Email Security - Applied Computer Science
Download
Report
Transcript Email Security - Applied Computer Science
Worm
Greyware
Virus
Spyware
Trojan
bot
Phishing
Adware
Blended threat
Malicious software
Software written to damage or disrupt a
computer, such as a virus or a trojan
horse.
It is a Word macro xxxxx delivered via e-mail in an
attached Word document. The e-mail message
contains the subject line "Important Message From
"UserName" and/or contains the message body
"Here is that document you asked for ... don't show
anyone else ;-)".
If the attached Word document is opened and the
macro xxxxx is enabled (that is, it is allowed to run),
it can propagate itself by sending e-mail with the
infected document to a number of recipients. The
xxxxx reads the list of members from each Outlook
Address Book and sends an e-mail message to the
first 50 recipients programmatically.
A computer virus is a small program
written to alter the way a computer
operates, without the permission or
knowledge of the user. A virus usually
meets two criteria:
› It will place its own code in the path of
execution of another program.
› It must replicate itself. For example, it may
replace other executable files with a copy of
the virus infected file. Viruses can infect
desktop computers and network servers
alike.
Some viruses are programmed to damage the computer by
damaging programs, deleting files, or reformatting the hard
disk. Others are not designed to do any damage, but simply
to replicate themselves and make their presence known by
presenting text, video, and audio messages.
Even these benign viruses can create problems for the
computer user. They typically take up computer memory
used by legitimate programs.
As a result, they often cause erratic behavior and can result
in system crashes. In addition, many viruses are bug-ridden,
and these bugs may lead to system crashes and data loss.
Win32/Nuwar, refers to a family of xxxxxx droppers
that install a distributed peer-to-peer (P2P)
downloader xxxx. This downloader xxxx in turn
downloads a copy of the email xxx component of
the Storm Worm.
Storm Worm may download and install additional
malicious software, thus manual removal is not
recommended. To detect and remove this xxxx
and other malicious software that may have been
installed, run a full-system scan with an up-to-date
xxx product
Trojan horses are impostors--files that claim to be something
desirable but, in fact, are malicious.
A very important distinction from true viruses is that they do not
replicate themselves, as viruses do. Trojans contain malicious code,
that, when triggered, cause loss, or even theft, of data.
In order for a Trojan horse to spread, you must, in effect, invite these
programs onto your computers--for example, by opening an email
attachment.
The main objective of this type of malware is to install other
applications on the infected computer, so it can be controlled from
other computers.
Trojans do not spread by themselves, and as their name suggests,
these malicious codes reach computers in the guise of an
apparently harmless program, which, in many cases, when
executed releases a second program, the Trojan itself.
The effects of Trojans can be highly dangerous.
Like viruses, they can destroy files or information on
hard disks. They can also capture and resend
confidential data to an external address or open
communication ports, allowing an intruder to
control the computer remotely.
Additionally, they can capture keystrokes or
record passwords entered by users. Given all these
characteristics, they are frequently used by cybercrooks, for example, to steal confidential banking
information.
Blaster is a type of computer xxxx that
generally spreads without user action and
that distributes complete copies (possibly
modified) of itself across networks (such as
the Internet).
Generally known as "Blaster," this new xxxxxx
exploits the vulnerability that was addressed
by Microsoft Security Bulletin MS03-026
(823980) to spread itself over networks by
using open Remote Procedure Call (RPC)
ports on computers .
If your computer is infected with this xxxxxx, you may not experience
any symptoms, or you may experience any of the following
symptoms:
You may receive the following error messages:
The Remote Procedure Call (RPC) service terminated unexpectedly.
The system is shutting down. Please save all work in progress and log
off.
Any unsaved changes will be lost.
This shutdown was initiated by NT AUTHORITY\SYSTEM.
The computer may shut down, or may restart repeatedly, at random
intervals.
You may find a file that is named Msblast.exe, Nstask32.exe,
Penis32.exe, Teekids.exe, Winlogin.exe, Win32sockdrv.dll, or
Yuetyutr.dll in the Windows\System32 folder.
You may find unusual TFTP* files on your computer
Worms are programs that replicate themselves from system to
system without the use of a host file. This is in contrast to
viruses, which requires the spreading of an infected host file.
