1

TCEA Workshop 6898:Phishing for Worms – Why is my

Computer so Slow?

A brief look at some annoying and A brief look at some annoying and sometimes dangerous creatures sometimes dangerous creatures

inhabiting cyberspaceinhabiting cyberspace

William Ball, Technology William Ball, Technology CoordinatorCoordinator

Holli Horton, Technology TrainerHolli Horton, Technology Trainer

Calallen ISDCalallen ISD

Corpus Christi, TXCorpus Christi, TX

2

How prevalent are viruses and things?

More than two thirds of home users think More than two thirds of home users think they are safe from online threats. they are safe from online threats.

3

Viruses, worms, and Trojan Horses Viruses, worms, and Trojan Horses are malicious programs that can are malicious programs that can cause damage to your computer cause damage to your computer and information on your computer. and information on your computer.

4

With an ounce of prevention and With an ounce of prevention and some good common sense, you are some good common sense, you are less likely to fall victim to these less likely to fall victim to these threats. threats.

5

Be a Critical Thinker

6

What is a virus?

Virus (n.)Virus (n.) Code written with the Code written with the express intention of replicating express intention of replicating itself. A virus attempts to spread itself. A virus attempts to spread from computer to computer by from computer to computer by attaching itself to a host program. attaching itself to a host program. It may damage hardware, software, It may damage hardware, software, or information.or information.

7

What is a worm?

Worm (n.)Worm (n.) A subclass of virus. A A subclass of virus. A worm generally spreads without worm generally spreads without user action and distributes user action and distributes complete copies (possibly complete copies (possibly modified) of itself across networks. modified) of itself across networks. A worm can consume memory or A worm can consume memory or network bandwidth, thus causing a network bandwidth, thus causing a computer to stop responding. computer to stop responding.

8

What is a Trojan Horse?

Trojan Horse (n.)Trojan Horse (n.) A computer A computer program that appears to be useful but program that appears to be useful but that actually does damage.that actually does damage.

One of the most insidious types of Trojan horse is a One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses program that claims to rid your computer of viruses but instead introduces viruses onto your computer. but instead introduces viruses onto your computer.

9

How do these spread?

Many of the most dangerous Many of the most dangerous viruses are primarily spread viruses are primarily spread through e-mailthrough e-mail

10

Tip:

Never open anything that is Never open anything that is attached to an e-mail unless you attached to an e-mail unless you were expecting the attachment were expecting the attachment andand you know the exact contents of that you know the exact contents of that file. file.

11

Be a Critical Thinker

12

13

Googling the phone number (703) 482-0623 gets:• Phonebook results for 703-482-0623: Phonebook results for 703-482-0623:

United States Government, Central United States Government, Central Intelligence Agency, (Intelligence Agency, (703703) ) 482482--06230623, , Mc Lean, VA 22101 Mc Lean, VA 22101

• This is not the CIA Office of Public Affairs This is not the CIA Office of Public Affairs in Washington, D.C., as the email reports.in Washington, D.C., as the email reports.

14

FBI Warns of Email Scam

The Federal Bureau of Investigation issued an alert about a scam involving unsolicited e-mails, purportedly sent by the FBI, that tell computer users that their Internet surfing is being monitored by the agency. The users are told they have visited illegal Web sites and are instructed to open an attachment to answer questions, reports CNN.

This email virus is a variant of the Sober Y worm which was originally discovered on November 16th, 2005. Like the previous variants, this one sends itself inside a ZIP archive as an attachment in e-mail messages with English or German texts.

It should be noted that along with the "usual" messages that look like fake bounces, password change notification requests, Paris Hilton video ads and so on, the worm sends messages that look like they come from FBI or CIA. The From field of such messages contains any of the following:

Department@fbi.gov (also can be Office@, Admin@, Mail@, Post@)Department@cia.gov (also can be Office@, Admin@, Mail@, Post@)

The Subject field contains any of the following: You visit illegal websitesYour IP was logged

The FBI is investigating the scam.

15

16

The reason this email was successful was because:

• It came from a perceived important or It came from a perceived important or powerful personpowerful person

• Accused wrongdoing; plays on guiltAccused wrongdoing; plays on guilt• Gave an opportunity to right a wrongGave an opportunity to right a wrong

This is called…This is called…

17

Social Engineering

18

In the field of computer security, social engineering is the practice of obtaining confidential information by manipulation of legitimate users.

19

By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that “users are the weak link” in security and this principle is what makes social engineering possible.

