1 / 23

March “Malware” Madness

March “Malware” Madness. by. Micah Van Maanen Sioux County IT Director. Game #1 Inbox vs. spam. Sizing up the competition. spam facts Who sends it? Why do they send it? Who does it affect? How did they get my E-mail address? An ounce of prevention Tracing and Reporting spam

kevyn
Download Presentation

March “Malware” Madness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. March “Malware” Madness by Micah Van Maanen Sioux County IT Director

  2. Game #1Inbox vs. spam Sizing up the competition • spam facts • Who sends it? • Why do they send it? • Who does it affect? • How did they get my E-mail address? • An ounce of prevention • Tracing and Reporting spam • Blocking spam • Identifying spam • Sioux County E-mail statistics

  3. spam facts • spam is… Unsolicited Commercial E-mail • In 1978 the first internet E-mail spam was sent* • More than 50% of all spam originates in the U.S** • 50% to 85% of all E-mail is spam*** • CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) – has not helped**** • Approximately 45% of Sioux County’s E-mail is spam • What does Hormel, makers of SPAM think of spam? http://www.spam.com/ci/ci_in.htm *http://www.templetons.com/brad/spamterm.html **http://www.internetnews.com/stats/article.php/3376331 ***http://www.metafilter.com/mefi/34180 ****http://www.computerweekly.com/Article130765.htm

  4. Who sends it? • Illegitimate businesses that advertise*: • Chain letters • Pyramid schemes • “Get Rich Quick” or “Make Money Fast” schemes • Offers for phone sex lines and ads for pornography • Offers of software collecting E-mail addresses and sending spam • Offers of bulk E-mailing services • Stock offerings for unknown start-up corporations • Quack health products or remedies • Illegally pirated software (“Wares”) *http://www.cauce.org/about/problem.shtml

  5. Why do they send it? • These types of companies send spam because: • It is effective. Over a four-week period 6,000 people responded to E-mail ads and placed orders for a supplement at $50 per bottle* • It is inexpensive (for the sender). A dialup connection and a PC can send hundreds of thousands of messages per hour** • It could be you! • As much as 30% of all spam is relayed by compromised computers*** *http://www.wired.com/news/business/0,1367,59907,00.html **http://www.cauce.org/about/problem.shtml ***http://www.ftc.gov/bcp/conline/pubs/alerts/whospamalrt.htm

  6. Who does it affect? • Everyone that uses the Internet.* Here is how: • The cost is shifted from the spammer to you • Your ISP must process the spam using up bandwidth and processor time that you pay for • They fraudulently change the headers of a message and relay off unsuspecting users • Other ISPs must also process and forward the spam using up their bandwidth and processor time • Your normal E-mail is displaced. Similar to Junk-Faxing, which without the Anti-Junk-Fax law, would make your fax machine almost useless • Your E-mail address belongs to you! You pay for it. You should have the choice to opt-in to receive spam. *http://www.wired.com/news/business/0,1367,59907,00.html

  7. How did they get my E-mail address? • From a newsgroup posting containing your E-mail address • From a mailing list that contains your E-mail address • From a website that shows your E-mail address • From various website and paper forms • From your web browser • From IRC and chat rooms • From AOL Profiles • By guessing and cleaning (using spam beacons http://tinyurl.com/4vxvp) • From white and yellow pages • Social engineering • Viruses and worms • Hacking into sites *http://www.wired.com/news/business/0,1367,59907,00.html

  8. An ounce of prevention • Never respond to spam. They will not remove you from their mailing list* • Don’t post your address on your website • Use a second E-mail address in newsgroups • Don’t give out your E-mail address without knowing how it will be used • Use a spam filter • Never buy anything advertised in spam • Keep your anti-virus / anti-spyware software up to date • Use a firewall on high-speed Internet connections *http://www.spamrecycle.com/antispamthings.htm

  9. Tracing and reporting spam • Look at E-mail headers for the true sender of the E-mail • Run a tracert on the spammers IP Address • Send a nice E-mail to postmaster@<isp.com> or abuse@<isp.com> • Search Google newsgroups to find extent of spam (just for fun) Or Buy a tool such as SpamCop http://www.spamcop.net/ *http://www.spamrecycle.com/antispamthings.htm

  10. Blocking spam • Use an E-mail client with built-in spam filtering such as Mozilla Thunderbird • Buy software to scan your E-mail before you receive it • For the enterprise: • Server-based products • Client-based products • Anti-spam services • Appliances • Create acceptable use policies for E-mail and network • Close open SMTP relay servers • An alternative for really large networks (not Bayesian): www.turntide.com *http://www.spamrecycle.com/antispamthings.htm

