What are they? What do they have to with me?
MALICIOUS ATTACKS
Introduction
 You may not know exactly what it is, but
chances are you have encountered one at
some point on the internet
 Ever get a pop-up that tells you that you just
won a free iPhone? Ever been asked to click
on a link to redeem your prize or “find out
who has a crush on you”? Then you have
encountered an attempted malicious attack.
So what is it?
 A malicious attack is anything
that attempts to spread
damaging viruses or “phishing”
 What is phishing? It’s a criminal
attempt at stealing your private
information such as your credit
card details, passwords, or bank
account number using electronic
mediums.
 Also, it’s important to remember
that dumpster diving is another
form of phishing.
How do I know if I’m a
victim?
 Viruses are usually spread through e-mails and pop up
windows. You may be infected by simply opening an email or you may be presented with a link that will direct
you to a false website that will contaminate your
system.
 Phishing is done by fooling you into thinking you are
entering a trustworthy electronic communication. For
instance, sending you an e-mail informing you that
there is a complication with your bank account and
presenting you with a link to a page that is designed to
make you believe that it is your bank’s official website.
Once you are on the false site you will usually be asked
to give your personal information and you do so
without any idea that you have been made a victim.
Background (Evolution)
 Malicious attacks are considered cyber




crimes.
Cyber crime = crimes that target computers
directly or crimes facilitated by use of
computer.
1820 – first recorded cyber crime.
1970 – developments in networking
technology (email).
1990 – birth of internet.
Some important milestones
 Wild virus, experimental virus
 Robert Morris’s Worm
 AIDS Trojan
 First Macro Virus, Hackers
 Windows 98
 Denial of Service (DoS)
Steps towards lessening the
problem.




Keep your antivirus up to date
Use anti-spam software
Use back-up systems
Don’t enter sensitive or financial information
into pop-up windows
 Use a Firewall
 Don’t open hyperlinks in an email
 Get educated (especially on phishing and
hacking)
Criticisms
 Things like encryption and copy protection
mechanisms do not fully solve the issue. Encryption
usually protects the data only on the transport
channel, and as soon as the data is decrypted for
display or playback, it can be copied.
 Copy protection mechanisms are difficult to realize
in open systems. Even in proprietary systems they
are often circumvented sooner or later.
 Thus, both encryption and copy protection offer only
limited security.
 Currently, heavy firewalls and watermarking are
really the best options.
In our personal opinion…
 We do not recommend malicious attacks of any kind.
 Malicious Attacks such as phishing (email, IM, Phone calls, and









Dumpster Diving.)
Once again…
Keep your antivirus up to date
Use anti-spam software
Use back-up systems
Don’t enter sensitive or financial information into pop-up
windows
Use a Firewall
Don’t open hyperlinks in an email
get educated (especially on phishing and hacking)
Contact the Information Security Office
 (412) 268-2044
 Iso-ir@andrew.cmu.edu