20

Beware of messages that request password or credit card information in order to “set up their account” or “reactivate settings”.

21

Do not divulge sensitive information, passwords or otherwise, to people claiming to be administrators.

22

System administrators do not need to know your password to do any work on the servers.

23

Social engineering works — in an Infosecurity survey, 90% of office workers gave away their password in exchange for a cheap pen!

24

Be a Critical Thinker

25

What is Phishing?

Phishing (v.)Phishing (v.) is a high-tech scam is a high-tech scam that uses spam or pop-up messages that uses spam or pop-up messages to deceive you into disclosing your to deceive you into disclosing your credit card numbers, bank account credit card numbers, bank account information, Social Security information, Social Security number, passwords, or other number, passwords, or other sensitive information. sensitive information.

26

• In 2005, phishing represented an average of In 2005, phishing represented an average of one in every 304 emails, compared to one in one in every 304 emails, compared to one in every 943 in 2004.every 943 in 2004.

27

28

              

  Dear Citibank Customer,Dear Citibank Customer,When signing on to Citibank Online, you or somebody else When signing on to Citibank Online, you or somebody else have made several login attempts and reached your daily have made several login attempts and reached your daily attempt limit. As an additional security measure your access attempt limit. As an additional security measure your access to Online Banking has been limited. This Web security to Online Banking has been limited. This Web security measure does not affect your access to phone banking or measure does not affect your access to phone banking or ATM banking. ATM banking.

Please verify your information Please verify your information herehere, before trying to sign on , before trying to sign on again. You will be able to attempt signing on to Citibank again. You will be able to attempt signing on to Citibank Online within twenty-four hours after you verify your Online within twenty-four hours after you verify your information. (You do not have to change your Password at this information. (You do not have to change your Password at this time.)time.)  Citibank Online Customer ServiceCitibank Online Customer Service

Copyright © 2004 CiticorpCopyright © 2004 Citicorp

29

<font color="#000000" face="Arial">

<p>When signing on to Citibank Online, you or somebody else have made several login attempts and reached your daily attempt limit. As an additional security measure your access to Online Banking has been limited. This Web security measure does not affect your access to phone banking or ATM banking. </p>

<p>Please verify your information <a href="http://200.189.70.90/citi">here</a>, before trying to sign on again. You will be able to attempt signing on to Citibank Online within twenty-four hours after you verify your information. (You do not have to change your Password at this time.)</p>

<p>&nbsp;</p>

<p><b>Citibank Online Customer Service</b></p> <br>

</td>

30

We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please click here and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 3-4 days, after this period your account will be terminated.

For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay.

Regards,Safeharbor Department eBay, Inc

Dear valued customer

    Need Help?

Dear valued customer

Dear valued customer

31

<DIV style="width: 605; height: 224"><STRONG><FONT face=arial> We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please </FONT> <a target="_blank" a href="http://211.239.171.57/alfa/eBayISAPI.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid="><FONT face=arial color=#0000ff>click here</FONT></a></STRONG><FONT face=arial> and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 3-4 days, after this period your account will be terminated.

32

33

34

href="http://wordart.co.jp/.online/co/

login.php">https://service.capitalone.com/oas/

login.do?objectclicked=LoginSplash</

a></FONT></TD>

The code disguises the real target of this link:

href="http://wordart.co.jp/.online/co/login.php">https://service.capitalone.com/oas/login.do?objectclicked=LoginSplash</a></FONT></TD>

35

Where is this taking you?

Is this a secure site?

36

Where is this taking you?

Is this a secure site?

37

How Not to Get Hooked by a Phishing Scam

from the Federal Trade Commissionfrom the Federal Trade Commission

38

Do not reply or click the link

Legitimate companies don’t ask for Legitimate companies don’t ask for account information via email. If account information via email. If you are concerned about your you are concerned about your account, contact the organization in account, contact the organization in the email using a telephone number the email using a telephone number you know to be genuine, or open a you know to be genuine, or open a new Internet browser session and new Internet browser session and type in the company’s correct Web type in the company’s correct Web address.address.

39

Don’t email personal or financial information

Email is not a secure method of Email is not a secure method of transmitting personal information.transmitting personal information.

Period. Period.

40

Review credit card and bank statements as soon as you receive

them

Determine whether there are any Determine whether there are any unauthorized charges. If your unauthorized charges. If your statement is late by more than a statement is late by more than a couple of days, call your credit couple of days, call your credit card company or bank to confirm card company or bank to confirm your billing address and account your billing address and account balances.balances.

