Археология
Архитектура
Астрономия
Аудит
Биология
Ботаника
Бухгалтерский учёт
Войное дело
Генетика
География
Геология
Дизайн
Искусство
История
Кино
Кулинария
Культура
Литература
Математика
Медицина
Металлургия
Мифология
Музыка
Психология
Религия
Спорт
Строительство
Техника
Транспорт
Туризм
Усадьба
Физика
Фотография
Химия
Экология
Электричество
Электроника
Энергетика

Malware for Profit: Spyware, Botnets, Keystroke Loggers, and Dialers

⇐ ПредыдущаяСтр 4 из 4

During the 1980s and 1990s, it was usually taken for granted that malicious programs were created as a form of vandalism or prank. More recently, the greater share of malware programs have been written with a financial or profit motive in mind. This can be taken as the malware authors' choice to monetize their control over infected systems: to turn that control into a source of revenue.

Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behaviour for the financial benefit of the spyware creator. For instance, some spyware programs redirect search engine results to paid advertisements. Others overwrite affiliate marketing codes so that revenue is redirected to the spyware creator rather than the intended recipient.

Spyware programs are sometimes installed as Trojan horses of one sort or another. They differ in that their creators present themselves openly as businesses, for instance by selling advertising space on the pop-ups created by the malware. Most such programs present the user with an end-user license agreement that purportedly protects the creator from prosecution under computer laws.

Another way that financially-motivated malware creators can profit from their infections is to directly use the infected computers to do work for the creator. The infected computers are used as proxies to send out spam messages. A computer left in this state is often known as a zombie computer. The advantage to spammers of using infected computers is providing anonymity, protecting the spammer from prosecution. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks.

In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously. Botnets can also be used to push upgraded malware to the infected systems, keeping them resistant to antivirus software or other security measures.

It is possible for a malware creator to profit by stealing sensitive information from a victim. Some malware programs install a key logger, which intercepts the user's keystrokes when entering a password, credit card number, or other information that may be exploited. This is then transmitted to the malware creator automatically, enabling credit card fraud and other theft. Similarly, malware may copy the CD key or password for online games, allowing the creator to steal accounts or virtual items.

Another way of stealing money from the infected PC owner is to take control of a dial-up modem and dial an expensive toll call. Dialer software dials up a premium-rate telephone number such as a U.S. "900 number" and leaves the line open, charging the toll to the infected user.

Exercise 43. Answer the following questions.

1. Has the greater share of malware programs been written as a form of vandalism or prank more recently?

2. What are spyware programs produced for?

3. What are spyware programs sometimes installed as?

4. How can financially-motivated malware creators profit from their infections?

5. What is a zombie computer?

6. What systems are used by attackers in order to coordinate the activity of many infected computers?

7. What are botnets used for?

8. What is the principle of a key logger operation?

9. What is the other way of stealing money from the infected PC owner?

Exercise 44. Write the verbs related to the following words. Translate them.

Logger, dialer, behaviour, advertisement, agreement, prosecution, infection, directly, spammer, resistant, recipient.

Exercise 45. Make up questions to the underlined word combinations.

1. Malicious programs were created as a form of vandalism or prank.

2. Spyware programs are commercially produced for the purpose of gathering information about computer users.

3. Some spyware programs redirect search engine results to paid advertisements.

4. Other programs overwrite affiliate marketing codes.

5. They differ in that their creators present themselves openly as businesses.

6. Another way that financially-motivated malware creators can profit from their infections is to directly use the infected computers to do work for the creator.

7. The infected computers are used as proxies to send out spam messages.

8. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks.

9. The attacker can then give instructions to all the infected systems simultaneously.

10. Dialer software dials up a premium-rate telephone number such as a U.S. "900 number" and leaves the line open, charging the toll to the infected user.

Exercise 46. Memorize the following words and word combinations:

data-stealing malware – шкідливі програми, що крадуть дані (інформацію)

divest – позбавляти (прав, повноважень, власності)

proprietary - приватний

monetizing – перетворювати в гроші

underground – таємний, нелегальний, секретний, підпільний

content security threat – загроза інформаційному наповненню

fall under the umbrella – тут: стосуються цієї теми

keylogger – логер клавіатури

bot - (скорочено від robot) - мережевий агент-робот (програма, що автономно вирішує задачі)

phishing – фішинг (різновидність Інтернет-шахрайства -випитування конфіденційної інформації за допомогою запитів, що мають вигляд офіційних листів)

DNS – 1) Domain Name System - служба імен доменів;

