Phishing, Spyware & Other Internet Threats On-Line Threats

Home , Pharming, Spyware

Phishing, Spyware & Other Internet Threats

May 2005

Jodi Ito Information Security Officer Information Technology Services

On-line Threats

 Phishing & Pharming  Spyware  Viruses & Worms  Peer-to-Peer filesharing (P2P)

1 On-line Dangers

 Identity theft  Financial fraud

 Personal safety  Compromised computer  Loss of information & productivity

 At a minimum, these things are a nuisance  At the other end of the scale… ???

Delivery Mechanisms

 Email containing:  Infected attachments  Links to compromised websites  Infected Web Sites  Instant Messaging  PDAs  Cell phones

2 Definition of “Phishing”

 From http://www.wordspy.com/words/phishing.asp:

phishing (FISH.ing) pp. Creating a replica of an existing Web page to fool a user into submitting personal, financial, or password data. -adj.

Phishing

 Basic format:  Looks legitimate!  From a respected organization  Asks you to verify personal information through a link  Name  Address  Account number  Password  Threatens account suspension or non-completion of transaction

3 Anatomy of a “Phish”

Bank of the West http://www.bankofthewest.com

How can you tell if it’s “phishing”?

4 “Bank of the West” Phishing Email

Full Headers of the Message

5 How to view full headers

 UH Webmail: Click on the triangle in the header area  All other mail programs (Eudora, Outlook, Netscape, etc.): http://www.spamcop.net/fom-serve/cache/19.html

Where does the link go?

6 Deceptive Links

 http://www.hawaii.edu  Bank of Hawaii

Prevent being “phished”

 Be suspicious!  Don’t click on links in unsolicited email  Don’t give out personal information in response to any unsolicited inquiry  Call the organization - but don’t use the phone number given in the email.  Check: http://www.antiphishing.org/phishing_archive.html  Type in the web address yourself (???)

7 Be Vigilant!

 Review banking statements in a timely manner  Check your credit reports annually: http://www.annualcreditreport.com  Be informed:  https://www.paypal.com/security  https://www.paypal.com/securitytips  http://www.ifccfbi.gov/strategy/fraudtips.asp

What if You’re a Victim?

 Contact a credit bureau to report fraud:  Equifax: (800) 525-6285  Experian: (888) 397-3742  TransUnion: (800) 680-7289  Close the compromised account  File a police report  File a complaint with the FTC  For more information: http://www.consumer.gov/idtheft/ http://www.idtheftcenter.org

8 Pharming

 Like “phishing” BUT instead of hiding the bogus links within the email…  Domain Name System (DNS) is compromised (a.k.a. DNS poisoning, DNS hijacking)  Doesn’t matter if you type in the URL yourself, you’ll still be directed to the bogus website

Spyware!

 Another category of malicious software  Installed and runs on your computer  Comes in via:  Email  Pop ads, web sites  Peer-to-peer software  Games  Usually runs without you knowing about it

9 What Does Spyware Do?

 Track which websites you visit  Send you pop-up ads

 Take over your browser  Monitor your keystrokes  Disable your security software  Turn your computer into a “zombie” (bot)  Part of DDOS, spam generator  For more information on BotNets: http://www.cscic.state.ny.us/msisac/webcasts/05_05/index.htm

How do you know if you’re infected with Spyware?

 Your browser opens to a different startup page or goes to a different URL  Pop-up ads appearing without you doing anything  Computer runs slower  New/unfamiliar toolbars  Computer exhibits strange behavior with random errors

10 Cleaning Up

 Not a simple task  Takes time: expect a minimum 4 hours… more depending on severity of infection  Back up your data first!  Multiple tools  Running them multiple times  Severe cases require complete re-installation  Backup user data  Reformat hard drive  Reinstall your operating system and applications  Update your OS & applications (especially anti-virus software)

Tools

 Microsoft Anti-Spyware (beta) http://www.microsoft.com/security/default.mspx (click on “Windows Antispyware” link)  Spybot Search & Destroy http://www.safer-networking.org/en/download/  Ad-Aware SE Personal (Lavasoft) http://www.lavasoft.com/ (click on “Download”)  Spy Sweeper (Webroot) http://www.webroot.com/downloads/ (free trial)  Note: be careful where you download from! Some “anti-spyware” websites actually download spyware.

11 Helpful Hints

 Unknown programs found by anti-spyware:  Do a web search (google, yahoo, etc.) for more information  Be persistent  1. Run a tool  2. Reboot  3. Run another tool  4. Reboot  5. Go to step 1.

 Seek professional help

Online Resources

 www.ﬁrewallguide.com/spyware.htm  http://www.microsoft.com/athome/security/ spyware/default.mspx  http://www.ftc.gov/bcp/conline/pubs/alerts/ spywarealrt.htm

12 Viruses, Worms, Trojans

 ENDLESS!!!  New variations of old viruses  Library: http://vil.nai.com/vil/  McAfee’s Stinger tool to clean off viruses: http://vil.nai.com/vil/stinger/  Install and update anti-virus software!!! http://www.hawaii.edu/antivirus/

I’m Infected!

 Backup your data  Update your system  Update anti-virus software  Clean off the virus Note: update first, then clean. Unpatched systems can get re- infected within minutes.

 Contact the ITS Help Desk: [email protected]  Oahu: 956-8883  Neighbor Islands: (800) 558-2669

13 Peer-to-Peer Filesharing

 Software that allows filesharing among computers without a central file server  Popular software: Kazaa, Grokster, eDonkey, iMesh, Bearshare, BitTorrent, LimeWire  Sharing more than you know: http://www.cbsnews.com/stories/2005/05/03/e veningnews/main692765.shtml

P2P Problems

 Spyware installed w/ P2P software  You don’t know what directories are being shared  Trading copyrighted information (songs, movies, software) is ILLEGAL  http://www.ftc.gov/bcp/conline/pubs/alerts/sharealrt.htm

14 Protecting Your Computer

 Update your operating systems!!!  Turn on automatic updates  Install and update anti-virus software  Turn on automatic updates  Make sure your accounts are password protected  Use “strong” passwords: http://www.hawaii.edu/help/security/ (click on “Password Guidelines”)

Safe Computing Habits

 Always update your computer (especially operating system and antivirus)  Password protect your computer with strong passwords  Never respond to unsolicted requests (by email, instant messages, chat rooms) with your personal information  Don’t open unexpected email/attachments especially from strangers

15 More Tips

 Download software from reputable sources  Don’t click on pop-up ads & be careful of which websites you visit

 Use one credit card w/ a low limit for online transactions  Use one checking account for online payments  Don’t use public computers for personal, financial transactions

Good Privacy Practices

 Shred all documents w/ personal information including new credit card offers  Monitor your financial statements  Watch your mailbox and know when your financial statements are arriving  Review your credit report annually

16 Questions?

Jodi Ito [email protected] (808) 956-2400