Cyber Security

Prepared by: Web Full Circle

For: Crisis Assistance Ministry
October 5, 2008
 Overview: Cyber
Security and Your
Cyber Role
Security involves protecting information
stored on your system or network by
“preventing, detecting and responding to
attacks” (McDowell & Householder, 2007, 1).
Hackers are consistently aiming to design the
next key to unlocking your network.
This presentation aims to provide you, the
user, with the knowledge necessary to avoid
potential security infiltration.
 How is Security
Breached?
Password Theft- using your password,
unauthorized users can obtain your
information and all the information you
see everyday.

Computer theft- if your password is not

secure, a stolen computer is left as wide
open as a book.

Data Theft- software installed by clicking

on websites, pop-ups, or spam e-mails
 Why Is
Password
Security
No one leaves their keys in their doors nowadays or
even their doors open for that case.
Leaving your password where others can get to it
gives any passerby the key to all the information
you have access to each and every day: much of
that is confidential information which belongs to
others.
Once someone else has your password, their ability
to harm your computer and the network increases
exponentially.
Just as a computer can be used as a tool, a
computer can be used as a weapon to harm the
network to which it is connected.
 How Can You Prevent
Password Theft?
 Keep your password secure
 Memorize your password.
 Do not place your password in open areas or obvious areas.
 Do not allow your computer to save your password.
 Do not create a document to remind you of all your passwords.
 Do not use the same password on multiple accounts (personal and
professional).
 Do not e-mail your password to yourself or others.
 Do not use words that can be found in a dictionary of any language.
 Do not use the same characters over and over again.
 Create very long passwords: 15 character passwords are much harder to
crack, even if they are not too complex (Grimes, R., 2006).
 Make your passwords complex by:
 Using at least special one character (!, @, #, $, %, &, *)
 Using lower case and capital letters together;
 Using at least one number;
 (McDowell, Rafail & Hernan, 2004).
First There Were Just Viruses
As early as 1986, Microsoft began to see
viruses aimed at infiltration software.
Soon viruses were becoming more and more
complex in efforts to avoid detection.
Even worst, a variety of other programming
soon began to infiltrate computer systems
around the world.
Now, viruses are just one part of large group of
potential threats to your computer known as
Malware.
What is Malware?
Microsoft defines malware as malicious
software.
Rather than just referring to viruses, malware
refers to the following:
Viruses;
Worms;
Trojan Horses;
Rootkits;
Adware; and
Spyware.
What Can A Virus Do?
Access e-mail and address books to send itself
to contacts;
Attach themselves to word processing
programs and corrupt them;
Use your operating systems to attack other
computers; and
Allow hackers (programmer or user who
illegally accesses a system) to run whatever
software they choose on a system or use
system resources for their own purposes which
slows down your network (Microsoft, 2004, 12).
 Computer Worms
Similar to viruses, worms “use a computer network
to “infect” other machines by sending copies of
themselves” (Lee, 2007, 10).
A worm can spread “at an alarming rate” (Lee, 2007,
10).
For example, the MyDoom worm “infected a quarter of a
million PCs in one day” (Lee, 2007, 10).
Once a worm is in your network, the entire network will
begin to run exponentially slower (Lee, 2007).
Some worms known as keylogger worms log your
keystrokes thereby obtaining everything you type.
Other worms known as cross-site scripting (XSS) worms
run scripts that allow access to anything the user can do
(Skoudis, 2008).
 Avoid Worms:
Avoid Clicking On These
Extensions
If you are downloading or reading your e-mail
and find an attachment with one of these
extensions, then do not click on it:
.exe (executable files)
.scr
.lnk
.bat
.vbs (visual basic files)
.dll
.bin
.cmd (Mullins 3, 2008)
What are Trojan
Horses and
Rootkits?
 “A Trojan Horse is a malicious” program hidden inside a
program that you usually use or something that does
not raise your suspicion (Lee, 2007, 11).
“Trojan Horses account for almost 60 percent of all
malware” (Vamosi, 2008, 3).
One example of a Trojan Horse is a program which
claims to be speeding up your computer or installing
anti-virus software but which “may be sending
confidential information to an intruder” (McDowell &
Householder, 2007, 9).
Rootkits are software which are installed as part of a
larger program and hidden on your computer
unbeknownst to you. Rootkits are either malicious or
they hide malicious activities such as allowing access to
your information, monitoring your actions, modifying
your programs, or performing other functions on your
 How To Prevent Trojan
Horses?
Do not click on links in e-mails, unless they are
from trusted users!
Do not open e-mails from unknown sources!
If you are unsure, then err on the side of
caution.
An ounce of prevention is worth a pound of
 Adware and Spyware: What
Are They?
Adware “is software installed on a PC that
automatically displays advertising to the user,
usually in the form of “pop-up” windows” and “may
send information back to a remote computer
without the user’s consent” both of which reduce
your Internet speed (Lee, 2007, 11).
“Adware is responsible for one third of all new
malicious software” (Vamosi, 2008, 1).
“Spyware programs are installed without the user’s
consent, for the purpose of collecting information
and sending it back to a specified source” (Lee,
2007, 11).
 Spyware is “sometimes designed to find bank
account details or send web browsing information
back to advertisers” (Lee, 2007, 11).
 How to Avoid
Adware and
Spyware?
Do not install programs onto your
computer.
Do not click on emails with links for
installing programs.
Do not download “free” programs such
as screensavers or games.
Do not download or run movie or video
clips from websites.
Be wary of visiting websites of
companies you do not know or sites
with many advertising pop-ups.
Read your results before clicking, if
something doesn’t make sense, then
stop and ask your IT Department.
How is Malware
Distributed?
Malware

