Indentifikasi Dan Investivigasi

8/8/2019 Indentifikasi Dan Investivigasi

http://slidepdf.com/reader/full/indentifikasi-dan-investivigasi 1/14

INDENTIFIKASI DAN INVESTIVIGASI

KASUS-KASUS KEAMANAN SISTEM INFORMASI

Disusun untuk memenuhi tugas matakuliah Keamanan Sistem Komputer

yang dibina oleh Bapak Muladi

Oleh :

Ahmad Sehtahabi (107533411084)

UNIVERSITAS NEGERI MALANG

FAKULTAS TEKNIK

JURUSAN TEKNIK ELEKTRO

S1 PENDIDIKAN TEKNIK INFORMATIKA

AGUSTUS 2010



1. Identifikasi kasus-kasus keamanan system informasi

Avira warns of Windows vulnerability

Wed, 21 July 2010

Cyber criminals abuse an open security vulnerability in all Windows versions toinject malware into PCs

Tettnang, 21 July 2010 – In Windows operating systems there is currently avulnerability which attackers can abuse to smuggle in viruses. It suffices to open aspecially prepared USB stick or a folder containing a manipulated link with WindowsExplorer, warns IT security expert Avira, whose security software protects from thisthreat.

Investigasi

For the security vulnerability in the processing of file links (.lnk files)within all supported Windows operating systems, Microsoft released a securityadvisory; an update to eliminate this vulnerability is not yet available, though.The company currently merely provides a guide to deactivate a Windowsservice as well as the defective processing routines for the .lnk files, whichseems to be too complicated for the most users and poses the risk to render thesystem unusable by a small error. Additionally, the start and quick start menushow a standard icon for all programs after the procedure, which decreasesusability significantly.

The security vulnerability was abused by a Trojan at first which Aviradetects as RKit/Stuxnet.A. It can, for instance, spread via USB sticks. Themalware becomes active just by opening the USB stick with Windows Explorer.Meanwhile, there is Proof-of-Concept code available on the Internet whichcyber criminals can put into their malware to abuse the vulnerability. It is verylikely that more malware will show up in the next days abusing this securityhole.

Spam mails lure with domain password reset warning

Thu, 01 July 2010

A wave of spam mails lures recipients with fake warning of domain password reset; links lead to a fake Canadian Online Pharmacy



Tettnang, 1 July 2010 – IT security expert Avira warns of a current wave of spam mails that attempt to trick recipients by warning that their domain password will

be reset unless they click through on an embedded link – which then leads to a fakeonline pharmacy.

Investigasi

With subject lines like “Reset your <domain name> password”, the emails pressurize users, advising that their domain password will be reset – unless theyclick on a link to stop this from happening. And in an effort to trick even more

people, recipients who agree to a password reset are lured by the spammers toclick through on a link in the message to proceed.

What users do not see is that the link in the mail leads to a domain other than the one shown in the message. Furthermore, while this web site is

apparently loading, users are automatically redirected to yet another site after four seconds. During this time, a hidden so-called ‘iframe’ is shown, which isoften used to exploit security vulnerabilities in browser plug-ins and outdatedsoftware by injecting malware.

Hapless users are then redirected to a fake Canadian Online Pharmacy.This fraudulent site is designed to capture credit and debit card information.Anyone making an order also runs the risk of receiving fake medications insteadof the real thing, which may even pose a health risk.

Botnet Toolkit for Twitter

Thu, 20 May 2010

The IT security experts at Avira have analyzed a toolkit for a Twitter-based botnet and ensure protection against it

Tettnang, 20 May 2010 – Currently, a malware toolkit is causing concern, aseven inexperienced cybercriminals can use it to produce malware, which they candistribute and control via Twitter channels. Avira security solutions ensure protection

against this menace.

Investigasi

Avira’s antivirus experts have examined boththe toolkit and the malware files created with it:With just a few clicks, even without advancedcomputer skills, cybercriminals can create malware



using the KIT/MSIL.Agent.A.1 toolkit, which allows them to build and controla botnet via Twitter channels.

Avira has immediately classified the botnet drone as TR/Dropper.Gen with heuristic detection and now identifies it as BDS/Twitbot.E . The malware

can start a Distributed-Denial-of-Service attack or download further malwarefrom the Internet.

The malware toolkit is basic and it creates quite static botnet drones.Consequently, its detection and removal from infected computers proved to beeasy, since no advanced functions like rootkits or process self-protection areused.

However, users should not underestimate the danger that comes withBDS/Twitbot.E drones. If unsuspecting users infect their computers with it, thecriminal botnet operators can install any kind of malware and cause a lot more

damage.

Ransomware threatens with official complaint of piracy

Wed, 14 April 2010

Avira informs about ransomware, which threatens to inform the public prosecutiondepartment about pirated content on the PC, but in fact steals credit card data

Tettnang, 14. April 2010 – Currently active blackmail Trojans are using a new scam,as the IT security specialist Avira informs. In order to avoid a complaint because of downloading illegal copies of copyrighted files, the victims of the ransomware should

pay about 400 USD to an alleged copyright organization.

http://www.avira.com/en/threats/section/details/id_vir/3647/tr_dropper.gen.html


http://www.avira.com/en/threats/section/details/id_vir/5167/bds_twitbot.e.html






Investigasi

The cyber criminals try to put pressure upon the victims whosecomputers they infected, to make them pay in haste, without taking time to think about it.

The anti-malware solutions from Avira detect the malware with the virusdefinition file 7.10.06.65 as TR/Ransom.CardPay.A andDR/Ransom.CardPay.A, which first search for eventual Torrent files on thecomputer which indicate the usage of peer-to-peer networks. Even if none arefound, warnings of pirated content found on the PC are displayed.

The ransomware pretends to be software of the ICPP Foundation, whichallegedly represents copyright owners worldwide. The cyber gangsters show

professionalism: the malware displays translated texts in various languages,

including English and German.

If the victims really want to pay the ransom, they are redirected to a professionally designed website, where they have to provide their credit carddata. The site is forged and it clearly serves only to collect credit card data,



which is meant to be profitably sold to the criminal underground. Avira'ssecurity experts strongly advise against giving such data to this site.

Cybercriminals phishing for Skype loginsTue, 02 February 2010

Avira is issuing a warning against phishing mails that are being used bycriminals in an attempt to access Skype logins

Tettnang, 02 February 2010 – IT Security Specialist Avira has issued a warningagainst phishing emails currently circulating that aim to access the login data for Skype accounts. However, the threat is not currently recognized by the filters of current web browsers. Users of Avira AntiVir Premium and Suite are protected by

MailGuard and WebGuard. Investigasi

The phishing mails sent contain a link to a remarkably convincing lookingfake Skype login site. The correct address, www.skype.com, actually appears inthe address line, but only as a sub-domain of an entirely different network, for example www.skype.com.attacker-domain.cc/. This URL takes the user to thecybercriminals’ phishing site.

Users who enter their Skype login data on this website will then be

diverted to the genuine download site to avoid arousing suspicion. However, theattempted login by the user reveals his access data to the attackers. The threat ismainly to the user’s credit on his Skype account, which can be deducted. Inaddition, the cybercriminals can also send other phishing links or Spam to thecontacts of the specific user.

At present, the integrated phishing filters of the most commonly used web browsers, such as Internet Explorer, Opera, Google Chrome or Firefox, do notyet recognize the risky site and therefore do not issue an appropriate warning.

Anyone receiving a phishing email of this kind should avoid clicking onthe links it contains at all costs. The email should also be deleted from your mailbox immediately. Thanks to Avira MailGuard and Avira WebGuardfeatures, users of the Avira AntiVir Premium Security Solution or AviraPremium Security Suite are protected against these phishing attempts.MailGuard detects and marks these emails as attempts at phishing andWebGuard blocks access to the phishing sites.



