Title: Joe Klemencic 2005
1Joe Klemencic 2005
2- 80
- Number of machines on the Internet infected with
Spyware - source TechNewsWorld
3- 28 Items
- Number of Spyware items on average
source IntranetJournal
4(No Transcript)
5John Doe likes lamps
John Doe likes lamps
While searching for Star Wars items, we noticed
that you also like lamps.
CookieJohn Doe ordered 1 lamp
Order of 1 lamp for John Doe submitted.
6(No Transcript)
7(No Transcript)
8 9(No Transcript)
10If this is a REAL Windows dialog box, use the X
to close OR- use your browsers BACK button.
if INSTALL_BUTTON is clicked install
malware.exe
if NOTHANKS_BUTTON is clicked install
malware.exe anyway // Bwhahaa!!!
11if MOUSECLICK install malware.exe
In this case, the entire dialog box is really a
Graphic image. No matter where you click, it will
install malware.
12Phishing
13Identity Theft Not limited to relatives or
physical theft of personal information (drivers
license, credit cards). Most Identity Theft
occurs NOT from your on-line transactions, but
rather from locally installed software watching
your computer OR from compromised machines at the
various merchants and banks.
Just because a web site uses SSL or states it is
a Secure Server does NOT guarantee your data is
safe. All it means is that the communications
between your machine and the web site is
encrypted (or at least is supposed to be).
Many banks will NOT honor their fraud policies if
the ID theft was due to Phishing.
Source USA Today 01-14-2005
14(No Transcript)
15PHARMING(Hijacking Hosts/DNS)
- c\windows\system32\drivers\etc\hosts or
/etc/hosts - 206.65.183.18 www.microsoft.com
- 206.65.183.18 www.google.com
- 206.65.183.18 www.paypal.com
- 206.65.183.18 www.ebay.com
- 206.65.183.18 home.msn.com
- 206.65.183.18 www.yahoo.com
- 206.65.183.18 mail.yahoo.com
- 206.65.183.18 www.cnn.com
- 206.65.183.18 www.bankone.com
- 206.65.183.18 www.citibank.com
16Cleanup and Prevention
17(No Transcript)
18(No Transcript)
19(No Transcript)
20Dont click on everything that pops up in front
of you and READ the messages!!! If unsure, visit
a different site.
21- Hijack your own windows\system32\drivers\etc\hosts
file - 127.0.0.1 www.doubleclick.net
- 127.0.0.1 ad.doubleclick.net
- 127.0.0.1 ad.preferences.com
- 127.0.0.1 ads.doubleclick.com
- 127.0.0.1 ads.infospace.com
- 127.0.0.1 ads.msn.com
Make your hosts file Read Only
22Spyware and Phishing Resources
- Current Phishing Scams
- http//www.antiphishing.org/
- Spyware Discussions
- http//www.spywaremanagement.org/
- E-mail Hoax
- http//hoaxbusters.ciac.org/
23(No Transcript)