Wednesday, 7 October 2009


               MODULE LEADER – DR STILIANOS VIDALIS                               
  2009 – 2010

  7.1 MALWARE 12-13
11. APPENDIX (i) 21-23

Table of Figures
Figure 1: Threat Agent Categories 6
Figure 2: Business Processes 7
Figure 3: Modern E- Crimes 10
Figure 4: E- Crime Statistics 10
Figure 5: Virus and Worm Statistics 13
Figure 6: Target Specific Attacks 16
Figure 7: Increasing complexity of viruses, worms, malware with time 17
Figure 8: Various E- Crimes 18

The contemporary world is using internet based technology in order to meet the ever
increasing consumer (or user) demands, and to enhance their businesses. The increase in use of computers or internet based technologies in businesses and organizations led to the shocking increase in cybercrime . The internet (or businesses using computers) undoubtedly became a primary target for cybercrime. The motives of the cybercriminals was primarily for financial gain, but now their motives have expanded to political, religious, revenge, power, and terrorism. The understanding of the motives behind the attack shall be beneficial in the approach of combating ‘cybercrime’.
This report has been compiled in order to thoroughly analyze cybercrime and its effect
on Small and medium- sized enterprises (SMEs). The reports comprises of the following:
• Cyber Crime
• Goals or Motives behind E- crimes
• Various Threat Agent Categories and their Attributes
• Business Processes
• Cybercrime Classification: Types of E Crime
• Techniques used in order to commit cyber crime and the impact on Business Processes
• Safety Measures in order to combat cybercrime

The research method used for this report includes secondary research methods:
• Secondary Research comprises of websites, books, online magazines, and journals.
All references have been appropriately referenced.

Cybercrime or E- Crime is any crime which involves the use of a computer. It includes criminal acts such as pharming, phishing, and denial of service attacks etc. which are used by cybercriminals in order to attack an organization or e- commerce companies.
In order to combat cybercrime, it is very important to understand the goals or motives of the cybercriminals who launch attacks such as denial of service or phishing attacks. A threat assessment of an organization should also be carried out, which will analyze the potential vulnerabilities and then will aid in securing the organization’s assets and also combating E-crime.
- Goals or Motives behind E- crimes
According to Jones, A. 2002, there are some commonly accepted motivational drivers, which are: political, social, secular, personal gain, religious, revenge, power, terrorism, and curiosity. Some important definitions that will be useful for this paper in assessing cybercrime include the following:
- Threat is the risk of an attack on a computer system
- Vulnerability is the assessment of exploiting a flaw or weakness
- Motivation is the extent to which an attacker is prepared to exploit a threat.
- Capability is the extent to which an attacker or threat agent is able to utilize a threat.
- Hackers are persons involved in the development of the computing world. Hackers can be called “good people” since they will never intentionally cause disruption or damage to anyone.
- Crackers are persons who are unethical, with malevolent intent. Crackers generally contribute to cybercrimes such as piracy and gain personal satisfaction as well as monetary gain.
The term threat agent is used to denote an individual or group of individuals that can exploit a threat. The various threat agent categories have been illustrated in the figure 1 below and their attributes will be discussed later in the report.
Figure 1: Threat Agent Categories
- (Vidalis, S. 2005)
The following types of business processes have been identified:
a) Management, Human Resources (HR) & Finance - Training and monitoring the employees, and building and maintain relationships with customers.
b) Accounting & Technical (IT) Staff - Records of companies profit/ loss, annual turnover is also recorded by the staff, and any technical assistance is provided.
c) Product Development - It is the process where products are developed or produced.
d) Quality & Product/Service Delivery – Quality of the products is maintained or enhanced and delivered to the customers.
e) Sales & Marketing – After production, marketing is necessary in order to promote the products to seek potential customers.
o Advertise and popularize their products amongst people
o Advertising jobs for future employees inside and outside of business
o Allow people to view financial reports or company mission statements
o Allows customers to purchase the finished products. Nowadays, most of the companies offer to sell their products online as well. The payment methods can be using credit/ debit cards or PayPal, which is used by companies using e- commerce.
- (HALL, D. AND OTHERS. 2004)

