Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security at home R Kevin Chapman Student Computing Coordinator

Similar presentations

Presentation on theme: "Security at home R Kevin Chapman Student Computing Coordinator"— Presentation transcript:

1 Security at home R Kevin Chapman Student Computing Coordinator
Dave Flynn UNIX Systems Administrator Rich Graves Senior UNIX and Security Administrator Security at home

2 So you want to get infected…
What are your options? What are they? How do you go about it? Really What are the benefits? Reactive tools and measures But seriously folks…

3 What are your options? Virus Trojan Worm Adware Spyware Rootkit BotNet
Malware for beginners Virus Trojan Worm Adware Spyware Rootkit BotNet Phishing

4 Virus What is it? What does it do? How does it spread?
Malicious program that attaches itself to a legitimate file or program (the Host). Infects machine when host file is run or opened. Typically cannot run itself, needs human intervention. What does it do? Harmless as presenting “I’m here!” Dangerous as deleting files. Trigger immediately or wait for instructions or wait for a specific date. How does it spread? Via any files that move between computers (e.g. ). Once on machine, looks for files to infect. Relies on user transmission of those files.

5 Trojan What is it? What does it do? How does it spread?
Disguises itself as useful software or legitimate files. Typically cannot run itself, needs human intervention. What does it do? Harmless as changing icons on your desktop. Dangerous as opening “back doors” to the machine. How does it spread? Purely human intervention; “invited” onto system. Cannot replicate itself. Opening files or images…

6 Example: Vundo / Virtumonde
What is it? A Trojan with many variants How it spreads? From a website linked from . Advertises itself as an anti-malware tool. What does it do? Pop-up advertising for bogus antivirus tools. Redirect Google searches. Disable security programs. And a lot more...

7 Worm What is it? What does it do? How does it spread?
Malicious program that spreads itself without a Host. Designed to duplicate and spread via network. What does it do? Can cause network problems (heavy traffic). Acts of vandalism are rare but possible. Will often open “back doors” to the machine. How does it spread? Replicates itself on the same machine. Capable of spreading itself often via . Via network, often through their own back doors.

8 Example: Conficker What is it? How does it spread? What does it do?
A worm with five or more variants. How does it spread? Windows security flaw. USB devices (via autorun). Via network connections. What does it do? Currently checks hundreds of websites for updates. Open back doors for new versions or other infections. Antivirus or Windows Update sites unavailable. User accounts may be locked out. Spambot & Scareware.

9 Adware What is it? What does it do? How does it spread?
Normally legitimately installed software. Free software paid for by the advertisements (to recoup development costs). What does it do? Downloads and/or displays ads on your machine. Provides a free version of software. How does it spread? Downloaded and installed deliberately by user. May note sites you visit and display corresponding advertisements (SpyWare).

10 Spyware What is it? How it spreads? What it does?
Any program that monitors your behavior: e.g. surfing habits, sites visited. How it spreads? Piggy-backs on other software; not as a virus as it’s often intentional. Can operate like a Trojan e.g. fake security software. Tricks users into bypassing security. What it does? Record and deliver info you enter online. Can install software, redirect browser.

11 Rootkit What is it? How it spreads? What does it do?
Program(s) which hide deep on your system. Replaces system files which then hide processes. How it spreads? Spread as Viruses or Trojans (not Worms). Rarely spreads itself any further once infected. What does it do? Allows unauthorized access to your machine. Sniffers, keyloggers, zombie computer.

12 BotNet What is it? How it spreads? What does it do?
Spyware that records personal data. Refers to a collection of machines. How it spreads? Spread via Trojans or like Worms Scan local environment to find vulnerable machines What does it do? Very low-key – it wants to remain hidden. Gathers information and relays it (e.g. banking). Used for identity theft, compromise online accts.

