joe klemencic 2005. 80%+ number of machines on the internet infected with spyware * source:...
TRANSCRIPT
Joe Klemencic 2005
80%+ Number of machines on the Internet infected with
Spyware
* source: TechNewsWorld
28 Items
Number of Spyware items on average
* source: IntranetJournal
eTailor
Web Advertising Agency
eTailor eTailor
Order of 1 lamp for John Doe submitted.
Cookie:John Doe ordered 1 lamp
John Doe likes lamps
John Doe likes lamps
While searching for Star Wars items, we noticed that you also like lamps.
=
if INSTALL_BUTTON is clicked{
install malware.exe
}
if NOTHANKS_BUTTON is clicked {
install malware.exe anyway // Bwhahaa!!!
}
If this is a REAL Windows dialog box, use the ‘X’ to close –OR- use
your browsers BACK button.
In this case, the entire dialog box is really a Graphic image. No matter where you click, it will install malware.
if MOUSECLICK {
install malware.exe
}
Phishing
*Source: USA Today 01-14-2005
Identity Theft:
Not limited to relatives or physical theft of personal information (drivers license, credit cards). Most Identity Theft occurs NOT from your on-line transactions, but rather from locally installed software watching your computer OR from compromised machines at the various merchants and banks.
Just because a web site uses SSL or states it is a ‘Secure Server’ does NOT guarantee your data is safe. All it means is that the communications between your machine and the web site is encrypted (or at least is supposed to be).
Many banks will NOT honor their fraud policies if the ID theft was due to Phishing.
PHARMING(Hijacking Hosts/DNS)
c:\windows\system32\drivers\etc\hosts or /etc/hosts
206.65.183.18 www.microsoft.com206.65.183.18 www.google.com206.65.183.18 www.paypal.com206.65.183.18 www.ebay.com206.65.183.18 home.msn.com206.65.183.18 www.yahoo.com206.65.183.18 mail.yahoo.com206.65.183.18 www.cnn.com206.65.183.18 www.bankone.com206.65.183.18 www.citibank.com
Cleanup and Prevention
Don’t click on everything that pops up in front of you and READ the messages!!!
If unsure, visit a different site.
Hijack your own windows\system32\drivers\etc\hosts file:127.0.0.1 www.doubleclick.net127.0.0.1 ad.doubleclick.net127.0.0.1 ad.preferences.com127.0.0.1 ads.doubleclick.com127.0.0.1 ads.infospace.com127.0.0.1 ads.msn.com
Make your hosts file Read Only:
Spyware and Phishing Resources
Current Phishing Scams:http://www.antiphishing.org/
Spyware Discussions:http://www.spywaremanagement.org/
E-mail Hoax:http://hoaxbusters.ciac.org/