SPAM/BOTNETS and Malware Neil Warner, CIO, GoDaddy.com Moderator: Dan Kaplan, deputy editor, SC Magazine
We Put Up Walls
Modern Day Fort
How do you Detect SPAM Mails? –Key words –Heuristics/Abnormal behavior What can you do to defend against it? –SPAM Filters –Reputation services to block traffic from those Spamming IP addresses –Take down the root cause War Against SPAM
SPAM
What are Botnets used for? How do we detect them? How can we defend Against it? Botnet lifecycle –Bot-herder configures initial bot parameters such as infection vectors, payload, stealth, C&C detailsinfection vectors –Register a DDNSDDNS –Register a static IP –Bot-herder launches or seeds new bot(s) –Bots spread –Causes an increase of DDoS being sent to the victimDDoS –Losing bots to rival botnets Bot Army
Botnets
Different types of Malware Broad Category –Trojans, Rootkits, Backdoors Malware for Fun and Profit –Spyware, Key loggers, Dialers, Bots, Proxies, SEO etc.. Grayware Camouflaged Attacks
Malware
Threat Landscape - Brute Force
Threat Landscape - FTP
Threat Landscape - SSH
Threat Landscape - Conficker
Threat Landscape - Slammer
Threat Landscape - Fake Search Agents
Threat Landscape - e107 bot
How Does Malware Happen
0 Day vulnerability in a web application or Web Server – Compromises the web sites – Redirects the end user to a malware site or competitors website. – Example: Fake AV Campaign Fake AV
What Can We Do? Network/Application Security tools –Firewalls –Intrusion Prevention Systems –Intrusion Detection Systems –Web Application Firewalls –Network Access Controls –Antivirus –Reputation based Access –Code Audits
The Most Important Deterent Security Professionals
Is The Internet Worth IT?
Thank You| Q&A Neil Warner, CIO GoDaddy.com
References