Detecting and Combating Malicious Email - Cade Kamachi, Julie JCH Ryan

Detecting and Combating Malicious Email (eBook)

Cade Kamachi, Julie JCH Ryan (Autoren)

eBook Download: EPUB | PDF

2014 | 1. Auflage
94 Seiten
Elsevier Science (Verlag)
978-0-12-800546-0 (ISBN)

Detecting and Combating Malicious Email describes the different types of malicious email, shows how to differentiate malicious email from benign email, and suggest protective strategies for both personal and enterprise email environments.

Discusses how and why malicious e-mail is used
Explains how to find hidden viruses in e-mails
Provides hands-on concrete steps to detect and stop malicious e-mail before it is too late
Covers what you need to do if a malicious e-mail slips through

Malicious email is, simply put, email with a malicious purpose. The malicious purpose could be fraud, theft, espionage, or malware injection. The processes by which email execute the malicious activity vary widely, from fully manual (e.g. human-directed) to fully automated. One example of a malicious email is one that contains an attachment which the recipient is directed to open. When the attachment is opened, malicious software is installed on the recipient's computer. Because malicious email can vary so broadly in form and function, automated detection is only marginally helpful. The education of all users to detect potential malicious email is important to containing the threat and limiting the damage. It is increasingly necessary for all email users to understand how to recognize and combat malicious email. Detecting and Combating Malicious Email describes the different types of malicious email, shows how to differentiate malicious email from benign email, and suggest protective strategies for both personal and enterprise email environments. Discusses how and why malicious e-mail is used Explains how to find hidden viruses in e-mails Provides hands-on concrete steps to detect and stop malicious e-mail before it is too late Covers what you need to do if a malicious e-mail slips through

Chapter 2

Types of Malicious Messages

Abstract

A malicious message is any message in electronic form, sent through an automated information processing systems, which has been crafted or designed to assist in the achievement of a goal that is, in one or more ways, dangerous to the best interests of the recipient. In simpler terms, it is an electronic message that can cause you, or the systems you are connected to, harm. Herein lays the danger of malicious email: if simply opening an email can cause problems for you, how can you possibly know which emails are safe to open and which ones are not? Further, how can you know whether an attachment is safe to open or not? It is important to realize that there are no 100% solutions. Types of malicious messages range from phishing attacks, which are designed to get recipients to reveal sensitive information, to messaging with embedded malicious software. Understanding the characteristics of malicious messages can help you answer the question, “is this email legitimate and is it safe to open?”

Keywords

Phishing

Spam

Unsolicited Commercial Email

The introduction serves to illustrate the space of the problem. However, to understand what malicious messaging is, and what it is not, it is important to start with a specific definition. The definition offered here is the broadest possible, so that our explorations of the topic can include all possible dangers.

Malicious Message: A message in electronic form, mediated by automated information processing systems, that has been crafted or designed to assist in the achievement of a goal that is, in one or more ways, dangerous to the best interests of the recipient.

In simpler terms, it is an electronic message that can cause you, or the systems you are connected to, harm. There you have it: a short and to the point definition, that makes the point clear: you need to defend yourself against someone who intends to harm you. A tricky follow-on to that definition is figuring out what the potential scope of harm is. Can email harm you physically? Well, not by itself, since an email is nothing but a string of electrons. A properly crafted email may harm your computer, your data, or your network or any network to which you are connected. Additionally, a malicious email may possibly lead you into a situation in which physical harm is a possibility.1

Herein lays the danger of malicious email: if simply opening an email can cause problems for you, how can you possibly know which emails are safe to open and which ones are not? Further, how can you know whether an attachment is safe to open or not? It is important to realize that there are no 100% solutions. In this book, we are going to review methods and techniques to give you a fighting chance in the ever escalating war between the senders and the receivers of malicious email.

We have set the stage for developing the skills to identify and combat quickly most malicious emails. Why only “most”? That is part of the problem, and is why education is so important: the attackers are constantly learning and refining their techniques to improve their chances of success. That is why the last chapter in this book covers what to do if one-or-more malicious emails successfully find their target. The target might not be you—it might be a colleague or a loved one, it may be a group you belong to, or it may be the resources and/or systems of your company. In any event, good preparations include not only preventing problems but also being ready to react should a problem occur.

