practices • Pfishing has become a thriving economic infrastructure • There are now more than 250,000 phishing attempts a day • Only governed by the laws of supply and demand

  10. Attention to Browser Cues • Most people don’t know the cues that would tip them off • Address Bar • Status Bar • Security indicators • Visual deception attacks fool even the most sophisticated users

  11. Top SPAM Categories of 2006

  12. Viagra Spam • Sildenafil Citrate is a prescription drug in the U.S. and costs about $10/pill. • In India and Mexico, where patents have expired or are ignored, it can sell for much less (~$2/pill). • Pharmacy companies offer huge commission rates to international affiliates - and everyone wins!

  13. Stock Spam • Greed • Pump and dump • “It is amazing that it works at all, since the recipient of the spam must not only choose to read it, but to engage in a financial transaction on the basis of it”.

  14. Summary • Low cost to enter market • High profits • Low risk • The real cost is borne by the victims and the rest of us • The Internet continues to be the wild wild west

More Related