Spam, Viruses, Spyware and Phishing, Oh My!

1
Spam, Viruses, Spyware and Phishing, Oh My!

• Steve Deming
• Technology Specialist
• Microsoft Across America

2
What are the Threats?
3
Spam!
4
What is Spam?

• Unwanted or unsolicited communication.
• Usually an attempt to sell you something.
• Can also be non-commercial, such as political,
  religious, humorous, or chain letters sent to
  many people who did not ask for it.
• Emails that require you to send them to 10 people
  are hoaxes and are SPAM.
• Electronic Petitions are completely ineffective
  and are spam.

5
How Spam Works

• Spam is so cheap to use, and reaches so many
  people, that it only takes 1 success in a million
  to see profits.

6
Types of Spam Pop-Ups

• Not in inbox, but on screen
• Slows down internet browsing
• Can and chain react into more pop-ups.
• Windows XP Service Pack 2 and IE 7.0 have
  built-in pop-up blockers.

7
Types of Spam Virus Hoaxes

• Most virus messages that warn you not to open
  messages with specific subject lines are hoaxes.
• In general, people shouldnt open ANY email with
  attachments from someone they dont know.
• Forwarding these simply stirs up unfounded
  concern and floods peoples inboxes.
• To check on the veracity of these before you
  flood your friends inboxes, go
  tohttp//hoaxbusters.ciac.org

8
Types of Spam Urban Legends

• Messages about Neiman-Marcus cookie recipe,
  Craig Shergold's postcard collection, the
  American Cancer Association's donation pledge,
  kidney harvesting, or Bill Gates giving you a
  thousand dollars if you forward his e-mail
  message False
• Do your friends (and your credibility) a favor
  and check here first
• Urban Legends and Folklorehttp//urbanlegends.mi
  ningco.com/library/blhoax.htm
• Urban Legends Archive http//www.urbanlegends.co
  m

9
HOW TO STOP SPAM!!

• 2 words

YOU CANT
10
OK, How Can I Reduce Spam?

• Guard your inbox! Dont be an email tramp
• Use free Web mail accounts (like Hotmail.)
• Use fake addresses
• Spam Filters Outlook, Yahoo, MSN, etc.
• Dont sign up for newsletters or promos
• Be careful of check boxes
• Dont forward everything to everyone
• Dont answer or buy from a spamer. EVER!

11
Did I mention, dont buy spam?

• If you buy from spammers,you are part of the
  problem.
• Legislation alone cannotsolve the spam problem.
• Money you spend on products from spammersis
  reinvested in sending more spam.
• Purchasing just one product from a spammer gives
  them enough money to spam another million people.
• If spamming becomes unprofitable, spammers will
  stop.
• Do business with permission email marketers only.
• Friends don't let friends buy from spammers

www.spamdontbuyit.org
12
Viruses, Trojans, and Worms
www.microsoft.com
13
What are they?

• Malicious programs can damage your computer and
  its contents.
• They can use your computer to copy themselves
  onto other computers.
• They might even use your computer to launch
  attacks against other computers.
• Protecting your computer against these is an
  responsibility, like locking your front door.

www.microsoft.com
14
What is a Virus?

• Tiny programs that attach to a file and spread as
  that file is read by other computers.
• Can damage your software, your files, and
  sometimes even your hardware.
• Range in severity, just like regular viruses.
• Some can be simply annoying, and others very
  dangerous.
• Good news most dont spread without human
  action (like sending email or files)

15
What is a Worm?

• Subsets of Viruses
• Worms can travel to other computers, copy
  themselves, and perform actions without any
  action from you.
• Some can email themselves to everyone in your
  address book.
• If many machines are infected, they can clog the
  network with thousands of emails.
• They can also allow someone to take control of
  your system.
• Examples Sasser worm and Blaster worm.

16
What is a Trojan Horse?

• Programs that appear to be useful software, but
  cause damage.
• Spread when people are lured into opening a
  program because they think it comes from a
  legitimate source.
• Trojan Horses can also be included in software
  that you download for free. Never download
  software from a source that you don't trust.
• Example A fake Microsoft Security Update email
  had attachments that attempted to disable
  antivirus and firewall software. Microsoft NEVER
  sends email with an attachment.

17
How They Spread

• Almost all viruses and many worms spread when you
  run or open an infected file.
• Viruses can also spread from opening a website or
  reading an infected disk.
• Most viruses spread through email via
  attachments.
• NEVER open an attachment unless you know who sent
  it AND are expecting it.
• If in doubt, delete it.

18
Do I Have a Virus?

• Sometimes there are tell-tale signs your
  computer slows down, crashes, or acts
  erratically.
• These can be symptoms of other hardware or
  software problems, though.
• You may get a message claiming you that you sent
  email that contained a virus. You may or may not
  have. Some viruses can spoof email adresses.
• To truly know, you need to have an up-to-date
  antivirus program.

19
How to Protect Yourself

• Step 1 Make sure you have an antivirus program.
  
• ESSENTIAL, like automobile insurance.
• Check your Start Menu for anything mentioning
  Antivirus, or for companies like Symantec
  (Norton), or McAfee
• Most pre-installed antivirus programs are trial
  versions.

20
How to Protect Yourself

• Step 2 Keep your antivirus program up to date.
• Each computer virus has its own, unique
  signature or thumbprint.
• When your antivirus programs manufacturer
  discovers a new virus, they create a virus
  definition that tells your antivirus program what
  to watch for.
• 10-15 new viruses are discovered each day.
• You usually need a current antivirus subscription
  to download updates to your software.

