1 / 40

Computer Networking Part 2

Computer Networking Part 2. When Good Computers Go Bad!. Overview. Virus’s Worms Script kiddies Denial of Service Logic bombs Hackers Crackers Trojans Back doors Zombies Spam Hoaxes/chain letters Phishing Adware Spyware.

wynn
Download Presentation

Computer Networking Part 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Networking Part 2 When Good Computers Go Bad!

  2. Overview • Virus’s • Worms • Script kiddies • Denial of Service • Logic bombs • Hackers • Crackers • Trojans • Back doors • Zombies • Spam • Hoaxes/chain letters • Phishing • Adware • Spyware

  3. “ To err is human; to make real mess, you need a computer”

  4. The Joys of Computing in 2004 • 65,336 PC viruses discovered to date • 4,129 IT vulnerabilities in 2002 [http://www.bullguard.com/antivirus/news_184.aspx] • 40 Critical Microsoft Vulnerabilities by Oct. • “Billions Reported in Damage Last Year Due to Viruses” • “MSBlast Continues to Spread” • “Sobig.C – The Tip of the Iceberg” • “IE users defenceless to trojan attack” • “Broadband severely increases security risk”

  5. Virus • Viruses being named after biological counterpart, are segments of code, that attach them selves to existing programs to perform some predetermined malicious activities. • Always remember viruses are not stand alone programs. They need a host application or an operating system for activation. Once activated they search operating systems for other executable programs. • Viruses don’t infect data files in operating systems. Or do they???

  6. Viruses • Famous representatives • Michelangelo • In 1992, hysteria swept over the planet as the media proclaimed that on March 6up to 1/4 of all hard drives would be completely erased • Anti-virus software sales skyrocketed • When March 6 came, the virus struck only about 10,000 computers • Author never caught! Viruses, hackers and fraud Walking on the thin ice of Internet security McMenemy Seminars – 12/3/2003 Evangelos Kotsovinos

  7. Symptoms of Virus Attack • Computer runs slower then usual • Computer no longer boots up • Screen sometimes flicker • PC speaker beeps periodically • System crashes for no reason • Files/directories sometimes disappear

  8. Worms • What is a worm? worm • Arrives to the victim’s computer usually as an email attachment • When executed, it searches the occupied computer for other potential victims’ addresses • Attacks them by email/telnet/etc. • Similar to viruses, but do not infect other files –worms are stand-alone programs that spread through the network. • Much like an Internet-era kind of viruses • Usually depend more on user naivety Computer 1 3 2 4

  9. Worms • Famous representatives • Robert Morris (1988) • Exploited debugging code in UNIX sendmail, caused over 6,000 Internet servers to become so busy that they were no longer able to be accessed by their legitimate users until reset • Sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision. • The federal Computer Emergency Response Team formed in response. • Now an assistant professor at MIT!

  10. Macro • Specific to certain applications • Comprise a high percentage of the viruses • Usually made in WordBasic and Visual Basic for Applications (VBA) • Microsoft shipped “Concept”, the first macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995

  11. Macro • Melissa • requires WSL, Outlook or Outlook Express Word 97 SR1 or Office 2000 • 105 lines of code (original variant) • received either as an infected template or email attachment • lowers computer defenses to future macro virus attacks • may cause DoS • infects template files with it’s own macro code • 80% of of the 150 Fortune 1000 companies were affected

  12. LoveLetter • The ‘I Love You’ Virus hit in May, 2000. • It started with an innocent letter, appealing to lonely email readers (social engineering). The subject was “I Love You”, and the payload was a VBS script that, when executed, quickly spread in email to all the users in your address book, and wormed its way through fileshares, destroying image files • At least 82 variants of this worm were discovered

  13. Blaster • History:The Blaster virus came out in August 2003. • It used a recent exploit announced (DCOM RPC) by Microsoft. • It also looked for open TFTP shares. • This virus used common ports that Microsoft also uses for filesharing. • It also attempted a Denial of Service against Microsoft. • It tried to download a trojan and install it. • Several variations on the theme followed.

  14. TROJANS, BACKDOORS & ZOMBIES • Definition:These spread as viruses and worms, and include hidden code that will allow a remote user to access the computer or use the computer to attack another. • Some will use your computer as a launching point in a multi-layered attack against another target. They can use you as a zombie in a Distributed Denial of Service (DDoS) attack.