Figure 2: Business Processes
It can be classified in to the following four major categories:
A. Cyber crime Against an Individual
B. Cyber crime Against Property
C. Cyber crime Against Organization
D. Cyber crime Against Society
- (ReportCybercrime, 2009)
(A) Against Individuals
i) Email spoofing – Please refer to Appendix (i) Computer Terms for all definitions of
the different types of e- crime attacks
ii) Spamming
iii) Cyber Defamation: This occurs when defamation takes place with the help of
computers or the Internet. E.g. someone publishes offensive matter about someone on a website or sends e-mails containing offensive information.
iv) Harassment & Cyber stalking: Cyber Stalking is following the traces of an individual's
movement over the internet. It can be done with the help of many procedures available such as e- mail, chat rooms.
(B) Against Property
(i) Credit Card Fraud,
(ii) Intellectual Property crimes: These include the following:
• Software piracy: illegal copying of programs, distribution of copies of software.
• Copyright infringement
• Trademarks violations
• Theft of computer source code
(iii) Internet time theft: the usage of the Internet hours by an unauthorized person
(C) Against Organization
i) Unauthorized Accessing of Computer: Accessing the computer/network without
permission of the owner. It can of two types:
  a) Changing/deleting data: Unauthorized changing of data.
  b) Computer voyeur: The criminal reads or copies confidential or proprietary
  information, but the data is neither deleted nor changed.
ii) Denial of Service Attack
iii) Virus attack
iv) Email Bombing
v) Salami Attack: When negligible amounts are removed & accumulated in to
  something larger. These attacks are used for the commission of financial crimes.
vi) Data diddling: This kind of an attack involves changing of raw data just before it is
processed by a computer and then changing it back after the processing is completed.

(D) Against Society
(i) Forgery: currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners and printers.
(ii) Cyber Terrorism: Use of computer resources to intimidate or coerce others.
(iii) Web Jacking: Hackers gain access and control over the website of another, even they change the content of website for fulfilling political objective or for money.
- (ReportCybercrime, 2009)

The E-crime is increasing every year, with introduction of more advanced and specific techniques being used by the cyber criminals; the crimes are more devastating for businesses or organizations.
Denial of Service
Phishing/ Pharming
Credit card fraud
Identify Theft
Threats from Disgruntled employees
Interception of Wireless LAN communications
Figure 3: Modern E- Crimes

Figure 4: Modern E- Crimes
Figure 4: E- Crime Statistics
i) What is Malware and how does it spread?
Malware is a shortened term for ‘malicious software’ which is programmed with the intention of damaging or controlling a computer without the user consent.
Malware includes virus, trojan horse, worm, spyware, adware, bacteria or rabbits, backdoors, root kits, and logic bombs. Please refer to Appendix (i) by BCRC, 2008 for the definitions of the terms mentioned above.
It is often spread through normal methods of communication such as: 
• Email and instant messages
• Infected website
• Hidden in a program downloaded or installed
• Downloaded from peer-to-peer connections
• Toolbars – eg. Free smileys popup is said to be containing a Trojan
  The programmes track all user online activity to a third party. Key loggers are able to record everything the user (victim) types by keyboard which may include credit card details, important customer details, online banking passwords and other sensitive information.

ii) Effect of Malware on Business
• Spyware: Theft of the user’s and customer’s data. The main aim of spyware software is to steal information and then defraud businesses. Spyware can also be used to embed Trojan horses, viruses and worms to damage a computer and files or consume all the resources of the system. One computer on its own may not produce very devastating results but when linked with other computers on the network, referred to as a Botnet; the results can be extremely destructive.

• Common symptoms of infection of malware on a system include: 
- The system running slowly or becoming less stable by restarting or shutting down on its own.
- Trojan horses and other types of malware consume all resources such as processing power, memory and internet bandwidth which ultimately hangs the system.
• In Russia, malicious hackers used a Trojan horse to gain control over a gas pipeline run by Gazprom.
• In January 2003, the “Slammer” worm caused major problems for IT systems around the world, penetrated the safety monitoring system at a US nuclear plant for nearly five hours.

i) What is a Virus and how does it spread?
A computer virus is software or coding written by a programmer used for infecting a computer. The most common method of spreading viruses is via email attachments. Viruses used to be spread through the sharing of floppy disks. Other methods such as disks and USB data sticks present a similar threat. However, infection most commonly occurs through email.
ii) Effect of Virus on Business
The effects a virus can have range from annoying but harmless, such as humorous text or pictures being displayed on the monitor to the more malevolent sort that will delete all of the files on the hard disk. It is these types of virus that can have the most detrimental effect on a business and that is why it is always necessary to have secure backups of all your data. Hence, a virus can affect all the processes of business especially the management process since all the files are crucial for the company.

iii) Prevention from Virus and other Malware:
• Use good Antivirus, anti spyware Software, which is regularly updated with signatures of
latest viruses, trojans, worms, spywares, adwares etc.
• Always ensure a back up of the files to an external hard disk/ USB Disks or to a server
• Do not download unsecure attachments in emails
• Using secure firewall settings
• Train staff to be aware of the methods used to infect a computer. Employers should ensure that their staff / employees are aware of malware and pop-ups. When a pop up window appears, they should just click on the small 'x' in the top right corner.
• If a business has a network of computer users linked to the internet, then it will be safer to physically restrict downloads to individual computers. It can be done using the system administration tools and backed up by an Internet usage policy.
Figure 5: Virus and Worm Statistics
- (Skoudis, Zeltser, 2003)

