Copyrighted Material

Total Page:16

File Type:pdf, Size:1020Kb

Copyrighted Material Index Numbers Android devices, security compared to iPhones, 209–212 2016 presidential election, 15, 107–108 Angelova, Barb, 49 2017 Verizon Data Breach Investigations AnnualCreditReport.com, 139 Report, 92 Anthem, breach in 2015, 26 419 scams, 55 Anti-Phishing Working Group, incident 4Chan, whaling, 37 response, 98 antimalware software, 88 A antivirus software, 87–88 access security, local fi le storage, 163 cryptomining malware, 43 actions (attack chains), 69 detecting phishing attack, 96 active duty alerts, military identity importance of updating, 78 theft, 119 local fi le storage, 162 activity notices, 177, 189 myth vs. fact, 88, 194 ad blocking extensions, 189–190 protecting computers, 199 ad injectors, 78 protecting information when Adobe Flash, security issues, 190 traveling, 243 adversaries spyware, 47 caught, 17–21 Apple ID, value of login credentials, compared to source of breaches, 92 25 motives, 13 Apple, Koobface gift card scam, 51 nation-state attackers, 14–16 AppleCare, phishing, 209 profi le of, 12–13 applications, protecting computers, advertisements, malware 199 infections from,COPYRIGHTED 77 APT1 MATERIAL(nation-state hacking adware, 43, 47–48 group), 14–15 Google Play store, 208 Ashley Madison, blackmail, 8 airplanes, security ATIS (Alliance for Telecommunications vulnerabilities, 238–239 Industry Solutions), 60 Alliance for Telecommunications ATMs, credit card skimmers, 142 Industry Solutions (ATIS), 60 attack chains, 66–68 alternative fi nancial services (AFS), 145 attack methods. See also attack vectors Amazon Alexa, privacy concerns, 231 adware, 47–48 Amazon Echo, privacy concerns, 231 banking information, 24 Amero, Julie, 47–48 charity scams, 58 MMcDonough559610_bindex.inddcDonough559610_bindex.indd 225151 111/22/20181/22/2018 44:48:00:48:00 PPMM 252 Index clone phishing, 39–40 attacks computing resources, 27 cryptojacking, 194–196 distributed denial-of-service (DDoS), 19 timing, 4 email compromise, 38–39 authentication email phishing, 34–35 IoT devices, 232 email scams, 3 phone numbers, 60 fear tactics, 33 two-factor, 5, 25 government agency authentication apps impersonation, 52–53 two-factor authentication, 85 grandparent scam, 53 compared to text-based identity theft, 108–110 authentication, 207 Internet of Things (IoT), 27–28 authorization, breaches, 8 job scams, 56–58 auto-connecting, protecting information online dating scams, 54–56 when traveling, 243 personally identifi able automated hacking software, 4 information (PII), 26 spear phishing, 35 phishing vectors, 33 automated tools, searching databases, pretexting, 42–43 83 ransomware, 44–46 automatic updates, 85, 88 robocalling scams, 58–61 avionics systems, scamming, 50 vulnerabilities, 238–239 scareware, 47 SMS phishing, 41–42 B social engineering, 32–33 Babayan, Vachik, 23 spear phishing, 35–37 back doors, credentials, 25 spyware, 46–47 BackBlaze, 164 technical support scams, 51–52 backing up data, 89–90 Trojans, 48 cloud storage, 160–161, 163–164 utility bill scams, 54 fi le protection, 165 virtual kidnapping, 53–54 incident response, 97, 99 voice phishing, 40–41 local fi le storage, 163 whaling, 37–38 mobile devices, 213 attack targets, 23 myth vs. fact, 89 path of least resistance, 24 protecting computers, 200 social media, 171–172 when traveling, 247 Twitter, 172–173 Baker, Stephen, 55 attack vectors. See also attack methods bank account credentials, 25, 73–74 cryptomining, 195 bank account verifi cation, 112 email, 72–73 BankBot, 48 freeware, 78 banking apps, 147 phone calls, 75–76 banking Trojans, 48 software, 78 Google Play store, 208 text messages, 41–42, 73–75 Baratov, Karim, 18–19 URLs, 76 Barclays, 18 USB drives, 71–72, 78–79 Berkeley Open Infrastructure for website links, 76 Network Computing (BOINC), 198 websites, 76–78 Better Business Bureau (BBB), voice Wi-Fi, 