Malicious,
Spam Infected/
Hijacked
Websites
Internet Social
Pop-up & Pop- Engineering
under Attacks
Windows
Pop Ups & Pop Unders
Bringing Malware to A
Browser Near You
Beware of urgent messages that display on
your computer in the form of pop ups, which
are windows that display with a message in
order to get you to click thereby installing
malware on your computer.
Remember an ounce of prevention is worth a
pound of cure:
Do not click on any such popups Instead,
contact your IT Department by using Sysaid or
[email protected].
Pop-unders are programs that appear under
your browser window of which you only see
part.
 Closing Pop-ups
Do not click anywhere inside the pop-up itself.
Use the close command to close Pop-up
Windows: Alt-F4.
Close your entire browser window using Alt-F4.
Control, alt, delete to bring up task manager
and close out of the window by closing program
you do not recognize.
Close down your entire computer.
 Reducing Your
Chances of Infection
Be wary of downloading Freeware or Shareware
as often these type of applications are used to
conceal malware.
“Do not click on unsolicited invitations to
download software of any kind”
Avoid any peer-to-peer (P2P) or file sharing
applications including those used to stream
audio and video (Mullins, 2008).
Some peer to peer networks include Napster,
Gnutella, Limewire, Morpheus (Wikipedia, n.d.)
 What is Spam?
Simply put, spam is junk mail which appears
harmless but is “time-consuming to remove” and
clogs up email inboxes” (Lee, 2007, 11).
Some spam may simply be solicitation e-mail, but
now a new kind of spam is emerging which is
malicious in nature.
One off-shoot of malicious spam engages in what is
known as phishing or soliciting your private
information by pretending to be from trusted
companies such as your bank or another high-
profile company: phishing is a means of identity
theft.
Beware of the
Following Types of
E-mails:
Potential Phishing:
 Emails from Ebay or Paypal about payment disputes
 E-mails from your bank asking for your confidential
details
 Remember reputable companies do not e-mail users asking
them to confirm passwords, account numbers, name,
correct e-mail address.
Potential Malware:
 Emails about celebrity news asking you to click for
more information- Potential Malware.
 E-mail greeting cards (including those from Hallmark,
Greetings.com, and 2000Greetings.com)
 E-mails in which you are asking to unsubscribe to
something you never subscribed to in the first place.
Phishing E-mail Examples
Ebay Bidding Disputes-
Phishing Email
New CareerBuilder Phishing
Malcode
Takes You to Fake CareerBuilder Website shown
below
 How to Spot Phishing?

Contains a “generic greeting, like “Dear Customer”.

