Presentation is loading. Please wait.

Presentation is loading. Please wait.

March “Malware” Madness by Micah Van Maanen Sioux County IT Director.

Similar presentations


Presentation on theme: "March “Malware” Madness by Micah Van Maanen Sioux County IT Director."— Presentation transcript:

1 March “Malware” Madness by Micah Van Maanen Sioux County IT Director

2 Game #1 Inbox vs. spam  spam facts  Who sends it?  Why do they send it?  Who does it affect?  How did they get my address?  An ounce of prevention  Tracing and Reporting spam  Blocking spam  Identifying spam  Sioux County statistics Sizing up the competition

3 spam facts  spam is… Unsolicited Commercial  In 1978 the first internet spam was sent*  More than 50% of all spam originates in the U.S**  50% to 85% of all is spam***  CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) – has not helped****  Approximately 45% of Sioux County’s is spam  What does Hormel, makers of SPAM think of spam? *http://www.templetons.com/brad/spamterm.html **http://www.internetnews.com/stats/article.php/ ***http://www.metafilter.com/mefi/34180 ****http://www.computerweekly.com/Article htm

4  Illegitimate businesses that advertise*:  Chain letters  Pyramid schemes  “Get Rich Quick” or “Make Money Fast” schemes  Offers for phone sex lines and ads for pornography  Offers of software collecting addresses and sending spam  Offers of bulk ing services  Stock offerings for unknown start-up corporations  Quack health products or remedies  Illegally pirated software (“Wares”) *http://www.cauce.org/about/problem.shtml Who sends it?

5 Why do they send it?  These types of companies send spam because:  It is effective. Over a four-week period 6,000 people responded to ads and placed orders for a supplement at $50 per bottle*  It is inexpensive (for the sender). A dialup connection and a PC can send hundreds of thousands of messages per hour**  It could be you!  As much as 30% of all spam is relayed by compromised computers*** *http://www.wired.com/news/business/0,1367,59907,00.html **http://www.cauce.org/about/problem.shtml ***http://www.ftc.gov/bcp/conline/pubs/alerts/whospamalrt.htm

6 Who does it affect?  Everyone that uses the Internet.* Here is how:  The cost is shifted from the spammer to you  Your ISP must process the spam using up bandwidth and processor time that you pay for  They fraudulently change the headers of a message and relay off unsuspecting users  Other ISPs must also process and forward the spam using up their bandwidth and processor time  Your normal is displaced. Similar to Junk-Faxing, which without the Anti-Junk-Fax law, would make your fax machine almost useless  Your address belongs to you! You pay for it. You should have the choice to opt-in to receive spam. *http://www.wired.com/news/business/0,1367,59907,00.html

7 How did they get my address?  From a newsgroup posting containing your address  From a mailing list that contains your address  From a website that shows your address  From various website and paper forms  From your web browser  From IRC and chat rooms  From AOL Profiles  By guessing and cleaning (using spam beacons  From white and yellow pages  Social engineering  Viruses and worms  Hacking into sites *http://www.wired.com/news/business/0,1367,59907,00.html

8 An ounce of prevention  Never respond to spam. They will not remove you from their mailing list*  Don’t post your address on your website  Use a second address in newsgroups  Don’t give out your address without knowing how it will be used  Use a spam filter  Never buy anything advertised in spam  Keep your anti-virus / anti-spyware software up to date  Use a firewall on high-speed Internet connections *http://www.spamrecycle.com/antispamthings.htm

9 Tracing and reporting spam 1.Look at headers for the true sender of the 2.Run a tracert on the spammers IP Address 3.Send a nice to or 4.Search Google newsgroups to find extent of spam (just for fun) Or Buy a tool such as SpamCop *http://www.spamrecycle.com/antispamthings.htm

10 Blocking spam  Use an client with built-in spam filtering such as Mozilla Thunderbird  Buy software to scan your before you receive it  For the enterprise:  Server-based products  Client-based products  Anti-spam services  Appliances  Create acceptable use policies for and network  Close open SMTP relay servers  An alternative for really large networks (not Bayesian): *http://www.spamrecycle.com/antispamthings.htm

11 Identifying spam*  Host-based filtering  Real-time Black Holes  Rule-based filtering  Spam Assassin  Bayesian statistical analysis  Statistical probability  White lists  Trusted hosts *Inside the Spam Cartel by Spammer-X

12 Sioux County statistics  Traffic stats:  August 2004 – 11,638 s received  September 2004 – 10,644 s received  January 2005 – 14,390 s received  February 2005 – 13,794 s received  spam stats:  August 2004 – 6,083 spam s, 6,942 spam beacons  September 2004 – 5,464 spam s, 5,583 spam beacons  January 2005 – 6,907 spam s, 522 spam beacons  February 2005 – 6,162 spam s, 876 spam beacons *http://www.spamrecycle.com/antispamthings.htm