79–80 phishing, 40–41 MMcDonough559610_bindex.inddcDonough559610_bindex.indd 225252 111/22/20181/22/2018 44:48:00:48:00 PPMM Index 253 Betz-Hamilton, Axton, identity theft, C 126 cable modems, updating, 84–85 biometrics, risks, 212 caller ID, spoofi ng, 76 Bitcoin, cryptomining, 196 Cambridge Analytica, 173–174 Bitdefender Mobile Security, 214 cameras, remote operation, 46 black market, medical Campaign for a Commercial Free information value, 26 Childhood (CCFC), 132 black-hat hackers, 14, 24 candy drops, USB keys, 78–79 blackmail, breaches and, 8 Carder ’ s Paradise, 25 blockchains, 43 personally identifi able information, 26 BOINC (Berkeley Open Infrastructure for Carleton University, 185 Network Computing), 198 Carnegie Melon CyLab study, 127 botmasters, 28 catphishing, 50, 54–56 botnets, 72 DDoS attacks, 28 CCFC (Campaign for a Commercial Free Childhood), 132 Google Play store, 208 IoT devices, 228 Center for Digital Democracy (CDD), 132 IoTroop, 28 password attacks, 31 charity scams, 58 resources, 13 chat features (online gaming), 130–131 terrorist organizations, 17 ChexSystems, 112, 113 bots, Twitter and, 172–173 child predators, 130 breaches, 17–21 children alerts, 188 identity theft, 125–129, 133 CloudPets, 133 online activity, 129–131 compared to cyberattacks and private information, 128–129 hacks, 8 smart toys, 131–135 Deep Root Analytics, 176 Social Security numbers, 128 Dropbox, 180 Children ’ s Online Privacy Protection Act Equifax, 66 (COPPA), 132 Experian, 109 chip-based security, 148 identity theft, 108–109 Christiano, James "Jamie," 59–60 LifeLock, 111 Chrysler vehicles, Uconnect LinkedIn, 180–181 vulnerabilities, 227 mixing personal and work Clapper, James, 17 passwords, 93 click fraud apps, Google Play store, 208 password changing, 188 Clinton, Hillary, 107 password reuse, 179–180 clone phishing, 39–40 reused credentials, 83 cloud storage, 159–165 source of compared to adversaries, 92 CloudPets, data breach, 133 Spiral Toys, 133 Cobalt Gypsy, 169–170 Twitter, 173 Coinhive, 197 Yahoo, 152–153 Collins, Arran, 53–54 Brennen, John, 17 command and control apps British Airways, 18 attack chains, 69 browser-setting hijackers, 78 Google Play store, 208 browsers, ad-blocking extensions, 47 computer accounts, individual for burner phones, 248 children, 135 MMcDonough559610_bindex.inddcDonough559610_bindex.indd 225353 111/22/20181/22/2018 44:48:00:48:00 PPMM 254 Index computers credit reports cryptocurrency mining, children, 127–128 symptoms, 193–195 credit freezes, 112 donating CPU capacity, 198 fraud alerts, 97, 111 protecting, 198–201 security freeze, 109 computing resources, 27–28 criminal organizations, 16 consumer databases, personally Crypto Sheriff tool, ransomware, identifi able information, 26 101 Consumer Watchdog, 154 cryptocurrencies, 18–19 Consumers Union, 132 mining, 28 COPPA (Children ’ s Online Privacy Monero, 197 Protection Act), 132 ransomware payments, 45 Corbin, Jane, 38 cryptocurrency mining CPU usage Bitcoin, 196 cryptocurrency mining, 193–195 Coinhive, 197 donating capacity, 198 computer hijacking, symptoms, monitoring, 200 193–195 Crackas with Attitude, 17 critical industrial processes, 197 Craigslist, 19 websites, opt-in, 196–197 job scams, 56–58 cryptographic algorithms credentials. See also cracking, 28 passwords; usernames hashing passwords, 180–181 compromising accounts, 25 cryptojacking, 194–196 duplicate, 86 Google Play store, 208 email compromise incident malware, 43–44 response, 102 protecting computers, 200 incident response, 97, 100 cryptomining malware, 43–44. See also Internet of Things (IoT), 27 cryptocurrency mining Kronos Trojan, 48 Cyber Security Intelligence Department PayPal, 25 (United Airlines), 239 phishing attacks, 25 cyber weapons, NSA, 16 reselling, 25 cyber-enabled fi nancial fraud, 20–21 Reset Password links, 39 cyberattackers reused, 83 profi le, 12–13 spyware, 46–47 reasons for success, 