Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.

Slides:



Advertisements
Similar presentations
Worry-Free Business Security 7
Advertisements

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
By Hiranmayi Pai Neeraj Jain
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
7 Effective Habits when using the Internet Philip O’Kane 1.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.
Security+ Guide to Network Security Fundamentals, Third Edition
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Threats To A Computer Network
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
LittleOrange Internet Security an Endpoint Security Appliance.
Free Software Alternatives: Avast! Anti-virus
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 of 13 Back to Start Working Remotely Your company’s Windows SBS computer network makes it easy for you and your coworkers to work remotely—and to stay.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1 Computer Security: Protect your PC and Protect Yourself.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Norman SecureSurf Protect your users when surfing the Internet.
TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
InterScan Gateway Security Appliance 1.0 Filip Demianiuk Sales Engineer Eastern Europe
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
CERN’s Computer Security Challenge
IT security By Tilly Gerlack.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.
Return to the PC Security web page Lesson 5: Dealing with Malware.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
By: Gloria Watkins.  Use antivirus software and keep it up-to-date. You should check for new definition updates daily. Most antivirus software can.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Understand Malware LESSON Security Fundamentals.
Bay Ridge Security Consulting (BRSC). Importance in Securing System  If don’t keep up with security issues or fixes Exploitation of root access Installation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Internet Safety Topic 2 Malware Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other dangerous software exists, such.
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
Computer Security Keeping you and your computer safe in the digital world.
Windows Vista Configuration MCTS : Network Security.
Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.
KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.
Critical Security Controls
Call AVG Antivirus Support | Fix Your PC
Viruses and Virus Protection
Defencebyte THE PERFECT SECURITY FOR YOUR COMPUTER.
Presentation transcript:

Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007

Copyright Trend Micro Inc. 2 Classification Agenda How It Works Status Messaging/Positioning Trend Micro Protection Best Practices Additional Information

Copyright Trend Micro Inc. 3 Classification How It Works “The Italian Job” is a Web threat that uses multiple components to surreptitiously infect a targeted group of users. First, URLs of legitimate websites are compromised by HTML_IFRAME.CU, a malware that takes advantage of an iFrame vulnerability. Many of these sites are related to tourism and travel, entertainment, autos and adult content. ‚When a user visits a compromised website, s/he is redirected to a second site, which contains a Javascript downloader, JS_DLOADER.NTJ. ƒDLOADER exploits browser vulnerabilities to download a Trojan, TROJ_SMALL.HCK, onto the target system. „Two additional Trojans are downloaded, TROJ_AGENT.UHL and TROJ_PAKES.NC. …The PAKES Trojan goes on to download an information stealer, a variant of the SINOWAL Trojan. The AGENT Trojan can act as a proxy server that allos a remote user to anonymously connect to the Internet via an infected PC.

Copyright Trend Micro Inc. 4 Classification The Infection Chain

Copyright Trend Micro Inc. 5 Classification Status Over 3K websites in Italy have been compromised Approximately 12-15K visitors to these websites have been infected –While the majority of infections have been to Italian users, users in Spain and the US have been affected and, to a lesser extent, users from other parts of the world as they access the infected sites. One ISP hosted 90% of affected sites; a second hosted the remaining 10% A malware toolkit, MPack v.86, was used to create the initial downloader. Previous versions of this toolkit were available for purchase via a Russian website for ~$700. Trend’s WRS and URL Filtering were updated to block the downloader and Trojan as of June 16

Copyright Trend Micro Inc. 6 Classification Messaging/Positioning The Italian Job represents a textbook example of today’s threat environment –Web-based, blended, sequential, targeted, profit-driven It is highly likely that this type of attack will occur again, affecting users in another region –Javascript and the other types of technologies that enable the goodness of Web 2.0 are highly susceptible to such attacks –Malware toolkits are available for sale on the Internet and frequently updated –Automated tools and technologies, such as bots, enable speedy proliferation of malware and crimeware Trend Micro provides a variety of innovative products that protect both home users and businesses from this type of attack

Copyright Trend Micro Inc. 7 Classification Trend Micro Protection All products below provide protection against the Italian Job Products that block the URLs from malicious websites: –OfficeScan 8.0 –Trend Micro Internet Security 2007 –InterScan Gateway Security Appliance 1.0, 1.1 and 1.5 –ISVW 6.0 –InterScan Web Security Appliance (2500 v2.5)/Suite Products that scan for malware and spyware downloads: –IMSS 7.0 –IMSA 5000 v7.0 IGSA 1.0, 1.1 and 1.5 –SMEX 7.0 and 8.0 –SMLN 3.0 –IMHS –Trend Micro Internet Security 2007 HouseCall detects and cleans the malware associated with this threat

Copyright Trend Micro Inc. 8 Classification Best Practices -- Corporate Users Deploy HTTP-scanning and make sure users cannot bypass. Force users to forward all web requests to the scanning device and deny them otherwise. Do not allow unneeded protocols to enter the corporate network. The most dangerous of them are P2P communication protocols and IRC (chat). Deploy vulnerability scanning software in the network and keep all applications patched. Restrict user privileges for all network users. Deploy corporate anti-spyware scanning. Support User Awareness campaigns.

Copyright Trend Micro Inc. 9 Classification Best Practices – Home Users Beware of pages that require software installation. Do not allow new software installation from your browser unless you absolutely trust both the Web page and the provider of the software. Scan with an updated antivirus and anti-spyware software any program downloaded through the Internet. This includes any downloads from P2P networks, through the Web and any FTP server regardless of the source. Beware of unexpected strange-looking s, regardless of their sender. Never open attachments or click on links contained in these messages. Enable the “Automatic Update” feature in your Windows operating system and apply new updates as soon as they are available. Always have an antivirus real-time scan service. Monitor regularly that it is being updated and that the service is running.

Copyright Trend Micro Inc. 10 Classification Additional Information HTML_IFRAME.CU: HTML_IFRAME.CU HTML_IFRAME.CU JS_DLOADER.NTJ: JS_DLOADER.NTJ JS_DLOADER.NTJ TROJ_SMALL.HCK: TROJ%5FSMALL%2EHCK&VSect=P TROJ%5FSMALL%2EHCK&VSect=P TROJ_PAKES.NC: TROJ%5FPAKES%2ENC&VSect=P TROJ%5FPAKES%2ENC&VSect=P TROJ_AGENT.UHL: TROJ_AGENT.UHL TROJ_AGENT.UHL TSPY_SINOWAL.BJ: GNAME=TSPY%5FSINOWAL%2EBJ GNAME=TSPY%5FSINOWAL%2EBJ

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.