What Are Malicious Attacks?

• Malicious Attacks are any intentional attempts that can compromise the state of your computer.

• Including but not limited to:– Performance– Data

Goals of Attackers

1. Prank2. Data3. Access4. Identity5. Damage

Examples

• Software• Website forgery• Social Engineering• Keystroke logging• Password Cracking

Viruses

• a program that can copy itself and infect a computer without the owner’s knowledge

• the term “virus” usually refers to all types of malware including viruses, worms, trojan horses, spyware, etc.

How they Spread

• For a virus to spread, the host must be taken to target computer

• Viruses can be spread via the internet, email, file sharing, instant messaging, a USB drive, etc.

Infection

• To infect a target, the virus must be allowed to execute code and write itself to memory

• Thus, viruses are often software that attach to a program (such as Microsoft Word)

• As soon as the Word document is opened, the virus is free to infect target computer

History

• 1971: First identified virus called the Creeper Virus was a self-replicating program

• 1981: Viruses began to be spread via removable media (floppy disk)

Origins

• Factors that lead to the spread of viruses in the late 1980s:– Use of Personal Computers– Bulletin Boards (download programs)• led to the precursor to viruses- trojan horses

(program would erase files)

– Introduction of floppy disk

Examples

• Viruses show the vulnerability, but also the sophistication of humans

• 1999: Melissa virus: Microsoft forced to shut down entire system

• 2000: ILOVEYOU virus• 2004: MyDoom worm: infected a quarter

million people in one day

Phishing

- an illegal act where the criminal pretends to be a reputable

organization to obtain through trickery the personal information from the victim with the intent of

stealing money.

Types of Phishing

- Link manipulation- Website forgery- Phone phishing- Dumpster diving

- Mail theft

Main Phishing Technique

- Urgency phrases like…- “To restore you bank account…”- “We suspect that you are a victim of identity

theft… to confirm…”- “Please help support your local fire

department…”- “You account needs to be confirmed… Please

follow this lin and login…”

Phishing Damages

“3.6 million adults lost US $ 3.2 billion in the 12 months ending in August 2007”

What can you do?

Be aware, ask questions, confirm messages

Recent Developments

• Peer-to-peer viruses• Computer espionage• Future Attacks

Peer-to-peer Viruses

• 2008 Conficker virus• Estimated 15 million computers infected• Used peer-to-peer networks to download

updated versions of itself• Still active today, accepting commands from

spammers• Peer-to-peer nature essential to its success

Computer Espionage

• Pentagon and CIA have been warning of threat since early 2000s

• 2008 CIA press release reveals Chinese hacking network targets US Government websites

• Power grids, banking systems, and other essential services could be at risk, analysts say

• Some say threat overstated

Future Attacks

• “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”– Gene Spafford, Security Expert

• As long as there are computers, there will be attacks targeting them

Malicious Attacks: Prevention

• Firewalls• Email Virus Scanners– Use caution when downloading files– Filtering Spam

• Avoid Pop Ups• Use Trusted Websites• Add-ons for Web Browsers

Malicious Attacks: Prevention

• Software– Ad-Aware– Spybot: Search and Destroy– AVG– Norton Antivirus–MalwareBytes

• Frequently Update Anti-Virus Definitions Files