41

Use anti-virus software and keep it up to date

Some phishing emails contain Some phishing emails contain software that can harm your software that can harm your computer or track your activities computer or track your activities on the Internet without your on the Internet without your knowledge.knowledge.

42

Be cautious about opening any attachment regardless of who sent

them

Have you heard this before?Have you heard this before?

43

Report suspicious activity to the FTC

If you get spam that is phishing for If you get spam that is phishing for information, forward it to information, forward it to spam@uce.gov If you believe spam@uce.gov If you believe you’ve been scammed, file your you’ve been scammed, file your complaint at www.ftc.gov. complaint at www.ftc.gov.

44

Be a Critical Thinker

45

What is spyware?

SpywareSpyware is Internet jargon for is Internet jargon for Advertising Supported software.Advertising Supported software. It is a way for shareware authors to It is a way for shareware authors to make money from a product, other make money from a product, other than by selling it to the users. than by selling it to the users.

46

Spyware is any technology that Spyware is any technology that aids in gathering information about aids in gathering information about a person or organization without a person or organization without their knowledge.their knowledge.

47

Drive-by Download?

A drive-by download is a program A drive-by download is a program that is automatically downloaded that is automatically downloaded to your computer, often without to your computer, often without your consent or even your your consent or even your knowledge. knowledge.

48

Unlike a pop-up download, which Unlike a pop-up download, which asks for assent (albeit in a asks for assent (albeit in a calculated manner likely to lead to calculated manner likely to lead to a "yes"), a drive-by download is a "yes"), a drive-by download is carried out invisibly to the user: it carried out invisibly to the user: it can be initiated by simply visiting can be initiated by simply visiting a Web site or viewing an HTML e-a Web site or viewing an HTML e-mail message. mail message.

49

Why is it called spyware?

While this may be a great concept, While this may be a great concept, the downside is that the advertising the downside is that the advertising companies also install additional companies also install additional tracking software on your system, tracking software on your system, which is continuously "calling which is continuously "calling home", using your Internet home", using your Internet connection and reports statistical connection and reports statistical data to the "mothership".data to the "mothership".

50

Is spyware illegal?

Even though the name may Even though the name may indicate so, Spyware is not an indicate so, Spyware is not an illegal type of software in any way. illegal type of software in any way. However there are certain issues However there are certain issues that a privacy oriented user may that a privacy oriented user may object to and therefore prefer not to object to and therefore prefer not to use the product.use the product.

51

What is adware?

Generically, adware is any Generically, adware is any software application in which software application in which advertising banners are displayed advertising banners are displayed while the program is running.while the program is running.

52

Adware has been criticized Adware has been criticized because it usually includes code because it usually includes code that tracks a user's personal that tracks a user's personal information and passes it on to information and passes it on to third parties, without the user's third parties, without the user's authorization or knowledge. authorization or knowledge.

53

In addition to privacy and security In addition to privacy and security concerns, resource-hogging adware concerns, resource-hogging adware and spyware can cause system and and spyware can cause system and browser instability and slowness. browser instability and slowness. For users paying for dialup For users paying for dialup services by time used, ad-loading services by time used, ad-loading and hidden communications with and hidden communications with servers can be costly.servers can be costly.

54

Adware isn't necessarily spyware. Adware isn't necessarily spyware. Registered shareware without ads Registered shareware without ads may be spyware. Purchased out-of-may be spyware. Purchased out-of-the-box software may contain the-box software may contain adware and may also be spyware. adware and may also be spyware.

55

All this makes for a confusing All this makes for a confusing mess and users need to be on guard mess and users need to be on guard when installing any type of when installing any type of software. software.

56

Be a Critical Thinker

57

Top 10 Cyber Security Tips

from StaySafeOnline.com from StaySafeOnline.com

58

1. Use anti-virus software and keep it up to date

Anti-virus software is designed to Anti-virus software is designed to protect you and your computer against protect you and your computer against known viruses so you don’t have to known viruses so you don’t have to worry. But with new viruses emerging worry. But with new viruses emerging daily, anti-virus programs need regular daily, anti-virus programs need regular updates, like annual flu shots, to updates, like annual flu shots, to recognize these new viruses. Be sure to recognize these new viruses. Be sure to update your anti-virus software update your anti-virus software regularly.regularly.

