Computer Security And Malicious Software
Computer Security And Malicious Software
Hacker X (Computer Security Expert) gives expert video advice on: What are some of the most common phishing emails and how do they work?; What do scammers do with the information they get by phishing?; Does virus protection software really work? and more...
What is "malware"?
Malware is malicious software, meaning it is software with the only intention is to cause some kind of harm or damage. Malware is software that will get into your system or your computer and maybe set off a series of things like Trojan horses, worms, viruses, something that is either going to be destructive or mischievous, but malware exists only to be malicious and for no other reason.
What is "phishing"?
Phishing is a practice that's become very popular lately. Phising is where the hacker or the thief sends an email posing as a legitimate firm that you might legitimately do business with. Most popular are eBay, Pay Pal, and banks. In this email it will explain something to the effect that you have to update your account or update your information, and typically it will ask you to click on a link. That will take you to a page that looks exactly like the place the email is from and it is going to ask you to input some sensitive information, login, account number, and password etc. The only problem is that it's not the bank, it's not the service, it's not the organization it claims to be, and they're simply capturing that information from you.
What are some of the most common phishing emails and how do they work?
Some of the more popular phishing expeditions these days include those from financial organizations, such as PayPal, a bank, even eBay to some extent, but also governmental organizations: FBI, IRS. Anybody that could require sensitive information that essentially links them to your money and your identification. That's what it's all about. I test these periodically to see where the information goes, obviously I put in false information, but just to see how they capture it. One of the clever things that they do is the page that you're trying to update never seems to really update. You keep hitting the button over and over again. This might prompt you to try additional information so that they might capture, actually, more than just one piece of information. Maybe it was your husband's Social Security Number that you used, you were going to try that in. It doesn't matter to them. They're just collecting data to be used for other purposes.
What do scammers do with the information they get by phishing?
What happens to the information that people get from phishing, or scamming, or spoofing or anything like that really depends on who's receiving it. True hackers simply want the challenge of getting the information by phishing or breaking into a system and 99.9% of the time that's as far as it's going to go. It's the challenge of doing it. However, there are a lot of unscrupulous people out there who are going to use this information from phishing to set up credit accounts, to purchase goods and services. They might run up your credit, having got the numbers by phishing, and buy a whole lot of stuff that they're going to have drop-shipped somewhere and sell it for really cheap. Again, the cyber crimes committed by phishing mirror very closely the crimes that we find in the real world if somebody was able to get a hold of personal information that gave them access to your money.
What should I do if I get an email I think is phish?
Should you receive an email that you are pretty sure is phishing for information, or certainly have strong concerns about that, you should forward it to the entity that it claims to be from. These companies have email addresses that are set up that are very, very much in common use by many companies, such as email@example.com, firstname.lastname@example.org, email@example.com. By doing this, it will help verify whether or not this was a piece of email phishing for information, and secondly, it allows the company to collect information on people that do this, and build better security so people can't do this. And that's what we do, we look at these patterns, and we look at how to break these patterns, so it makes it harder for people to do it.
What is "spoofing"?
Spoofing is the act of sending an email to a recipient, or a group of recipients, by covering the actual sender's identification and making it look like it came from someone else. You can make it look like a spoof email came from anybody else. You can make a spoof email look like it came from the person that is the recipient. You can make the spoof email look like it came from somebody in the government, somebody, a corporation. Basically, anywhere. So, to the common layman, when they get a spoof, they're getting a piece of e-mail that looks like it's coming from whoever the spoofer is intending it to come from. There are several ways to recognize e-mail that's really spoofed. One of the most common is that the content of the spoof really has nothing to do with the entity that sent it to you. The spoof is being sent from a senator, but it's about a vitamin that you can purchase. Or the spoof is being sent by a government agency, but it's about some stock you should buy.
What is "pharming"?
Pharming is when somebody will purchase domain names that are very similar to common domain names. Maybe they have one letter that's different. So instead of "mcdonalds.com", it will be "mcdonald.com" in the hope that people who misspelled the original domain will come to that site and think it's a legitimate one. Obviously, McDonald's people are going to know the difference, but smaller businesses or other businesses are often fooled because they've arrived at a site that they've expected to arrive at. They don't know that they've misspelled the domain. So they pharm these sites, and they have more than one of them. Through these pharm sites, they may engage in false, fraudulent e-commerce. Basically they might sell you things that don't exist or that they're not going to send you. They might collect information under the guise of some kind of study or poll or something like that, and again, collect the information to sell it. It typically might mean that they're not going to do what they claim to do. However, in some circumstances they are simply capitalizing on the fact that someone will misspell something and they may sell you sneakers for a few dollars less, because it's "Nikee" with two e's, or something like that.
What is a "virus"?
