1 INTERNET THREATS Lasse Erkkilä, Dap01s. 2 TOPICS IDENTIFYING THREATS EVOLVEMENT OF MALWARE (History) METHODS AGAINST THREATS COMING NEXT (Future of.

1

INTERNET THREATS

Lasse Erkkilä, Dap01s

2

TOPICS

• IDENTIFYING THREATS• EVOLVEMENT OF MALWARE (History)• METHODS AGAINST THREATS• COMING NEXT (Future of Internet)• CONCLUSIONS

3

Identifying Threats

• Viruses• Network Worms• Trojans• Spyware / Adware• Other Malware• Intrusions• Other Threats

4

Viruses

• Main purpose is to spread and infect files• Attach to a file and replicate when file is

executed • More than 100 000 known viruses exists

in the world today*

• Several hundred new viruses are discovered every month

*McAfee, 2004

IDENTIFYING THREATS

5IDENTIFYING THREATSSource: F-Secure

Viruses

6IDENTIFYING THREATS

Viruses

7

Network Worms

• Self-replicating Viruses that reside in the active memory of a computer.

• Worms Send themselves out to the Internet from infected systems.

• Either include tiny e-mail server or search for unprotected shared network drives to unload.

IDENTIFYING THREATS

8Network Worms

9

Trojan Programs

• Programs that installs themselves stealthly via Internet & provide access for malicious use

• Threats enabled by (/through) Trojans– DDos attacks – Data stealing– Distributed spam eMails

• Do not replicate

IDENTIFYING THREATS

10

Spyware / Adware

• Cookies – Track you online• Browser Hijackers – Changes default home page • Tracking Cookies – Gathers info of web usage• Trickles – Reinstalls spyware when deleted• Keyloggers – Records anything you type!• Data-Mining • Aggressive Advertising• Parasites • Scumware • Dialers• List goes on...

IDENTIFYING THREATS

11

Other malware

• Dos & DDos attacks• Flooders• FileCryptors & PolyCryptors• Nukers• List goes on...

IDENTIFYING THREATS

12

Intrusions

• Attempts to break into information system & damage or restrict it's operability

• Method is to find open ports in the target by ”bombing” packets

IDENTIFYING THREATS

13

Other Threats

• Phishing– Confidential information stealing by fraud

emails & web sites (author falsified)– Several millions of Phishing messages have

been sent world wide– Fastest growing threat today

• SPIM– Instant Messaging SPAM– Estimated: 4 billion SPIM's during 2004

IDENTIFYING THREATS

14

Evolvement of Malware

• 1940 -1960's– 1940 – 1950's: Roots of viruses created: Self-

Reproducing (mathematical) methods• Common roots with AI and Robotics

– 1962: Game called 'Darwin' created by American Bell Telephone Labs. -engineers

• Point of the game was to delete opponent's programs by own programs which could also multiply

15

Evolvement of Malware

• 1970's– Early 70's a virus called Creeper was

detected on ARPANET• Infected systems displayed the message:

I'M THE CREEPER: CATCH ME IF YOU CAN!

– Another virus called Reaper was made to delete Creeper

– In the end of 70's first Trojans were discovered

16

Evolvement of Malware

• 1980's– Trojans appeared in large quantities– 1986: First Global IBM-compatible virus

epidemic was detected• Virus called Brain spread world wide within a few

months

– In the end of the 80's:• Several other viruses discovered• Many AntiVirus companies were founded

17

Evolvement of Malware

• 1990's – Rapid growth of viruses– Several operating systems targeted– Polymorphic viruses appeared

• Changed with every infection• Encrypted

18

Evolvement of Malware

• 2000-– Microsoft software more often targeted

• Especially Windows

– 2001: Share of virus attacks via e-mail 90%– 2003: Two of the biggest Internet attacks

ever• Slammer -worm infected nearly a million

computers world wide within just few minutes• LoveSan -Worm attacked almost every Internet

user• Both worms exploited a vulnerability in WINDOWS

19

Methods Against Threats

• Updating!• AntiVirus Tools• AntiSpyware Tools• Firewalls• Content Filtering• Intrusion Detection

20

Updating!

• Most important factor in security

• Modern Software is too complex to make without any security holes, updates are needed to fix them when discovered.– Windows XP includes 40 million lines of code!

• “Old” code is still running below new to provide compatibility with older software– Security threats were “internal” before Internet

METHODS AGAINST THREATS

21

Updating!

• Most used software is usually most targeted for threats – Need for updates more critical with Microsoft

products at the moment.

• Updates (fixes) are not instantly available– Microsofts average fix time is 25 days. *– IFRAME -vulnerability in IE discovered 25th

November

->Microsoft released fix at 7th December

*Forrester research

METHODS AGAINST THREATS

22

AntiVirus Tools

• AV-programs are most common tool• Hardware tools are made for large

enterprises– Gateway routers

METHODS AGAINST THREATS

23

AntiVirus Tools

24

AntiSpyware Tools

• Only Software tools exist at the moment• Programs are trying to detect distinctive signs

that spyware places on system• Popular software (FREE)

– Lavasoft: Ad-Aware SE – Spybot: Search & Destroy 1.3

METHODS AGAINST THREATS

25

Firewalls

• Monitor network traffic and Block access by configured rules

• Software Vs. Hardware• Stateful inspection

– Examine the headers & content of each passing network packet

METHODS AGAINST THREATS

26

Content Filtering

• Means to filter out unwanted data– URL Filtering List– User Identification– Content Inspection

METHODS AGAINST THREATS

27

Intrusion Detection

• Tools to detect Inappropriate, Incorrect or anomalous activity.– Host-based ID Systems

• Operate on host

– Network-based ID Systems• Operate on network data flows

• Intrusion = External network attack• Misuse = Internal network attack

METHODS AGAINST THREATS

28

Intrusion Detection

• Most common approaches to ID– Statistical-Based Anomaly Detection

• Seek to identify abusive behaviour by comparing it to legitimate use

– Rule-Based Intrusion Detection• Matching known data with audit patterns of

intrusive behaviour

METHODS AGAINST THREATS

29

Coming Next

• New threats• New methods against threats• Collapse of present Internet?

30

New Threats

• More Blended threats (Viruses & worms)

• ”Zero-day” attacks are coming– Attacks before patches(fixes) are released

• More severe threats coming

COMING NEXT

31

New Methods

• Multi-layered defence– Security measures are installed on all

vulnerable points (desktop, server)

COMING NEXT

32

Collapse of Internet?

• Hannu H. Kari, HUT:– “Internet will become unusable by the end

of 2006 because of Malware”

• BBC:– “If Key hubs of Internet were targeted for

attacks it would quickly begin to unravel and collapse”

COMING NEXT

33

• Corporate view• Tools for normal user• Cautions

Conclusions

34

Companies often lack...

• 1. Effective protection– ”Costs are too high”– ”We have already AV installed”– ”We don't need them”

• 2. Knowledge of own environment– ”Yes, we already have one of those” (FALSE)

Corporate view

CONCLUSIONS

35

36

• Keep your system updated– Windows (or other OS), internet browsers,

Java etc. Network related programs

• Use a personal firewall, AV -software & AntiSpyware -software– Various free products available, examples:

• ZoneAlarm (Fw)• Anti-vir (AV)• AdAware SE (AS)

Tools for normal user

CONCLUSIONS

37

• Close your Internet connection when not using it– From the second you connect to the Internet

your computer becomes a target

• Make sure connection is secure when inputting for example credit card number– Https:// -addresses can be trusted as secure

Cautions

CONCLUSIONS

38

Thank you for listening!

That's all...