Data-Stealing Malware

Does not leave traces of the event.

· The malware is typically stored in a cache that is routinely flushed.

· The malware may be installed via a drive-by download process.

· The website hosting the malware as well as the malware is generally temporary or rogue.

Frequently changes and extends its function.

· It is difficult for antivirus software to detect final payload attributes due to the combinations of malware components.

· The malware uses multiple file encryption levels.

Thwarts Intrusion Detection Systems (IDS) after successful installation.

· There are no perceivable network anomalies.

· The malware hides in web traffic.

· The malware is stealthier in terms of traffic and resource use.

Thwarts disk encryption.

· Data is stolen during decryption and display.

· The malware can record keystrokes, passwords, and screenshots.

Thwarts Data Loss Prevention (DLP).

· Leakage protection hinges on metadata tagging, not everything is tagged.

· Miscreants can use encryption to port data.

Examples and incidents of data-stealing malware:

· Bancos, an info stealer that waits for the user to access banking websites then spoofs pages of the bank website to steal sensitive information.

· Gator, spyware that covertly monitors web-surfing habits, uploads data to a server for analysis then serves targeted pop-up ads.

· LegMir, spyware that steals personal information such as account names and passwords related to online games.

· Qhost, a Trojan that modifies the hosts file to point to a different DNS server when banking sites are accessed then opens a spoofed login page to steal login credentials for those financial institutions.

· Albert Gonzalez was accused of masterminding a ring to use malware to steal and sell more than 170 million credit card numbers in 2006 and 2007 - the largest computer fraud in history. Among the firms targeted were BJ's Wholesale Club, TJX, DSW Shoe, OfficeMax, Barnes & Noble, Boston Market, Sports Authority and Forever 21.

· A Trojan horse program stole more than 1.6 million records belonging to several hundred thousand people from Monster Worldwide Inc’s job search service. The data was used by cybercriminals to craft phishing emails targeted at Monster.com users to plant additional malware on users’ PCs.

· Customers of Hannaford Bros. Co, a supermarket chain based in Maine, were victims of a data security breach involving the potential compromise of 4.2 million debit and credit cards. The company was hit by several class-action law suits.

· The Torpig Trojan has compromised and stolen login credentials from approximately 250,000 online bank accounts as well as a similar number of credit and debit cards. Other information such as email, and FTP accounts from numerous websites, have also been compromised and stolen.

Exercise 48. Answer the following questions.

1. What is data-stealing malware?

2. What do content security threats include?

3.When do the activities such as spam, phishing, DNS poisoning, SEO abuse fall into the data-stealing malware category?

4. What are the charecteristics of data-stealing malware?

5. What are the examples and incidents of data-stealing malware?

Exercise 49. Give Ukrainian equivalents to the following word combinations:

data-stealing malware; to divest victims of personal and proprietary information; monetizing stolen data through direct use or underground distribution; content security threats; to fall under this umbrella; to include keyloggers, spyware, adware, backdoors, and bots; to refer to activities such as spam, phishing, DNS poisoning, SEO abuse; proxy information;to leave traces of the event; to be routinely flushed; a drive-by download process; to be generally temporary or rogue; tofrequently change and extend the function; to use multiple file encryption levels; tothwart Intrusion Detection System; to record keystrokes, passwords, and screenshots; leakage protection hinges on metadata tagging; to spoof pages of the bank website; to covertly monitor web-surfing habits; to steal login credentials; to mastermind a ring; to craft phishing emails; to plant additional malware on users’ PCs; a data security breach; to be hit by several class-action law suits.