A computer virus is not that unlike a virus that we get as humans. It's something that invades us, it's a germ and it's going to do something bad to us. There are many different types of computer viruses that range from viruses that enter you're computer lay dormant for a while and then when they come to life, they might send an e-mail to everyone that's in your address book, they might delete files that are on your computer. They basically wreak havoc in someway shape or form on your computer. Often time's viruses spread by lodging in a parasitic kind of way in a computer and attach themselves to e-mails that you send to other people. Or, they create an e-mail spree where they e-mail themselves to everyone in your address book, thus, spreading themselves to however many people you might have in your address book. Viruses can do a range of things to your computer from things that are more prank oriented and harmless to actually bringing your computer to a complete halt. So there's again a wide range of viruses and it's up to the creator to program what they do. But, it will range from just mischievous types of things like moving things around, changing names, sending harmless e-mails out to actually deleting files and starting to erode parts of your hard drive and starting to attack your system software and bring your computer to a halt. It was most popular that viruses were spread via e-mail, email attachments, and once you open that attachment the virus would then activate or you wouldn't have to open the virus and it would just activate. As more and more peer to peer activity is gaining activity such as downloading music and downloading games and sending instant messages, viruses are beginning to attach themselves to those forms of data transmission and by downloading a song you might also be downloading a virus.
What is a "worm"?
Worms are similar to viruses except that they tend to attack networks and clusters of networks as opposed to individual computers. They don't need to attach themself to another file. They're not dependent on something else. They can actually infect a node, which is just a cluster or grouping of servers, and they do tend to infect servers, which affect many more people than just on a personal computer. If you can imagine, a server might provide services to thousands of people depending on what it is and what it's for. That worm has the opportunity to much more quickly affect those people than a virus, which is really more towards a personal computer. A worm acts very much like a virus can. There are many different kinds of worms. It could completely shut down an entire system. It could run an application. For instance, if it somehow got into a bank system or an airline system, it could run an application where it manipulates the time of air travel, or manipulates the time stamps on bank deposits. It's really an application that can do pretty much anything that the creator can imagine.
Why do people create viruses and worms? What do they get out if it?
Viruses and worms are created often simply because they can be. And much like that hacker mentality of breaking into a system, not for personal gain or financial gain, but A: just for the challenge of doing it, or B: sort of bragging rights, similarly exists with worms and viruses, which are kind of an extension of the ability to do that. That's not to say that people do not create worms and viruses for personal gain or to really do bad. But a large portion of them are mischievous. But it should not be misunderstood that these are crimes. When you're dealing with interstate lines that are the Internet lines, these can be federal crimes and felonies. So this is not really something to be taken that lightly; even though it might only be mischievous, this is a crime.
Does virus protection software really work?
Virus protection software works pretty well. I would say it is similar to a condom in that it is not a 100% guarantee but it is a reasonably reliable form of protection. One of the things with virus software is viruses change all the time. There's new ones all the time. There's new variations. There's new mutations. So your virus software has to be updated on a pretty regular basis and the major companies that create this software do provide those update packages and that's something that you do have to really stay on top of if you want it to be effective. One of the other things that you can do to help protect yourself is if you are emailed attachments that are from people that you don't know, or look strange or unusual, don't open them.
What is "spyware"?
Spyware is software that usually comes attached to, bundled with, or as part of something else so you never think, "I'm gonna install this spyware." It usually is something that comes as a consequence or a byproduct of installing something else, and what it does is it basically collects data about how you use your computer. It may help in providing advertisements that might seem applicable to you and your interests. It might send information to you. It typically doesn't affect your computer but it's not something that you asked for. It's not something that you opted into and you didn't consent to use it initially. You can get out of it, you can uninstall it, and you might not want somebody following the whereabouts on your computer of what you're doing and what you're looking at. Spyware is installed with other software, bundled software, by people who are looking to collect information about how you use your computer typically for commercial purposes such as what can they sell you, what can they advertise, or what types of things are you interested in. This is information that they're able to collect essentially anonymously because you have not opted into doing this; this was done without your consent. Often it's by ad agencies, or marketing agencies. It could also be by content producers, by software producers, anybody that wants to ascertain information about how people use computers, websites, or certain publications that are online. And if you imagine the millions and millions of users that have this installed unknowingly, that's a lot of information that they can collect. This is information that they can sell to specialized marketing groups or agencies, or they can use this information in their own production of their own product.
What is a "Trojan horse"?
A Trojan horse is a disguise for a virus, a worm, or some other application to enter your system. So, it's usually disguised as something you would accept into your computer, whether it's some sort of little piece of software, a game, or something like that. That's the disguise. Inside it, is some kind of virus, worm, or application that is going to potentially wreak havoc on your computer. By accepting a Trojan horse, you're inviting a potentially damaging situation into your computer or your network environment. The Trojan horse, again, is the package that looks familiar, friendly, and desirable, that contains the virus or the worm. Anything that you bring into your network, or your computer, could lead from anything to mischievous type behaviour (like emails being sent out, address books being deleted, or files being replicated or deleted) to really hardcore stuff, like files missing, system information missing, network information starting to go down, networks being taken down, and machines being taken down. You really have to be very careful about what you allow to enter your computer or your network environment. Some viruses and worms, particularly those brought in by a Trojan horse (which can really hide a lot of what it's intended to do) can do some pretty significant things, such as install back doors into servers and computers. A back door is basically an entryway for a hacker or someone to gain entry into a server network or a computer. It can embed a piece of software that captures your keystrokes, so it can measure what you're typing and even capture your password information, your personal info, and your login information. Since it's coming in the package of a Trojan horse, something that's either familiar or acceptable, it can pack a lot more into it. It can do some really damaging stuff.