Spyware Spam Phishing
Spyware
Spam
Phishing
Your Computer could be watching
your every move
Spyware – What is it?
Also called adware, any software that covertly
gathers user information through the user's Internet
connection without his or her knowledge, usually for advertising purposes
Many flavors of Spyware!
Malware Hijacker
Dialer Trojan Horse
Malware
Modifies your PC’s settings and performs undesirable
tasks without your knowledge or
permission!!!!!!!
Hijacker
Takes you to Websites that you don’t want
to go to!
Dialer
Dials a service, most likely porn sites, and bills
you!
Trojan Horse
Internet Downloads that are activated from
programs you run - they can take control over your
PC!
Spyware runs in the background behind the scenes, where you can
not see it!
Spyware Symptoms
•Delivers Pop-Up Adds to your PC on a regular basis
•Sends you customized spam to your e-mail address
•Slows down your Computer sometimes to a crawl
•Crashes your Computer and/or causes major damage
•Changes the Home page of your Internet Browser
Today’s Top SpywareGator Bonzai Buddy
CoolWeb Toolbar N-Case
My Search Toolbar Jupiter
N-Case Double Click
E-Zula Alexa
Comet Cursor Hotbar
Statistics 40 Million people have Spyware on their PC’s
45 % of files downloaded through Kazaa contain malicious code
There are more than 25,000 spyware progams and more growing exponentially
The number of malicious code attacks used to steal sensitive information rose 50% in 2004
Free SoftwareHidden Costs
Productivity
Technician Fees
Identity Theft
How do you get Gator?
E-Wallet – Software
Date Time Precision Manager
Weatherbug
Driveby Spyware?Sometimes all you do is visit a
site and and spyware downloads to your PC automatically.
50% of all Free Software is bundled with spyware. “Data Mining“ companies pay a lot of $$ to the smaller developers to include spyware with their products . This offer is very enticing for small companies, it helps them survive.
Some people believe that Spyware has advantages, like delivering “wanted“
advertisements to you while you are surfing the net sort of like TV. Data analysis of
Spyware data (your personal information) is now a big
thriving enterprise. Examples are your Value
Cards from Ukrops!
Gator has 300 clients as of 2003, including four of the
top six automotive companies and businesses that sell everything from mortgages to diapers. It
sends an average of 100 ads per week per person to more
than 15 million people!
Have you ever noticed how some people have things attached to the bottom of their E-mails? One of these products is called Hotbar –
it can be very damaging and people are enticed by the cute little smiley faces
they can get for free!
Coolsavings and Free Coupon Offers Online
They install software on your PC and collect your
information and then they e-mail it back to other
companies.
Do you read a lot?
Most EULAs or End User License Agreements would take you the
rest of this evening to read! This is where they ask for permission to install their spyware, steal your
personal information and change settings in your PC and by checking
“OK” - you have given them permission to change your PC and
its settings.
Kazaa Popular File Swapping Program
The terms of service contract states: “Brilliant might tap the unused computing power and
storage space of your Computer”
Some Spyware can actually can turn your company into a node or a
“Bot” and run a peer to peer network which is controlled by another company. They can use
your PC to help them analyze and store other people’s data! Kazza
and AudioGalaxy are just a few that do this!
Will keep track of all your keystrokes and can record credit card information, passwords, addresses, etc.
Keyloggers
Summary of Effects• Collection of Data from your PC without your consent
• Execution of Malicious code without your knowledge
• Collects data pertaining to your habitual use and sells it to marketing companies
• Makes it impossible to remove their software by standard methods and sometimes not at all
• Performs other undesirable tasks on your PC such as using your PC as a go between between other PC’s and their servers
Damage your PC – How?• Control Panel will not open up or take 5-10 minutes to
open
• Internet Explorer can stop working or not access particular websites. Some even keep you from accessing Microsoft.com
• You change your Home Page and when you reboot it has changed back to an Adult Links Pornographic Site
• Why? Badly written programs often corrupt windows system files.
• Your computer will have too many processes running on it to be operational. In this case it is often necessary to wipe it clean and start new. This can range between $100 - $250 depending on where you take your PC to be fixed. Many simply buy a new PC thinking there PC is not working.
What can I do ?
Fortunately there is software out there that can aid you in :
1. Removing existing Spyware
2. Keep Spyware from Infecting your PC in the first place
What can I do ?
Be Cautious about what Sites you Visit
Search the Site before you Surf there
If you suspect spyware is downloading – unhook your Internet Connection
Always Turn off your PC at night
Be Careful of hitting the Red X!
