Embed Size (px)
Citation preview
Malware Security
The latest trends in virus writing:What the hacker is after.
Virus History
• In the early days of viruses and anti-virus technology, the focus of viruses was on disruption. Some of the early viruses were written from a revenge perspective – a disgruntled employee seeking revenge on his employer was a common reason.
Virus History, continued
• Another early reason for writing viruses was to gain notoriety within the hacker community and the general public. A well written virus could potentially attack thousands of systems and cause several thousands of dollars of damage.
Today’s Networks
• In the past, the network was smaller and slower. Network speeds generally went no higher then 10 Mbit/s. Today that number is 100+ times faster, with networks often starting out at 1 Gbit/s and faster. Additionally, the ease and inexpensive cost of networking gear has enabled many more people to establish their own home networks.
Networks, continued
• In the past, with networks being slower or non-existent, it was harder to propagate a virus throughout the world. With today’s networks, though, moving a virus from computer to computer via the network to spread it has made it much easier to propagate the virus.
Today's Viruses
• Today, viruses are not being written to bring down computer systems and networks. Today’s viruses are written to accumulate wealth. The concept that a new virus will want to bring down the network is no longer valid. The last thing today’s viruses want to do is disrupt the network because then the virus will have a much more difficult time spreading to other computers.
Attacking our Identity
• Today, the virus is written so that the thing we are most concerned about – our identity – is compromised and our financial world is turned upside down.
Protecting your Identity
• Here are some tips you can use to protect your identity online:– Keep your computer’s anti-virus software current
and up to date.– When buying online, strive to use a company that
you have heard of, or research a company you are unfamiliar with.
– When you get ready to purchase, make sure that the connection is a secure connection.
Protecting your Identity, cont.
• More tips to protecting your identity online:– On your home computers, make sure that your
computer’s operating system patches are current. Our work computers are patched with our patch management software, so you don’t need to check these.
– When you receive email, always check to make sure the link you are about to click on doesn’t take you to a site where it downloads an executable file without you knowing (more about this in the next slide).
Links in E-Mail
Email Links
Common Sense Security• Before you act on something you receive in
email, ask yourself these questions:– Do I know who this sender is?– Was I expecting them to send me this file?– Is the file a ZIP file or an executable file?– Is the email promising me something for nothing?– Does this link look unusual? Or, if all it says is click
“here”, where does clicking “here” take me?– Is my bank telling me about some security risk via
email? If so, it is likely to be a phishing scam, not a true communication from your bank.
Summary
• The majority of viruses today are written for profit – to make money off of someone’s identity.
• Look for indications that a site you are going to is secure.
• Make certain that your home computer is kept up to date with its virus signature files and operating system patches.
Summary
• When receiving email, make sure that you are getting just email you want to receive, and not things that can harm your system (or finances).
• Remember to look before you click on a link – check to make sure the link you are clicking on really takes you where it is supposed to go.
• Remember, financial organizations (and the IRS, for that matter) do not send information to you via email. Email is not a secure method of communication!
Summary
• I hope that these tips will help you to keep your identity safe from theft. Although you can have your identity stolen while performing online transactions, it is important to remember that the majority of Identity Theft cases do not involve online transactions.
• Any questions?
