Copyright © 2005 Eset, spol. s r. o. legal@eset.sk

Peter Kovac

Malicious Software and Computer Crime

Impact of some types of computer infiltrations

Software of different kind

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

What is malicious software?

Software which has adverse effect of any kind, also called malware

Total yearly loss estimated at $13-15 billion (Computer Economics Inc., 2003)

Summer 2003 Blaster and Sobig worms epidemics

Air Canada’s reservation system goes down, CSX’s trains grind to a halt, 3,000 computers in city of Fort Worth, TX shut down (BusinessWeek cover story; Sept 8, 2003)

15% of large companies, 30% of small businesses affected

What is effect of malicious software?

Countermeasures

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

How protected the computers are ?

85-90% of consumers have an installed antivirus solution (Piper Jaffray, June 2005)

77% of consumers believe they are safe (AOL & National Cyber Security Alliance survey, November 2004)

55-67% report an active subscription (Gartner, May 2005)

10-30% have up to date signatures (Consumers and Internet Safety,” Mary Culnan, Oct. 2004, Bentley College, Harris Interactive, SYMC Corp.)

Victims

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Who is target of malware ?

Any and all computer users

Classification

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Most common malware categories

Viruses – self-replicating programs parasiting on other programs

Worms – programs which copies itself over the networks

Trojan horses – sometimes legitimate programs containing some functions hidden to unaware user

Spyware – programs designed to collect information (web surfing habits, typped texts, passwords etc.)

Spiced Ham

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

What is a spam?

Food

Spiced Ham produced since 1937 by Hormel Foods Inc, popularized by Monty Python’s sketch

Webster’s Dictionary

Spam is an un-requested e-mail, often a commercial one, sent to individuals, groups and / or into mailing lists.

British Legislation (and rest of the EU)

Every message sent to a customer with whom the sender has no consensual trade relationship.

Email & Infiltrations

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

What have worms, trojans and spyware in common?

Annoy an enormous number of computer users

Way of spreading – e-mail spam

Common techniques, like return-address fraud

Illegal in many countries

Internet & Infiltrations

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Spam Situation (Marko and Trnka 2004)

Past Situation

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

How spammers work - past

Commercial malware

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Zombie PC

PC affected by malware – typically worm

Worm installs a backdoor/Trojan and reports IP address to the attacker

Zombie PC listens to remote commands and thus can be remotely controlled and abused via internet

Present Situation

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

How spammers work - present

Internet & Infiltrations

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Types of infiltrations from unique IPs

viruses 58%

spam 34%

both 8%

Types of infiltrations from unique IP addresses (Marko and Trnka 2004)

Zombification of PCs

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Bagle worm variant on 20th September 2005

2000

6000

10000

14000

18000

Commercial malware

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Randex worm

Back in 2004 journalists from German C’t magazine were able to purchase IP addresses of around 10000 computers infected by Randex worm

Gathered information handed over to German police and later resulted into arrest of suspected Randex author in Canada (teenager of 16 yrs)

Possible use of zombie PC – spam, DDoS attacks, information gathering etc.

Price tag ranges from couple of cents up to 1 USP per IP with massive volume discounts

Phishing

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

What is phishing ?

Counterfeit e-mail message, mass-mailed by various groups of criminal hackers (spam message)

E-mail message utilizes the "social engineering" technique to make users fill in their personal data (credit card numbers, bank account information and various personal details) on a fraudulent web site

The professionally crafted e-mail message claims to come from a bank, financial institution or an ISP and usually demands the confirmation of personal data

After clicking the link, users are sent to a fraudulent site, which looks just like the institution's web site and are asked for various sensitive information

Phishing example

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Internet & Infiltrations

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Internet & Infiltrations

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Phishing during last week

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Phishing during last week

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Malicious Software and Computer Crime

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Consequences

Decrease in credibility of e-mail communication

Malware generating Bounce and Auto-Reply

Anti-viruses as spam generators

Growth of crime committed from countries far away from victim

Malicious Software and Computer Crime

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Conclusion

Commercial application for computer infiltrations has been found

Need for a complex approach to computer security

Need for a complex approach to law enforcement

Need for a international cooperation

Malicious Software and Computer Crime

Copyright © 2005 Eset, spol. s r. o.

legal@eset.sk

Peter Kovac

Thanks for your attention.