neitherdestroyeddata—theyweremereannoyances ...the file linked to by this malicious spam is part...
TRANSCRIPT
![Page 1: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/1.jpg)
1
![Page 2: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/2.jpg)
While calling all malware “viruses” is not technically correct, it is likely you’ll be understood! Virus: relies on another file to replicate and spread. Influenza spreads by infecFng your body’s cells and using them to replicate, it cannot spread on its own Worm: Self-‐contained and self replicaFng. May spread over a network, use e-‐mail, malicious websites, or other methods to spread itself Trojan: SoLware (downloadable programs or AcFveX controls, Java applets on websites) that appears to be desirable/innocuous but is not (Rogue AV) Adware: Ad-‐supported soLware, may be innocuous (remember Eudora Light?) or may also be spyware Spyware: Monitors computer use, collects personal informaFon, may also include keyloggers, password stealers, and more malicious informaFon stealing programs
2
![Page 3: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/3.jpg)
Neither destroyed data—they were mere annoyances. Most early malware and viruses were done to gain notoriety, experiment, or as pranks. Before the late 1980s, most viruses spread via removable media, usually floppy disk. Viruses and Trojans did start to appear on BBSes and newsgroups devoted to soLware sharing and piracy during this Fme.
Elk Cloner: h`p://en.wikipedia.org/wiki/Elk_Cloner ©Brain: h`p://en.wikipedia.org/wiki/%28c%29Brain
3
![Page 4: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/4.jpg)
Yes, the Creeper worm on ARPANET predates this worm, but we’re talking about networks that sFll exist in this context. The creator of the Morris worm was convicted of a crime, but served a suspended sentence, performed community service, and paid a $10,000 fine.
Morris worm: h`p://en.wikipedia.org/wiki/Morris_worm h`p://news.cnet.com/16-‐candles-‐for-‐first-‐Internet-‐worm/2100-‐7349_3-‐5438291.html
4
![Page 5: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/5.jpg)
Chernobyl/CIH: h`p://en.wikipedia.org/wiki/CIH_%28computer_virus%29 Melissa: h`p://en.wikipedia.org/wiki/Melissa_%28computer_worm%29
5
![Page 6: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/6.jpg)
6
![Page 7: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/7.jpg)
This is classified as a worm because it is self-‐propagaFng. Systems infected with the Storm worm would send spam e-‐mails out containing links to the malicious file.
Subject lines: U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel BriFsh Muslims Genocide Naked teens a`ack home director. 230 dead as storm ba`ers Europe. Re: Your text
7
![Page 8: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/8.jpg)
Report: Security-‐Wise, the Mac Plaoorm Is Gepng Shaky: h`p://www.macnewsworld.com/story/Report-‐Security-‐Wise-‐the-‐Mac-‐Plaoorm-‐Is-‐Gepng-‐Shaky-‐61522.html
8
![Page 9: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/9.jpg)
How many here use Windows on their computers?
9
![Page 10: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/10.jpg)
Destroy data Open up backdoors (so the hackers can use your computer for other things, install more malware, etc) Join your computer to a botnet Send spam (botnet) Use your computer to a`ack other computers (botnet) Self replicate/spread Steal keystrokes Disable anFvirus , turn off firewall, and/or prevent you from visiFng security websites Observe your surfing habits, display pop-‐ups
10
![Page 11: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/11.jpg)
Installs itself and then makes changes to your system so you can’t shut it off Sets itself up so it runs when the computer boots up Checks to make sure its malicious sepngs are sFll present, resets them if not Rewrites system files (rootkit) Hides itself in memory (can’t see malware process in Task Manager)
11
![Page 12: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/12.jpg)
12
![Page 13: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/13.jpg)
13
The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads more malware that can infect your system. Want to know how I figured out where that link led? I hovered over it with my mouse pointer—the yellow box that popped up (called a ToolTip) showed a very suspect-looking web address.
![Page 14: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/14.jpg)
14
The malicious link in this e-mail led the user to a CNN look-alike page which attempted to download a program named “Adobe_Player.exe” to the user’s system. If run, this program actually installed what’s known as “scareware” or “rogue antivirus software.” It tells the user they’re infected with malware and they need to pay $40 for the “pro” version of the software that can remove said malware. All scareware removes is money from your pocketbook!
![Page 15: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/15.jpg)
Use Secunia PSI/AppFresh to help with updates
15
![Page 16: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/16.jpg)
16
Green icon is put there by McAfee SiteAdvisor. http://www.siteadvisor.com (Another good option is WOT: Web Of Trust) SAFE (green): Very low or no risk issues. CAUTION (yellow): Minor risk issues. WARNING (red): Serious risk issues. UNKNOWN (grey): Not yet rated. Use caution.
McAfee SiteAdvisor rating methodology Risky downloads—Downloadable files that contain viruses, spyware, or adware or make unrelated changes to the downloading computer • Browser exploits—Also known as a driveby download, this type of malicious code enables viruses, keystroke loggers, or spyware to install on a consumer’s computer without consent and/or knowledge • Email practices—Registration forms and other sign-ups that result in high volume email, highly commercial email or both. We also test for difficultly unsubscribing. • Phishing—Scam sites that try to trick visitors into believing the site is legitimate • Excessive popups—Sites that engage in aggressive popup behavior or display large numbers of popups • Linking practices—Sites that aggressively link to other red- or yellow-rated sites
![Page 17: Neitherdestroyeddata—theyweremereannoyances ...The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads](https://reader033.vdocuments.site/reader033/viewer/2022042808/5f83314b569fed424c2e7f08/html5/thumbnails/17.jpg)
Stay Safe Online is on 2/2/09, Networking is 2/9/09
17