TCEA Workshop 6898:
Phishing for Worms – Why is my
Computer so Slow?
A brief look at some annoying and sometimes dangerous creatures inhabiting cyberspace
William Ball, Technology Coordinator
Holli Horton, Technology Trainer
Calallen ISD
Corpus Christi, TX
1

How prevalent are viruses and things?
More than two thirds of home users think they are safe from online threats.
2

Viruses, worms, and Trojan Horses are malicious programs that can cause damage to your computer and information on your computer.
3

With an ounce of prevention and some good common sense, you are less likely to fall victim to these threats.
4

5

Virus (n.) Code written with the express intention of replicating itself. A virus attempts to spread from computer to computer by attaching itself to a host program.
It may damage hardware, software, or information.
6

Worm (n.) A subclass of virus. A worm generally spreads without user action and distributes complete copies (possibly modified) of itself across networks.
A worm can consume memory or network bandwidth, thus causing a computer to stop responding.
7

Trojan Horse (n.) A computer program that appears to be useful but that actually does damage.
One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
8

Many of the most dangerous viruses are primarily spread through e-mail
9

Never open anything that is attached to an e-mail unless you were expecting the attachment and you know the exact contents of that file.
10

11

12

Googling the phone number (703)
482-0623 gets:
•
Phonebook results for 703-482-0623:
United States Government, Central
Intelligence Agency, ( 703 ) 482 0623 , Mc
Lean, VA 22101
•
This is not the CIA Office of Public Affairs in Washington, D.C., as the email reports.
13

FBI Warns of Email Scam
The Federal Bureau of Investigation issued an alert about a scam involving
unsolicited e-mails, purportedly sent by the FBI, that tell computer users that their Internet surfing is being monitored by the agency. The users are told they have visited illegal Web sites and are instructed to open an attachment to answer questions, reports CNN.
This email virus is a variant of the Sober Y worm which was originally discovered on November 16th, 2005. Like the previous variants, this one sends itself inside a ZIP archive as an attachment in e-mail messages with
English or German texts.
It should be noted that along with the "usual" messages that look like fake bounces, password change notification requests, Paris Hilton video ads and so on, the worm sends messages that look like they come from FBI or
CIA. The From field of such messages contains any of the following:
Department@fbi.gov (also can be Office@, Admin@, Mail@, Post@)
Department@cia.gov (also can be Office@, Admin@, Mail@, Post@)
The Subject field contains any of the following:
You visit illegal websites
Your IP was logged
The FBI is investigating the scam.
14

15

The reason this email was successful was because:
•
It came from a perceived important or powerful person
•
Accused wrongdoing; plays on guilt
•
Gave an opportunity to right a wrong
This is called…
16

17

In the field of computer security, social engineering is the practice of obtaining confidential information by manipulation of legitimate users.
18

By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that “ users are the weak link
” in security and this principle is what makes social engineering possible.
19

Beware of messages that request password or credit card information in order to “set up their account” or
“reactivate settings”.
20

21

22

23

24

Phishing (v.) is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.
25

•
In 2005, phishing represented an average of one in every 304 emails, compared to one in every 943 in 2004.
26

27

Dear Citibank Customer,
When signing on to Citibank Online, you or somebody else have made several login attempts and reached your daily attempt limit. As an additional security measure your access to
Online Banking has been limited. This Web security measure does not affect your access to phone banking or ATM banking.
Please verify your information here , before trying to sign on again. You will be able to attempt signing on to Citibank Online within twenty-four hours after you verify your information. (You do not have to change your Password at this time.)
Citibank Online Customer Service
Copyright © 2004 Citicorp
28

<font color="#000000" face="Arial">
<p>When signing on to Citibank Online, you or somebody else have made several login attempts and reached your daily attempt limit. As an additional security measure your access to Online
Banking has been limited. This Web security measure does not affect your access to phone banking or ATM banking. </p>
<p>Please verify your information <a href="http://200.189.70.90/citi">here</a>, before trying to sign on again. You will be able to attempt signing on to Citibank Online within twenty-four hours after you verify your information. (You do not have to change your Password at this time.)</p>
<p>&nbsp;</p>
<p><b>Citibank Online Customer Service</b></p>
<br>
</td>
29

Dear valued customer
Dear valued
Need customer
Help?
We regret to inform you that your eBay account could be suspended if you don't reupdate your account information. To resolve this problems please click here and reenter your account information. If your problems could not be resolved your account will be suspended for a period of 3-4 days , after this period your account will be terminated.
Dear valued customer
For the User Agreement , Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.
Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay.
30
Regards,Safeharbor Department eBay, Inc

<DIV style="width: 605; height: 224"><STRONG><FONT face=arial> We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please </FONT>
<a target="_blank" a href=" http://211.239.171.57/alfa/eBayISAPI.php?MfcISAPIComm
and=SignInFPP&UsingSSL=1&email=&userid="><FONT face=arial color=#0000ff>click here </FONT></a></STRONG><FONT face=arial> and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 3-4 days, after this period your account will be terminated.
31