21
How to Protect Yourself

• Step 3 Choose antivirus software that's right
  for you
• Auto-updates. Many companies offer automatic
  updates.
• Some leading companies include
• OneCare (90-day free trial subscription)
• F-secure (6-month free trial subscription)
• McAfee (12-month free subscription after mail-in
  rebate)
• Panda Software (90-day free trial subscription)
• Symantec (90-day free trial subscription)
• Trend Micro (90-day free trial subscription)
• Tip  Two antivirus programs are not better than
  one. They can interfere with each other and cause
  problems. Pick one and uninstall the other.

22
Spyware
http//users.telenet.be/mercury/Spyware
23
What is Spyware?

• Generally, software that collects personal
  information or makes changes to your computer
  without your consent or knowledge.
• Information can range from what websites you
  visit, to sensitive information like account
  numbers or passwords.
• Spyware is sometimes accompanied by adware
  software that uses the information to launch
  advertisements on your machine.

24
Not All Bad

• Not all software that collects information or
  offers ads is bad.
• Some may be used by you to monitor computer use
  at home.
• Often you agree to see advertisements for special
  offers in exchange for a free program or service.
  You may find the trade-off is worth it.
• Consent and knowledge is key.

25
Signs of Spyware

• Your homepage has been changed, but not by you.
  It may even be an adult site.
• You get lots of pop-ups, even when not browsing
  the Web.
• Your computer slows down, or crashes a lot.
• You have a new toolbar on your browser that you
  did not ask for.
• You have new icons on your desktop or Start Menu
  related to advertising or adult content.

26
How Does it Get on My Computer?

• Tricking you into clicking a link that installs
  it.
• Links can be deceptive.
• Example Fake dialog boxes.
• Installing freeware that includes it.
• Examples Kazaa, imesh, hotbar, One-Click
  NetSearch, etc.
• Once installed, canrun 24 hours a day.
• Can also hijack yourbrowser settings orhog
  resources

27
How Do I Get Rid of It?

• Difficult. Very resistant to removal, and might
  keep re-appearing.
• Usually, use a removal and detection tool.
• Tools (often compatible, use two)
• Windows Defender
• www.microsoft.com/defender
• Lavasoft Ad Aware
• www.lavasoftusa.com
• Spybot Search Destroy (SD)
• http//www.safer-networking.org/en/home/index.html
  

28
How Do I Prevent It?

• Step 1 Update your software
• Windows visit http//windowsupdate.microsoft.com/
  
• Turn Automatic Updates on
• Visit manufacturers sites to get other updates.
• Step 2 Adjust IE Security Settings
• In Explorer, click on Tools then Internet Options
• Click on the Security Tab
• More info http//www.microsoft.com/windows/ie/us
  ing/howto/security/settings.mspx

29
How Do I Prevent It?

• Step 3 Use a Firewall
• Windows has a built-in firewall. More
  infohttp//www.microsoft.com/windowsxp/using/sec
  urity/internet/sp2_wfintro.mspx
• Step 4 Surf more carefully
• Only download from site you trust.
• READ the FINE PRINT.
• Never click a button to close a window. Instead,
  click the red "x" in the corner of the window or
  press Alt F4.
• Be wary of "free" multimedia or file-sharing
  programs. Only install options know you want.

30
More Tips

• Make sure the program you install does not
  contain spyware/adware.
• Many free programs contain adware, its how they
  make their money.
• Take it slow, and read the license agreements.
• Be wary of unexpected install prompts. If you
  didnt ask for it, dont trust it!
• Install a pop-up blocker. Many pop-ups contain
  tricks to install spyware. More info in the SPAM
  section.

31
Phishing
32
Phishing

• Phishing is a scam that tries to trick you into
  providing credit card numbers, passwords, account
  info, etc.
• Usually pop-up or in emails, pretend to be from
  trustworthy sites
• Ask you to follow a link (URGENT), and provide
  personal info.
• This info can be used to steal from your
  accounts, ruin credit, or steal identity.

33
An Example of a Phishing Email
More examples herehttp//www.antiphishing.org/ph
ishing_archive.html
34
Avoiding Phishing

1. Never respond to requests for personal
   information via e-mail. If in doubt, call the
   institution that claims to have sent you the
   e-mail.
2. Dont click on links. Manually visit the
   homepage.
3. Check to make sure the Web siteis using
   encryption.
4. Routinely review your credit card / bank
   statements.
5. Report suspected abuses of your personal
   information to the proper authorities.http//www.
   microsoft.com/athome/security/money/fraudvictim.ms
   px

35
Advanced Fee Frauds

• Similar to Phishing, scams that promise big
  for little or no effort on your part.
• Eventually ask you to pay to make money faster.
• Examples
• A foreign government official wants your help in
  transferring and will pay you a lot of to
  help.
• A relative you dont know has left you , and
  somehow knows your email, but needs your bank ??
• You've won a prize or a lottery (perhaps one from
  a foreign country) that you don't remember
  entering. All they need is personal info

36
7 Signs of a Scam

1. Unknown sender
2. Big , no effort
3. Up Front , strange fees
4. Asked for Bank Account or other personal info,
   even if they offer to put in it.
5. URGENT! (or else!)
6. Sender wants you to keep it confidential.
7. The sender offers to send you photocopies of
   "evidence" that their activity is legitimate
   (these are fake).

37
For More Protection Information

• www.microsoft.com/protect
• www.microsoft.com/security
• www.onguardonline.com
• Presentation slide deck by
• Daniel Rivera - ETTC
• Microsoft

38
(No Transcript)