Scary Internet Stuff City of Phoenix Information Security and Privacy Office What Is Malware? • Term for malicious software • Includes viruses, worms, Trojan horse programs, keystroke loggers, and other malicious software • Most people just use the term, “virus” for all malicious software What Are Viruses? • A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes – Designed to make copies of itself (replicate), usually without your knowledge – Usually requires user action to run, such as opening an e-mail attachment – Often contains payloads, malicious or annoying actions that the virus carries out separately from replication What Are Worms? • Malicious code that requires no specific action on your part to enable infection or to propagate How Do Worms Spread? • Worms generally take advantage of a software bug or flaw, called a vulnerability • A worm is like a zombie looking for “fresh meat” – Worms check all devices on a network to see if they’re vulnerable – If so, the worm infects the computer – Now the newly infected computer travels the network asking all connected devices if they’re vulnerable Other Types of Malware • Trojan horse program: A program that comes into your computer disguised as something else, such as a game or screen saver • Keystroke logger: A program or hardware device that records all keystrokes – Often used by attackers to obtain passwords or personal information, such as bank account numbers – Many Trojan horse programs are keystroke loggers • Spyware: A program that collects information about you and your surfing habits without your knowledge • Virus Hoax: An intentionally deceptive e-mail warning about a nonexistent computer virus What Motivates Bad Guys? • Often, the purpose of infecting systems with malware is to create a big network of “robot” computers (a botnet) • Used for spam, phishing, and launching distributed denial-of-service (DDoS) attacks – About 89.5 billion spam e-mails are sent daily from bots • DDoS botnet rental is about $200 for 10,000 bots per day – Some offer a 3 minute try-before-you-buy Scareware aka Rogue Software • Fake security software – Gets you to load malicious software AND – Gets your personal / credit card info Protection Strategies – Scary Internet Stuff • Don’t click – Don’t click on links embedded in e-mail – Be very wary of shortened URL links (often in Tweets) – Be suspicious of e-mail attachments from strangers – Don’t click on suspicious search results – Don’t visit risky Websites (think porn and gambling) • Use anti-virus software and keep it up to date • Apply security patches immediately – Usually published 2nd Tuesday of the month – Configure your computer to apply patches automatically True or False • Following the recommended protection strategies will 100% protect my PC Following the recommended protection strategies will 100% protect my PC There are always new vulnerabilities being discovered and new attacks coming out Thanks! Questions? Contact [email protected] .