7 stuffi ng, 181–182 targets, 13 texts as security attack vector, 73 terrorist organizations, 17 updating, importance of, 74–75 cyberattacks, compared to breaches credit and hacks, 8 freezing, 97 cybercrime organizations, 16 protecting, 112–113 Cybercriminal Code of Ethics, 7 credit card skimmers, 23, 142, 144–145 cybercriminal organizations, avoiding, 148 characteristics, 13 credit cards cyberhygenic practices, 7 fraud, 141–143 attack chains, 68–70 identity theft insurance, 112 importance of, 84 when traveling, 246 passwords, 182–184 Credit Karma, 111 risk assessment, 92 MMcDonough559610_bindex.inddcDonough559610_bindex.indd 225454 111/22/20181/22/2018 44:48:00:48:00 PPMM Index 255 cybersecurity protecting money, 146–149 risk assessment, 92 robocalling, 61 smart toys, 133 social media protection, 176–178 two-factor authentication, 85–86 D using voicemail, 76 Dark Web, 14 whitelisting phone numbers, 58–59 Carder ’ s Paradise, 25 delivery (attack chains), 69 identity theft, 109 Dell, Alexa, 173 password databases, 25 Democratic National Convention (DNC), personally identifi able information, 26 attacks on, 15 ransomware payments, 45 Department of Defense, phishing data. See fi les tweets, 172–173 data breaches Department of Homeland Security, 20 automated hacking software, 4 Department of Justice, 21 credentials, 25 Department of the Treasury, 20 identity theft, 108–109 reporting IRS impersonation scams, 141 LifeLock, 111 devices statistics, 6 disconnecting after an attack, 96, 98 Yahoo, 152–153 email privacy, 157 data brokers, 175 IoT, 232–238 data mining, social media, 173–176 protecting when traveling, 243 data protection, social media, 176–178 ransomware incident response, 100 databases, exposed, 25 scanning for malware, 99 Davis, Debbie, 23 secure for banking, 147 Davis, Todd, 111 updating, 84–85 DDoS. See distributed
Recommended publications
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • The Botnet Chronicles a Journey to Infamy
    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
    [Show full text]
  • MODELING the PROPAGATION of WORMS in NETWORKS: a SURVEY 943 in Section 2, Which Set the Stage for Later Sections
    942 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 2, SECOND QUARTER 2014 Modeling the Propagation of Worms in Networks: ASurvey Yini Wang, Sheng Wen, Yang Xiang, Senior Member, IEEE, and Wanlei Zhou, Senior Member, IEEE, Abstract—There are the two common means for propagating attacks account for 1/4 of the total threats in 2009 and nearly worms: scanning vulnerable computers in the network and 1/5 of the total threats in 2010. In order to prevent worms from spreading through topological neighbors. Modeling the propa- spreading into a large scale, researchers focus on modeling gation of worms can help us understand how worms spread and devise effective defense strategies. However, most previous their propagation and then, on the basis of it, investigate the researches either focus on their proposed work or pay attention optimized countermeasures. Similar to the research of some to exploring detection and defense system. Few of them gives a nature disasters, like earthquake and tsunami, the modeling comprehensive analysis in modeling the propagation of worms can help us understand and characterize the key properties of which is helpful for developing defense mechanism against their spreading. In this field, it is mandatory to guarantee the worms’ spreading. This paper presents a survey and comparison of worms’ propagation models according to two different spread- accuracy of the modeling before the derived countermeasures ing methods of worms. We first identify worms characteristics can be considered credible. In recent years, although a variety through their spreading behavior, and then classify various of models and algorithms have been proposed for modeling target discover techniques employed by them.