Cyber criminals infiltrated computer systems via the use of viruses, Trojan horses and backdoors. This infiltrated system is called a Zombie; and the attacker gains full access to this computer and can control its resources like memory etc. Criminals often build up a network of these ‘Zombie’ computers which can then be used for a Denial of Service (Dos) attack thus disabling a business's online access or website.
Spamming is also done in a similar way by using botnets to continuously bombard emails to the victim’s address, thereby, making it crash or unavailable for any use. There are many software available which allow an attacker to send thousands of emails to the victim’s email address.
In this way a cyber criminal can take out a company’s website for monetary gain or to extort and blackmail a company by persistently blocking their website until payment is made. The computer can be used to carry out specific crimes like spreading virus as the remote user is untraceable. A collection of Zombie computers is called a ‘Botnet’ which is then controlled individually or collectively known as Bot-herders. Bot-herders rent out Botnets to relay Spam and launch phishing scams to steal sensitive data. When several zombie computers or botnets are used to attack a vulnerable system, it is known as Distributed Denial of Service Attack (DDos).
DoS and DDoS attacks are not limited to large companies, cyber criminals and Bot Herders can be hired to attack the websites of any SME irrespective of size. A coordinated attack via thousands of compromised 'Bots' against high-profile sites, saturate the target's bandwidth and capability to respond to legitimate connections. The high volume of traffic going through the website forces it to crash or shut down. For a company that relies solely on its website to trade; it becomes critical to keep it up and running and hence, the Bot herders extort money from the compromised company. Attacks using the concept of DoS and DDos also include Man in the Middle Attack where the information between the router and victim (user) during a transaction process like (details of Banking or Buying an item) is directly sent to the attacker’s address.
Phishing is a form of Identity Theft that involves sending out emails randomly to people. Attackers use spoofed emails and fraudulent websites to trick people into giving out their personal financial data. Phishers hijack names of banks, web retailers and credit card companies and send out wave after wave of emails that ask the recipient to click on a link to update their details on what turns out to be a fake website. The message appears to be credible because the email and related website often incorporate the company logo making them look identical to the email or website communications of the legitimate company.
Pharming is similar to Phishing technique as it directs users to fake sites, via forged emails or by a piece of spyware, when they are trying to access legitimate websites. A customer logs on to the website, often using the web address they have stored in their internet browser favourites folder, to what looks like a familiar internet banking site and is unknowingly redirected to a fraudulent site. It is possible for a virus or an attacker to change all the websites in a user’s Favourites folder to scam websites. When the victim visits the fake website and enters the details like credit card or bank details it gets transferred to the attacker’s address.
- (BERR, 2008)
Impact of Phishing/Pharming on Business
• If any business has a website requiring personal information (like banking details or even email addresses and passwords) that is hacked or spoofed then their customers and employees could be victims to the scam as well. If one of their customers attempt to access the company’s site and disclose their personal information; it will result in an identity theft, then clients’ confidence in the company will be shattered.
• If a company’s website is out of operation then it could be losing lot of potential sales. Clients wanting to purchase goods or services may not be able to so, hence, causing lot of loss to the company’s income.

Measures to prevent Phishing/ Pharming
• Install anti-virus and anti-spyware software keep them updated regularly.
• Do not access important websites or your banks website via a link in your favourites list due to the reason mentioned in section 6.4 of the report.
• Always look for small padlock when visiting a bank’s website (indicates that the website is securely certified) and in the address bar, the http: should have changed to https: the extra s indicating the site is secure.
• Scammers are able to spoof websites and are able to put a padlock image on the screen and therefore users should always be very careful when visiting a bank’s website. By clicking on the padlock, the certificate details will be displayed. If nothing happens then it means it is a spoofed website of the bank.

Figure 6: Target Specific Attacks
- (KPMG, 2009)

7.4 E-Crime Statistics

Figure 7: Increasing complexity of viruses, worms, malware with time
- (VIDALIS, S. 2009)
• Around 830,000 businesses in the UK suffered an online/computer related security incident in 2007/08.
• It is estimated that there were 132,800 cases of computer misuse (excluding viruses) in 2007.
• Virus infection dropped now is the fourth most common type of security incident, accounting for 21% of all incidents. In 2006, it accounted for 50% of the worst security breaches for UK business.
- (BERR, 2008)

In this report the following topics have been thoroughly discussed and examined:
• Cyber Crime
• Goals or Motives behind E- crimes
• Threat Agent Categories
• Business Processes
• Cybercrime Classification: Types of E Crime and techniques
• Techniques used in order to commit cyber crime and the impact on Business Processes
• Safety Measures in order to combat cybercrime

Figure 8: Various E- Crimes
- (BERR, 2008)
The various types of cybercrimes, the various techniques used by cyber criminals and their affects on business processes, were critically analysed and a list in order to prevent those crimes was also provided.

