return to Computers

SPAM
unsolicited, "junk" e-mail

 

As of November 2004, 88% of all e-mail is
SPAM, Phishing scams, viruses, or directory-harvest attacks.
1.3% of all e-mail contains malicious code, such as a virus.

 

In a corporate environment, the costs of SPAM (per month) are:
Lost Productivity $4.51
IT Resources $4.13
Help Desk Cost $1.25
Total = $9.89

For a company of 500 employees, the costs come to $60 000. per year.
SPAM costs a typical ISP about $0.14 per subscriber per month.
-CQ Weekly, 5/14/2003


56% of all spam messages originate in the United States.
10% originates in South Korea.
Drugs are the top product pitched. Viagra accounts for 1/6 of all spam.
-InformationWeek, 7/5/2004

 

to avoid SPAM:

1. never click on a SPAM message where it says "click here to be removed"
doing so will authenticate your address as a valid one, and SPAMMERS
will sell their lists of valid e-mail addresses to other SPAMMERS

2. don't read SPAM messages "On Line"
set your Outlook Express (or other mail client) to "Work Offline" before reading SPAM.
when SPAM e-mail with pictures are downloaded from a web site, there are often little
hidden programs which inform the SPAMMER'S web site of your e-mail address, which
confirms to the SPAMMER that your address is valid.  see #1 above


Bill Microsoft Gates receives 4 million SPAM emails per year.

Spammers use software to search websites and newsgroups for email
addresses, and then add the ones that they find to their spam list.
As a result, "famous" email addresses such as
billgates@chairman.microsoft.com
are prime targets for spammers.

(Spam-blocking software directs most of it to  /dev/null    = the trash bin)

 

 

 

SPIM
SPAM via Instant Messaging

 

VIRUSES / WORMS

 

90% of computer viruses are delivered via e-mail.

1 in 16 e-mail messages carried a virus in 2004.
1 in 33 e-mail messages carried a virus in 2003.

There are at least 81,000 different computer viruses in existence.
50 new computer viruses are released every day.

 

 

 

To avoid viruses and worms:

1. Don't use Microsoft products   see below

 

 

 

Computer worms with the biggest impact during the
2 1/2 year period from January 2003 thru June 2005:
1. Blaster
2. MyDooom
3. Netsky
4. Sasser only affects Microsoft Windows
5. Slammer
6. SoBig


1. The Blaster worm

24-year old Dan Dumitru Ciobanu of Romania has been charged with cybercrime offenses
for unleashing the Blaster.F Internet worm, a low-grade variant of the Blaster worm.
-IEEE Security, 2003

4. The Sasser worm attacks a software vulnerability in Windows XP, 2000 and Windows Server 2003.
Written by 19 year-old German Sven Jaschan, and released May 2004, Sasser causes
Microsoft Windows machines to crash and reboot. Macintosh and Linux systems are immune.

 

 



 

 

 

 



 

 

DoS
Denial of Service attacks

An attack designed to bring the network to a halt by flooding it with useless traffic.









return to top

PHISHING
email that appears to be from a reputable source, often providing what appears to be
a link to a legitimate web site, with the purpose being to steal identity or financial information

 

According to an analysis of internet traffic done by CipherTrust Inc. in October 2004,
just 5 bot networks generate virtually all of the world's phishing scams.

 

 

to avoid PHISHING scams:

 

D'oh!
Of 141 million on-line consumers:
57 million Americans have received phishing e-mails
11 million of them clicked on a link in a phishing e-mail
1.8 million of them submitted personal information
-Gartner Group, April 2004


 

Directory Harvesting Attacks

the "Brute Force" directory harvest attack:
a Spammer sends email to every conceivable username @yourdomain

  • bandwidth to your mailserver is consumed by thousands of the bogus incoming messages
  • most mailservers reject email sent to an invalid username with a "user not found" message, which is
     returned to the sender (the Spammer, in this case)
  • bandwidth from your mailserver is consumed by thousands of "user not found" replies
  • the Spammer assumes any email address not drawing a "user not found" reply is in fact a valid address
  • the Spammer creates a list of valid addresses for future Spamming, and sells this list of addreses to others

To make it more difficult for your mailserver to be "harvested" for its directory,
limit the rate of messages (# of messages per minute or per hour) the mailserver accepts.
This makes it more difficult for the attacker to send and get replies to the thousands of
messages that an attack of this sort requires.

You can imagine how beneficial it would be for ISPs such as yahoo.com and comcast.net to prevent
their mailservers from being attacked and harvested in this fashion.

Things you can do:
1. Make sure your mailserver rejects all invalid messages. If the server is configured to forward all invalid
    email to a specific account, such as postmaster, a directory harvest attack could fill your free disk space.
2. Put a limit on the frequency of email messages accepted by the mailserver.

 

 

 

 

return to top

Verizon's Spring Break (-In)

On May 2, 2004, four DS-3 cards were stolen from a Manhattan co-location
facility owned by Verizon Communications at 240 E. 38th St. just after 10:30pm.
The outage affected area customers of Sprint.

***

According to NYC Police, three DS-3 networking cards were stolen from
a Verizon CO at 240 E. 38th St.  Sprint lost several cards, Qwest also was
a victim. During the burglary, surveillance cameras were not operational.
Sprint, Qwest, XO Communications, and Looking Glass Networks were
affected by the theft.

*** ***

The co-location floor of a Verizon central office on 38th Street in New York City was burgularized,
leaving a handful of Verizon competitors - specifically Sprint Corp, Qwest Communications,
XO Communications, and Looking Glass Networks - without service for up to an entire day.

New York City Police Department officials pegged the heist at $433,000.
Of the 4 separate doors to the 8th floor co-lo office, the main door lacked a working lock.
All of the network racks that were burgularized were secured with simple Allen wrench bolts.
The building's main entrance security cameras were missing the night of May 2, awaiting upgrade.

51 pieces of networking gear, enough equipment to fill 2 duffel bags, was stolen.

from the NYPD crime report:
Inside of 211 East 37 Street
2004.05.02 23:30 Sunday
Grand Larceny

*** *** ***


Personal Computer Privacy Considerations:

Website History Destruction
Typed URL Destruction
Temporary Internet File Destruction
Search History Destruction
Run Programs History Destruction
Recent Document List Destruction
Media Player History Destruction
Recycle Bin Contents Destruction
Cached File Destruction
Cookie Destruction

http://www.intenseschool.com/

 

Captchas
Completely Automated Public Turing test to tell Computers and Humans Apart

Methods such as using wavy words in pictures, that require the user to re-type
the word to gain access.
Ticket scalpers use OCR (optical character recognition) software to get around
the Captchas used by ticketmaster.com.

 

SNiP (an ISP) employs Titan Key Pro to eliminate spam.

 

return to top
home

Copyright © billhance.com.  All rights reserved.