A word closely associated with malicious messaging is “phishing.” This word is pronounced the same as the word “fishing” and it refers to a set of actions done to get victims to reveal sensitive information, such as bank account details, login credentials, passwords, or detailed personal information. In other words, the attacker is fishing for information. Phishing is closely associated with malicious messaging because the easiest way for attackers to execute this type of attack is by the use of messaging technologies, primarily email.

Recognizing that phishing is one of the great threats to an individual or institution, many researchers have set out to find an answer or create a tool that will prevent phishing attacks. Others have studied how the users can be better prepared to defend against such attacks, but nobody has done the research that ties it together into a holistic defense strategy. Some of this work brings together the research and practical knowledge assembled by many other sources, creating a unified framework for defending against phishing attacks. Through the fusion of various studies, a more robust and complete defense strategy can be created, and that through its implementation, individuals and organization will reduce the number of successful phishing attacks experienced annually. Until that work is completed and solutions are deployed, it is up to the individual user to understand and take steps to guard against these types of attacks.

In order to discuss malicious messages, I have divided the types into several categories of features. It is important to point out that these feature types are not exclusive: a malicious message can have several of the type features embedded in one message. However, in order to discuss the problem space, it is easier to separate and consider the problems individually. Once you know what the types of problems are, you are better able to recognize and avoid the problems.

It is important to point out that malicious messaging is not always spam, formally known as Unsolicited Commercial Email (UCE). UCE can clog your inbox, be very annoying, and steal time from more productive activities, but may not be malicious per se. Email and other forms of electronic messaging stray into the malicious zone when the purpose of the message goes beyond the simple advertising of a product. It can be very difficult indeed to differentiate annoying-but-legitimate unsolicited messages from malicious messaging. In fact, malicious email sometimes can even disguise itself as legitimate unsolicited messages in order to trick you into opening the email.2

Here are some examples of malicious email:

• invitations to participate in some activity, such as an employment scheme, that can result in theft of money (usually from the recipient);

• requests or demands to click on an embedded link, which results in your unwitting participation in fraudulent activity, such as traffic driving or click fraud, or your unknowing download of unwanted software or material, including viruses or pornographic material;

• requests or demands that attachments to the email be reviewed, where the attachment is malicious software that is executed when opened, embedding software in your computer.

These are but a few of the types of malicious email behavior seen. Rather than cataloging all types, we can generalize certain characteristics that can assist you in making the judgment call: “Is this email legitimate and is it safe to open?”

Feature types of malicious messages

The feature types of malicious messages are all intended to accomplish substantially the same purpose: to get the recipient to do something. The something can be responding to the email, clicking on an embedded link, or opening an attachment. Thus, we can quickly focus in on four primary feature types: appeals to emotion, trickery, subversive links, and subversive attachments. After describing the feature types, I have included real examples of actual emails that illustrate one or more of the feature types.

Appeals to Emotion

Emotion is a powerful motivator for human beings. Research has shown that emotional states can affect physical and mental health and can be responsible for hormonal changes in the body3. The sender hopes to get a recipient to act without considering if their emotions are being manipulated. Emotions that are common targets for bad guys to exploit include (but are not limited to) the following:

• emotions associated with comparative success, such as ambition, envy, narcissism, and greed;

• those associated with authority, such as intimidation, obligation, or pride;

• those associated with compassion, such as sympathy or kindness;

• those associated with paranoia, such as anger, bitterness, and fear; and

• those associated with community, such as courage and love.

Trickery

Disguising an electronic message to appear to be legitimate is an appallingly effective way to get recipients to do something they may not normally do. This approach is particularly effective when combined with an appeal to emotion. Often, these electronic messages include precise copies of official logos, images, and other symbols of authenticity, such as trademark or copyright logos. The entire design of these types of messages is to convey an overwhelming sense of authenticity to the recipient so that trust will be implied. In addition, when that trust is effectively established through such trickery, the recipient’s defenses are reduced, thus increasing the probability that the goal of the sender will be accomplished.

Subversive Links

It is common...

Erscheint lt. Verlag	14.10.2014
Sprache	englisch
Themenwelt	Mathematik / Informatik ► Informatik ► Datenbanken
	Informatik ► Netzwerke ► Sicherheit / Firewall
	Mathematik / Informatik ► Informatik ► Web / Internet
ISBN-10	0-12-800546-7 / 0128005467
ISBN-13	978-0-12-800546-0 / 9780128005460

Haben Sie eine Frage zum Produkt?

EPUB (Adobe DRM)
Größe: 3,9 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

PDF (Adobe DRM)

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

deutsch (Buch | Softcover)

30,00 €