Download - Phishing with Worms
![Page 1: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/1.jpg)
Phishing with Worms
Twenty Years of Digital Threats—What Have We Learned and Where Are We Now?
![Page 2: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/2.jpg)
WORMS
The worst and the worser
![Page 3: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/3.jpg)
Is it a worm, virus, or trojan? Malware is a general term. Trojans hide as another program.
Trojan disguises itself as another program with value. Might disguise itself as a free tool for editing photos.
Virus hides within another program. Infected program may or may not still operate after
the attack. Worms hide without disguise.
Worm is the entity. It self-installs.
![Page 4: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/4.jpg)
Back “in the day”
Worms travelled by floppy.
Transmission rates were slow.
Still some worms became widespread.
![Page 5: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/5.jpg)
Assimulation
Worm infected machines assemble themselves into
collective “botnets” capable of sending
spam, and crunching passwords.
![Page 6: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/6.jpg)
The CollectivesBotnet Collective Spam
rate
Name Machines (billions/day)
Conficker 20 million 10
Kraken 500,000 9
Srizbi 450,000 60
Bobax 185,000 9
Rustock 150,000 30
Cutwail 125,000 16
Storm 85,000 (peak 1.5 million) 3
![Page 7: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/7.jpg)
What to do with a botnet
Spam enginePassword/Encryption hackingBank fraud, identity theftCriminal computing enterprises
Decentralized computingHuge bandwidth potential More computing cycles than top ten
mainframes
![Page 8: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/8.jpg)
Storm botnet
Evades tracking, morphsTakes defensive measures – known to launch
denial of service attack against suspected investigators
Summer of 2007, Storm forces Estonia “off the web.” Key servers for the baltic nation moved offline for extended period included government, banking, media, and police sites.
Once involved 1.5 million computers
![Page 9: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/9.jpg)
Conficker : new guy on the blockDate Estimated
Infections
Dec 1, 2008 500,000
Dec 2, 2008 less than million
Dec 4, 2008 1.2 million
Dec 5, 2008 3.5 million
................................
Jan 17, 2009 9 million
Jan 23, 2009 10 million
Jan 26, 2009 15 million
![Page 10: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/10.jpg)
Conficker Payload Delivery FlashDrive
Auto run Default action
Autorun / AutoPlay Hard to turn off Registry editing
Network Password guessing Weak passwords
![Page 11: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/11.jpg)
Microsoft's Part
Announced a fix in October Apparently not everyone installed
the update Malicious Software Removal Tool Worm may block
access to MS Update antivirus from updates Windows Defender or turn it off
![Page 12: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/12.jpg)
What does the worm do?
We don't knowIt seems to be waiting for orders
![Page 13: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/13.jpg)
What can you do?
Update Windows Regularly Apply MS08-067 Disable Autoplay / AutoRun Run the Malicious Software Removal tool
available from www.update.microsoft.com
![Page 14: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/14.jpg)
You might have conficker if ...You cannot connect to websites or online services
that contain the following strings: virus spyware malware rootkit defender
microsoft symantec norton mcafee trendmicro sophos panda etrust networkassociates computerassociates f-secure kaspersky jotti f-prot nod32 eset grisoft drweb centralcommand ahnlab esafe avast avira quickheal comodo clamav ewido fortinet gdata hacksoft hauri ikarus k7computing norman pctools prevx rising securecomputing sunbelt emsisoft arcabit cpsecure spamhaus castlecops threatexpert wilderssecurity windowsupdate
![Page 15: Phishing with Worms](https://reader036.vdocuments.mx/reader036/viewer/2022062521/5681692e550346895de071a2/html5/thumbnails/15.jpg)
You might have conficker if ...
The following services are disabled or fail to run: Windows Security Center Service Windows Update Auto Update Service Background Intelligence Transfer Service Windows Defender Error Reporting Service Windows Error Reporting Service