13 spam resources On the web: –http://www.cauce.org/index.phtml - Coalition Against Unsolicited Commercial http://www.cauce.org/index.phtml –http://spam.abuse.net/ - A lot of spam infohttp://spam.abuse.net/ –http://tinyurl.com/6zyc7 - Best practices for Outlookhttp://tinyurl.com/6zyc7 –http://www.bath.ac.uk/bucs/ /anatomy.shtml - Anatomy of an messagehttp://www.bath.ac.uk/bucs/ /anatomy.shtml –http://www.xintercept.com/pkpeek.htm - Pocketknife Peek for Outlookhttp://www.xintercept.com/pkpeek.htm –http://www.dnsstuff.com - Excellent DNS sitehttp://www.dnsstuff.com –http://antispam.radio-showtime.com/ - How to report spamhttp://antispam.radio-showtime.com/ –http://www.mozilla.com - Firefox / Thunderbird websitehttp://www.mozilla.com –http://tinyurl.com/3vzv8 - InfoWorld enterprise anti-spam reviewhttp://tinyurl.com/3vzv8 –http://tinyurl.com/3r72k - Network World enterprise anti-spam reviewhttp://tinyurl.com/3r72k –http://tinyurl.com/59pc8 - Inside the Spam Cartel book on Amazon.comhttp://tinyurl.com/59pc8

14 Game #2 Privacy vs. Spyware  Defining spyware  Spyware facts  Finding and removing spyware  Spyware test results  How did I get spyware?  Blocking spyware  An ounce of prevention  Sioux County spyware statistics Sizing up the competition

15 Defining spyware  Spyware, which includes malware, trackware and adware, is the categorical name for any application that may track your online and/or offline PC activity and is capable of locally saving or transmitting those findings for third parties sometimes with but more often without your knowledge or consent.*  The differences between spyware and viruses* *http://www.webroot.com SpywareViruses Profit motivationHarmful Intention Monitor online activities for commercial gain Damage computer system, corrupt files and destroy data Undetectable with anti-virus softwareDetectable with anti-virus software New technology (less than 5 years)Old technology (more than 20 years)

16 Spyware facts  Four in five users (80%) have spyware or adware programs on their computer*  The average infected user has 93 spyware / adware components on their computer and the most found on a single computer during the scan was 1,059*  An overwhelming majority of users (89%) who were infected said they didn’t know the programs were on their computer*  90% didn’t know what the programs are or do*  95% never gave permission for the programs to be installed*  86% asked the technicians performing the study to remove the programs* *http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf

17 Finding and removing spyware  You can use any or all of these programs:  Ad-aware  Spybot Search and Destroy  Microsoft AntiSpyware beta  Webroot Spy Sweeper  CWShredder  Even these programs may not find all spyware. In a recent test of these programs the results are interesting… *http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf

18 Spyware test results* *http://www.windowssecrets.com ProductSpyware FixedFalse Positives Giant AntiSpyware (now MS)63%0 Webroot Spy Sweeper48%0 Ad-Aware SE Personal47%0 Pest Patrol41%10 SpywareStormer35%0 Intermute SpySubtract Pro34%0 PC Tools Spyware Doctor33%0 Spybot Search and Destroy33%0 McAfee AntiSpyware33%9 Xblock X-Cleaner Deluxe31%1 XoftSpy27%3 NoAdware24%0 More results on site….

19 How did I get spyware?  Piggybacked software installation  Drive-by downloads  Browser add-ons  Masquerading as anti-spyware *http://computer.howstuffworks.com/spyware2.htm

20 Blocking spyware  Many of today’s anti-spyware products also include permanent protection of your system  Home page shield  Internet Explorer bad-download blocker  Hosts file protection  System startup protection  Windows registry protection  MSN Messenger protection  Tracking cookie protection  Bad website protection *http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf

21 An ounce of prevention  Use Mozilla Firefox web browser  Adjust Internet Explorer security settings  Surf safely  Keep Windows up to date  Keep your anti-virus / anti-spyware software up to date  Use a firewall on high-speed Internet connections *http://www.spamrecycle.com/antispamthings.htm

22 Sioux County spyware statistics  Out of 61 machines 31 had spyware  One machine had 41 pieces of spyware  Most frequent visitors: Comet cursor, CWS *http://www.staysafeonline.info/news/NCSA-AOLIn-HomeStudyRelease.pdf

23 Spyware resources On the web: –http://www.nwfusion.com/reviews/2004/121304rev.html - Enterprise spyware reviewhttp://www.nwfusion.com/reviews/2004/121304rev.html –http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml - Sysinternals autorunshttp://www.sysinternals.com/ntw2k/freeware/autoruns.shtml –http://www.benedelman.org/ - Interesting spyware sitehttp://www.benedelman.org/ –http://spywarewarrior.com/asw-test-guide.htm - spyware test resultshttp://spywarewarrior.com/asw-test-guide.htm –http://www.nwnetworks.com/iezones.htm - configuring IE zoneshttp://www.nwnetworks.com/iezones.htm


Download ppt "March “Malware” Madness by Micah Van Maanen Sioux County IT Director."

Similar presentations


Ads by Google