Spam in July: Facebook coming under increasing attack from phishers

Kaspersky Lab, a leading developer of secure content management solutions,announces the publication of its monthly report on spammer activity for July 2010.

Throughout the month, the share of spam messages in mail traffic averaged82.9%. Links to phishing sites were found in 0.03% of all email traffic. The most popular social network Facebook usurped eBay’s 2nd place ranking in the list of organizations most often attacked by phishers. Facebook accounted for 12.81% of

phishing messages, more than three times as much as in the previous month. The e-commerce business PayPal remained in first place after being targeted by over half (53.48%) of all phishing attacks.

Investigasi

The USA and India maintained their leading positions as the most popular sources of spam: they distributed 1.5 times as much spam compared to June(17.2% and 9% respectively). Europe caused the most noticeable change inJuly’s rating with the UK, Germany and Italy all making it into the Top 10. Thetotal volume of spam originating from their combined territories increased by 50

percentage points compared with the previous month. Two newcomers to thetop twenty were high-tech Hong Kong (17th place with 1.8%) and Taiwan (19th

place with 1.3% of spam).

Organizations targeted by phishing attacks in July 2010



2. Imvestigasi “Phishing, Spam and Malware Statistics for July 2010”

August 19, 2010, 9:39 am

Most phished brands statistics

Paypal continues to be the most phished brand around, followed now with a longdistance by Facebook which continues to be quite a lot under attack.

Because of the holiday season, many people started to buy games and spend moretime in the social media websites, so the increase in attacking such web sites comes quitenaturally.

Note that the top 10 names have remained almost the same compared to June butthe amount of phishing has grown.



Most abused TLDs

Not much changed from last month, despite the fact that there were somefluctuations in the top 5. Of some concern is the fact that the “.de” domain has reached

place 6 this month, stepping up 5 positions from June. The amount of 2.62% in total is so

little though that this might be usual fluctuation.



Extension statistics for malware URLs

The distribution didn’t change so much from last month, most important variation being registered in the scripts ending in JSP, CSS, ASP and in the JPG extension.



Spam categories statistics

The spam mails sent in July where mostly Online Pharmacy related, followed byCasino spam. Interesting enough is the fact that the Casino spams increasingly are sent inthe German language and less are English. This is probably related to the fact that someof our spamtraps are hosted on German servers; but this also means that spam gotadopted better to the “target audience mother tongue” in July 2010.



URL Shorteners used in malicious activities in July 2010

Since our statistics about URL shortener services abused in malicious activitiesare new, there isn’t much that can be told about this category yet. It can be observed thatthe url shorteners are almost always the same for Phishing and Malware. There are little

variations, but there are always the same websites in the top 5. Probably the reason for this is that the distribution is being made by an organized group of people, almost alwaysthe same. The future statistics will show if this is the case.



Catatan :

Penulis mengidentifikasi dan investigasi kasus-kasus keamanan system informasi

ini bersumber dari 2 perusahaan asing antivrus yang cukup ternama yaitu Aviradan Kaspersky sehingga informasi yang disajikan dapat dipertanggungjawabkan,alamat yang penulis akses :

http://www.avira.com/en/press_releases/index.html http://www.securelist.com/en/analysis/204792134/Spam_report_July_2010

Informasi yang disajikan penulis modifikasi sedikit dengan menghilangkan pernyataan yang berbau komersil atau promosi.

Informasi yang penulis sajikan apa adanya dalam bahasa inggris sesuai denganinformasi dari sumber yang penulis ambil, hal ini dimaksudkan agar tidak terjadikesalahpahaman karena keterbatasan bahasa yang dimiliki penulis

http://www.avira.com/en/press_releases/index.html


http://www.securelist.com/en/analysis/204792134/Spam_report_July_2010




Indentifikasi Dan Investivigasi

Documents

Transcript of Indentifikasi Dan Investivigasi