PLI Podcast: Rik Ferguson, and Cyber-Crime 101

Posted on 16 March 2011 by


Rik Ferguson of the security vendor Trend Micro joined us to talk about some of the real world threats facing Internet users. This is one of the first podcasts we’ve made public, because it gives some really basic information we think it’s important to get out to officers.

Download the podcast here| Download via iTunes here

First, he gives a basic, plain-language guide to the common terms used.

Malware is an industry term making its way into common usage, meaning malicious software.

Viruses Malicious code which replicates itself into other files.
Worms Malware that replicates across networks, reaching out to other machines to propagate its infection
Rootkits A tool or set of tools which are designed to hide malware from the end user; anything used to hide code used to commit Cybercrime
Trojans A piece of malcode that does something while pretending to do something else.

Historically malware as aimed at creating fame for the author, since the turn of the century, criminals have become more interested in making money from it, this is what we now know as cyber-crime.

Rik begins the discussion with some statistics, then goes into some very interesting talks about how cyber-criminals commit crime.

Some high-level points:

  • Criminals target user machines to harvest information, to use the machines as distribution points for spam, malware, files or to launch attacks upon other computers.
  • Criminals will capture machines and then rent those captured machines to other criminals to commit further crimes.
  • It’s very common that those infected don’t notice – Criminals have a vested interest in making sure that you don’t notice the infection, therefore they are careful not to overload your processor
  • In underground forums, US credit card details are sold for as little as $2 per card, much less in bulk. To buy a complete identity package – card number and CV2, expiry date, mother’s maiden name etc – can be as little as $10. A million email addresses sell for as little as $8.
  • Targeted online information such as geolocation is used to make more valuable spam lists.
  • The typical malicious infection process works something like this: a user visits an infected site, where he unknowingly downloads a small piece of code. That code will, once downloaded, call back to a command anc control network and report the environment (for example, Windows 7, Internet Explorer, Adobe Acrobat, etc). It then receives instructions and more malcode to run and carry out criminal jobs, like renting out your machine as a spam relay.
  • Cyber-criminal rewards are very high. One criminal gang in Eastern Europe selling scareware – fake security software that tricks users into paying for and downloading software to “fix” computer problems, all the while infecting the machine with new malcode – made $180 million in just 12 months.
  • Cyber-crime risks are low. The chances of getting caught are slim, and if caught, punishments are very light.
  • Scareware has crossed into the real world. Criminals are calling people at random saying “I’m from the help desk, pay me to fix your computer.
  • Cops are being targeted for a range of reasons. Rik walked us through a targeted attack and how that might work
  • Consider very carefully every piece of information you share online

Towards the end, Rik describes drive-by downloads: how you can get infected by visiting a site; and he also describes RAT: Remote Access Tools, used by criminals to take control of computers.

Finally, Rik gives us the top three ways that we can defend ourselves – these are no-cost tips on how to make ourselves harder targets. Download the podcast here | Download via iTunes here