In contrast to viruses, worms are standalone software and do
not require a host program or human help to propagate.
A worm enters a computer through a vulnerability in the
system and takes advantage of file-transport or informationtransport features on the system, allowing it to travel unaided.
Worms have also been adapted to fit the new
malware dynamic. Previously, worms were
designed largely to achieve notoriety for the
creators, and were therefore programmed to
spread massively and infect computers around the
world.
Now, however, worms are more geared towards
generating financial gain. They are used to create
botnets which control thousands of computers
around the world.
Are often ordinary computers sitting on desktops in homes
and offices around the world. Typically, computers become
nodes in a xxx when attackers illicitly install malware that
secretly connects the computers to the xxxx and they
perform tasks such as sending spam, hosting or distributing
malware or other illegal files, or attacking other computers.
Attackers usually install xxx by exploiting vulnerabilities in
software or by using social engineering tactics to trick users
into installing the malware. Users are often unaware that their
computers are being used for malicious purposes.
perfect base of operations for computer criminals.
XXX are designed to operate in the background,
often without any visible evidence of their
existence.
Victims who detect suspicious activity on their
computers are likely to take steps to find and fix the
problem, perhaps by running an on-demand
malware scan or by updating the signature files for
their existing real-time malware protection.
Depending on the nature of the xxx, the attacker
may have almost as much control over the victim’s
computer .
A malicious bot is self-propagating malware designed to
infect a host and connect back to a central server or servers
that act as a command and control (C&C) center for an
entire network of compromised devices, or "botnet."
With a botnet, attackers can launch broad-based, "remotecontrol," flood-type attacks against their target(s). In addition
to the worm-like ability to self-propagate, bots can include
the ability to log keystrokes, gather passwords, capture and
analyze packets, gather financial information, launch DoS
attacks, relay spam, and open back doors on the infected
host.
They have been known to exploit back doors opened by
worms and viruses, which allows them to access networks
that have good perimeter control.
First, an attacker hacks a legitimate website—often with
automated tools—to place the malware.
Next, the attacker uses a botnet to send malicious spam messages
to end users, often in low volumes to avoid detection.
These messages, rather than containing an actual malware
attachment, include graphics, URL links, or IP addresses that point to
the malicious website. This bypasses traditional Email antivirus
gateways which do not identify these features as threats.
Finally, assuming the Email passes by spam detection; the user
receives the Email and clicks the embedded link, taking them to the
infected web page, activating the malware. The malware is
deployed as a “drive by download” without any user interaction, or
as a result of the user being lured into initiating the installation, often
under the pretense of media codec updates, or browser plugins.
Blended threats combine the
characteristics of viruses, worms, Trojan
horses, and malicious code with server
and Internet vulnerabilities to initiate,
transmit, and spread an attack.
By using multiple methods and
techniques, blended threats can rapidly
spread and cause widespread damage.
Characteristics of blended threats include the following:
Causes harm
Launches a Denial of Service (DoS) attack at a target IP address, defaces
Web servers, or plants Trojan horse programs for later execution.
Propagates by multiple methods
Scans for vulnerabilities to compromise a system, such as embedding code in
HTML files on a server, infecting visitors to a compromised Web site, or
sending unauthorized email from compromised servers with a worm
attachment.
Attacks from multiple points
Injects malicious code into the .exe files on a system, raises the privilege level
of the guest account, creates world read and writeable network shares,
makes numerous registry changes, and adds script code into HTML files.
Spreads without human intervention
Continuously scans the Internet for vulnerable servers to attack.
Exploits vulnerabilities
Takes advantage of known vulnerabilities, such as buffer overflows, HTTP
input validation vulnerabilities, and known default passwords to gain
unauthorized administrative access.
Greyware is malicious software.
Considered to fall in the "grey area"
between normal software and a virus.
Greyware is a term for which all other
malicious or annoying software such as
adware, spyware, trackware, and other
malicious code and malicious shareware
fall under.
Any software that covertly gathers user information
through the user's Internet connection without his or her
knowledge.