• BCRC, 2008. Cybercrime: Threats and Solutions. [WWW] (28th July 2009)
• BERR, 2008. Information Security Breaches Survey 2008. [WWW] (24TH July 2009)
• HALL D., JONES R., RAFFO C. 2004. Business studies 3rd edition. CAUSEWAY PRESS LTD. LANCS
• JONES, A. 2002. "Protecting the Critical National Infrastructure - Developing a Method for the Measurement of Threat Agents in an Information Environment." Information Security Technical Report February 2002 7(2): 22-36.
• KPMG, 2009. e-Crime Survey 2009. [WWW] (26th July 2009)
• ReportCybercrime. 2009. [WWW] (20th July, 2009)
• SKOUDIS E., ZELTSER L. 2003. Malware: Fighting Malicious Code. Prentice Hall PTR, ISBN 0131014056
• VIDALIS, S. 2009. Lecture 7: Malware. (24th March 2009)
• VIDALIS, S. and JONES, A. 2005 Analyzing Threat Agents & Their Attributes. UK: University of Glamorgan.

• BLYTH, A. J. C. AND KOVACICH L. (2001). Information Assurance: Computer Communications & Networks. UK, Springer-Verley.
• CONWAY, M. (2003). "Hackers as Terrorists? Why it doesn't compute." Computer Fraud & Security. December 2003 (12): 10-13.
• REYES, A., O’SHEA, K., STEELE, J., HANSEN, J., JEAN, B., RALPH, T. 2007. Cyber Crime Investigations. USA: Syngress Publishing, Inc.
• FORCHT, K. A. (1994). Computer Security Management, Boyd & Fraser.
• GHOSH, S. (2004). "The nature of Cyber-attacks in the Future: a position paper." Information Systems
• SUMMERS, R. C. (1977). Secure Computing: Threats & safeguards, McGraw-Hill.

11. Appendix (i) – Computer Terms
Back Door
A loophole in a computers security system that allows a hacker/malware to access it.

Bots / Botnets
A collection of computers that have been infected with maliciously programmed code. The Bot is the singular; the Botnet refers to a collection of Bots. Botnets are then used to launch a co-ordinated attack against a victim's computer or website, most often resulting in a denial of service. A Botnet is also referred to as a Zombie network

Bot Herder
A Bot herder is the person who is in control of the Botnet. The herder often hires out their net for a length of time to be used for malicious activities such as spamming or DoS.

A failure, error or flaw in a computer program.

Denial of Service (DoS)
A type of net attack, where a maliciously generated traffic aims at consuming the resources of a server, thus preventing valid traffic from reaching the machine, which regular users experience as "denying" the service that the server should provide, e.g. showing a website.

Distributed Denial of Service (DDoS)
This is a DoS attack, but performed using multiple computers, which then focus the malicious traffic on a victim server, consuming its bandwidth. In most cases, these computers are controlled remotely by hackers and are connected in so called "Botnets". Such computers are also called Zombies.

Act of exploiting or investigating software vulnerabilities. Hacking can be thought of as someone physically breaking into your business, looking around, changing a few things and also maybe stealing some items.

Identity Theft
The crime of impersonating someone, using their private information, for financial gain.

Key Logger
A piece of software, generally malware, that logs a users keystrokes, and captures private information, passwords or credit card details.

Mail Bomb
An excessively large amount of email data sent to make the recipients email program crash.

These are malicious bits of code often embedded into website or emails that once triggered, run harmful programmes on your computer.

Similar to Phishing. Fraudsters use fake emails, websites or viruses to direct users into entering personal details into a website, usually login information which is then used to steal money or identities.
Activity of defrauding an online account holder of financial information by posing as a legitimate company.

Irrelevant or inappropriate messages sent on the Internet to a large number of recipients.

Unwanted software that secretly monitors a user's activity, scans for private information or gives outsiders control of a computer.

Trojan horse
Program designed to breach the security of a computer system while ostensibly performing some innocuous function.

Piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.

A self-replicating programme able to recreate itself to spread from computer to computer over a network. The worm is similar to a virus in that it will likely have malicious intent but unlike a virus it can spread by its own accord.

A Zombie is the term usually used to refer to a computer that has been infected and is being used as part of a net.

No comments:

Post a Comment