Figure 9-2: Malware Worms Stand-alone programs that do not need to attach to other programs Can propagate like viruses through e-mail, etc But this require human gullibility, which is slow In addition, vulnerability-enabled worms jump to victim hosts directl Can do this because hosts have vulnerabilities Vulnerability-enabled worms can spread with amazing speed Vendors develop patches for vulnerabilities but companies often fail or are slow to apply them 6
6 Figure 9-2: Malware • Worms – Stand-alone programs that do not need to attach to other programs – Can propagate like viruses through e-mail, etc. • But this require human gullibility, which is slow – In addition, vulnerability-enabled worms jump to victim hosts directly • Can do this because hosts have vulnerabilities • Vulnerability-enabled worms can spread with amazing speed • Vendors develop patches for vulnerabilities but companies often fail or are slow to apply them
Figure 9-2: Malware Payloads After propagation viruses and worms execute their payloads(damage code Payloads erase hard disks, send users to pornography sites if they mistype URLS Trojan horses are exploitation programs that disguise themselves as system files
7 Figure 9-2: Malware • Payloads – After propagation, viruses and worms execute their payloads (damage code) – Payloads erase hard disks, send users to pornography sites if they mistype URLs – Trojan horses are exploitation programs that disguise themselves as system files
Figure 9-2: Malware · Attacks on Individuals Social engineering is tricking the victim into doing something against his or her interests Spam is unsolicited commercial e-mail Credit card number theft is performed by carders Identity theft is collecting enough data to impersonate the victim in large financial transactions Fraud involves get-rich-quick schemes, medical scams 8
8 Figure 9-2: Malware • Attacks on Individuals – Social engineering is tricking the victim into doing something against his or her interests – Spam is unsolicited commercial e-mail – Credit card number theft is performed by carders – Identity theft is collecting enough data to impersonate the victim in large financial transactions – Fraud involves get-rich-quick schemes, medical scams
Figure 9-2: Malware · Attacks on Individuals Adware pops up advertisements Spyware collects sensitive data and sends it to an attacker Phishing: sophisticated social engineering attack in which an authentic-looking e-mail or website entices the user to enter his or her username, password, or other sensitive information 9
9 Figure 9-2: Malware • Attacks on Individuals – Adware pops up advertisements – Spyware collects sensitive data and sends it to an attacker – Phishing: sophisticated social engineering attack in which an authentic-looking e-mail or website entices the user to enter his or her username, password, or other sensitive information
Figure 9-3: Human Break-Ins(Hacking) Human Break-Ins Viruses and worms rely on one main attack method Humans can keep trying different approaches until they succeed Hacking Hacking is breaking into a computer Hacking is intentionally using a computer resource without authorization or in excess of authorization 10
10 Figure 9-3: Human Break-Ins (Hacking) • Human Break-Ins – Viruses and worms rely on one main attack method – Humans can keep trying different approaches until they succeed • Hacking – Hacking is breaking into a computer – Hacking is intentionally using a computer resource without authorization or in excess of authorization