2) Domain Name Server – сервер доменних імен

poisoning – тут: зміна, псування, викривлення

SEO – search engine optimization - оптимізація пошукових систем

proxy - проксі-сервер, віддалений комп’ютер, що виконує роль кешу; довірений, вповноважений

trace– слід, признак

routinely – щодня, регулярно, як заведено

flush – вимикати(ся) з роботи, скидати на диск (вміст файлових буферів)

drive-by download process – процес автоматичного завантаження непотрібної програми в комп’ютер

host - приймати, містити

temporary - тимчасовий

rogue - некерований

frequently - часто

extend - розширювати

multiple – складний, різноманітний, чисельний

thwart– руйнувати, заважати, перешкоджати

Intrusion Detection Systems (IDS)– система виявлення (мережевих) атак

perceivable - відчутний

anomaly – відхилення від норми

stealthy – непомітний, таємний, скритний

in terms of – в (якихсь одиницях)

decryption – декодування, дешифрування

keystroke – хід клавіші, натискання клавіші

screenshot – моментальний знімок екрану

Data Loss Prevention(DLP) – попередження втрати даних

leakage protection – захист від втрати

hinge - петля

metadata – метадані, (дані з описом інших даних)

tagging – маркування, тегування (супроводження даних тегами)

tag – маркувати, розставляти теги

miscreant – злодій, негідник

port – переносити, адаптувати

incident- випадок

spoof – обманювати, вводити в оману

covertly - таємно

upload – завантажувати у віддалений комп’ютер (в головний комп’ютер)

account name – реєстраційне (облікове) ім’я

DNS server - сервер служба імен доменів

credentials – мандат (обліковий запис з параметрами доступу користувача, сформований після його успішної аутентифікації)

masterminde a ring – керувати злочинним угрупуванням

cybercriminal – кіберзлочинець, кіберзлочинець, комп’ютерний злодій

craft – виготовити, створити

plant – встановлювати, розміщувати, ховати

hit - вразити

class-action – колективний позов

law suit – судовий процес

approximately - приблизно

Exercise 47. Read and translate the text.

Data-Stealing Malware

Data-stealing malware is a web threat that divests victims of personal and proprietary information with the intent of monetizing stolen data through direct use or underground distribution. Content security threats that fall under this umbrella include keyloggers, spyware, adware, backdoors, and bots. The term does not refer to activities such as spam, phishing, DNS poisoning, SEO abuse, etc. However, when these threats result in file download or direct installation, as most hybrid attacks do, files that act as agents to proxy information will fall into the data-stealing malware category.

Characteristics of data-stealing malware:

Does not leave traces of the event.

· The malware is typically stored in a cache that is routinely flushed.

· The malware may be installed via a drive-by download process.

· The website hosting the malware as well as the malware is generally temporary or rogue.

Frequently changes and extends its function.

· It is difficult for antivirus software to detect final payload attributes due to the combinations of malware components.

· The malware uses multiple file encryption levels.

Thwarts Intrusion Detection Systems (IDS) after successful installation.

· There are no perceivable network anomalies.

· The malware hides in web traffic.

· The malware is stealthier in terms of traffic and resource use.

Thwarts disk encryption.

· Data is stolen during decryption and display.

· The malware can record keystrokes, passwords, and screenshots.

Thwarts Data Loss Prevention (DLP).

· Leakage protection hinges on metadata tagging, not everything is tagged.

· Miscreants can use encryption to port data.

Examples and incidents of data-stealing malware:

· Bancos, an info stealer that waits for the user to access banking websites then spoofs pages of the bank website to steal sensitive information.

· Gator, spyware that covertly monitors web-surfing habits, uploads data to a server for analysis then serves targeted pop-up ads.

· LegMir, spyware that steals personal information such as account names and passwords related to online games.

· Qhost, a Trojan that modifies the hosts file to point to a different DNS server when banking sites are accessed then opens a spoofed login page to steal login credentials for those financial institutions.

· Albert Gonzalez was accused of masterminding a ring to use malware to steal and sell more than 170 million credit card numbers in 2006 and 2007 - the largest computer fraud in history. Among the firms targeted were BJ's Wholesale Club, TJX, DSW Shoe, OfficeMax, Barnes & Noble, Boston Market, Sports Authority and Forever 21.

· A Trojan horse program stole more than 1.6 million records belonging to several hundred thousand people from Monster Worldwide Inc’s job search service. The data was used by cybercriminals to craft phishing emails targeted at Monster.com users to plant additional malware on users’ PCs.

· Customers of Hannaford Bros. Co, a supermarket chain based in Maine, were victims of a data security breach involving the potential compromise of 4.2 million debit and credit cards. The company was hit by several class-action law suits.

· The Torpig Trojan has compromised and stolen login credentials from approximately 250,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as email, and FTP accounts from numerous websites, have also been compromised and stolen.

Exercise 48. Answer the following questions.

1. What is data-stealing malware?

2. What do content security threats include?

3.When do the activities such as spam, phishing, DNS poisoning, SEO abuse fall into the data-stealing malware category?

