Presentation is loading. Please wait.

Presentation is loading. Please wait.

March “Malware” Madness by Micah Van Maanen Sioux County IT Director.

Similar presentations

Presentation on theme: "March “Malware” Madness by Micah Van Maanen Sioux County IT Director."— Presentation transcript:

1 March “Malware” Madness by Micah Van Maanen Sioux County IT Director

2 Game #1 Inbox vs. spam  spam facts  Who sends it?  Why do they send it?  Who does it affect?  How did they get my E-mail address?  An ounce of prevention  Tracing and Reporting spam  Blocking spam  Identifying spam  Sioux County E-mail statistics Sizing up the competition

3 spam facts  spam is… Unsolicited Commercial E-mail  In 1978 the first internet E-mail spam was sent*  More than 50% of all spam originates in the U.S**  50% to 85% of all E-mail is spam***  CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) – has not helped****  Approximately 45% of Sioux County’s E-mail is spam  What does Hormel, makers of SPAM think of spam? * ** *** ****

4  Illegitimate businesses that advertise*:  Chain letters  Pyramid schemes  “Get Rich Quick” or “Make Money Fast” schemes  Offers for phone sex lines and ads for pornography  Offers of software collecting E-mail addresses and sending spam  Offers of bulk E-mailing services  Stock offerings for unknown start-up corporations  Quack health products or remedies  Illegally pirated software (“Wares”) * Who sends it?

5 Why do they send it?  These types of companies send spam because:  It is effective. Over a four-week period 6,000 people responded to E-mail ads and placed orders for a supplement at $50 per bottle*  It is inexpensive (for the sender). A dialup connection and a PC can send hundreds of thousands of messages per hour**  It could be you!  As much as 30% of all spam is relayed by compromised computers*** *,1367,59907,00.html ** ***

6 Who does it affect?  Everyone that uses the Internet.* Here is how:  The cost is shifted from the spammer to you  Your ISP must process the spam using up bandwidth and processor time that you pay for  They fraudulently change the headers of a message and relay off unsuspecting users  Other ISPs must also process and forward the spam using up their bandwidth and processor time  Your normal E-mail is displaced. Similar to Junk-Faxing, which without the Anti-Junk-Fax law, would make your fax machine almost useless  Your E-mail address belongs to you! You pay for it. You should have the choice to opt-in to receive spam. *,1367,59907,00.html

7 How did they get my E-mail address?  From a newsgroup posting containing your E-mail address  From a mailing list that contains your E-mail address  From a website that shows your E-mail address  From various website and paper forms  From your web browser  From IRC and chat rooms  From AOL Profiles  By guessing and cleaning (using spam beacons  From white and yellow pages  Social engineering  Viruses and worms  Hacking into sites *,1367,59907,00.html

8 An ounce of prevention  Never respond to spam. They will not remove you from their mailing list*  Don’t post your address on your website  Use a second E-mail address in newsgroups  Don’t give out your E-mail address without knowing how it will be used  Use a spam filter  Never buy anything advertised in spam  Keep your anti-virus / anti-spyware software up to date  Use a firewall on high-speed Internet connections *

9 Tracing and reporting spam 1.Look at E-mail headers for the true sender of the E-mail 2.Run a tracert on the spammers IP Address 3.Send a nice E-mail to postmaster@ or abuse@ 4.Search Google newsgroups to find extent of spam (just for fun) Or Buy a tool such as SpamCop *

10 Blocking spam  Use an E-mail client with built-in spam filtering such as Mozilla Thunderbird  Buy software to scan your E-mail before you receive it  For the enterprise:  Server-based products  Client-based products  Anti-spam services  Appliances  Create acceptable use policies for E-mail and network  Close open SMTP relay servers  An alternative for really large networks (not Bayesian): *

11 Identifying spam*  Host-based filtering  Real-time Black Holes  Rule-based filtering  Spam Assassin  Bayesian statistical analysis  Statistical probability  White lists  Trusted hosts *Inside the Spam Cartel by Spammer-X

