This action might not be possible to undo. Are you sure you want to continue?
Disusun untuk memenuhi tugas matakuliah Keamanan Sistem Komputer yang dibina oleh Bapak Muladi
Oleh : Ahmad Sehtahabi (107533411084)
UNIVERSITAS NEGERI MALANG FAKULTAS TEKNIK JURUSAN TEKNIK ELEKTRO S1 PENDIDIKAN TEKNIK INFORMATIKA AGUSTUS 2010
for instance. Meanwhile.lnk files. whose security software protects from this threat. 21 July 2010 – In Windows operating systems there is currently a vulnerability which attackers can abuse to smuggle in viruses. Microsoft released a security advisory.lnk files) within all supported Windows operating systems. The security vulnerability was abused by a Trojan at first which Avira detects as RKit/Stuxnet. warns IT security expert Avira. Identifikasi kasus-kasus keamanan system informasi Avira warns of Windows vulnerability Wed. spread via USB sticks. The company currently merely provides a guide to deactivate a Windows service as well as the defective processing routines for the . 21 July 2010 Cyber criminals abuse an open security vulnerability in all Windows versions to inject malware into PCs Tettnang. The malware becomes active just by opening the USB stick with Windows Explorer. Additionally. Investigasi For the security vulnerability in the processing of file links (. Spam mails lure with domain password reset warning Thu.1. which decreases usability significantly. the start and quick start menu show a standard icon for all programs after the procedure. which seems to be too complicated for the most users and poses the risk to render the system unusable by a small error. links lead to a fake Canadian Online Pharmacy . though. there is Proof-of-Concept code available on the Internet which cyber criminals can put into their malware to abuse the vulnerability. It can. 01 July 2010 A wave of spam mails lures recipients with fake warning of domain password reset. It is very likely that more malware will show up in the next days abusing this security hole.A. an update to eliminate this vulnerability is not yet available. It suffices to open a specially prepared USB stick or a folder containing a manipulated link with Windows Explorer.
What users do not see is that the link in the mail leads to a domain other than the one shown in the message. 20 May 2010 The IT security experts at Avira have analyzed a toolkit for a Twitter-based botnet and ensure protection against it Tettnang. And in an effort to trick even more people. During this time. while this web site is apparently loading. advising that their domain password will be reset – unless they click on a link to stop this from happening. the emails pressurize users. 20 May 2010 – Currently. recipients who agree to a password reset are lured by the spammers to click through on a link in the message to proceed. Hapless users are then redirected to a fake Canadian Online Pharmacy. Furthermore. a hidden so-called ‘iframe’ is shown. 1 July 2010 – IT security expert Avira warns of a current wave of spam mails that attempt to trick recipients by warning that their domain password will be reset unless they click through on an embedded link – which then leads to a fake online pharmacy. Avira security solutions ensure protection against this menace. which they can distribute and control via Twitter channels. which is often used to exploit security vulnerabilities in browser plug-ins and outdated software by injecting malware. This fraudulent site is designed to capture credit and debit card information. Investigasi With subject lines like “Reset your <domain name> password”. cybercriminals can create malware . even without advanced computer skills. Investigasi Avira’s antivirus experts have examined both the toolkit and the malware files created with it: With just a few clicks. as even inexperienced cybercriminals can use it to produce malware.Tettnang. users are automatically redirected to yet another site after four seconds. which may even pose a health risk. Botnet Toolkit for Twitter Thu. a malware toolkit is causing concern. Anyone making an order also runs the risk of receiving fake medications instead of the real thing.
The malware can start a Distributed-Denial-of-Service attack or download further malware from the Internet. However. as the IT security specialist Avira informs.using the KIT/MSIL. 14 April 2010 Avira informs about ransomware. . its detection and removal from infected computers proved to be easy. Ransomware threatens with official complaint of piracy Wed.Gen with heuristic detection and now identifies it as BDS/Twitbot. If unsuspecting users infect their computers with it. Avira has immediately classified the botnet drone as TR/Dropper.1 toolkit. users should not underestimate the danger that comes with BDS/Twitbot.E. which threatens to inform the public prosecution department about pirated content on the PC. the victims of the ransomware should pay about 400 USD to an alleged copyright organization.A. but in fact steals credit card data Tettnang. 14. the criminal botnet operators can install any kind of malware and cause a lot more damage.E drones. The malware toolkit is basic and it creates quite static botnet drones.Agent. which allows them to build and control a botnet via Twitter channels. April 2010 – Currently active blackmail Trojans are using a new scam. since no advanced functions like rootkits or process self-protection are used. Consequently. In order to avoid a complaint because of downloading illegal copies of copyrighted files.
06. to make them pay in haste. which allegedly represents copyright owners worldwide. .A and DR/Ransom.10. warnings of pirated content found on the PC are displayed. which first search for eventual Torrent files on the computer which indicate the usage of peer-to-peer networks.CardPay.A. The ransomware pretends to be software of the ICPP Foundation.CardPay. The site is forged and it clearly serves only to collect credit card data.65 as TR/Ransom. If the victims really want to pay the ransom. without taking time to think about it. Even if none are found. where they have to provide their credit card data. The anti-malware solutions from Avira detect the malware with the virus definition file 7. The cyber gangsters show professionalism: the malware displays translated texts in various languages. including English and German.Investigasi The cyber criminals try to put pressure upon the victims whose computers they infected. they are redirected to a professionally designed website.