32

33

The code disguises the real target of this link: href="http://wordart.co.jp/.onli
href=" ne/co/login.php">https://servic objectclicked=LoginSplash</a
></FONT></TD>
34

Where is this taking you?
Is this a secure site?
35

Where is this taking you?
Is this a secure site?
36

How Not to Get Hooked by a
Phishing Scam from the Federal Trade Commission
37

Legitimate companies don’t ask for account information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address.
38

Don’t email personal or financial information
Email is not a secure method of transmitting personal information.
Period.
39

Review credit card and bank statements as soon as you receive them
Determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
40

Use anti-virus software and keep it up to date
Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
41

Be cautious about opening any attachment regardless of who sent them
Have you heard this before?
42

Report suspicious activity to the
FTC
If you get spam that is phishing for information, forward it to spam@uce.gov If you believe you’ve been scammed, file your complaint at www.ftc.gov.
43

44

Spyware is Internet jargon for
Advertising Supported software.
It is a way for shareware authors to make money from a product, other than by selling it to the users.
45

Spyware is any technology that aids in gathering information about a person or organization without their knowledge.
46

A drive-by download is a program that is automatically downloaded to your computer, often without your consent or even your knowledge.
47

Unlike a pop-up download, which asks for assent (albeit in a calculated manner likely to lead to a "yes"), a drive-by download is carried out invisibly to the user: it can be initiated by simply visiting a Web site or viewing an HTML email message.
48

While this may be a great concept, the downside is that the advertising companies also install additional tracking software on your system, which is continuously "calling home", using your Internet connection and reports statistical data to the "mothership".
49

Even though the name may indicate so, Spyware is not an illegal type of software in any way.
However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product.
50

Generically, adware is any software application in which advertising banners are displayed while the program is running.
51

Adware has been criticized because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge.
52

In addition to privacy and security concerns, resource-hogging adware and spyware can cause system and browser instability and slowness.
For users paying for dialup services by time used, ad-loading and hidden communications with servers can be costly.
53

Adware isn't necessarily spyware.
Registered shareware without ads may be spyware. Purchased out-ofthe-box software may contain adware and may also be spyware.
54

All this makes for a confusing mess and users need to be on guard when installing any type of software.
55

56

from StaySafeOnline.com
57

1. Use anti-virus software and keep it up to date
Anti-virus software is designed to protect you and your computer against known viruses so you don’t have to worry. But with new viruses emerging daily, anti-virus programs need regular updates, like annual flu shots, to recognize these new viruses. Be sure to update your anti-virus software regularly.
58

2. Don’t open emails or attachments from unknown sources
A simple rule of thumb is that if you don't know the person who is sending you an email, be very careful about opening the email and any file attached to it. Should you receive a suspicious email, the best thing to do is to delete the entire message, including any attachment.
59

3. Protect your computer from
Internet intruders – use firewalls
Firewalls create a protective wall between your computer and the outside world. They come in two forms, software firewalls that run on your personal computer and hardware firewalls that protect a number of computers at the same time. They work by filtering out unauthorized or potentially dangerous types of data from the Internet, while still allowing other (good) data to reach your computer.
60

4. Regularly download updates and patches for your OS and other software
Most major software companies today release updates and patches to close newly discovered vulnerabilities in their software.
61

Mix upper case, lower case, numbers, or other characters not easy to find in a dictionary, and make sure they are at least eight characters long. Don’t share your password, and don’t use the same password in more than one place.
62

6. Back-up your data on disks or
CDs regularly
Back up small amounts of data on floppy diskettes and larger amounts on CDs or DVDs. If you have access to a network, save copies of your data on another computer in the network.
63

7. Don’t share access to your computers with strangers
Your computer operating system may allow other computers on a network, including the
Internet, to access the hard-drive of your computer in order to “share files”. This ability to share files can be used to infect your computer with a virus or look at the files on your computer if you don’t pay close attention. (Music sharing programs like Kazaa, Napster, and Gnutella are common music file sharing programs.)
64

8. Disconnect from the Internet when not in use
Disconnecting your computer from the Internet when you’re not online lessens the chance that someone will be able to access your computer.
65

9. Check your security on a regular basis
You should evaluate your computer security at least twice a year. Look at the settings on applications that you have on your computer. Your browser software, for example, typically has a security setting in its preferences area.
66

10. Make sure you know what to do if your computer becomes infected
It’s important that everyone who uses a computer be aware of proper security practices. People should know how to update virus protection software, how to download security patches from software vendors and how to create a proper password.
(If in doubt, contact the nearest 14 year-old.)
67

68

69

70

71

Be careful – none of these sites is what you want!
72

Tucows is a safe site to download from.
73

•
Be aware of Social Engineering techniques
•
Never share your password with anyone
•
Protect your computer:
•
Keep your OS updates current
•
Use antivirus software and keep it up-todate
•
Use programs like Adaware and Spybot
Search and Destroy to keep your computer free from malware
74

75