Phishing, Spyware & VirusesPhishing, Spyware & Viruses

Xiaolan Rong, Fang WangXiaolan Rong, Fang WangJasper Moy and Irfan BandooJasper Moy and Irfan Bandoo

Introduction to Phishing

Lucky Winner: You won $1 m!

We’re going to close your account unless…

Baits

I got a mail!

How to be a fisher?

1. Collect email addresses

2. Mass e-mail everyone

3. Waiting for fish to bite

4. Profit

Fishing Phishing

A weapon

1987 … 1996 1997 … 2001 2002 2003 2004 2005 2006 2007

Term“Phishing”

PhishingTechnology

Firstattempt

Economy of crime

Target:SocialNetworks

History ofHistory of PhishingPhishing History ofHistory of PhishingPhishing

AOL—FI

Link Manipulation http://www.yourbank.example.com/ http://en.wikipedia.org/wiki/Genuine http://www.google.com@members.tripod.com/

Filter Evasion images

Website Forgery JavaScript, cross-site scripting, flash-based websites

Phone Phishing

Phishing Technique Phishing Technique Phishing Technique Phishing Technique

Definition A mean to a fraud

Targets eBay, Paypal, Online Banks

Tools email, instant messaging, phone contact

Features of PhishingFeatures of Phishing Features of PhishingFeatures of Phishing

Fishing Whaling

Example of a Phishing EmailExample of a Phishing Email

•Email looks legitimate.•Everything on the screen looks fine.

The address in From looks authentic

The URL on the link looks legitimate

The message expresses urgency

Continue….Continue….

I typed some random text

Continue….Continue….

Continue….Continue…. There is no error message. While, a legitimate page There is no error message. While, a legitimate page

from Bank of America was shown (see the URL).from Bank of America was shown (see the URL).

Identifying Real from FakeIdentifying Real from Fake

Right click on the link and click Properties:Right click on the link and click Properties:

Notice : the URL starts with an IP address, not Bank of Notice : the URL starts with an IP address, not Bank of America address. This should lead to suspicion.America address. This should lead to suspicion.

Identifying Real from FakeIdentifying Real from Fake

Identifying Real from FakeIdentifying Real from FakePhishing Email VS. Real Email

Similarities between the fake and the real email

the context of the fake email is very believable, legitimate and reasonable.the address of sender looks authentic. The URL on a link also looks legitimate. In fact, some links are truth. One or two links are faking. the web site opened is usually similar to the legitimate site, when you click the faking link the fake email supplies.Sometimes, the phishing emails even give security warning.

Differences between the fake and the real email

to a real one, the format of typing text usually is asked.the real one first certificates your logon information.there is no cue like error or warning, during the process of typing personal information, even you enter error messages or random format text.

visible link and actual link the IP address showed on the pop-window ( actual link) is different from the IP address showed in the email ( visible link) .

Compare the source code of the fake and the real site

Open a web site, click the page and then click the view source to see the HTML code.the HTML code of real site is more complex and larger than the fake.the real one has the code of identity confirm function, while, the fake one does not have about identity confirm code.The code of fake site is always to connect a link which is different from the one in email.

Protection StrategyProtection Strategy

• If you get an email or pop-up message that If you get an email or pop-up message that asks for personal or financial information, do asks for personal or financial information, do not reply, and don’t click on the link in the not reply, and don’t click on the link in the message, either. message, either.

• Don’t email personal or financial information.Don’t email personal or financial information. • Review credit card and bank account Review credit card and bank account

statements as soon as you receive them to statements as soon as you receive them to check for unauthorized chargescheck for unauthorized charges

Protection Strategy ContinuesProtection Strategy Continues

• Forward spam mail that is phishing for Forward spam mail that is phishing for information to spam@uce.gov and to the information to spam@uce.gov and to the company, bank, or organization impersonated company, bank, or organization impersonated in the phishing email. in the phishing email.

• If you believe you’ve been scammed, file your If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s complaint at ftc.gov, and then visit the FTC’s Identity Theft website at Identity Theft website at www.consumer.gov.idtheft.www.consumer.gov.idtheft.

Putting you to the Test – Literally!Putting you to the Test – Literally!

• Ok so that ends or analysis on Phishing, now lets see if Ok so that ends or analysis on Phishing, now lets see if you we have taught you anything – lets see what you’ve you we have taught you anything – lets see what you’ve learned!!learned!!

• Ready?.....Ready?.....

• Phishing exercise:Phishing exercise:http://www.mailfrontier.com/forms/msft_iq_test.html

Interesting Fact about Spyware.Interesting Fact about Spyware.

• According to According to Consumer ReportsConsumer Reports, the odds of , the odds of a spyware infection remain 1 in 3 and the a spyware infection remain 1 in 3 and the odds of suffering serious damage from odds of suffering serious damage from spyware are 1 in 11.spyware are 1 in 11.

• Over the past six months, spyware Over the past six months, spyware infestations prompted about 850,000 infestations prompted about 850,000 households replace their computers. households replace their computers.

Spyware – What is it?Spyware – What is it?

• Spyware, also known as malware, is a Spyware, also known as malware, is a software that is installed either software that is installed either purposefully or accidentally on a purposefully or accidentally on a personal computer to intercept or take personal computer to intercept or take partial control over the user's partial control over the user's interaction with the computer, without interaction with the computer, without the user's informed consent.the user's informed consent.

