Phishing: e-mail, phone, and targeted (spear) phishing
Denial of Service extortion
Keystroke loggers stealing financial information
Rent out armies of infected systems for all of the above
RAM scrapers pulling CC numbers of POS terminals
Software Distro-Site Attacks
Hack into web and FTP sites and alter software to include backdoor ==> Everyone who downloads and uses the tool is impacted
Another approach is embodied in ISR-Evilgrade tool
Listens for software to request update
Sends response with malware
Currently includes modules for Java browser plug-ins, Winzip, WinAmp, MacOS X, OpenOffice, iTunes, Linkedln toolbar, and more More than 6o software packages in total whose Internet updates can be subverted this way
Software Distro-Site Defenses
Check hashes across multiple mirrors
Check both MD5 and SHA-1 at least
Md5sum and sha1sum are built into Linux
Md5summer is available for free for Windows (md5summer.org)
Md5deep is another good project at http //md5deepsourceforge.net/
Calculates MD5, SHA-;, SHA-256, Tiger, and Whirlpool hashes
Available for Win and Linux/UNIX
RIPEMD-160
Check PGP signatures if available
Make sure you check against a trustworthy key
Don’t put new software directly into production; test first
Reconnaissance
DNS and nslookup
The Domain Name System is full of useful information about a target
• The attacker?s goal is to discover as many IP addresses associated with the target domain as possible
• The nslookup command can be used to interact with a DNS server to get this data