Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (www.symantec.com)www.symantec.com

Published byGyles Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (www.symantec.com)www.symantec.com"— Presentation transcript:

1 The Elderwood Project Brian Bowlby CompNet

2 Review of material on Symantec website (www.symantec.com)www.symantec.com http://www.symantec.com/content/en/us/enter prise/media/security_response/whitepapers/th e-elderwood-project.pdf http://www.symantec.com/connect/blogs/how- elderwood-platform-fueling-2014-s-zero-day- attacks

3 What is the Elderwood Project (also called the Elderwood Platform)? A set of zero-day exploits that have been engineered and packaged in a “consumer-friendly” way to allow non-technical people to easily attack their targets. Name Elderwood comes from source code variable used by the attackers

4 What are zero-day exploits? Exploits that exist in the initial release of a software package Often unknown to the programmer(s) May be known, but too expensive or time consuming to correct Generally, serious vulnerabilities are rare (8 identified in 2011)

5 Which zero-day exploits are included? Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779) Adobe Flash Player Remote Code Execution Vulnerability(CVE-2012- 1535) Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875) Microsoft XML Core Services Remote Code Execution Vulnerability(CVE-2012-1889)

6 Newer packages include exploits of these vulnerabilities Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability (CVE-2014-0322) Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0324) Adobe Flash Player and AIR Remote Code Execution Vulnerability (CVE-2014-0502)

7 How are these vulnerabilities exploited? Two methods for propagating their payload – Spear-phishing Attach an infected document in an email message – Watering hole attack Visitors of a web site are infected

8

9 A third possibility – a combination of the above Send target user an email with a link to an infected website Link can be unique for that user

10 Who is Behind Elderwood? High degree of technical sophistication – able to exploit many different vulnerabilities Once packaged, less technical groups can mount actual attacks – perhaps different group for each target Attacks are targeted – no mass email campaigns Attackers are patient – may lie in wait for several months before adding malicious code

11 Components of Elderwood

12 Targets Defense – Companies that manufacture components for top-tier defense contractors NGOs and human rights groups (Amnesty International) Finance, Energy, Education and Government

13

14 Recent Timeline of Elderwood Attacks

15 Groups using the Elderwood Platform

16 Takeaway Lessons Apply the latest patches/updates to your software Don’t open attachments unless you’re sure of the source Be careful when clicking on links in email messages Check that URL matches “printed” one http://fake.name.com

17 Thanks / Questions?

Download ppt "The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (www.symantec.com)www.symantec.com"

Similar presentations

Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.

Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.

Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.
MIRAGE MALWARE SIDDARTHA ELETI CLEMSON UNIVERSITY.

MIRAGE MALWARE SIDDARTHA ELETI CLEMSON UNIVERSITY.
Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.

Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
April 18, 2012. Updates Reminders Other Services.

April 18, Updates Reminders Other Services.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
SUPPLIER REGISTRATION USER GUIDE

SUPPLIER REGISTRATION USER GUIDE
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Drivers & Installation. In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to.

Drivers & Installation. In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Similar presentations

Ads by Google