Presentation on theme: "Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang."— Presentation transcript:
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang
Viruses Small amount of code that spreads from one computer to another Usually transmitted through e-mail attachments Execute as part of another program or attached to a document Spreads and infects other programs and documents
Viruses The Melissa virus of 1999 sent out email attachments to 50 people in the address book, and it spread so fast that Microsoft and other companies had to shut down their email service The ILOVEYOU virus in 2000 took a similar approach, and sent out email attachments to all contacts of infected users
Trojans Don’t self-replicate or spread to other computers Called Trojans because they are disguised as legitimate software Once a trojan horse is opened, the hacker can remotely access the computer – Keyloggers – corrupt files – steal data, etc
Worms Have the ability to copy themselves to other computers over a network that they are on Do not have to be attached to a file or program The worm called “storm” appeared in 2007 and has infected at least 5 million computers, adding them to a ‘botnet’ which runs software in the background over a peer to peer network
What is phising? Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.
How does phising work? Phishing is typically carried out by e- mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Phising methods Filter evasion – Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails. Website forgery – An attacker can use flaws in a trusted website's own scripts against the victim. Phone phishing – Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number was dialed, prompts told users to enter their account numbers and PIN.
Damage caused by phising Denial of access to email Financial loss United States businesses lose an estimated 2 billion dollars per year as their clients become victims.
Why you should watch out Social networking sites are now a prime target of phishing, since the personal details in such sites can be used in identity theft Experiments show a success rate of over 70% for phishing attacks on social networks. Attacker can use the victim's sensitive information for fraudulent purposes or spamming.
What is a Hacker Cracker? "A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular."
More on Hackers A hacker is a person who breaks into computers, usually by gaining administrative controls. Not to be confused with the cyber-criminal hackers known as “crackers”.
History Before the internet, there were multiple independent and parallel networks only partially aware of each other’s existence. They created an ideal information sharing as a practical strategy among the community Software sharing emphasizing the right to “fork”
History cont’ The earliest networks were found at academic settings such as college campuses including Carnegie Mellon. When the Internet began they evolved into a hacker community with the rise of the free software movement Much of the hacker community system originated at MIT and at the Homebrew Computer Club.
What usually happens. Hacker scans the Internet for available “ports” (openings in computer that allows data to pass through a network) on the Internet. Hacker finds an unprotected port and inserts a TROJAN HORSE virus!! Trojan Horse Virus rides along attaching itself to a standard program. Unsuspecting person activates program and the virus transmits all access and control to the hacker.
To Avoid…being hacked Don’t give out passwords or usernames even to administrators. Change your password every once in a while. Should obtain a "firewall". A firewall, when combined with a good anti-virus program, helps stop unauthorized access on your computer, prevents virus infection, and "cloaks" your data ports against a hacker scanning for openings.
Example of recent Hackers Google vs. China Six students from a prestigious Jiatong Chinese University hacked into Internet Explorer 6 Although it is denied they are working for the government, there are still strong evidence for their involvement.