  15. Trojan Horse • Back Orifice Discovery Date: 10/15/1998 Origin: Pro-hacker Website Length: 124,928 Type: Trojan SubType: Remote Access Risk Assessment: Low Category:Stealth

  16. Trojan Horse • About Back Orifice • requires Windows to work • distributed by “Cult of the Dead Cow” • similar to PC Anywhere, Carbon Copy software • allows remote access and control of other computers • install a reference in the registry • once infected, runs in the background • by default uses UDP port 54320 TCP port 54321 • In Australia 72% of 92 ISP surveyed were infected with Back Orifice

  17. Trojan Horse • Features of Back Orifice • pings and query servers • reboot or lock up the system • list cached and screen saver password • display system information • logs keystrokes • edit registry • server control • receive and send files • display a message box

  18. Denial Of Service • What is it? • “An attack in which the primary goal is to deny the victim access to a particular resource” • Effectively, overload the victim by forcing it to consume all its computational strength in doing useless things

  19. Denial of Service • How it works • TCP “handshake” Client Server SYN Processing time ACK SYN+ACK

  20. Denial of Service • How it works • Generates massive amount of SYN packets Attacker Victim SYN Processing time Processor busy

  21. SPYWARE/ADWARE • History:These are annoying and often you don’t even know they are running, or what they are reporting. • They can include hidden programs to spy on your activities. • They can be simple marketing gimmicks (gator.exe), • Or they can be annoying and alter your browser and cause pop-ups. • They can even be used to steal passwords. • Sometimes these get installed when you download a free program off the Internet. Always be careful what you download and what you click on. You may agree to install something by clicking on the EULA without realizing it.

  22. SPAM • History: • SPAM is annoying, unsolicited email. • Often the spammer generates a subject that looks legitimate, or a FROM address that looks like someone you might know. It might say MOM or JOHN, and may refer to something that looks like you already discussed in a previous email. • Sometimes they try to use the Authority card, and pose as an update from Microsoft or Dell. • Most people report over a third of their email is now SPAM (and growing!) • SPAM costs businesses an estimated $11.9B/year in 2003.

  23. FROM:BARRISTER FRANKLIN TIMOTHY ESQ. TIMOTHY & CO ATTORNEYS/LEGAL PRACTITIONER NIGERIA WE NEED YOUR ASSISTANCE. DEAR FRIEND, COMPLIMENTS OF THE SEASON. GRACE AND PEACE AND LOVE FROM THIS PART OF THE ATLANTIC TO YOU. I HOPE MY LETTER DOES NOT CAUSE YOU TOO MUCH EMBARRASSMENT AS I WRITE TO YOU IN GOOD FAITH BASED ON THE CONTACT ADDRESS GIVEN TO ME BY A FRIEND WHO WORKS AT THE NIGERIAN EMBASSY IN YOUR COUNTRY. PLEASE EXCUSE MY INTRUSION INTO YOUR PRIVATE LIFE. I AM BARRISTER FRANKLIN TIMOTHY ESQ. I REPRESENT MOHAMMED ABACHA, SON OF THE LATE GEN.SANI ABACHA, WHO WAS THE FORMER MILITARY HEAD OF STATE IN NIGERIA. HE DIED IN 1998. SINCE HIS DEATH, THE FAMILY HAS BEEN LOSING A LOT OF MONEY DUE TO VINDICTIVE GOVERNMENT OFFICIALS WHO ARE BENT ON DEALING WITH THE FAMILY. BASED ON THIS THEREFORE, THE FAMILY HAS ASKED ME TO SEEK FOR A FOREIGN PARTNER WHO CAN WORK WITH US AS TO MOVE OUT THE TOTAL SUM OF US$75,000,000.00 ( SEVENTY FIVE MILLION UNITED STATES DOLLARS ), PRESENTLY IN THEIR POSSESSION. THIS MONEY WAS OF COURSE, ACQUIRED BY THE LATE PRESIDENT AND IS NOW KEPT SECRETLY BY THE FAMILY. THE SWISS GOVERNMENT HAS ALREADY FROZEN ALL THE ACCOUNTS OF THE FAMILY IN SWITZERLAND, AND SOME OTHER COUNTRIES WOULD SOON FOLLOW TO DO THE SAME. THIS BID BY SOME GOVERNMENT OFFICIALS TO DEAL WITH THIS FAMILY HAS MADE IT NECESSARY THAT WE SEEK YOUR ASSISITANCE IN RECEIVING THIS MONEY AND IN INVESTING IT ON BEHALF OFTHE FAMILY. … … …