  11. Identifying spam* • Host-based filtering • Real-time Black Holes • Rule-based filtering • Spam Assassin • Bayesian statistical analysis • Statistical probability • White lists • Trusted hosts *Inside the Spam Cartel by Spammer-X

  12. Sioux County E-mail statistics • Traffic stats: • August 2004 – 11,638 E-mails received • September 2004 – 10,644 E-mails received • January 2005 – 14,390 E-mails received • February 2005 – 13,794 E-mails received • spam stats: • August 2004 – 6,083 spam E-mails, 6,942 spam beacons • September 2004 – 5,464 spam E-mails, 5,583 spam beacons • January 2005 – 6,907 spam E-mails, 522 spam beacons • February 2005 – 6,162 spam E-mails, 876 spam beacons *http://www.spamrecycle.com/antispamthings.htm

  13. spam resources • On the web: • http://www.cauce.org/index.phtml - Coalition Against Unsolicited Commercial E-mail • http://spam.abuse.net/ - A lot of spam info • http://tinyurl.com/6zyc7 - Best practices for Outlook • http://www.bath.ac.uk/bucs/email/anatomy.shtml - Anatomy of an E-mail message • http://www.xintercept.com/pkpeek.htm - Pocketknife Peek for Outlook • http://www.dnsstuff.com - Excellent DNS site • http://antispam.radio-showtime.com/ - How to report spam • http://www.mozilla.com - Firefox / Thunderbird website • http://tinyurl.com/3vzv8 - InfoWorld enterprise anti-spam review • http://tinyurl.com/3r72k - Network World enterprise anti-spam review • http://tinyurl.com/59pc8 - Inside the Spam Cartel book on Amazon.com

  14. Game #2Privacy vs. Spyware Sizing up the competition • Defining spyware • Spyware facts • Finding and removing spyware • Spyware test results • How did I get spyware? • Blocking spyware • An ounce of prevention • Sioux County spyware statistics

  15. Defining spyware • Spyware, which includes malware, trackware and adware, is the categorical name for any application that may track your online and/or offline PC activity and is capable of locally saving or transmitting those findings for third parties sometimes with but more often without your knowledge or consent.* • The differences between spyware and viruses* *http://www.webroot.com

  16. Spyware facts • Four in five users (80%) have spyware or adware programs on their computer* • The average infected user has 93 spyware / adware components on their computer and the most found on a single computer during the scan was 1,059* • An overwhelming majority of users (89%) who were infected said they didn’t know the programs were on their computer* • 90% didn’t know what the programs are or do* • 95% never gave permission for the programs to be installed* • 86% asked the technicians performing the study to remove the programs* *http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf

  17. Finding and removing spyware • You can use any or all of these programs: • Ad-aware • Spybot Search and Destroy • Microsoft AntiSpyware beta • Webroot Spy Sweeper • CWShredder • Even these programs may not find all spyware. In a recent test of these programs the results are interesting… *http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf

  18. Spyware test results* *http://www.windowssecrets.com

  19. How did I get spyware? • Piggybacked software installation • Drive-by downloads • Browser add-ons • Masquerading as anti-spyware *http://computer.howstuffworks.com/spyware2.htm

  20. Blocking spyware • Many of today’s anti-spyware products also include permanent protection of your system • Home page shield • Internet Explorer bad-download blocker • Hosts file protection • System startup protection • Windows registry protection • MSN Messenger protection • Tracking cookie protection • Bad website protection *http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf

  21. An ounce of prevention • Use Mozilla Firefox web browser • Adjust Internet Explorer security settings • Surf safely • Keep Windows up to date • Keep your anti-virus / anti-spyware software up to date • Use a firewall on high-speed Internet connections *http://www.spamrecycle.com/antispamthings.htm

  22. Sioux County spyware statistics • Out of 61 machines 31 had spyware • One machine had 41 pieces of spyware • Most frequent visitors: Comet cursor, CWS *http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf

  23. Spyware resources • On the web: • http://www.nwfusion.com/reviews/2004/121304rev.html - Enterprise spyware review • http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml - Sysinternals autoruns • http://www.benedelman.org/ - Interesting spyware site • http://spywarewarrior.com/asw-test-guide.htm - spyware test results • http://www.nwnetworks.com/iezones.htm - configuring IE zones

More Related