 Your bank would send your correspondence that included
your full name.
Indicates that there is some threat to your account
which requires you to act immediately.
Asks for your personal information.
 Companies do not ask for personal information by phone
or through e-mail.
Strange links to click on.
 These links are longer than usual, contain the @ symbol or
are misspelled.
Grammatical and Spelling errors in the e-mail. (How
Stuff Works, 2008).
On your personal computer, enable phishing filter on
Internet Explorer 7.
What To Do If You Suspect
Phishing?
Ask Your IT Department or
Check out the following website:
http://securitylabs.websense.com
The Security Labs website details phishing alerts
as well as Malicious Websites, and Malicious
Code.
 Malicious Software Installing Emails

Clicking on this greeting card could be deadly

to your computer:
By installing “a horde of malicious software”….
that will allow “cyber criminals” to have access
to your system (Mullins2, 2008).
 How to Handle Spam
Contact your IT department through Sysaid or
[email protected]
Spamming is a crime: CAN-SPAM Act of 2003
(Controlling the Assault of Non-Solicited
Pornography and Marketing Act) which spells out
penalties for spammers.
 Consumers can submit complaints online at
www.ftc.gov and forward unwanted commercial email
to the FTC at [email protected].
 NC laws also describe penalties related to spam:
NCGS §14-453, et al.
 If you are an Exchange user, forward your spam to
[email protected].
Never respond to spammers doing so confirms your
e-mail address which will make you the target for
 Tips To Protect
Your Computer
Do not open e-mails from non-trustworthy sources.
Don’t run files that you receive via e-mail without
making sure of their origin.
Don’t click links in e-mails.
Remember Microsoft does not send e-mails in order
to provide you updates to your programs. All
updates are handled by the IT department.
Never provide your password to anyone through e-
mail.
If you receive an e-mail from a financial institution,
call them. Do not key in or log into the website
listed, as it could be a link to copy the keystrokes
that comprise your password thereby making you a
potential victim of identity theft.
Beware of the Top 10 ‘Celebrity
Spammers’
According an article in PC World,
Secure Computing is reporting that
the following celebrities are the most
popular spamware agents:
 Angelina Jolie
 Barrack Obama
 Paris Hilton
 Britney Spears
 Hillary Clinton
 George Bush
 Jessica Simpson
 Osama Bin Laden
 Brad Pitt
 Michael Jackson (Wailgum, 2008).
 Safe Searching: Avoiding
Malicious or Infected/Hijacked
Websites
“A newly infected webpage is discovered every 14
seconds” (Sophos, 2008, 1).
“83 percent of all malware-infected web pages are
found on completely legitimate websites” (Sophos,
2008, 2).
How?
 Hackers have begun infecting reputable sites,
including using IP forwarding to forward you from a
legitimate site to their website where Malware is
automatically installed or tricking users into clicking
on parts of the webpage which they have infected
with code that is activated by clicking. (Leyden,
2006, 1).
You can avoid this by simply reading the results
before you click. If the information under the link
does not make sense, then do not click.
If you have any doubts, call your IT Department.
 Social Engineering Attacks
 Social engineering attacks are “scams that depend on user-
interaction to execute an attack against them” (LeClaire,
2008, 1).
 For example, users’ clicking on a legitimate link which had
been converted in order to escort users to a phishing site as
occurred on Myspace in December of 2006 ( LeClaire, 2007,
2).
 Knowledge is power.
 Do not divulge information that may put you at risk (LeClaire,
2007). Just because you have a profile doesn’t mean post
every identifying piece of information about yourself.
 Reign in your need to interact with those you do not know.
 Do not respond to unsolicited instant messages they could
contain worms (LeClaire, 2007).
 Get out of the free state of mind: don’t download everything
offered.
 including applications or widgets offered on social networking
 Panda Security Malware
Distribution as of October 2008

(Vamosi, 2008).
New Attacks
Clickjacking Coming to A
Computer Near You?????
Just Tuesday a new threat was released in the form
of a JavaScript game which appears on a webpage
meant to distract users while in the background the
target’s Adobe Flash player settings are changed
by the user’s click ultimately allowing hackers to
take control of the web camera and microphone to
conduct malicious surveillance (Narine, Dachev, &
Odonnell, 2008).
How to protect yourself- beware of where you click
and on your personal computer you should read
and implement the Security advisory:
http://www.adobe.com/support/security/advisories/apsa
Spear Phishing Through
Linked In
Spear Phishing is a type of phishing which
“address recipients by name in the subject line
and body of the message to appear more
legitimate” (Krebs, 2008, 2).
Thousands of LinkedIn users recently received
an e-mail urging them to “open a malicious file
masquerading as a list of business contacts”
(Krebs, 2008, 1).
Once users clicked on the attached list of
contacts, malicious software was run which
“attempts to steal user names, passwords, and
other sensitive date” (Krebs, 2008, 4).
 Important Message
Cyber Security (securing your computer
through both Internet and e-mail) is important:
your computer is the key to all the important
information you see daily.
Be savvy, do not click unless you are sure of
who it is from and what it is you are opening.
Remember once someone else has access to
your computer they can use it for everything
from sending e-mails to selling stolen goods.
If you have any questions, please feel free to
contact the IT Department with any questions.
We are here to help you keep your computer
Useful Websites for More on
Security
http://news.cnet.com
http://blog.washingtonpost.com/securityfix/
http://www.technewsworld.com
http://www.mcafee.com/us/threat_center/default.as
http://www.computerandinternetsecurityblog.com/