  24. HOAXES & CHAIN LETTERS • Definition: Hoaxes and Chain letters are sometimes just jokes, sometimes annoying, and sometimes dangerous • Social Engineering: Often these email messages are a great waste of time and bandwidth, with people sending them to all of their friends. Sometimes, they convince the user to actually delete files (like the JBDGMGR “teddy bear” hoax). • With a misconfigured email system, the confusion alone can cause many replies which then route to all the users on a mailing list, and the noise can take days to die down. • Some antivirus programs treat these like viruses and quarantine them.

  25. I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple: The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system. The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps: 1. Go to Start, click "Search" 2.- In the "Files or Folders option" write the name jdbgmgr.exe 3.- Be sure that you are searching in the drive "C" 4.- Click "find now" 5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON 6.- Right click and delete it (it will go to the Recycle bin) 7.- Go to the recycle bin and delete it or empty the recycle bin. IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.

  26. Hackers/crackers • What is a hacker? • “A person who enjoys exploring the details of systems and how to stretch their capabilities” (i.e. tries to gain unauthorized access to remote machines) • Usually inventive, has significant knowledge and expertise, and doesn’t cause damage • And a cracker? • “A malicious meddler who tries to discover sensitive information by breaking into remote systems” • Uses off-the-shelf tools, typically a schoolboy

  27. Script Kiddie • The typical script kiddy uses existing and frequently well-known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet - often randomly and with little regard or perhaps even understanding of the potentially harmful consequences. • Hackers view script kiddies with alarm and contempt since they do nothing to advance the "art" of hacking but sometimes unleashing the wrath of authority on the entire hacker community. • While a hacker will take pride in the quality of an attack - leaving no trace of an intrusion, for example - a script kiddy may aim at quantity, seeing the number of attacks that can be mounted as a way to obtain attention and notoriety. • Script kiddies are sometimes portrayed in media as bored, lonely teenagers seeking recognition from their peers.

  28. Phishing • A scam where the perpetrator sends out legitimate-looking e-mails appearing to come from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America Online, in an effort to phish (prounounced "fish") for personal and financial information from the recipient. • Takes advantage of any number of different social engineering and e-mail spoofing ploys to try to trick their victims. • In a recent case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords.

  29. SPAM Fighting • How you might fight the SPAM… • Don’t open anything from anyone you don’t know. • Don’t answer SPAM – it tells them that you exist. • At home, buy a spam filtering program and update it. • At work, or ask your ISP to install spam filtering. Content filtering can block certain adult material, as well as messages that appear suspicious. (This can also destroy legitimate emails.) • At work, use a web proxy to avoid downloading “web bugs”. • At work, subscribe to a Black Hole List. • Register online for FTC No Spam Registry. (legal?)

  30. SPAM Resources • Realtime Blackhole Listhttp://www.mail-abuse.org/rbl • Boycott Internet Spamhttp://spam.abuse.net • Network Abuse Clearinghousehttp://www.abuse.net • Forum for Responsible and Ethical Emailhttp://www.spamfree.org

  31. The Corporate Threat • Game Plan: • Defense in Depth! • Firewalls • DMZ for Internet exposed applications • Web Proxy • Content Filtering (web, smtp, ftp…) • Client Antivirus, Email Antivirus, SMTP Gateway Antivirus • Intrusion Detection • Access Controls on Remote Access/Wireless • Security Awareness • A Good Security Team! • Documentation and tested response

  32. Hackers/crackers • Solutions: • Firewall • Careful system administration • Hard-to-guess passwords

  33. On the Homefront • Be extra careful if you have children and/or broadband. • Fork over the money and buy ANTIVIRUS! • Keep your antivirus UPDATED! • Keep your computer patched! • Get SPAM filtering software / Pop-up blocking • If you’re on broadband, you should have a firewall too.