13 Phishing What is it? How? What does it do?
Attempt to gain personal information such as passwords or account information fraudulently e.g. masquerading as bank representative. How? Majority of attempts happen via . Also Instant Messaging, Social Networking. Refer to websites that look like the original. What does it do? Gain access to account, or identity theft

14 How to get infected Vectors Email Software vulnerabilities
USB keys, network drives, other mechanisms for transferring files Malicious or compromised websites

15 Email Bad or suspicious links Dangerous attachments Phishing
Especially in HTML , what a link says might not be where it’s actually going. Dangerous attachments Can contain malware itself, which might or might not be caught by antivirus tools Attachments are very dangerous. As a rule of thumb, don’t open one unless you know exactly who sent it and what it contains. Phishing ‘Spanish Prisoner’ schemes Tricking a user into giving away personal or financial information.

16 Example of a phishing email
From: Internal Revenue Service Sent: Wednesday, March 01, :45 PM To: Subject: IRS Notification - Please Read This . After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $ Please submit the tax refund request and allow us 6-9 days in order to process it. A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline. To access the form for your tax refund, please click here Regards,Internal Revenue Service

17 Software Vulnerabilities
Old versions of IE and Firefox are vulnerable to attack. Browser plugins are popular targets because they often don’t get updated Adobe Quicktime Java Flash For Firefox: Operating system security holes Vista SMBv2, for example

18 Malicious / Compromised Websites
Legitimate websites can contain dangerous links or harmful code: Facebook (stolen passwords) Forums, blogs, etc. Security holes in webservers Bad advertisements / popups Search engines can be tricked Some attacks can happen without any interaction from you! Sometimes called drive-by downloads Usually associated with a browser or plugin vulnerability

19 Recap Automatic infections: Worms, drive-by downloads, etc
Can infect your machine instantly and without user interaction Typically a result of unpatched or vulnerable software The best defense is to make sure you’re using up to date software, particularly web browser and other web-related tools. Suffers from zero-day syndrome, by which we mean that software vulnerabilities are sometimes only discovered when malware that exploits it begins to spread.

20 Recap Many modern forms of malware rely on tricking the user: Phishing
Trojans Malicious websites, advertisements, popups attachments Sometimes classified as social engineering attacks. These cannot infect your machine automatically; the best defense is to learn to recognize likely malware and then ignore / delete / avoid it.

21 Your Role in Criminal Activity
Phished password used to send spam within 1 hour If bank information is stolen: So is your money Your account can be used to transfer money overseas If your Facebook account is taken, it will be used to: Identify other potential victims Spread “Koobface” and similar trojans Scare your friends into sending money to “rescue” you If your computer is trojaned...

22 It’s Not Your Computer Anymore
“Rootkits” lie to antivirus software about what files exist The computer, now owned by the criminals, will be used to monitor your activities and attack others

23 Who Can Help Infect You? Kaspersky: 0.64% of the web serves up malware Gumblar trojan Gumblar, a few weeks before the French Open and, behaving Gumblar-like today bad ad 9/13, noon yesterday, via ad network Kaspersky: 0.64% of the web serves up malware

24 10% How Vulnerable Are You?
Proportion of Adobe Reader installations on Carleton administrative desktops that are current. The other 90% are vulnerable to Gumblar-style attacks. Number of computers worldwide with a version of Adobe Reader that can handle new attacks starting December 11th.

25 3 Easy Ways to Be Safer Create and use a limited-privilege account
Demo Use up-to-date antivirus Carleton’s McAfee (licensed for home use) Microsoft Security Essentials (free for home use) Set a Fraud Alert at Instructs lenders not to open new credit accounts in your name unless your identity has been verified Prevents you (for example) from opening a department-store credit card on the spot

26 Safer Computing, continued
Turn off JavaScript in Adobe Reader Demo

27 Safer Computing, continued
If you use Firefox Update Firefox to 3.6 Consider the NoScript extension, If you have Vista/Windows 7, but not NoScript Internet Explorer 8 is probably safer

28 Safer Computing, continued
Help from on software updates Try the PSI utility from

29 Question Time

Download ppt "Security at home R Kevin Chapman Student Computing Coordinator"

Similar presentations

Ads by Google