http://searchsecurity.techtarget.com
http://www.symantec.com/norton/security_respons
 References
FraudGuides. (2008).How do I stop popups? Retrieved on October 8, 2008, from http://www.fraudguides.com/internet-stop-popups.asp .
Grimes, R. (2006). Password size does matter. Retrieved on October 6, 2008, from http://www.infoworld.com/article/06/07/21/30OPsecadvise_1.html.
HowStuffWorks, Inc. (2008). How phishing works. Retrieved on August 30, 2008, from http://computer.howstuffworks.com/phishing.htm.
Krebs, B. (2008). Spear phishing scam targets LinkedIn Users. Retrieved on October 8, 2008, from http://blog.washingtonpost.com/securityfix/.
LeClaire, J. (2007). Social networking sites in the crosshairs. Retrieved on October 8, 2008, from
http://www.technewsworld.com/story/54932.html?wlc=1223565016.
Lee, M. (2007). Securing your PC: A complete guide to protecting your computer.Computer Step: Warwickshire, UK.
Leyden, J. (2006). Search results lead to malicious sites. Retrieved on September 10, 2008, from
http://www.theregister.co.uk/2006/05/16/mcafee_search_risks_survey/.
Microsoft. (2004). The antivirus defense-in-depth guide. Retrieved on August 12, 2008, from
http://download.microsoft.com/download/a/d/c/adc58511-8285-465b-87fb-d19fe6d461c1/Antivirus_Defense-in-Depth_Guide.pdf
McDowell, M. (2006). National cyber alert system cyber security tip st06-001 understanding hidden threats: rootkits and botnets. Retrieved on October
6, 2008, from http://www.us-cert.gov/cas/tips/ST06-001.html.
McDowell, M., Rafail, J. & Hernan, S. (2004). National cyber alert system cyber security tip st04-002. Retrieved on October 6, 2008, from
http://www.us-cert.gov/cas/tips/ST04-002.html.
Mullins, B. (2008). XP antivirus 2008 morphs Into XP antivirus 2009-still lies! Retrieved on August 12, 2008 from,
http://billmullins.wordpress.com/2008/07/05/xp-antivirus-2008-morphs-into-xp-antivirus-2009-still-lies/.
Mullins, B. (2008). Open a greeting card e-mail get infected by malware. Retrieved on August 12, 2008, from
http://billmullins.wordpress.com/2008/06/10/open-a-greeting-card-email-get-infected-by-malware/
Mullins, B. (2008). Don’t Open To My Love-Fractalove Keylogger Worm. Retrieved on August 12, 2008, from
http://billmullins.wordpress.com/2008/07/12/dont-open-to-my-love-to_my_lovescr-fractalove-keylogger-worm/.
Narine, R., Danchev, D., & O’Donnell, A. (2008). Researchers raise alert for scary new cross-browser exploit. Retrieved on October 7, 2008, from
http://blogs.zdnet.com/security/?p=1972.
Skoudis, E. (2008). Are social networking sites an easy target for malicious hackers? Retrieved on October 8, 2008, from
http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1320820,00.html.
Sophos. (2008). Safe and productive browsing in a dangerous web world: the challenge for business. Retrieved on October 7, 2008, from
http://i.i.com.com/cnwk.1d/html/itp/sophos_safewebbrowsing.pdf.
Steward, J.M. (). Ten ways hackers breach security. Retrieved on August 12, 2008 from,
http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_Steward_Hackers.pdf.
McDowell, M. & Householder, A. (2007). National cyber security alert. Retrieved on October 6, 2008, from
http://www.us-cert.gov/cas/tips/ST04-001.html.
Vamosi, R. (2008). Report: adware supplies one third of all malware. Retrieved on October 8, 2008, from
http://news.cnet.com/8301-1009_3-10056912-83.html. .
Wailgum, T. (2008). Angelina Jolie tops list of ‘celebrity spammers’. Retrieved on August 12, 2008 from,