What does Spyware do?What does Spyware do?

• The software secretly monitors the user's The software secretly monitors the user's behavior.behavior.

• Spyware programs can collect various Spyware programs can collect various types of personal information such as types of personal information such as Internet surfing habit, sites and that have Internet surfing habit, sites and that have been visited.been visited.

• Can also interfere with user control of the Can also interfere with user control of the computer in other ways, such as:computer in other ways, such as:

• Installing additional softwareInstalling additional software• Redirecting Web browser activityRedirecting Web browser activity

What does Spyware do?What does Spyware do?

• Accessing websites blindly that will cause Accessing websites blindly that will cause more harmful virusesmore harmful viruses

• Spyware can even change computer Spyware can even change computer settings, resulting in slow connection settings, resulting in slow connection speeds, different home pages, and loss of speeds, different home pages, and loss of Internet or other programs.Internet or other programs.

• Can also create unwanted: CPU activity, Disk Can also create unwanted: CPU activity, Disk usage.usage.

Where is Spyware Found?Where is Spyware Found?

• Found in free banner ad based software, in Found in free banner ad based software, in which the user exchanges the annoyance of which the user exchanges the annoyance of banner pop up adds for the benefit of not banner pop up adds for the benefit of not having to pay for software.having to pay for software.

• Download mangers.Download mangers.• GamesGames• Demo softwareDemo software• Window utilitiesWindow utilities• File sharing software.File sharing software.

Removing SpywareRemoving Spyware

• Once you have recognized what program or Once you have recognized what program or software is using spyware you can remover it software is using spyware you can remover it through uninstall utilities or Add/Remove through uninstall utilities or Add/Remove programs.programs.

• Run Anti Spyware software.Run Anti Spyware software.

Protection from SpywareProtection from Spyware

• Keep your programs update – enable Windows Keep your programs update – enable Windows automatic updatesautomatic updates

• Use Anti Spyware software, e.g. Microsoft Anti Use Anti Spyware software, e.g. Microsoft Anti Spyware, Spyware Sweeper, Windows Defender, Spyware, Spyware Sweeper, Windows Defender, Spyware Eliminator, Spy SniperSpyware Eliminator, Spy Sniper

• Be cautious about opening any attachment or Be cautious about opening any attachment or downloading any files from emails you receive, downloading any files from emails you receive, regardless of who sent them. These files can contain regardless of who sent them. These files can contain virusesviruses or other software that can weaken your or other software that can weaken your computer’s security.computer’s security.

Example of Anti Spyware SoftwareExample of Anti Spyware Software

Example of Anti Spyware SoftwareExample of Anti Spyware Software

Viruses – What are they?Viruses – What are they?

• Viruses are computer programs with the sole Viruses are computer programs with the sole purpose of destroying data on our purpose of destroying data on our computers. The virus may only destroy computers. The virus may only destroy unimportant files, or it may decide to erase unimportant files, or it may decide to erase all of your document files. A virus can cause all of your document files. A virus can cause an infected computer to do funny things on an infected computer to do funny things on certain dates, as well as issue serious certain dates, as well as issue serious commands such as erasing our Registry file, commands such as erasing our Registry file, thus disabling the operation and booting up thus disabling the operation and booting up of our computers of our computers

How are Viruses Spread?How are Viruses Spread?

• Viruses are spread through executable Viruses are spread through executable files we either get from friends, files we either get from friends, download off the net, or install through download off the net, or install through a floppy disk. A virus will often come a floppy disk. A virus will often come disguised under the cloak of a disguised under the cloak of a TrojanTrojan, , which is the carrier for the virus. which is the carrier for the virus.

Protection from VirusesProtection from Viruses

• Never accept files from anyone you don't know Never accept files from anyone you don't know

• When downloading files off the Internet, be sure it's When downloading files off the Internet, be sure it's from a reputable site. from a reputable site.

• Never run or even peek at files you receive through your Never run or even peek at files you receive through your email program from people you don't know. If you have email program from people you don't know. If you have any doubts at all, write the person back, and ask for any doubts at all, write the person back, and ask for verification that they sent you a file. verification that they sent you a file.

• Install a Virus Detection program Install a Virus Detection program

• Set yourself up a regular time to update the virus scans, Set yourself up a regular time to update the virus scans, and do it.and do it.

• Backup your important files regularly. Backup your important files regularly.

ReferencesReferences

• How Not to Get Hooked by a ‘Phishing’ Scam, Federal Trade How Not to Get Hooked by a ‘Phishing’ Scam, Federal Trade Commission Commission http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtmhttp://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

• http://en.wikipedia.org/wiki/Phishinghttp://en.wikipedia.org/wiki/Phishing

• Phishing Report of Anti-Phishing Working Group, Members Meeting Phishing Report of Anti-Phishing Working Group, Members Meeting in Radisson University Hotelin Radisson University Hotel

• http://www.antiphishing.org/ http://www.antiphishing.org/

• http://www.internetnews.com/security/article.php/3493046http://www.internetnews.com/security/article.php/3493046

• http://www.crit.org/categories/Phishing-Scams/ http://www.crit.org/categories/Phishing-Scams/