4. What are the charecteristics of data-stealing malware?

5. What are the examples and incidents of data-stealing malware?

Exercise 49. Give Ukrainian equivalents to the following word combinations:

data-stealing malware; to divest victims of personal and proprietary information; monetizing stolen data through direct use or underground distribution; content security threats; to fall under this umbrella; to include keyloggers, spyware, adware, backdoors, and bots; to refer to activities such as spam, phishing, DNS poisoning, SEO abuse; proxy information;to leave traces of the event; to be routinely flushed; a drive-by download process; to be generally temporary or rogue; tofrequently change and extend the function; to use multiple file encryption levels; tothwart Intrusion Detection System; to record keystrokes, passwords, and screenshots; leakage protection hinges on metadata tagging; to spoof pages of the bank website; to covertly monitor web-surfing habits; to steal login credentials; to mastermind a ring; to craft phishing emails; to plant additional malware on users’ PCs; a data security breach; to be hit by several class-action law suits.

Exercise 50. Give English equivalents to the following word combinations:

шкідливі програми, що крадуть дані; позбавляти жертви особистої та приватної інформації; перетворити в гроші викрадені дані за допомогою безпосереднього використання чи нелегального розподілу; загрози інформаційному наповненню; включати логери клавіатури та програмне забезпечення, що шпигує; безкоштовні програмні продукти, що містять рекламу, лазівки та мережеві агенти-роботи; стосуватися таких процесів, як спам, фішинг та псування служби імен доменів; неправильна експлуатація оптимізації пошукових систем; не залишати признаки подій; процес автоматичного завантаження непотрібної програми в комп’ютер; бути тимчасовим чи некерованим; використовувати складні рівні шифрування файлів; руйнувати систему виявлення мережевих атак; реєструвати хід клавіш, паролі та моментальні знімки екрану; руйнувати попередження втрати даних; кріпитися до тегування метаданих; обманювати сторінки вебсайтів, щоб викрасти чутливу інформацію; надсилати цільову рекламу, що вискакує; красти мандати реєстраційних імен; керувати злочинним угрупуванням; пролом системи захисту; колективний позов, судовий процес.

Exercise 51. Decode the abbreviations.

DNS, SEO, IDS, DLP, malware, Inc., FTP, email, Co.

Exercise 52. Speak on data-stealing malware. Give additional information about examples and incidents of this malware you have read or heard about.

Exercise 53. Read and translate the text.

“Safe Computing” Tips

1. Ensure that any message sent arrives at the proper destination.

2. Ensure that any message received was in fact the one that was sent, (nothing added or deleted).

3. Control access to your network and all its related parts, (this means terminals, switches, modems, gateways, bridges, routers, and even printers).

4. Protect information in-transit, from being seen, altered, or removed by an unauthorized person or device.

4. Any breaches of security that occur on the network should be revealed, reported and receive the appropriate response.

5. Have a recovery plan, should both your primary and backup communications avenues fail.

6. Use and update anti-virus software regularly.

7. Scan any newly received disks and files before loading, opening, copying, etc.

8. Never assume disks and/or files are virus-free.

9. To help avoid boot viruses, do not leave diskettes in your computer when shutting it down.

10. Change your computer's SMOS boot sequence to start with the С drive first, then the A drive.

For offices or homes with one or two computers, following these basic rules faithfully is probably adequate protection. However, in organizations with multiple PCs, especially in networks, a sound anti-virus strategy will necessarily be more complex. This is because vulnerability to viruses increases in proportion to the number of machines, the extent of their interconnection, and the number of non-technical users who may view anti-virus vigilance as "someone else's job". (In contrast, a "solo entrepreneur is likely to take the virus threat seriously because he or she will have to deal with infection results personally or pay an outside consultant.) All organizations are different in the way they operate and the industries they serve, so no one anti-virus scheme is correct for all enterprises. However, at the very least, a company's program should include ongoing user education and a system for tracking virus activity (suspect and real) in addition to using anti-virus software. Ultimately, your goal is to provide consistent, effective protection and a "damage control and recovery" plan for virus infections that may occur despite your efforts. In addition, and perhaps most importantly, you want to achieve this while minimizing any negative impact on staff productivity and system/network resources. Therefore, to formulate a comprehensive anti-virus plan, it is necessary to first analyze the "bit picture" of your organization along with its more detailed computing characteristics.

Exercise 54. Translate the following word combinations into English:

- контролювати доступ до вашої мережі та пов'язаних з нею частин (терміналів, перемикачів, модемів, шлюзів, мостів, маршрутизаторів і навіть принтерів);

- будь-які порушення безпеки, що відбуваються в мережі;

- мати план відновлення;

- регулярно використовувати та поновлювати антивірусне програмне забезпечення;

- уникнути вірусів завантаження;

- вразливість до вірусів;

- поодинокий підприємець;

- надійна антивірусна стратегія;

- постійне навчання користувачів;

- всебічний план антивірусного захисту;

- серйозно сприймати вірусну загрозу;

- забезпечити послідовний, ефективний захист та план контролювання вражень та відновлення;

- зменшити будь-який негативний вплив на продуктивність персоналу та ресурсів системи/мережі

Exercise 55. Can you add more safe computing tips to those listed in the text? What antivirus software do your prefer and why? Share your experience about using anti-virus software with your groupmates. Discuss its advantages and disadvantages.

⇐ Предыдущая 1 2 34

Поиск по сайту: