e commerce security and payment systems malicious code bots botnets potentially unwanted programs browser parasites

UNIVERSITY OF ECONOMICS AND LAW FACULTY OF BUSINESS ADMINISTRATOR

E-commerce Security and Payment Systems Malicious Code: Bots/Botnets

Potentially Unwanted Programs: Browser parasites

Lecturer: Mr Nguyén Thé Dai Nghia Course: E-Commerce — Course ID: 232182110

HO CHI MINH, 2024

1 Browser's parasite

1.1 Definition of Browser's parasite

A browser parasite, also referred to as a browser hijacker or browser redirect virus, is a type of malicious software that targets web browsers on a user's device It typically gets installed without the user's explicit permission and takes control of the browser's settings and behavior This control extends to altering settings like the homepage, default search engine, and new tab page to promote specific websites or display unwanted advertisements

These parasites are usually installed on a user's computer without their knowledge They come in various forms, each with its own set of functions Some may track a user's browsing habits and transmit this data to marketing companies over the internet (referred to as spyware), while others may modify browser settings to direct users to specific sites They can even manipulate search engine results to push related products or services and occasionally activate premium services without the user's consent

Removing parasites can be difficult as they frequently lack an uninstall function and may go undetected However, there are anti-parasite programs available to detect and eliminate these unwanted software entities

1.2 Types of Browser's parasite and how they function

Browser Hijackers: These parasites modify browser settings such as the homepage, default search engine, and new tab page without the user's consent When users open their browser, they are redirected to a different homepage or search engine These hyackers often promote specific websites or display unwanted ads They can also be difficult to remove as they may reinstall themselves if not completely eradicated

Adware: Adware is a type of parasite that bombards users with advertisements These ads can appear as pop-ups, banners, or injected into search results Adware often tracks user behavior to display targeted ads While some adware is relatively harmless, others can be intrusive and even harmful, leading to potential privacy breaches

Pop-up Ads: This type of parasite generates an excessive number of pop-up advertisements, often making it difficult to navigate websites These pop-ups can sometimes contain malicious links or lead to further installations of unwanted software.

Search Engine Redirects: Some parasites redirect search engine queries to a specific search engine or website, usually with the intention of promoting certain products or services Users may find themselves directed to unfamiliar or untrustworthy sites when trying to search for information

Spyware: Spyware is a more malicious type of parasite that stealthily monitors user activity, such as keystrokes, browsing history, and personal information This data is then sent to third parties without the user's consent Spyware can be used for identity theft, fraud, or other nefarious purposes

Toolbars and Extensions: While not always malicious, some browser toolbars and extensions can function as parasites if they modify browser settings, track user data without permission, or bombard users with unwanted ads Users may unknowingly install these toolbars and extensions when downloading other software

1.3 Prevention and Protection

Browser security is crucial to safeguard your online experience Let’s address the aspect of protecting against browser-based threats

Protecting Against Browser-Based Threats:

1 Keep Your Browser Updated: Regularly update your browser to patch security vulnerabilities Newer versions often include security enhancements

2 Use Reputable Antivirus Software: Install reliable antivirus software to detect and prevent malware

3 Visit Trusted Websites: Be cautious when visiting websites Stick to reputable sources to avoid malicious content.

4 Look for HTTPS Encryption: Ensure websites use HTTPS (secure connection) to protect your data during transmission

5 Beware of Pop-ups and Suspicious Downloads: Avoid clicking on pop-ups or downloading files from untrusted sources

6 Use Strong, Unique Passwords: Secure your accounts with robust passwords 7 Enable Two-Factor Authentication (2FA): Add an extra layer of security to your

og) VNETWORK

— _— = — ame

Bot Herder Command & Control

2.2 Types of Bots and how they function

Chatbots: These bots are designed to engage in conversations with users, typically through text or voice interfaces They use technologies such as natural language processing (NLP) and artificial intelligence (AJ) to understand user queries and provide relevant responses Task Automation Bots: These bots are focused on automating repetitive tasks, data processing, and other mundane activities that would otherwise be time-consuming for humans