59

2. Don’t open emails or attachments from unknown sources

A simple rule of thumb is that if A simple rule of thumb is that if you don't know the person who is you don't know the person who is sending you an email, be very sending you an email, be very careful about opening the email careful about opening the email and any file attached to it. Should and any file attached to it. Should you receive a suspicious email, the you receive a suspicious email, the best thing to do is to delete the best thing to do is to delete the entire message, including any entire message, including any attachment. attachment.

60

3. Protect your computer from Internet intruders – use firewalls

Firewalls create a protective wall between Firewalls create a protective wall between your computer and the outside world. They your computer and the outside world. They come in two forms, software firewalls that come in two forms, software firewalls that run on your personal computer and run on your personal computer and hardware firewalls that protect a number of hardware firewalls that protect a number of computers at the same time. They work by computers at the same time. They work by filtering out unauthorized or potentially filtering out unauthorized or potentially dangerous types of data from the Internet, dangerous types of data from the Internet, while still allowing other (good) data to while still allowing other (good) data to reach your computer. reach your computer.

61

4. Regularly download updates and patches for your OS and other

software

Most major software companies Most major software companies today release updates and patches today release updates and patches to close newly discovered to close newly discovered vulnerabilities in their software.vulnerabilities in their software.

62

5. Use hard-to-guess passwords

Mix upper case, lower case, Mix upper case, lower case, numbers, or other characters not numbers, or other characters not easy to find in a dictionary, and easy to find in a dictionary, and make sure they are at least eight make sure they are at least eight characters long. Don’t share your characters long. Don’t share your password, and don’t use the same password, and don’t use the same password in more than one place. password in more than one place.

63

6. Back-up your data on disks or CDs regularly

Back up small amounts of data on Back up small amounts of data on floppy diskettes and larger floppy diskettes and larger amounts on CDs or DVDs. If you amounts on CDs or DVDs. If you have access to a network, save have access to a network, save copies of your data on another copies of your data on another computer in the network.computer in the network.

64

7. Don’t share access to your computers with strangers

Your computer operating system may allow Your computer operating system may allow other computers on a network, including the other computers on a network, including the Internet, to access the hard-drive of your Internet, to access the hard-drive of your computer in order to “share files”. This computer in order to “share files”. This ability to share files can be used to infect ability to share files can be used to infect your computer with a virus or look at the your computer with a virus or look at the files on your computer if you don’t pay files on your computer if you don’t pay close attention. (Music sharing programs close attention. (Music sharing programs like Kazaa, Napster, and Gnutella are like Kazaa, Napster, and Gnutella are common music file sharing programs.)common music file sharing programs.)

65

8. Disconnect from the Internet when not in use

Disconnecting your computer from Disconnecting your computer from the Internet when you’re not online the Internet when you’re not online lessens the chance that someone lessens the chance that someone will be able to access your will be able to access your computer. computer.

66

9. Check your security on a regular basis

You should evaluate your You should evaluate your computer security at least twice a computer security at least twice a year. Look at the settings on year. Look at the settings on applications that you have on your applications that you have on your computer. Your browser software, computer. Your browser software, for example, typically has a for example, typically has a security setting in its preferences security setting in its preferences area. area.

67

10. Make sure you know what to do if your computer becomes infected

It’s important that everyone who uses a It’s important that everyone who uses a computer be aware of proper security computer be aware of proper security practices. People should know how to practices. People should know how to update virus protection software, how update virus protection software, how to download security patches from to download security patches from software vendors and how to create a software vendors and how to create a proper password. proper password.

(If in doubt, contact the nearest 14 year-old.)(If in doubt, contact the nearest 14 year-old.)

68

Be a Critical Thinker

69

Free Tools

70

Microsoft Anti-Spyware

71

Lavasoft’s AdAware

72

Spybot Search and Destroy

Be careful – none of these sites is what you want!

73

Spybot Search and Destroy

Tucows is a safe site to download from.

74

How do you fix this mess?

• Be aware of Social Engineering techniquesBe aware of Social Engineering techniques• Never share your password with anyone Never share your password with anyone • Protect your computer:Protect your computer:

• Keep your OS updates currentKeep your OS updates current• Use antivirus software and keep it up-to-Use antivirus software and keep it up-to-

datedate• Use programs like Adaware and Spybot Use programs like Adaware and Spybot

Search and Destroy to keep your Search and Destroy to keep your computer free from malwarecomputer free from malware

75

Be a Critical Thinker