12 Sioux County E-mail statistics  Traffic stats:  August 2004 – 11,638 E-mails received  September 2004 – 10,644 E-mails received  January 2005 – 14,390 E-mails received  February 2005 – 13,794 E-mails received  spam stats:  August 2004 – 6,083 spam E-mails, 6,942 spam beacons  September 2004 – 5,464 spam E-mails, 5,583 spam beacons  January 2005 – 6,907 spam E-mails, 522 spam beacons  February 2005 – 6,162 spam E-mails, 876 spam beacons *

13 spam resources On the web: – - Coalition Against Unsolicited Commercial E-mail – - A lot of spam info – - Best practices for Outlook – - Anatomy of an E-mail message – - Pocketknife Peek for Outlook – - Excellent DNS site – - How to report spam – - Firefox / Thunderbird website – - InfoWorld enterprise anti-spam review – - Network World enterprise anti-spam review – - Inside the Spam Cartel book on Amazon.com

14 Game #2 Privacy vs. Spyware  Defining spyware  Spyware facts  Finding and removing spyware  Spyware test results  How did I get spyware?  Blocking spyware  An ounce of prevention  Sioux County spyware statistics Sizing up the competition

15 Defining spyware  Spyware, which includes malware, trackware and adware, is the categorical name for any application that may track your online and/or offline PC activity and is capable of locally saving or transmitting those findings for third parties sometimes with but more often without your knowledge or consent.*  The differences between spyware and viruses* * SpywareViruses Profit motivationHarmful Intention Monitor online activities for commercial gain Damage computer system, corrupt files and destroy data Undetectable with anti-virus softwareDetectable with anti-virus software New technology (less than 5 years)Old technology (more than 20 years)

16 Spyware facts  Four in five users (80%) have spyware or adware programs on their computer*  The average infected user has 93 spyware / adware components on their computer and the most found on a single computer during the scan was 1,059*  An overwhelming majority of users (89%) who were infected said they didn’t know the programs were on their computer*  90% didn’t know what the programs are or do*  95% never gave permission for the programs to be installed*  86% asked the technicians performing the study to remove the programs* *

17 Finding and removing spyware  You can use any or all of these programs:  Ad-aware  Spybot Search and Destroy  Microsoft AntiSpyware beta  Webroot Spy Sweeper  CWShredder  Even these programs may not find all spyware. In a recent test of these programs the results are interesting… *

18 Spyware test results* * ProductSpyware FixedFalse Positives Giant AntiSpyware (now MS)63%0 Webroot Spy Sweeper48%0 Ad-Aware SE Personal47%0 Pest Patrol41%10 SpywareStormer35%0 Intermute SpySubtract Pro34%0 PC Tools Spyware Doctor33%0 Spybot Search and Destroy33%0 McAfee AntiSpyware33%9 Xblock X-Cleaner Deluxe31%1 XoftSpy27%3 NoAdware24%0 More results on site….

19 How did I get spyware?  Piggybacked software installation  Drive-by downloads  Browser add-ons  Masquerading as anti-spyware *

20 Blocking spyware  Many of today’s anti-spyware products also include permanent protection of your system  Home page shield  Internet Explorer bad-download blocker  Hosts file protection  System startup protection  Windows registry protection  MSN Messenger protection  Tracking cookie protection  Bad website protection *

21 An ounce of prevention  Use Mozilla Firefox web browser  Adjust Internet Explorer security settings  Surf safely  Keep Windows up to date  Keep your anti-virus / anti-spyware software up to date  Use a firewall on high-speed Internet connections *

22 Sioux County spyware statistics  Out of 61 machines 31 had spyware  One machine had 41 pieces of spyware  Most frequent visitors: Comet cursor, CWS *

23 Spyware resources On the web: – - Enterprise spyware review – - Sysinternals autoruns – - Interesting spyware site – - spyware test results – - configuring IE zones

Download ppt "March “Malware” Madness by Micah Van Maanen Sioux County IT Director."

Similar presentations

Ads by Google