Web Attacks— Offense… The Whole Story Yuri & The Cheeseheads Mark Glubisz, Jason Kemble, Yuri Serdyuk, Kandyce Giordano

Introduction White paper was informative Contained a few weaknesses Cited a study that focused on two areas that Symantec was strongest in combating Lacked detail regarding legitimate web site threats Missed risks presented by Social Networking sites

Stated Goals Educate end users to make them more secure Explain types of attacks Drive by Downloads Clickjacking Fake CODECS Malicious peer-to-peer files Malicious Advertisements Fake Scanner Web Pages Blog Spam Offer solutions to minimize risk

Symantec Funded Study Cascadia Labs Tested Two Types of Attack Drive by download Fake CODECs What About Other Threats? Clickjacking Fake Scanner Web pages Peer to Peer Blog Spam

Lasting Perception of Results Results of Study Presented at End of Paper Based on two types of Attacks Reader is aware of all threats Reader is left with false sense of confidence

Infection of Legitimate Websites White paper lacked statistics Spoke in generalities regarding level of threat by legitimate websites We found more specific information 70% of the 100 most popular websites Malicious content or hidden redirect  16% increase over the 1 st half of 2008 Legitimate websites compromised Exceeds the amount of sites created by criminals

Web Site Infection Details cont’d 45% of the top 100 web sites allow user generated content Most active distributors of malicious content Enable criminals to post malicious links, multimedia files, or send malicious s to users Top 100 web sites in terms of traffic are predominantly two categories Search Engines Social Networking Sites

Missed Risk Identification Social Networking Sites Treasure trove of personal data Birthdays, location, and employment history 66% of phishing attacks in the U.S. were directed towards social-networking sites  Impersonating someone else and building up a network  Creating an on-line profile prior to the real person creating one  Using the network to extract personal information to access financial data

Social Networking Sites’ Risks cont’d A means for distributing worms Koobface Distributed in 2008 through Facebook  Notes to friends of someone whose PC has been infected  “See how great you look in this video”  Directs recipients to a website that asks them to download a version of Flash Player – infects computer  Takes them to contaminated sites when they try to use search engines like Google, Yahoo, MSN and Live.com

Worms through Social Networking Twitter Stalkdaily and Mikeyy Tricked users into clicking on a link to a rival social network 17 year old created the worm “out of boredom” Second worm exploited the original flaw  After Twitter claimed to have closed the holes These sites are vulnerable

Conclusion Overall white paper is informative Weaknesses Limited study presented in article Lack of details regarding legitimate web site risks Missed risk Social Networking Sites

Existing Countermeasure Missed (from T’Bone and Tonic) Plethora of third party security tools that exist to prevent some of such attacks the “No Script” extension for the Mozilla browser Lavasoft Ad-Aware and Spybot S&D

References Number of compromised websites at all-time high -number-of-compromised-websites-at-alltime-high.aspx -number-of-compromised-websites-at-alltime-high.aspx Phishers Attack Social Networking Generation Destructive Koobface Virus Turns Up On Facebook Teen Takes Responsibility for Twitter Worms Fake Social Network Profiles: a New Form of Identity Theft profiles_a.php profiles_a.php

Questions?