Cybercriminals phishing for Skype logins Tue. but only as a sub-domain of an entirely different network. However. Users of Avira AntiVir Premium and Suite are protected by MailGuard and WebGuard. do not yet recognize the risky site and therefore do not issue an appropriate warning. the attempted login by the user reveals his access data to the attackers. the integrated phishing filters of the most commonly used web browsers. Opera. for example www. users of the Avira AntiVir Premium Security Solution or Avira Premium Security Suite are protected against these phishing attempts. such as Internet Explorer. At present. However.attacker-domain. The correct address.which is meant to be profitably sold to the criminal underground.com. The email should also be deleted from your mailbox immediately. the threat is not currently recognized by the filters of current web browsers. MailGuard detects and marks these emails as attempts at phishing and WebGuard blocks access to the phishing sites. Users who enter their Skype login data on this website will then be diverted to the genuine download site to avoid arousing suspicion. which can be deducted. Google Chrome or Firefox. Investigasi The phishing mails sent contain a link to a remarkably convincing looking fake Skype login site. In addition. the cybercriminals can also send other phishing links or Spam to the contacts of the specific user. The threat is mainly to the user’s credit on his Skype account.cc/.skype. Anyone receiving a phishing email of this kind should avoid clicking on the links it contains at all costs. 02 February 2010 – IT Security Specialist Avira has issued a warning against phishing emails currently circulating that aim to access the login data for Skype accounts.skype. www. Avira's security experts strongly advise against giving such data to this site. . This URL takes the user to the cybercriminals’ phishing site. actually appears in the address line.com. Thanks to Avira MailGuard and Avira WebGuard features. 02 February 2010 Avira is issuing a warning against phishing mails that are being used by criminals in an attempt to access Skype logins Tettnang.
3% of spam). Throughout the month. Europe caused the most noticeable change in July’s rating with the UK. Investigasi The USA and India maintained their leading positions as the most popular sources of spam: they distributed 1. Facebook accounted for 12. The total volume of spam originating from their combined territories increased by 50 percentage points compared with the previous month.2% and 9% respectively).48%) of all phishing attacks. The most popular social network Facebook usurped eBay’s 2nd place ranking in the list of organizations most often attacked by phishers. announces the publication of its monthly report on spammer activity for July 2010. Links to phishing sites were found in 0. more than three times as much as in the previous month.8%) and Taiwan (19th place with 1.5 times as much spam compared to June (17. The ecommerce business PayPal remained in first place after being targeted by over half (53.03% of all email traffic.9%.Spam in July: Facebook coming under increasing attack from phishers Kaspersky Lab.81% of phishing messages. Germany and Italy all making it into the Top 10. Organizations targeted by phishing attacks in July 2010 . the share of spam messages in mail traffic averaged 82. Two newcomers to the top twenty were high-tech Hong Kong (17th place with 1. a leading developer of secure content management solutions.
Imvestigasi “Phishing. Because of the holiday season. so the increase in attacking such web sites comes quite naturally. Spam and Malware Statistics for July 2010” August 19. followed now with a long distance by Facebook which continues to be quite a lot under attack.2. 9:39 am Most phished brands statistics Paypal continues to be the most phished brand around. . 2010. many people started to buy games and spend more time in the social media websites. Note that the top 10 names have remained almost the same compared to June but the amount of phishing has grown.
de” domain has reached place 6 this month.Most abused TLDs Not much changed from last month. stepping up 5 positions from June.62% in total is so little though that this might be usual fluctuation. . Of some concern is the fact that the “. despite the fact that there were some fluctuations in the top 5. The amount of 2.
most important variation being registered in the scripts ending in JSP.Extension statistics for malware URLs The distribution didn’t change so much from last month. ASP and in the JPG extension. . CSS.
Spam categories statistics The spam mails sent in July where mostly Online Pharmacy related. but this also means that spam got adopted better to the “target audience mother tongue” in July 2010. Interesting enough is the fact that the Casino spams increasingly are sent in the German language and less are English. . followed by Casino spam. This is probably related to the fact that some of our spamtraps are hosted on German servers.
but there are always the same websites in the top 5. There are little variations. The future statistics will show if this is the case. Probably the reason for this is that the distribution is being made by an organized group of people. . It can be observed that the url shorteners are almost always the same for Phishing and Malware. there isn’t much that can be told about this category yet.URL Shorteners used in malicious activities in July 2010 Since our statistics about URL shortener services abused in malicious activities are new. almost always the same.
Catatan : Penulis mengidentifikasi dan investigasi kasus-kasus keamanan system informasi ini bersumber dari 2 perusahaan asing antivrus yang cukup ternama yaitu Avira dan Kaspersky sehingga informasi yang disajikan dapat dipertanggungjawabkan.html http://www.securelist.avira.com/en/analysis/204792134/Spam_report_July_2010 Informasi yang disajikan penulis modifikasi sedikit dengan menghilangkan pernyataan yang berbau komersil atau promosi.com/en/press_releases/index. hal ini dimaksudkan agar tidak terjadi kesalahpahaman karena keterbatasan bahasa yang dimiliki penulis . Informasi yang penulis sajikan apa adanya dalam bahasa inggris sesuai dengan informasi dari sumber yang penulis ambil. alamat yang penulis akses : http://www.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.