Tips to Help Prevent the Spread of Malware

Division of Planning and Information Resources

Tips to Help Prevent the Spread of Malware

When Anti-Virus alone Can’t!

Scott Finlon, CISSP, GCIA, GCIHInformation Security Engineer


What we’re going to talk about

• Brief introduction• Common methods of Infections• Ways we can prevent these infections• How can I tell if I’m already infected?• Let’s play a game!


So what do you mean when AV Can’t?

• AV is an industry! Why can’t they do better?

• Malware used to be coded by “script kiddies” who were bored and just looking to have some fun

• Now the malware realm belongs to organized crime

• Because of this, malware numbers have grown exponentially!


What is this a graph of?


That’s a lot of malware!

• If an entire industry can’t keep up, what can we do?

• Well, the bad guys don’t spend a lot of money coming up with brand new ideas.

• Why fix what isn’t broken?• Because of this, malware uses a lot of the

same common infection vectors• So, if we are more careful in just a few areas,

we can prevent most common types of infections!


Tell me what I can do!• Run up-to-date security software

– Even with what I just said, up-to-date antivirus software is really important

• Make sure your firewall is turned on• Get all of the latest software updates

– Operating system critical updates– Third party software updates are just as important!– Secunia PSI is free for personal use, to help automate keeping

everything up to date! http://secunia.com/vulnerability_scanning/personal/

• Limit user privileges• Understand how malware and the schemes to get you to

install it work

http://secunia.com/vulnerability_scanning/personal/

http://secunia.com/vulnerability_scanning/personal/


Common Methods of Infection

• Websites• Pop Ups• Software Downloads• E-mails• Physical Media• (Il)Legal P2P Services• Phone Calls


Websites• A lot of times a website will tell you that you need to install

special software to continue to view or use something on their site

• Other times they are compromised and have an exploit just waiting for you to browse to their site

• These can be:– Malicious redirects – that point you to fake software that is laced with

malware– Their server was Hacked– Their advertising service was hacked– Pop-ups!

• The best defenses are: – To use a alternative browser, like Chrome or Firefox– Keep your browsers up to date,– Keep your third party software up to date (especially Java and Flash)


Pop-Ups• Some pop-ups will try to corner you into making

a decision to buy software or pay for a service or scan– These scare tactics are one of the more common

tactics that the bad guys are using

• They make it difficult to close the window• Some even “force” you to accept something by

only giving you one button to click– Never click anything in these windows– Close them by clicking the ‘X’ on the window, in

Windows Task Manager, or by pressing ‘Alt+F4’


Fake Alerts


Ransomware

http://www.f-secure.com/weblog/archives/multiple_ransomware_warnings.gif


Software• Be cognizant of where you download software

– Only download software from their official site• To update/install Flash Player go to Adobe.com• To update/install iTunes to go Apple.com• To install any browser add-ons use their official browser

stores

– “Free” software is laced with malware, so the software isn’t free when they are stealing all of your information

– Be careful of what boxes you are selecting and unselecting when installing known good software


“Opt-out” software installs


Would anyone install this?


Software• What do Osama Bin Laden, the new Royal Baby, and

the Riots in Egypt have in common?– The bad guys prey on world events, and human curiosity

• They send links via email, Facebook messages, IM, and any other way they can

• They try to entice you to click on a link to see a video or pictures

• When you click on the link to see the pictures or video it’ll ask you to install an updated or specialized media player– If you aren’t sure if you’re up to date, go to the official

website!


Peer to Peer

• There are some legitimate P2P uses• However, if you try to download movies

or music, you are on your own• There is no quality control • You can’t be sure what you are actually

downloading– Anyone can name any software anything


Emails

• “The University of Scranton will never ask you for your username or password in an email. All requests to update or change user information will be done through my.Scranton.edu”

• Does this look or sound familiar?– I hope so!


http://oregonstate.edu/helpdocs/sites/default/files/phishing_example_02.jpg


Emails• Don’t trust any email!

– Be suspicious about links from people you know, but never click a link from someone you don’t!

– It’s incredibly easy to spoof emails to make it look like one came from someone else

• If you get a link from someone you know, look to see if there is any context associated with the link

• Look at the what the top level domain is (e.g. .com .co.uk .ly .cn .co)

• Don’t click links about unexpected UPS/FedEx deliveries• Never buy anything promoted in a spam email• Don’t bother clicking the “unsubscribe” button, this can

notify them that your address is active and they will use it to send more spam


Phishing• A phishing scheme is a type of social engineering where a bad

guy send you an email phishing for information• They might claim to be a bank, credit card company and ask you

to click a link and log in– If you do this, you are handing them your credentials– Sadly, some banks legitimately do this, so the best protection is to skip

clicking the link and type the banks address in a browser manually – Or better yet, call the bank or credit card company and verify it with

them! Use the number you know, or the one on the back of your card, not one you get in an email

• They might pretend to be a foreign nation saying you are a long lost descendant of royalty, and to send your information so they can give you your millions and millions of dollars

• Look for spelling and grammatical errors, the bad guys don’t seem to know how to spell check yet!


Physical Media• Have you heard of Stuxnet?

– Iran’s most secure computer system was breached by USB drives

• It’s an increasing trend for bad guys to “drop” USB drives in parking lots– Well intentioned people pick them up and plug them

in to see if any identifying information is on them• And they get infected immediately for their trouble

• Sometimes friends/family might try to share a legitimate file, but may be unknowingly sharing their malware infections too


Phone calls• Tech support scams

– Their goals:• Trick you into installing malicious software• Getting you to pay them to remove the software• Getting your bank or credit card info so they can bill you for as much as the

bank/card will allow them to

– They claim to be from “Windows Helpdesk” “Windows Service Center” “Microsoft Tech Support” “Microsoft Support” “Windows Technical Department Support Group” “Microsoft Research and Development Team”

• More information here:– http://www.microsoft.com/security/online-privacy/avoid-phone-

scams.aspx

• Report phone scams here:– http://www.consumer.ftc.gov/articles/0076-telemarketing-scams

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

http://www.consumer.ftc.gov/articles/0076-telemarketing-scams

http://www.consumer.ftc.gov/articles/0076-telemarketing-scams


How can I tell if I’m infected?

• Your default homepage or search engine has been changed

• Your firewall or antivirus is disabled• You can’t browse to any security related

website, or can’t update your antivirus• Pop-ups!• Sound or music played at random times• Unexpected programs are now installed,

or important files are missing


Let’s play spot the phish!


REAL!


Questions?

Comments, and/or snide remarks are welcomed too

Tips to Help Prevent the Spread of Malware

Documents

Transcript of Tips to Help Prevent the Spread of Malware