Exercise 50. Give English equivalents to the following word combinations:

шкідливі програми, що крадуть дані; позбавляти жертви особистої та приватної інформації; перетворити в гроші викрадені дані за допомогою безпосереднього використання чи нелегального розподілу; загрози інформаційному наповненню; включати логери клавіатури та програмне забезпечення, що шпигує; безкоштовні програмні продукти, що містять рекламу, лазівки та мережеві агенти-роботи; стосуватися таких процесів, як спам, фішинг та псування служби імен доменів; неправильна експлуатація оптимізації пошукових систем; не залишати признаки подій; процес автоматичного завантаження непотрібної програми в комп’ютер; бути тимчасовим чи некерованим; використовувати складні рівні шифрування файлів; руйнувати систему виявлення мережевих атак; реєструвати хід клавіш, паролі та моментальні знімки екрану; руйнувати попередження втрати даних; кріпитися до тегування метаданих; обманювати сторінки вебсайтів, щоб викрасти чутливу інформацію; надсилати цільову рекламу, що вискакує; красти мандати реєстраційних імен; керувати злочинним угрупуванням; пролом системи захисту; колективний позов, судовий процес.

Exercise 51. Decode the abbreviations.

DNS, SEO, IDS, DLP, malware, Inc., FTP, email, Co.

Exercise 52. Speak on data-stealing malware. Give additional information about examples and incidents of this malware you have read or heard about.

Exercise 53. Read and translate the text.

“Safe Computing” Tips

1. Ensure that any message sent arrives at the proper destination.

2. Ensure that any message received was in fact the one that was sent, (nothing added or deleted).

3. Control access to your network and all its related parts, (this means terminals, switches, modems, gateways, bridges, routers, and even printers).

4. Protect information in-transit, from being seen, altered, or removed by an unauthorized person or device.

4. Any breaches of security that occur on the network should be revealed, reported and receive the appropriate response.

5. Have a recovery plan, should both your primary and backup communications avenues fail.

6. Use and update anti-virus software regularly.

7. Scan any newly received disks and files before loading, opening, copying, etc.

8. Never assume disks and/or files are virus-free.

9. To help avoid boot viruses, do not leave diskettes in your computer when shutting it down.

10. Change your computer's SMOS boot sequence to start with the С drive first, then the A drive.

For offices or homes with one or two computers, following these basic rules faithfully is probably adequate protection. However, in organizations with multiple PCs, especially in networks, a sound anti-virus strategy will necessarily be more complex. This is because vulnerability to viruses increases in proportion to the number of machines, the extent of their interconnection, and the number of non-technical users who may view anti-virus vigilance as "someone else's job". (In contrast, a "solo entrepreneur is likely to take the virus threat seriously because he or she will have to deal with infection results personally or pay an outside consultant.) All organizations are different in the way they operate and the industries they serve, so no one anti-virus scheme is correct for all enterprises. However, at the very least, a company's program should include ongoing user education and a system for tracking virus activity (suspect and real) in addition to using anti-virus software. Ultimately, your goal is to provide consistent, effective protection and a "damage control and recovery" plan for virus infections that may occur despite your efforts. In addition, and perhaps most importantly, you want to achieve this while minimizing any negative impact on staff productivity and system/network resources. Therefore, to formulate a comprehensive anti-virus plan, it is necessary to first analyze the "bit picture" of your organization along with its more detailed computing characteristics.

Exercise 54. Translate the following word combinations into English:

- контролювати доступ до вашої мережі та пов'язаних з нею частин (терміналів, перемикачів, модемів, шлюзів, мостів, маршрутизаторів і навіть принтерів);

- будь-які порушення безпеки, що відбуваються в мережі;

- мати план відновлення;

- регулярно використовувати та поновлювати антивірусне програмне забезпечення;

- уникнути вірусів завантаження;

- вразливість до вірусів;

- поодинокий підприємець;

- надійна антивірусна стратегія;

- постійне навчання користувачів;

- всебічний план антивірусного захисту;

- серйозно сприймати вірусну загрозу;

- забезпечити послідовний, ефективний захист та план контролювання вражень та відновлення;

- зменшити будь-який негативний вплив на продуктивність персоналу та ресурсів системи/мережі

Exercise 55. Can you add more safe computing tips to those listed in the text? What antivirus software do your prefer and why? Share your experience about using anti-virus software with your groupmates. Discuss its advantages and disadvantages.