Phishing, Pharming, and the latest potholes on the Information Highway

1
Phishing, Pharming, and the latest potholes on
the Information Highway
A Presentation by Ian Loe, CISSP
2
Agenda

• Malware
• Latest potholes on the Information Highway
• Spyware
• Phishing
• Pharming
• Security industry approach to emerging Malware
• Security Recommendations
• Q A

3
Malware

• Short for malicious software
• Any software designed
• specifically
• to damage or disrupt
• a system

4
Traditional Types of Malware

• Virus
• Attaches itself to a program or file and
  reproduces itself
• Cannot be spread without a human action
• Worm
• Spreads without human intervention
• Could send out thousands of copies of itself
• Tunnels into a system to control it remotely
• Trojan Horse
• Appears to be useful software/files from a legit
  source
• Could delete files and destroy information on a
  system
• Creates a back door for malicious access spread
• Do not reproduce by infecting files nor
  self-replicate

5
Latest Types of Malware

• Phishing and Pharming
• belong to the family of Spyware
• Along with many others
• Adware
• Key loggers
• Dialers
• Downloaders
• Back doors

6
What is Spyware?

• Any software that covertly gathers
• information on user activities
• through the user's Internet connection
• without his or her knowledge
• and ships it off to an
• unknown third-party server
• over the Internet

7
What is Adware?

• Adware is Commercial Spyware
• Developed by commercial
• advertising companies
• who claim not malicious intent
• Usually created for
• advertising/marketing purposes

8
How does Spyware work?

• Independent executable able to
• Deliver unsolicited advertising pop-up ads
• Monitor keystrokes
• Scan files on the hard drive
• Snoop other apps (e.g. chat, word processors)
• Install other Spyware programs
• Read cookies
• Change the default home page on the browser
• Consistently relays info back to source for
• Advertising/marketing purposes
• Selling the information to another party

9
Spyware Concerns

• Ethics and privacy
• Computers resources
• Internet connection bandwidth
• System crashes or general instability
• Licensing agreements for software downloads may
  not always be read
• The notice of a Spyware installation is couched
  in hard-to-read legal disclaimers
• Producers of Adware also produce Anti-Spyware
  tools It is a profitable industry

10
Getting Spyware is Easy

• Drive-By Installations
• Social engineering
• Spoof certificates
• Web Exploits
• Every MS Security Bulleting that Could Allow
  Code Execution can be used to install Spyware
• Bundles
• Users unwittingly install the product when they
  install something else freeware/shareware
• gt Kazaa gt Games
• gt Pirated Software gt Screensavers
• gt Smileys gt Anti-Spyware programs

11
Malicious Spyware Types

• Key-loggers
• Log keystrokes and send over the Internet
• It steals information including passwords
• Dialers
• Cause a users modem to dial a 900 or 976 number

12
Malicious Spyware Types (cont)

• Back doors
• Provide hacker with complete control (e.g. Back
  orifice)
• Downloaders
• Download and install Spyware, Adware, key
  loggers, dialers, back doors, etc
• Most commonly installed using web exploits
• Phishing Pharming

13
What is Phishing?

• The act
• of sending a message to a user
• falsely claiming to be an established
• legitimate enterprise in an attempt to
• scam the user into surrendering
• private information that will be used
• for identity theft

14
Phishing Purpose

• They will cast the bait and if you bite,
• they can lure your personal
• information out of you
• ID Passwords
• Credit Card Information
• NRIC / Passport Information
• Bank Account Numbers

15
Bogus Websites

• to which victims are redirected
• without their knowledge or consent,
• look the same as
• a genuine website
• But
• information like
• login name and password
• is captured by
• criminals

16
Example of a Phishing email
17
Anti-Phishing Groups
18
Pharming Out-Scams Phishing

• First came Phishing,
• in which con artists hooked unwary
• internet users one by one into
• compromising their personal data
• Pharmers
• can scoop up many victims
• in a single pass

19
What is Pharming?

• New use for a relatively old concept
• domain spoofing
• Pharmers
• simply redirect as many users as
• possible from
• legitimate commercial websites
• to malicious ones

20
Pharming most alarming threat

• DNS poisoning
• Large group of users to be silently shuttled to a
  bogus website even when typing in the correct URL
  
• You no longer have to click
• a URL link
• to hand over your information to
• identity thieves

21
Certificate Mismatch
22
Technical Challenges

• New and evolving technology
• Quickly adopts all latest techniques from
  Viruses, Worms and Trojans
• Attracts the best brightest hackers
• Application level threat existing enterprise
  defenses lack granularity

23
Latest News Feb 12, 2007
24
Spyware Market Place

• Many providers have started to offer products
• Market still resembles the wild west and the
  early days of the Internet
• Standards and Commercial winners--losers have
  yet to emerge

25
Enterprise Solutions Emerging

• Spyware specific desktop tools
• Desktop agent with no centralized management
• Use of signatures
• Desktop Antivirus
• Detecting a small subset of known Spyware
• Use of signatures
• URL Filtering
• Gateway solution
• Blocks known Spyware sources change often
• Proxy Appliance
• Stop drive-by installation
• URL filtering and use of signatures

26
Industry Approach - Phishing

• Based on social engineering Self defense relies
  on common sense of the user
• The automated detection of new Phishing fraud is
  very difficult
• Only an extensive forensic analysis by law
  enforcement can prove the evidence of Phishing
• Try to mitigate by
• URL blocking of known URLs of Phishing websites
• Spam blocking of emails of Phishing scams that
  are sent en mass

27
Industry Approach - Pharming

• Browsers that could authenticate website
  identity. (CardSpace, OpenID)
• Browser toolbars displaying the true physical
  location of a website's host (e.g. Russia)
• Some financial institutions are experimenting
  with "multi-factor authentication" logins,
  including
• single-use passwords (e.g. tokens)
• automatic telephone call-backs

28
Security Recommendations

• Do not open e-mail attachments unless you know
  the source and are expecting the attachment
• Do not reply to the e-mail from an unknown source
• Do not click on entrusted hyperlinks to the
  Internet
• Do not download unapproved software from the
  Internet
• Do not respond or visit the website indicated by
  an instant message or e-mail
• Do not give out personal information over the
  Internet
• Before revealing any identifying information, ask
  how it will be used and secured.

29
Questions?
30
Thank You!
Ian Loe, CISSP Senior IT Architect, Asia/Pacific,
EIS SOA Advanced Technologies IBM Software
Group Email ianl_at_sg.ibm.com