Spyware Detection +
Removal Tools
Spybot – Search and Destroy
Adaware – Lavasoft
Spysweeper and Pest Control
Spam - Coming to an Inbox near you
!Spam – Unsolicited email that
you did not sign up for or want to receive. Technically it does
not include Email that you have “opted-in” for even if by
accident .
Who is sending Spam?
Hackers who make $
Students are paid $ to operate Spam servers.
Jobless people trying to make $ sending bulk emails
Why do they Spam?
- 5000 out of every million people respond to Spam
- They only need one out of 10,000 to break even
- 200 million messages can be delivered by one Spammer per day
- 100 million addresses can cost less than $100.00
Spam Facts• 30 billion $ is spent currently to fight Spam corporate wide
• 75% of all Email is Spam
• In one Month at VBMB we received 47,000 Known Spam E-mails
•1/3 of all Spam is sent from Home PC’s unwillingly
How do they get your address?
Software programs cost less than $50.00 can mine addresses from the Internet
Personal Information you gave to an untrusted site
You were infected with Spyware at one point
You volunteered personal information when someone went Phishing
Forwarding a joke containing yours and your friends address
Brute Force AttackSpammers use automated software that
looks for domains through out the internet such as VBMB.org
Next they use the software to generate dictionaries of every possible user name
That is why you see some spam that doesn’t have your name spelled correctly
Some internet worms collect personnel info also
If you are lucky your email addy is the only thing the worm took from you.
How to Protect yourself from
Spam For Home – buy a spam filter if your ISP doesn’t provide you with one
Watch where you buy things from online – research all companies
Don’t post your email address anywhere!
When buying things online – use another email account such as a Hotmail account – free from MSN
Never reply or buy something from a Spam Email
Protecting your PC
1000s of PCs have been infected by Viruses and Spyware that turn your PC into a Spam Relay Server!
Keep Spyware out by installing Spysweeper which can monitor your PC constantly against threats!
Keep your Virus Definitions List up to Date!
Spam Prevention Use common sense to detect the veracity behind an email message
If an email seems suspicious it probably is – check out Http:.//hoaxbusters.ciac.org
Never forward a chain letter of any type
Never click on a Image or URL on a Spam Email they use Embedded Images and can watch you do it
Never Reply to a Request to be removed from an Email List – this only verifies the Email address. There are some exceptions.
Going Phishing Anyone?
Phishing attacks use 'spoofed' e-mails and fraudulent websites and are designed to fool recipients into
divulging personal data such as credit card numbers, account usernames
and passwords, social security numbers, etc.
Phishing Report
First Phishing attacks started in 2002
From Nov 2003 – May 2004 # of attacks rose by 4000%
Phishers Catch between 5 and 20% of all Users
Subject: eBay Account VerificationDate: Fri, 20 Jun 2003 07:38:39 -0700From: "eBay" <[email protected]>Reply-To:
[email protected]: Dear eBay member, As part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website, we are undertaking a period review of our member accounts.
You are requested to visit our site by following the link given below http://arribba.cgi3.ebay.com/aw-cgi/ebayISAPI.dll?UpdateInformationConfirm&bpuser=1
Please fill in the required information. This is required for us to continue to offer you a safe and risk free
environment to send and receive money online, and maintain the eBay Experience.
Thank you Accounts Management As outlined in our User Agreement, eBay will periodically send you information about site changes and
enhancements. Visit our Privacy Policy and User Agreement if you have any questions.
Phishing Emails pretend to be from a Legitimate Bank, agency or even
eBay!
“Phishing" spam messages use legitimate 'From:' email addresses, logos, and links to
reputable businesses such as AOL, PayPal, Best Buy, EarthLink and eBay in the message. But
the message instructs you to click on a web link that sends you to a fake website where you are
asked to provide personal information to the scam artists. If you click on a link in an e-mail message from a company be aware that many
scam artists are making forgeries of company's sites that look like the real thing. Beware the
entire Email is one big link to steal information from you!
What to do if you think you have responded to one by
accident
If you have provided your personal information in response to a phishing email, you should assume that you will become a victim of identity theft.
If you provided your bank account or credit card number, you should cancel that account and open a new one immediately
Phishing can occur
By Phone
Door to Door
Potential Employers
Preventing PhishingNEVER respond to an Email asking for Personal
Information
Always Check a Site first to see if it is Secure
Retype a Websites address in, never click on the link of an address as it can be forged
Keep your PC secure with Anti-Spam and Anti-Virus Software
Check your Bank accounts regularly
Always take your time when responding to an email - Be extra cautious about all emails that want you to reply to them in some way!