    [Show full text]
  • Security Chapter
    Barbarians at the Gateway (and just about everywhere else): A Brief Managerial Introduction to Information Security Issues1 a gallaugher.com case provided free to faculty & students for non-commercial use © Copyright 1997-2009, John M. Gallaugher, Ph.D. – for more info see: http://www.gallaugher.com/chapters.html Draft version last modified: Dec. 7 , 2009 – comments welcome [email protected] Note: this is an earlier version of the chapter. All chapters updated Dec. 2009 are now hosted (and still free) at http://www.flatworldknowledge.com. For details see the ‘Courseware’ section of http://gallaugher.com INTRODUCTION LEARNING OBJECTIVES: After studying this section you should be able to: 1. Recognize that information security breaches are on the rise. 2. Understand the potentially damaging impact of security breaches. 3. Recognize that information security must be made a top organizational priority. Sitting in the parking lot of a Minneapolis Marshalls, a hacker armed with a laptop and a telescope‐shaped antenna infiltrated the store’s network via an insecure Wi‐Fi base station. The attack launched what would become a billion‐dollar plus nightmare scenario for TJX, the parent of retail chains that include Marshalls, Home Goods, and T.J. Maxx. Over a period of several months, the hacker and his gang stole at least 45.7 million credit and debit card numbers, and pilfered driver’s license and other private information from an additional 450,000 customers2. TJX, at the time a $17.5 billion, Fortune 500 firm, was left reeling from the incident. The attack deeply damaged the firm’s reputation.
    [Show full text]
  • Download Slides
    Scott Wu Point in time cleaning vs. RTP MSRT vs. Microsoft Security Essentials Threat events & impacts More on MSRT / Security Essentials MSRT Microsoft Windows Malicious Software Removal Tool Deployed to Windows Update, etc. monthly since 2005 On-demand scan on prevalent malware Microsoft Security Essentials Full AV RTP Inception in Oct 2009 RTP is the solution One-off cleaner has its role Quiikck response Workaround Baseline ecosystem cleaning Industrypy response & collaboration Threat Events Worms (some are bots) have longer lifespans Rogues move on quicker MarMar 2010 2010 Apr Apr 2010 2010 May May 2010 2010 Jun Jun 2010 2010 Jul Jul 2010 2010 Aug Aug 2010 2010 1,237,15 FrethogFrethog 979,427 979,427 Frethog Frethog 880,246880,246 Frethog Frethog465,351 TaterfTaterf 5 1,237,155Taterf Taterf 797,935797,935 TaterfTaterf 451,561451,561 TaterfTaterf 497,582 497,582 Taterf Taterf 393,729393,729 Taterf Taterf447,849 FrethogFrethog 535,627535,627 AlureonAlureon 493,150 493,150 AlureonAlureon 436,566 436,566 RimecudRimecud 371,646 371,646 Alureon Alureon 308,673308,673 Alureon Alureon 441,722 RimecudRimecud 341,778341,778 FrethogFrethog 473,996473,996 BubnixBubnix 348,120 348,120 HamweqHamweq 289,603 289,603 Rimecud Rimecud289,629 289,629 Rimecud Rimecud318,041 AlureonAlureon 292,810 292,810 BubnixBubnix 471,243 471,243 RimecudRimecud 287,942287,942 ConfickerConficker 286,091286, 091 Hamwe Hamweqq 250,286250, 286 Conficker Conficker220,475220, 475 ConfickerConficker 237237,348, 348 RimecudRimecud 280280,440, 440 VobfusVobfus 251251,335, 335
    [Show full text]
  • An Analysis of the Nature of Groups Engaged in Cyber Crime
    International Journal of Cyber Criminology Vol 8 Issue 1 January - June 2014 Copyright © 2014 International Journal of Cyber Criminology (IJCC) ISSN: 0974 – 2891 January – June 2014, Vol 8 (1): 1–20. This is an Open Access paper distributed under the terms of the Creative Commons Attribution-Non- Commercial-Share Alike License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited. This license does not permit commercial exploitation or the creation of derivative works without specific permission. Organizations and Cyber crime: An Analysis of the Nature of Groups engaged in Cyber Crime Roderic Broadhurst,1 Peter Grabosky,2 Mamoun Alazab3 & Steve Chon4 ANU Cybercrime Observatory, Australian National University, Australia Abstract This paper explores the nature of groups engaged in cyber crime. It briefly outlines the definition and scope of cyber crime, theoretical and empirical challenges in addressing what is known about cyber offenders, and the likely role of organized crime groups. The paper gives examples of known cases that illustrate individual and group behaviour, and motivations of typical offenders, including state actors. Different types of cyber crime and different forms of criminal organization are described drawing on the typology suggested by McGuire (2012). It is apparent that a wide variety of organizational structures are involved in cyber crime. Enterprise or profit-oriented activities, and especially cyber crime committed by state actors, appear to require leadership, structure, and specialisation. By contrast, protest activity tends to be less organized, with weak (if any) chain of command. Keywords: Cybercrime, Organized Crime, Crime Groups; Internet Crime; Cyber Offenders; Online Offenders, State Crime.