Spyware: malware that can be used to gain information from its target or targets, from passwords and credit card information to the physical data contained within files A bot herder can sell this data on the black market and if a bot herder gains control of a corporate network, they may be able to sell the “rights” to their bank accounts and intellectual property Web Crawlers: Also known as spiders, these are search engine bots that scan and index web pages on the internet They help search engines to produce a better search experience by extracting data to understand the structure and relevance of web content

Shopping Bots: These bots scan product prices on multiple websites to help customers find the best deals

Monitoring Bots: These bots limit your exposure to security incidents by constantly scanning your systems for bugs and malicious software

2.3 How to prevent malicious bots 2.3.1 Invest in a bot mitigation solution

The most important step in stopping and preventing bot attacks on your website is to get proper bot detection to protect your site

Here are a few points of good bot protection solutions to consider: - Time to protection

- Detection quality - Non-intrusive design - Easy-to-use dashboard

2.3.2 Monitor your traffic

Monitor your site traffic at least for the following important metrics:

- Traffic spikes: if you see any spikes in traffic for a relatively short time frame (i.e under a week), it can be a sign of bot activities There are few exceptions for this, but they should be obvious, for example when there’s a new product launch on your site then traffic spikes can be expected

- Suspicious sources: bot traffic commonly comes from direct traffic (.e not from Google search or people clicking your ads) with new user agents and sessions Repeated requests from a single IP address are a clear sign

- Bounce rate: a spike in bounce rate can be a major sign of bot traffic that is only looking to perform a single task repeatedly before leaving your site

- Overall site performance: when there’s a significant slowdown on your site, it might be a sign that your servers are stressed out due to abnormal bot traffic

2.3.3 Block data center IPs

Although the majority of highly skilled attackers have shifted to more complex networks and servers, many less skilled cyber criminals can still rely on hosting and proxy servers, which are readily stopped and have been used in many different types of assaults in the past Get a list of known data center IP addresses, then use those IP addresses to block or Captcha requests Though less effective and more likely to result in false positives—actual people being blocked—than an actual bot control system, it may be worth a go as a temporary workaround

2.3.4 Block older user agents and browsers

The user-agent lists in many readily available bot scripts and tools are out-of-date Once more, this won't thwart skilled attackers or sophisticated bots, but it is a recommended practice to prevent less experienced bots from targeting your website

It is advisable to disable or prohibit outdated browser versions Browser versions that are more than three years old should generally be blocked; ones up to two years old can be Captchaed.

3.Botnet

3.1 Definitions of Botnet

The term "botnet" is derived from the combination of "robot" and "network" In this context, a cybercriminal assumes the role of a "botmaster," utilizing Trojan viruses - a type of malicious software capable of causing destruction, rendering computers inoperable to compromise the security of multiple machines and connect them to a network for nefarious purposes Each computer on the network acts as a "bot," manipulated by the malefactor to disseminate malware - malicious software, spam, or harmful content aimed at instigating attacks Botnets are also known as zombie armies since the involved computers are controlled by someone other than their rightful owners Botnets represent exceedingly harmful software for computers, with the majority of machines today being infected with some form of botnet, often without the users’ awareness of the infection's inception

3.2 Type of Botnet a.Centralized Botnet:

Centralized botnets are controlled by a single Command and Control (C&C) server The C&C serves as the central point from which the attacker manages all infected machines within the botnet network

Example: Upon installing malware on the victim's machine, it establishes communication with the C&C server for guidance A centralized botnet may comprise tens of thousands of bots within a network Such botnets can be disrupted if the C&C server is successfully removed

b.Decentralized Botnet:

Decentralized botnets operate without a central C&C server Instead, they distribute the same code across all machines within the botnet network If one machine is compromised, others can still function While these networks typically consist of hundreds of bots, they are considerably harder to track due to their decentralized nature Decentralized malware is becoming increasingly prevalent as it's challenging to dismantle such networks by eliminating their control servers or computer systems.