Spyware applications are typically bundled as a hidden
component of freeware or shareware programs that can
be downloaded from the Internet; however, it should be
noted that the majority of shareware and freeware
applications do not come with spyware.
Once installed, the spyware monitors user activity on the
Internet and transmits that information in the background
to someone else. Spyware can also gather information
about e-mail addresses and even passwords and credit
card numbers.
A form of spyware that collects
information about the user in order to
display advertisements in the Web
browser based on the information it
collects from the user's browsing
patterns.
Some do this with your knowledge.
The act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user
into surrendering private information that will be used for identity
theft.
The e-mail directs the user to visit a Web site where they are
asked to update personal information, such as passwords and
credit card, social security, and bank account numbers, that the
legitimate organization already has. The Web site, however, is
bogus and set up only to steal the user’s information.
How can you recognize a phishing website?
What should you do if you are or think you have been a victim of
a phishing website?
Source http://www.webopedia.com
"Spam" is unsolicited email sent in massive quantities simultaneously
to numerous users, generally trying to advertise or publicize certain
products or services. This junk mail is also often used as a bridgehead
for other types of cyber-crime, such as phishing or email scams.
Spam can be classified into different groups, largely in accordance with the
content of the messages:
Advertising spam. This is really the pioneer of all the other types. It involves
advertising products or services, normally at knockdown prices. The
advertising itself and the products advertised (fake designer products,
pharmaceuticals, music, etc.) often infringe intellectual property rights,
patents or health and safety legislation.
Hoaxes. These are simply false or trick messages. They are often ‘chain
emails’, asking the recipient to forward the message to a certain number of
contacts. They contain unlikely stories of social injustice or formulas to
achieve success. The real aim of the hoax is to collect email addresses
(accumulated as the message is forwarded) which are then used for other
types of spam. Sending of these messages is not a crime in itself, as they
have no apparent commercial aim, but the relation with cyber-crime is
evident, and they are exploiting a legal loophole.
Fraudulent spam. As mentioned above, spam is also often used to launch
phishing attacks, scams and other types of fraud through email messages
sent massively to millions of users.
Drive by download- If your computer has a bug in the OS
or program your PC may become infected with malware
simply by visiting a malicious website. You do not even
have to download anything, but just visit the page.
Denial of Service (DOS)- Attack that can crash a
vulnerable program or computer (denies the service).
Remote code execution- Allows an attacker to run any
command on a computer such as installing remote
control software. Holes of this nature are very dangerous.
Zero Day- refers to a flaw that surfaces before
a fix is available.
Proof of concept- A flaw or attack that
researchers have discovered but has yet been
used to exploit computers. Some never get
used to exploit computers.
In the wild- Opposite of proof of concept.
When an exploit is in the wild it is being used to
attack vulnerable computers.
No one thing will make computers and networks completely safe. Instead
users and administrators must apply a variety of methods to decrease
the risk to threats.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Physical Security
Passwords
Windows Updates
Antivirus, adware spyware Software
Firewalls
Wireless access points
Attachments and downloads
Storage of sensitive data.
Proper disposal of old hard drives, CD’s, DVD’S and other mediums.
Turn off Your Computer
Backup of data
Store computer(s) in a private location
that limits who has physical access to it.
Servers are in a locked temperature
controlled room.
http://www.cbc.ca/news/canada/otta
wa/story/2013/01/25/ottawa-free-creditchecks-after-student-loans-data-loss.html
Make sure that the computer is password protected. Just
having a password set is not enough. Passwords should
consist of at least three of the following traits:
1.
Upper case letters
Lower case letters
Alphanumeric characters (numbers)
Special characters (!@#%&* and so on)
2.
3.
4.
It is also a good idea for passwords to be 6-8 characters in
length
A good Example of this would be WPG05!uw or Pass##99.
It is also a good idea to use different passwords
for different accounts. If one password is
compromised then all of your accounts will not
be vulnerable (school account, bank account,
email, web mail, and so on).
Password aging- Change your password often.
Use different passwords for account sign ups.
Microsoft releases patches/fixes to
problems and vulnerabilities that are
discovered.
http://v4.windowsupdate.microsoft.com
/en/default.asp
In it recommended to check for security
updates as often as possible, or set your
computer to accept automatic updates
(inside control panel).