    [Show full text]
  • Information Assurance Situation in Switzerland and Internationally
    Federal Strategy Unit for IT FSUIT Federal Intelligence Service FIS Reporting and Analysis Centre for Information Assurance MELANI www.melani.admin.ch Information Assurance Situation in Switzerland and Internationally Semi-annual report 2009/II (July – December) MELANI – Semi-annual report 2009/II Information Assurance – Situation in Switzerland and Internationally Contents 1 Focus Areas of Issue 2009/II .........................................................................................3 2 Introduction.....................................................................................................................4 3 Current National ICT Infrastructure Situation ..............................................................5 33.1.1 FDFA targeted by malware.................................................................................5 33.2.2 Website defacements after adoption of minaret ban initiative ............................5 33.3.3 DDoS attacks against Swisscom and Swisscom clients ....................................6 33.4.4 Fraud with fake domain registrations..................................................................7 33.5.5 Purported free offers against viruses, scareware, rogueware and ransomware 8 33.6.6 New top level domains (TLD) and high security zones in the Internet .............10 33.7.7 Revision of provisions implementing the Telecommunications Act ..................10 33.8.8 Skype wiretap published as source code .........................................................11 4 Current International ICT
    [Show full text]
  • CONTENTS in THIS ISSUE Fighting Malware and Spam
    APRIL 2010 Fighting malware and spam CONTENTS IN THIS ISSUE 2 COMMENT A FUTILE BATTLE? Are takedowns an exercise in futility? Mary Landesman evaluates recent botnet takedown efforts. 3 NEWS page 2 VB2010 programme announced CYBER WARFARE All star superstars Terry Zink looks at the increasingly common Dangerous places to be online phenomenon of hacktivism and details three recent cyber warfare attacks. 3 VIRUS PREVALENCE TABLE page 11 FEATURES EXPLOIT KIT EXPLOSION 4 Evasions in Intrusion Prevention/ In the fi rst of a two-part series introducing exploit Detection Systems kits Mark Davis outlines the basic details of the dime-a-dozen kits used in drive-by browser-based 11 Botnets, politics and hacktivism – an interesting partnership attacks. page 21 15 ‘Signatures are dead.’ ‘Really? And what about pattern matching?’ RECORD VB100 ON XP In VB’s largest ever VB100 21 TUTORIAL comparative review, a total of 60 Exploit kit explosion – part one products are put to the test on April 2010 Windows XP. John Hawes has all 23 COMPARATIVE REVIEW the details. page 23 VB100 – Windows XP SP3 68 END NOTES & NEWS ISSN 1749-7027 COMMENT ‘There is often little Troyak-AS resumed service under a new upstream provider, and this pattern was repeated numerous times. incentive for domain These less than dramatic results beg the registrars or hosting (multi)-million-dollar question: are such takedown providers to make efforts an exercise in futility? it more diffi cult for Certainly if one focuses only on short-term statistics, the answer would appear to be ‘yes’. However, if one criminals to obtain focuses on some of the precedents set during the fi rst services.’ quarter, tangible long-term impact may become a reality.
