Malware in the 21 st Century – Is your identity secure? Jason Bruce, Detection development manager SophosLabs UK December 2005.

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Social media threats. Warning! May contain mild peril.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
Security for Internet Every Day Use Standard Security Practices and New Threats.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
1 Protecting Your Computer Internet Annoyances (Already done in Chapter 3) Spam Pop-ups Identity theft phishing hoaxes Spyware.
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.
Chapter Nine Maintaining a Computer Part III: Malware.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Botnets An Introduction Into the World of Botnets Tyler Hudak
Introduction to Honeypot, Botnet, and Security Measurement
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
BotNet Detection Techniques By Shreyas Sali
Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.
Staying Safe Online Keep your Information Secure.
Internet Security facilities for secure communication.
IT security By Tilly Gerlack.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Computer security By Isabelle Cooper.
What is Spam? d min.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Skills and Applications Computer Security.
Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.
Network Security.  With an increasing amount of people getting connected to networks, the security threats that cause massive harm are increasing also.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Computer Security Keeping you and your computer safe in the digital world.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Presented by : Matthew Sulkosky COSC 316 (Host Security) BOTNETS A.K.A ZOMBIE COMPUTING.
Social Impacts of IT: P6 By André Sammut. Social Impacts IT impacts our life both in good ways and bad ways. Multiplayer Games Social Networks Anti-social.
Botnets A collection of compromised machines
Instructor Materials Chapter 7 Network Security
ISYM 540 Current Topics in Information System Management
Botnets A collection of compromised machines
Security in Networking
Chapter # 3 COMPUTER AND INTERNET CRIME
Introduction to Internet Worm
Presentation transcript:

Malware in the 21 st Century – Is your identity secure? Jason Bruce, Detection development manager SophosLabs UK December 2005

Contents Introduction The scale of the threat The changing landscape Bots and botnets Combined Threats Sophos’ response Conclusion

Company background Sophos started in computer security in 1985 We were first to market anti-virus with monthly updates (1989) We were first to offer 24/7/365 technical support (1991) We extended cover to a wide range of desktop/server platforms We established technology partnerships with leading managed service providers We launched our own virus protection in 2000 We acquired anti-spam company, ActiveState, in 2003

The scale of the threat

There are over 114,000 viruses in existence. SophosLabs analyses over 1000 new viruses, Trojans and worms every month

Number of new viruses

The changing landscape

The threat landscape changes… Freeweb and webmail abusers Bulletproofing hosting services Address providers Guaranteed delivery - filterproofing services Spamming software and hardware providers Zombie Networks (anonymous spam senders) Exploited Host Networks Spammer Message tracking services

The threat landscape changes… Freeweb and webmail abusers Bulletproofing hosting services Address providers Guaranteed delivery - filterproofing services Virus writing Gangs Spamming software and hardware providers Hackers Zombie Networks (anonymous spam senders) Exploited Host Networks Spammer Phisher Credit Card Gangs For-hire Corporate Espionage Message tracking services

The profile of a virus writer is changing... Virus writers now have a financial motive (phishing, stealing confidential data, denial of service extortion attempts, spam) More organized criminals see that viruses and Trojan horses can help them make money They are less likely to make the mistakes that the “old school” virus writers make of needing to show off to their friends Law enforcement coordination required to stop international virus writing gangs

…targeted attacks Although large outbreaks make the headlines, there are also attacks targeted on specific sites or business rivals Less likely to be noticed than a large outbreak “Hacked to order” to steal information or resources Large outbreaks typically target Windows PCs (the great unwashed public), but not necessary for targeted attacks

Bots and botnets

Definitions Bot (Zombie, Drone) A piece of code developed to emulate human behavior on a network, in computer security used to describe network spreading viruses with payload that allows remote attacker to control resources owned by the infected machine Control most frequently over IRC (TCP 6667 default port)

Definitions Botnet (Zombie army) A group of bots controlled by a single originator/hacker The botnet owner usually sets up an IRC server that allows authenticated access for specific IRC bot clients bundled with network spreading worms Botnet server often connected with other IRC botnet servers

Botnet originator (owner) Spamming Keylogging Identity/funds theft Sniffing Botnets Botnet 2 Botnet 1 Botnet user (customer)

Bots – spreading methods Direct Network shares RPC DCOM LSSAS Upgrading mechanisms of previous worms P’n’P Indirect Rogue websites seeding

Bots – payload Install spyware Spam relays/proxies DDOS attacks Credit card number theft Password sniffing Bandwidth utilisation Rootkit technology (stealth) Backdoor (FTP, HTTP servers) Screen capture Update mechanisms

Case study – Zotob - timeline 9 Aug – Microsoft releases patch for P’n’P vulnerability (MS05-039) Aug – first exploits developed 14 Aug – W32/Zotob-A released, no major impact 17 Aug – W32/Tpbot-A takes off-line a number of large corporations, naming confusion 18 Aug – new variants, bot wars

Combined threats

Financially motivated malware As well as traditional phishing websites and spam we’re also seeing more and more Trojan horses designed to steal bank account details Attackers target financial and government institutions Viruses include backdoors and functionality to steal confidential information

Virus-spam-spyware cooperation Viruses used to harvest addresses to be used by spammers Viruses infect networks using bots (Zombienets) and virus writers sell the details to spammers to use for proxies

Spammer Methods (thru 2003) Reality was, spammers weren’t that tricky after all Able to proactively identify the obfuscations, forged headers, and other mistakes 2 to 3 new obfuscation techniques per week Updates were every 2 weeks Focused on content obfuscation and source rotation 85% contained HTML “cloaking” 35% referenced web images fre sites (Yahoo, Hotmail) and open proxies most common spam sources

Spammer Methods (2004 to date) Rapid randomizing of source, content and destination Sources now include spam zombies (virus payloads) Content uses less obvious obfuscations (mis-spelling) Destinations are disposable

Sophos’ response

Multiple response mechanisms Threat innovation is targeted Most borrow from previous efforts… But significantly vary one characteristic to evade detection Multiple response mechanisms SophosLabs™ “race-horse” different approaches Deploy using the fastest mechanism Earliest possible detection Getting detection deployed at your site as quickly as possible Virus update – code characteristics 3. Spam rule (Genotype) – campaign characteristics 2. Policy rule – message characteristics 1. e.g. Bofra-B The distributed by W32/Bofra-B creates fake headers to pretend it was created by a number of different legitimate clients and also that it has been checked for viruses.

Survival time - 11 minutes

Genotype spam definitions New class of spam techniques emerging Driven by zombie usage and domain rotating Reputation and URL filtering don’t react quickly enough Genotype spam definitions Campaigns are identified by a common set of “static genes” Detects complex randomized campaigns Delivers effective protection against evolving campaigns Campaign-based detection for more consistent catch rates Messages missed Average catch rate % ReputationURI filtering Genotype %99.8% e.g. Porn campaign (Nov/Dec 2004)

Proportion of spam detected by Genotype

Pro-active protection method Protection against yet unknown variants Optimised for enterprise environment Linked with ability to unpack run-time packers (UPX,ASPack,Morphine) Genotype virus detection

Genes could copy itself to Windows system folder could send itself by could contain a backdoor could terminate Anti-virus software Genes are inherited in a family New members of a virus family “evolve” but most of genes usually stay

Genotype

Genotype detection rate

Conclusion

Today’s threat is more organised Your identity and personal details are at risk There have been some notable wins There is a desire for legitimacy amongst those on the fringe We are winning the fight Only agility will keep security companies ahead of the game

Thank you Jason Bruce, Detection development manager SophosLabs UK December 2005

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.