Presentation on theme: "Security at home R Kevin Chapman Student Computing Coordinator"— Presentation transcript:
1Security at home R Kevin Chapman Student Computing Coordinator Dave Flynn UNIX Systems AdministratorRich Graves Senior UNIX and Security AdministratorSecurity at home
2So you want to get infected… What are your options?What are they?How do you go about it?ReallyWhat are the benefits?Reactive tools and measuresBut seriously folks…
3What are your options? Virus Trojan Worm Adware Spyware Rootkit BotNet Malware for beginnersVirusTrojanWormAdwareSpywareRootkitBotNetPhishing
4Virus What is it? What does it do? How does it spread? Malicious program that attaches itself to a legitimate file or program (the Host).Infects machine when host file is run or opened.Typically cannot run itself, needs human intervention.What does it do?Harmless as presenting “I’m here!”Dangerous as deleting files.Trigger immediately or wait for instructions or wait for a specific date.How does it spread?Via any files that move between computers (e.g. ).Once on machine, looks for files to infect.Relies on user transmission of those files.
5Trojan What is it? What does it do? How does it spread? Disguises itself as useful software or legitimate files.Typically cannot run itself, needs human intervention.What does it do?Harmless as changing icons on your desktop.Dangerous as opening “back doors” to the machine.How does it spread?Purely human intervention; “invited” onto system.Cannot replicate itself.Opening files or images…
6Example: Vundo / Virtumonde What is it?A Trojan with many variantsHow it spreads?From a website linked from .Advertises itself as an anti-malware tool.What does it do?Pop-up advertising for bogus antivirus tools.Redirect Google searches.Disable security programs.And a lot more...
7Worm What is it? What does it do? How does it spread? Malicious program that spreads itself without a Host.Designed to duplicate and spread via network.What does it do?Can cause network problems (heavy traffic).Acts of vandalism are rare but possible.Will often open “back doors” to the machine.How does it spread?Replicates itself on the same machine.Capable of spreading itself often via .Via network, often through their own back doors.
8Example: Conficker What is it? How does it spread? What does it do? A worm with five or more variants.How does it spread?Windows security flaw.USB devices (via autorun).Via network connections.What does it do?Currently checks hundreds of websites for updates.Open back doors for new versions or other infections.Antivirus or Windows Update sites unavailable.User accounts may be locked out.Spambot & Scareware.
9Adware What is it? What does it do? How does it spread? Normally legitimately installed software.Free software paid for by the advertisements (to recoup development costs).What does it do?Downloads and/or displays ads on your machine.Provides a free version of software.How does it spread?Downloaded and installed deliberately by user.May note sites you visit and display corresponding advertisements (SpyWare).
10Spyware What is it? How it spreads? What it does? Any program that monitors your behavior: e.g. surfing habits, sites visited.How it spreads?Piggy-backs on other software; not as a virus as it’s often intentional.Can operate like a Trojan e.g. fake security software.Tricks users into bypassing security.What it does?Record and deliver info you enter online.Can install software, redirect browser.
11Rootkit What is it? How it spreads? What does it do? Program(s) which hide deep on your system.Replaces system files which then hide processes.How it spreads?Spread as Viruses or Trojans (not Worms).Rarely spreads itself any further once infected.What does it do?Allows unauthorized access to your machine.Sniffers, keyloggers, zombie computer.
12BotNet What is it? How it spreads? What does it do? Spyware that records personal data.Refers to a collection of machines.How it spreads?Spread via Trojans or like WormsScan local environment to find vulnerable machinesWhat does it do?Very low-key – it wants to remain hidden.Gathers information and relays it (e.g. banking).Used for identity theft, compromise online accts.