Have antivirus software installed.
› Have it running.
› Be sure to have its virus definitions updated.
› Protect system startups. Make sure to
configure anti-virus software to launch
automatically and run constantly, ensuring
that you’re always protected.
The primary method for keeping a computer secure from
intruders. A firewall allows or blocks traffic into and out of a
private network or the user's computer.
Firewalls are widely used to give users secure access to the
Internet as well as to separate a company's public Web server
from its internal network.
Windows XP service pack 2 and up (XP-7) comes with a software
firewall
http://www.microsoft.com/windowsxp/using/security/internet/sp
2_wfintro.mspx
Use Encryption
›
Limit Access to Your Network
›
›
Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your
computer, router, and other equipment must use the same encryption. WPA2 is strongest; use it if you have a choice.
It should protect you against most hackers.
Allow only specific computers to access your wireless network. Every computer that is able to communicate with a
network is assigned a unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to
allow only devices with particular MAC addresses to access to the network. Some hackers have mimicked MAC
addresses, so don't rely on this step alone
For home networks be sure to secure all wireless access points via a password.
Change the name of your router from the default. The name of your router (often called
the service set identifier or SSID) is likely to be a standard, default ID assigned by the
manufacturer. Change the name to something unique that only you know.
Change your router's pre-set password. The manufacturer of your wireless router
probably assigned it a standard default password that allows you to set up and operate
the router. Hackers know these default passwords, so change it to something only you
know. Use passwords that are at least 10 characters long: the longer the password, the
tougher it is to crack.
Store Sensitive data offline.
Eliminate the threat by storing the data
on a computer isolated from the Internet
or on a external hard drive/usb drive.
Don’t open email attachments unless
you know who they are from.
When disposing of old hard drives be
sure to either dispose by physically
destroying or erase the hard drive.
It is possible to recover old information
that you may have though was “gone”
either because you deleted it or the
computer is “broken”.
Deploy wiping software
If you’re shopping or banking online, stick to sites that use encryption
to protect your information as it travels from your computer to their
server. To determine if a website is encrypted, look for https at the
beginning of the web address (the “s” is for secure).
Some websites use encryption only on the sign-in page, but if any
part of your session isn’t encrypted, the entire account could be
vulnerable. Look for https on every page of the site you’re on, not
just where you sign in.
Don’t Assume a Wi-Fi Hotspot is Secure
Most Wi-Fi hotspots don’t encrypt the information you send over the
internet and are not secure.
If you use an unsecured network to log in to an unencrypted site – or
a site that uses encryption only on the sign-in page – other users on
the network can see what you see and what you send. They could
hijack your session and log in as you.
›
New hacking tools – available for free online – make this easy, even for users with
limited technical know-how. Your personal information, private documents,
contacts, family photos, and even your login credentials could be up for grabs.
So what can you do to protect your information? Here are a few
tips:
When using a Wi-Fi hotspot, only log in or send personal information
to websites that you know are fully encrypted. To be secure, your
entire visit to each site should be encrypted – from the time you log
in to the site until you log out. If you think you’re logged in to an
encrypted site but find yourself on an unencrypted page, log out
right away.
Don’t stay permanently signed in to accounts. When you’ve finished
using an account, log out.
Do not use the same password on different websites. It could give
someone who gains access to one of your accounts access to
many of your accounts.
Many web browsers alert users who try to visit
fraudulent websites or download malicious
programs. Pay attention to these warnings, and
keep your browser and security software up-todate.
Installing browser add-ons or plug-ins can help,
too. For example, Force-TLS and HTTPS-Nowhere
are free Firefox add-ons that force the browser to
use encryption on popular websites that usually
aren't encrypted. They don’t protect you on all
websites – look for https in the URL to know a site is
secure.
It is a god idea of backup all data in
case you need to restore it.
http://www.onguardonline.gov
http://www.pandasecurity.com
http://www.webopedia.com
http://www.symantec.com/business/s
upport/index?page=content&id=TEC
H98539
http://www.hpenterprisesecurity.com/co
llateral/infographics/HP_Ponemon_Infogr
aphic.pdf