    [Show full text]
  • Malware Primer Malware Primer
    Malware Primer Malware Primer Table of Contents Introduction Introduction ...........................................................................................................................................................................2 In The Art of War, Sun Tzu wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This certainly applies Chapter 1: A Brief History of Malware—Its Evolution and Impact ..............................3 to cyberwarfare. This primer will help you get to know cybercriminals by providing you with a solid foundation in one of their principle weapons: Chapter 2: Malware Types and Classifications ....................................................................................8 malware. Chapter 3: How Malware Works—Malicious Strategies and Tactics ........................11 Our objective here is to provide a baseline of knowledge about the different types of malware, what malware is capable of, and how it’s distributed. Chapter 4: Polymorphic Malware—Real Life Transformers .............................................14 Because effectively protecting your network, users, data, and company from Chapter 5: Keyloggers and Other Password Snatching Malware ...............................16 malware-based attacks requires an understanding of the various ways that the enemy is coming at you. Chapter 6: Account and Identity Theft Malware ...........................................................................19 Keep in mind, however, that we’re only able here
    [Show full text]
  • The Heart of KOOBFACE C&C and Social Network Propagation
    The Heart of KOOBFACE C&C and Social Network Propagation Trend Micro, Incorporated Jonell Baltazar, Joey Costoya, and Ryan Flores Trend Micro Threat Research A Trend Micro Research Paper | October 2009 The Heart of KOOBFACE C&C and Social Network Propagation TABLE OF CONTENTS INTRODUCTION.........................................................................................................................................................4 SOCIAL.NETWORK.PROPAGATION.........................................................................................................................5 THE.KOOBFACE.LOADER.................................................................................................................................6 SOCIAL.NETWORK.PROPAGATION.COMPONENTS.......................................................................................8 INFORMATION.THEFT.................................................................................................................................10 SOCIAL.NETWORK.EMAIL.SPAM...............................................................................................................11 COMPONENT.LOGS....................................................................................................................................12 GCHECK.COMPONENT.............................................................................................................................................13 BLOGSpot COMPONENT........................................................................................................................................15
    [Show full text]
  • KOOBFACE: Inside a Crimeware Network
    JR04-2010 KOOBFACE: Inside a Crimeware Network By NART VILLENEUVE with a foreword by Ron Deibert and Rafal Rohozinski November 12, 2010 WEB VERSION. Also found here: INFOWAR http://www.infowar-monitor.net/koobface MONITOR JR04-2010 Koobface: Inside a Crimeware Network - FOREWORD I Foreword There is an episode of Star Trek in which Captain Kirk and Spock are confronted by their evil doppelgängers who are identical in every way except for their more nefarious, diabolical character. The social networking community Facebook has just such an evil doppelgänger, and it is called Koobface. Ever since the Internet emerged from the world of academia and into the world-of-the-rest-of-us, its growth trajectory has been shadowed by the emergence of a grey economy that has thrived on the opportunities for enrichment that an open, globally connected infrastructure has made possible. In the early years, cybercrime was clumsy, consisting mostly of extortion rackets that leveraged blunt computer network attacks against online casinos or pornography sites to extract funds from frustrated owners. Over time, it has become more sophisticated, more precise: like muggings morphing into rare art theft. The tools of the trade have been increasingly refined, levering ingenuous and constantly evolving malicious software (or malware) with tens of thousands of silently infected computers to hide tracks and steal credentials, like credit card data and passwords, from millions of unsuspecting individuals. It has become one of the world economy’s largest growth sectors—Russian, Chinese, and Israeli gangs are now joined by upstarts from Brazil, Thailand, and Nigeria—all of whom recognize that in the globally connected world, cyberspace offers stealthy and instant means for enrichment.
    [Show full text]
  • Slide Credit: Vitaly Shmatikov
    Malware: Botnets, Viruses, and Worms Damon McCoy Slide Credit: Vitaly Shmatikov slide 1 Malware u Malicious code often masquerades as good software or attaches itself to good software u Some malicious programs need host programs • Trojan horses (malicious code hidden in a useful program), logic bombs, backdoors u Others can exist and propagate independently • Worms, automated viruses u Many infection vectors and propagation methods u Modern malware often combines trojan, rootkit, and worm functionality slide 2 PUP u Potentially unwanted programs • Software the user agreed to install or was installed with another wanted program but is, spyware, adware slide 3 Viruses vs. Worms VIRUS WORM u Propagates by u Propagates infecting other automatically by programs copying itself to target systems u Usually inserted into u A standalone program host code (not a standalone program) slide 5 “Reflections on Trusting Trust” u Ken Thompson’s 1983 Turing Award lecture 1. Added a backdoor-opening Trojan to login program 2. Anyone looking at source code would see this, so changed the compiler to add backdoor at compile- time 3. Anyone looking at compiler source code would see this, so changed the compiler to recognize when it’s compiling a new compiler and to insert Trojan into it u “The moral is obvious. You can’t trust code you did not totally create yourself. (Especially code from companies that employ people like me).” slide 6 Viruses u Virus propagates by infecting other programs • Automatically creates copies of itself, but to propagate, a human
    [Show full text]