13Phishing What is it? How? What does it do? Attempt to gain personal information such as passwords or account information fraudulently e.g. masquerading as bank representative.How?Majority of attempts happen via .Also Instant Messaging, Social Networking.Refer to websites that look like the original.What does it do?Gain access to account, or identity theft
14How to get infected Vectors Email Software vulnerabilities USB keys, network drives, other mechanisms for transferring filesMalicious or compromised websites
15Email Bad or suspicious links Dangerous attachments Phishing Especially in HTML , what a link says might not be where it’s actually going.Dangerous attachmentsCan contain malware itself, which might or might not be caught by antivirus toolsAttachments are very dangerous. As a rule of thumb, don’t open one unless you know exactly who sent it and what it contains.Phishing‘Spanish Prisoner’ schemesTricking a user into giving away personal or financial information.
16Example of a phishing email From: Internal Revenue ServiceSent: Wednesday, March 01, :45 PMTo:Subject: IRS Notification - Please Read This .After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $ Please submit the tax refund request and allow us 6-9 days in order to process it.A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.To access the form for your tax refund, please click hereRegards,Internal Revenue Service
17Software Vulnerabilities Old versions of IE and Firefox are vulnerable to attack.Browser plugins are popular targets because they often don’t get updatedAdobeQuicktimeJavaFlashFor Firefox: https://www.mozilla.com/plugincheck/Operating system security holesVista SMBv2, for example
18Malicious / Compromised Websites Legitimate websites can contain dangerous links or harmful code:Facebook (stolen passwords)Forums, blogs, etc.Security holes in webserversBad advertisements / popupsSearch engines can be trickedSome attacks can happen without any interaction from you!Sometimes called drive-by downloadsUsually associated with a browser or plugin vulnerability
19Recap Automatic infections: Worms, drive-by downloads, etc Can infect your machine instantly and without user interactionTypically a result of unpatched or vulnerable softwareThe best defense is to make sure you’re using up to date software, particularly web browser and other web-related tools.Suffers from zero-day syndrome, by which we mean that software vulnerabilities are sometimes only discovered when malware that exploits it begins to spread.
20Recap Many modern forms of malware rely on tricking the user: Phishing TrojansMalicious websites, advertisements, popupsattachmentsSometimes classified as social engineering attacks.These cannot infect your machine automatically; the best defense is to learn to recognize likely malware and then ignore / delete / avoid it.
21Your Role in Criminal Activity Phished password used to send spam within 1 hourIf bank information is stolen:So is your moneyYour account can be used to transfer money overseasIf your Facebook account is taken, it will be used to:Identify other potential victimsSpread “Koobface” and similar trojansScare your friends into sending money to “rescue” youIf your computer is trojaned...
22It’s Not Your Computer Anymore “Rootkits” lie to antivirus software about what files existThe computer, now owned by the criminals, will be used to monitor your activities and attack others
23Who Can Help Infect You? Kaspersky: 0.64% of the web serves up malware ColdwellBanker.com: Gumblar trojanTennis.com: Gumblar, a few weeks before the French OpenCW.edu and Berklee.edu, behaving Gumblar-like todayNYTimes.com: bad ad 9/13,PEZCyclingNews.com: noon yesterday, via ad networkKaspersky: 0.64% of the web serves up malware
2410% How Vulnerable Are You? Proportion of Adobe Reader installations on Carleton administrative desktops that are current. The other 90% are vulnerable to Gumblar-style attacks.Number of computers worldwide with a version of Adobe Reader that can handle new attacks starting December 11th.
253 Easy Ways to Be Safer Create and use a limited-privilege account DemoUse up-to-date antivirusCarleton’s McAfee (licensed for home use)Microsoft Security Essentials (free for home use)Set a Fraud Alert at AnnualCreditReport.comInstructs lenders not to open new credit accounts in your name unless your identity has been verifiedPrevents you (for example) from opening a department-store credit card on the spot
27Safer Computing, continued If you use FirefoxUpdate Firefox to 3.6Consider the NoScript extension, NoScript.netIf you have Vista/Windows 7, but not NoScriptInternet Explorer 8 is probably safer
28Safer Computing, continued Help from Secunia.com on software updatesTry the PSI utility from secunia.com