Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University.

Similar presentations


Presentation on theme: "Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University."— Presentation transcript:

1 Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University in St. Louis

2 Security Tip #1 Do not click on links in s

3 Security Tip #2 See Tip #1 (Thanks Barb!)

4 Spam Product Supplier Seller 1Seller 2Seller 3 Accountant Spammer3 Spammer2 Spammer1 Spammer2 Spammer3 Spammer1 Spammer2 Spammer3

5 Where Does Spam Originate? Why Do We Care? Spam = Bots (Large armys of infected machines sending out spam) Bots = Sophisticated Malware Sophisticated Malware = Organized Crime More than 89% of all messages were spam in Symantec

6 Spam is Big Business Rates for one million addresses: $25 to $50 10,000 malware installations: $300–$80 Sending 100 million s per day: $10,000 per month Cutwail’s profit for providing spam services: $1.7 - $4.2 million since June 2009 – Aug 2010 How much do the spammers gross per day? $7000

7 Underground Economy Spammers also are involved in: – CAPTCHA solving – harvesting – Custom software – Bulletproof hosting – Proxys

8 Spam Volume From Jul 30 - Aug 25, 2010 security researchers infiltrated the Cutwail spam network and discovered 87.7 billion s were successfully sent

9 Spam Content Pornography Online pharmacies Phishing Money mule recruitment Malware The malware (Zeus banking Trojan) typically includes: – Greeting card – Resume – Invitation – Mail delivery failure – Receipt for a recent purchase.

10 Spam Blacklisting Only about 12% of bots are blacklisted after an hour when they come online The rate reaches 90% after a period of about 18 hours

11 Spam Volume on WUSTL Ironports - Feb 2011

12 Phishing

13 Spear Phishing Example

14 Phishing Example??

15

16 Social Security Number 1 From: BOB Sent: Friday, April 01, :54 PM To: ALICE Subject: Registration Request ALICE: Couldn't remember if I had already sent this request or not. Please register CHARLIE ( ) for the session Thank you BOB

17 Social Security Number 2 From: BOB Subject: FW: University talk To: Date: Monday, April 4, 2011, 12:57 PM Dear Ms. ALICE and CHARLIE, I sent this a couple of weeks, but I haven't heard back from you yet, so I thought that I would send it again. Also, my SSN is and my home address is: 1234 Oak Ave. St. Louis, MO 63130

18 s, Like Postcards, Are Not Encrypted Contact me to discuss encryption options for storing or sending sensitive information

19 Thanks!


Download ppt "Topics in Security IS&T All Staff Meeting Tuesday, April 7, 2011 Brian Allen, CISSP Network Security Analyst, Washington University."

Similar presentations


Ads by Google