Title: Phishing, Pharming, and the latest potholes on the Information Highway
1Phishing, Pharming, and the latest potholes on
the Information Highway
A Presentation by Ian Loe, CISSP
2Agenda
- Malware
- Latest potholes on the Information Highway
- Spyware
- Phishing
- Pharming
- Security industry approach to emerging Malware
- Security Recommendations
- Q A
3Malware
- Short for malicious software
- Any software designed
- specifically
- to damage or disrupt
- a system
4Traditional Types of Malware
- Virus
- Attaches itself to a program or file and
reproduces itself - Cannot be spread without a human action
- Worm
- Spreads without human intervention
- Could send out thousands of copies of itself
- Tunnels into a system to control it remotely
- Trojan Horse
- Appears to be useful software/files from a legit
source - Could delete files and destroy information on a
system - Creates a back door for malicious access spread
- Do not reproduce by infecting files nor
self-replicate
5Latest Types of Malware
- Phishing and Pharming
- belong to the family of Spyware
- Along with many others
- Adware
- Key loggers
- Dialers
- Downloaders
- Back doors
6What is Spyware?
- Any software that covertly gathers
- information on user activities
- through the user's Internet connection
- without his or her knowledge
- and ships it off to an
- unknown third-party server
- over the Internet
7 What is Adware?
- Adware is Commercial Spyware
- Developed by commercial
- advertising companies
- who claim not malicious intent
- Usually created for
- advertising/marketing purposes
8How does Spyware work?
- Independent executable able to
- Deliver unsolicited advertising pop-up ads
- Monitor keystrokes
- Scan files on the hard drive
- Snoop other apps (e.g. chat, word processors)
- Install other Spyware programs
- Read cookies
- Change the default home page on the browser
- Consistently relays info back to source for
- Advertising/marketing purposes
- Selling the information to another party
9Spyware Concerns
- Ethics and privacy
- Computers resources
- Internet connection bandwidth
- System crashes or general instability
- Licensing agreements for software downloads may
not always be read - The notice of a Spyware installation is couched
in hard-to-read legal disclaimers - Producers of Adware also produce Anti-Spyware
tools It is a profitable industry
10Getting Spyware is Easy
- Drive-By Installations
- Social engineering
- Spoof certificates
- Web Exploits
- Every MS Security Bulleting that Could Allow
Code Execution can be used to install Spyware - Bundles
- Users unwittingly install the product when they
install something else freeware/shareware - gt Kazaa gt Games
- gt Pirated Software gt Screensavers
- gt Smileys gt Anti-Spyware programs
11Malicious Spyware Types
- Key-loggers
- Log keystrokes and send over the Internet
- It steals information including passwords
- Dialers
- Cause a users modem to dial a 900 or 976 number
12Malicious Spyware Types (cont)
- Back doors
- Provide hacker with complete control (e.g. Back
orifice) - Downloaders
- Download and install Spyware, Adware, key
loggers, dialers, back doors, etc - Most commonly installed using web exploits
- Phishing Pharming
13What is Phishing?
- The act
- of sending a message to a user
- falsely claiming to be an established
- legitimate enterprise in an attempt to
- scam the user into surrendering
- private information that will be used
- for identity theft
14Phishing Purpose
- They will cast the bait and if you bite,
- they can lure your personal
- information out of you
- ID Passwords
- Credit Card Information
- NRIC / Passport Information
- Bank Account Numbers
15Bogus Websites
- to which victims are redirected
- without their knowledge or consent,
- look the same as
- a genuine website
- But
- information like
- login name and password
- is captured by
- criminals
16Example of a Phishing email
17Anti-Phishing Groups
18Pharming Out-Scams Phishing
- First came Phishing,
- in which con artists hooked unwary
- internet users one by one into
- compromising their personal data
- Pharmers
- can scoop up many victims
- in a single pass
19What is Pharming?
- New use for a relatively old concept
- domain spoofing
- Pharmers
- simply redirect as many users as
- possible from
- legitimate commercial websites
- to malicious ones
20Pharming most alarming threat
- DNS poisoning
- Large group of users to be silently shuttled to a
bogus website even when typing in the correct URL
- You no longer have to click
- a URL link
- to hand over your information to
- identity thieves
21Certificate Mismatch
22Technical Challenges
- New and evolving technology
- Quickly adopts all latest techniques from
Viruses, Worms and Trojans - Attracts the best brightest hackers
- Application level threat existing enterprise
defenses lack granularity
23Latest News Feb 12, 2007
24Spyware Market Place
- Many providers have started to offer products
- Market still resembles the wild west and the
early days of the Internet - Standards and Commercial winners--losers have
yet to emerge
25Enterprise Solutions Emerging
- Spyware specific desktop tools
- Desktop agent with no centralized management
- Use of signatures
- Desktop Antivirus
- Detecting a small subset of known Spyware
- Use of signatures
- URL Filtering
- Gateway solution
- Blocks known Spyware sources change often
- Proxy Appliance
- Stop drive-by installation
- URL filtering and use of signatures
26Industry Approach - Phishing
- Based on social engineering Self defense relies
on common sense of the user - The automated detection of new Phishing fraud is
very difficult - Only an extensive forensic analysis by law
enforcement can prove the evidence of Phishing - Try to mitigate by
- URL blocking of known URLs of Phishing websites
- Spam blocking of emails of Phishing scams that
are sent en mass
27 Industry Approach - Pharming
- Browsers that could authenticate website
identity. (CardSpace, OpenID) - Browser toolbars displaying the true physical
location of a website's host (e.g. Russia) - Some financial institutions are experimenting
with "multi-factor authentication" logins,
including - single-use passwords (e.g. tokens)
- automatic telephone call-backs
28Security Recommendations
- Do not open e-mail attachments unless you know
the source and are expecting the attachment - Do not reply to the e-mail from an unknown source
- Do not click on entrusted hyperlinks to the
Internet - Do not download unapproved software from the
Internet - Do not respond or visit the website indicated by
an instant message or e-mail - Do not give out personal information over the
Internet - Before revealing any identifying information, ask
how it will be used and secured.
29Questions?
30Thank You!
Ian Loe, CISSP Senior IT Architect, Asia/Pacific,
EIS SOA Advanced Technologies IBM Software
Group Email ianl_at_sg.ibm.com