  34. Virus Protection - BUY a copy of a good antivirus program (like Symantec, McAfee, Trend, Panda...)Available for all platforms. If you like the online scanner below, you can purchase a commercial version from their site for around €30 with a 1- year subscription. - Keep it updated AT LEAST once a week. Try to set it to autocheck at a convenient time so you don't forget. The paid subscription lets you auto-update. If you don't pay after it expires, you can still get virus updates manually from the vendor website, in most cases. - Here are some links to FREE ONLINE resources for scanning your PC. + Symantec (PC): http://security.symantec.com/sscv6/home.asp?j=1&langid=ie&venid=sym (you can perform a virus scan, or check for vulnerabilities) + Trend Micro (PC): http://housecall.trendmicro.com/ + Panda (PC): http://www.pandasoftware.com/activescan/com/activescan_principal.htm + McAfee (PC): http://us.mcafee.com/root/mfs/default.asp

  35. On the Homefront • SPAM + McAfee/Spamkiller (PC, $30): http://us.mcafee.com/root/package.asp?pkgid=156 + Matterform/Spamfire (Mac only for now, $25/$40): http://www.matterform.com/ + CoffeeCup PC - haven't tried, but good reviews, $30): http://www.tucows.com/preview/295552.html + SpamWeed for POP3(bayesian spam filter, should learn and improve over time - haven't tried but looks good, $30): http://www.tucows.com/preview/318216.html

  36. Ad-Ware Dealing with Ad-Ware/Malware (the stuff that gets installed when you download another program or visit a website that reports on what you do) - This is primarily a PC problem, so these tools are exclusively for the PC. - Here are links to a couple FREE software packages that you can use to scan for any adware that might be installed on your system (i.e. Gator, etc.): + Ad-aware (PC, FREE): http://www.lavasoft.de/support/download/ + Spybot (PC, FREE): http://www.safer-networking.org/

  37. Pop-up Blocking There are several vendors that have tools to block pop-ups. Always be careful that you don't install spyware in the process of downloading a neat toolbar to block pop-ups. Here are some I like. They may also have additional functionality, like Google searching, etc. (Mozilla might be the only pop-up blocker for classic MacOS users.) + Google Toolbar (PC, FREE): http://toolbar.google.com/ + You might also try running Mozilla, instead of Internet Explorer: http://www.mozilla.org/ + On MacOS X, use Safari, it will block pop-ups: http://www.apple.com/safari/ + CoffeeCup Pop-up Blocker ($20): http://www.tucows.com/preview/289024.html

  38. Vulnerability Patching It is vital that your PC remain patched from critical security vulnerabilities. This Windows site will check your computer for missing patches, you should keep the security patches updated, but may decide not to install other large patches that are not "critical security patches". [Note: Most new operating systems offer the ability to auto-patch your system, you may decide this is your best option, and that way you won't forget. FOR MAC USERS: You can also use the control panel to look for "software updates" on the Mac... this site is for the savvy MacOS X user. In general, the Mac is much less vulnerable to viruses than the PC.] Some of the recent "blended" threats, like Blaster, will infect ANY unpatched computer that is vulnerable if left long enough on the Internet. Even if you have the latest antivirus. Remember that antivirus is NOT a 100% solution anymore. + Microsoft(PC): http://windowsupdate.microsoft.com/ + Apple(MacOS X) Security Updates: http://docs.info.apple.com/article.html?artnum=61798

  39. The Future • In the future, the Internet will extend its reach into your home and every aspect of your life. • Viruses and threats will become commonplace. • Vendors will need to ship computers with default deny, instead of default allow. • If you keep updated and practice safe computing,you will probably stay safe and keep your data in the chaos.

  40. RESOURCES • CERT: http://www.cert.org/other_sources/viruses.html • VMyths: http://www.vmyths.com/ • Computer Secutiry Institute: http://www.gocsi.com/ • John’s Security Page: http://www.cybermaze.com/security/index2.html • A Virus Tutorial: http://www.cknow.com/vtutor/ • NIST: http://cs-www.ncsl.nist.gov/virus/ • X-Force (ISS): http://xforce.iss.net/ • Microsoft Updates: http://windowsupdate.microsoft.com • You may also go to a good online software site, like http://www.tucows.com/ and go under your operating system (Windows, Mac, Linux) and then click on Internet to pull up tons of freeware and software titles if you don't find something that you like in my list above.

More Related