|

Bot Bot = Bot

(a| Centralized IRC/HTTP Botnet (b) decentralized P2P Botnet

3.3 Type of attacks

a.Distributed Denial of Service (DDoS)

A botnet can be employed to execute Distributed Denial of Service (DDoS) assaults, aiming to disrupt network connectivity and services by overwhelming computational resources or consuming the target's bandwidth

Commonly utilized attack methods include TCP SYN and UDP flood attacks, which are not confined to web servers but can target any Internet-connected service Employing HTTP flood attacks on the victim's website, known as spidering, is a technique to escalate the severity of the assault effectively

One of the most significant DDoS botnet attacks involving IoT devices utilized the Mirai botnet virus, which commandeered numerous inadequately protected Internet devices, transforming them into bots to initiate DDoS attacks The ongoing expansion of Mirai has led to increasingly sophisticated attacks.

Distributed Denial of Operations Service

Master Control Computer(s)

b.Spamming and Traffic Monitoring

Botnets may be deployed for traffic monitoring to identify sensitive data within compromised machines or rival botnets if installed on the same system Certain bots are capable of opening SOCKS v4/V5 proxies, enabling various activities such as spamming Packet sniffers are utilized by bots to monitor transmitted data, potentially accessing sensitive information like usernames and passwords

Grum, a type of spam, presents challenges in detection as it infects Autorun registry files Despite its relatively modest size, Grum is responsible for a substantial volume of spam emails daily.

d.Mass Identity Theft

Combining various bot types facilitates large-scale identity theft, increasingly prevalent in cybercrime Bots disseminate email spam to direct traffic to phishing websites impersonating legitimate companies, soliciting personal information such as bank account details and credit card information Mass identity theft often occurs through email phishing attempts, deceiving victims into divulging login credentials on platforms like eBay and Amazon

e.Pay-Per-Click Abuse

Bot-infected machines are exploited to artificially inflate click counts on advertisements, leveraging Google's AdSense program Such abuse results in financial gain for website owners based on the volume of clicks received on displayed ads

f.Botnet Propagation

Botnets are utilized to propagate other botnets, typically via email distribution For instance, the "Star Wars" botnet discovered on Twitter underscores the potential of bots to spread rapidly, generating trending topics, unwanted spam, and network attacks.

11

g.Adware

Adware is deployed to serve ads on websites or applications without user consent, often replacing legitimate ads with deceptive ones Despite appearing benign, adware functions as spyware, harvesting browser data Mitigating adware typically requires the use of licensed ad-blocking software bundled with antivirus solutions to counteract malware

3.4 One of the most serious attacks of Botnet

The WannaCry attack (also known as WannaCrypt) was a notorious botnet-driven ransomware attack that occurred in May 2017 Ransomware is a type of malware where the attacker encrypts data on the victim's computer and demands a ransom payment for decryption keys to restore the data

Ooops, your files have been encrypted!

What Happened to My Computer?

Your important files are encrypted

Many of your documents, photos, videos, databases and other files are no longer

way to recover your files, but do not waste your time Nobody can recover your

files without our decryption service

5/15/2017 16:25:02

Can | Recover My Files?

Sure We guarantee that you can recover all your files safely and easily (But you have not so enough time.)

You can try to decrypt some of your files for free Try now by clicking <Decrypt> If you want to decrypt all your files, you need to pay

Time Left

5/19/2017 16:25:02 You only have 3 days to submit the payment After that the price wil be ‹ Also, if you Gont pay in 7 days, you won't be abie to recover your files for Time Left

lÑHow Do | Pay?

The WannaCry attack exploited a security vulnerability in the Windows operating system, known as EternalBlue, to propagate and infect computers This vulnerability was initially discovered by the United States National Security Agency (NSA) and later leaked Attackers utilized this vulnerability to infiltrate Windows computers without user consent

After infecting computers, WannaCry encrypted files and displayed a ransom message demanding payment Victims were instructed to pay a ransom amount in cryptocurrency Bitcoin to receive decryption keys Failure to pay within a specified time frame would result in permanent data loss.