Presentation is loading. Please wait.

Presentation is loading. Please wait.

The End of Childhood Cybercrime Dan Clark, VP Marketing and Research.

Published byClaude Lynch Modified over 9 years ago

Similar presentations

Presentation on theme: "The End of Childhood Cybercrime Dan Clark, VP Marketing and Research."— Presentation transcript:

1 The End of Childhood Cybercrime Dan Clark, VP Marketing and Research

2 In the News... Gartner: Computers in use pass 1 billion mark http://www.reuters.com/article/t echnologyNews/idUSL2324525420080 623

3 A Really Big Question How many malicious files exist?

4 Total Size of Samples Exchanged by AV Companies

5 Samples exchanged by AV companies volume approximately triples every year 1998: volume < 100MB, files < 10k 2008: volume > 1.5TB, files > 5mil. volume in 2008 > all previous years combined total number of files exchanged > 15mil.

6 ThreatSense.Net Included in the client with various configuration options Two part system statistical data submission suspicious file submission Statistics gathered can be separated by country by malware group by detection type (heur/generic) by time/date by detection module (on-access, internet, mail etc)

7 Top 20 Infiltrations by Infection Share World Wide RankInfiltration NameInfection Share 1INF/Autorun.gen12,95% 2Win32/PSW.OnLineGames.NMY11,58% 3INF/Autorun8,02% 4Win32/Toolbar.MyWebSearch6,40% 5Win32/Agent.AJVG5,80% 6WMA/TrojanDownloader.GetCodec.gen5,57% 7Win32/Agent5,55% 8Win32/Conficker.AA3,88% 9Win32/Conficker.A3,85% 10Win32/Pacex.Gen3,36% 11Win32/Genetik2,99% 12Win32/AutoRun.KS2,97% 13WMA/TrojanDownloader.GetCodec.C2,73% 14Win32/Adware.Virtumonde2,53% 15Win32/PSW.OnLineGames.NMP2,29% 16Win32/Patched.BU2,10% 17Win32/Packed.Autoit.Gen2,06% 18Win32/Conficker.AE1,94% 19Win32/Qhost1,85% 20Win32/Conficker.E1,84%

8 Visualizing the Global Threat-Scape Source: ThreatSense.Net

9 ThreatSense.Net Statistics Total number of samples received, January & February 2009

10 ThreatSense.Net Statistics Total number of samples received, December 2007 – February 2009

11 Samples from ThreatSense.Net Only heuristic and generic detections sent 2008: files > 100k daily, 50mil. total 2009: files ~ 250k daily, expected > 100mil. Filters applied (Swizzor, Virtumonde, Sality...) <10% of computers participating Unknown/undetected threats

12 Conclusions Our current estimate ~200 million of malicious files (analysis continues) > 300k new malicious files daily Probably still more PCs than threats, likely to change soon

13 Why there are so many malicious files?

14 In the News... The Register: Cybercrime ‘more lucrative’ than drugs http://www.theregister.co.uk/2005/11 /29/cybercrime/

15 Cybercrime Money always attracts criminals Internet today - new inexperienced users - new companies with little/no security policy enforced Fraud opportunities examples -directly related to money (Internet banking, e-commerce) -indirectly related to money (advertisement) -data stealing (targeted attacks) More malicious software than legitimate

16 Cybercrime vs. AV industry AV industry attacks their business Malware response? Avoid detection and removal -encryption -polymorphism -stealth (rootkits) -Legal attacks Volume mutations (obfuscation) -mutations generated in lab and distributed (Virtumonde, Zlob) -mutations constantly generated by the hosting server (Swizzor)

17 From: support [mailto:support@emediacodec.com] Sent: Wednesday, April 12, 2006 4:28 PM To: XXXXXXXXXXX Subject: Hello XXXXXXXXXXX. We are eMediaCodec support team. we would like to know why your software NOD32 detects our codec as virus "Win32/TrojanDownloader.Zlob.II". Our emediacodec is provided with Terms and Conditions located at http://www.emediacodec.com/terms.html where we describe in details what is the codec itself. We do tell surfers about what being installed on their computers. We would very appreciate if you remove our eMediaCodec from your virus list. Thanks Win32/TrojanDownloader.Zlob

18 Subject: NOD32 detects our products as malware Date: 21 Aug 2006 10:21:51 -0500 From: "Tyler Moore" tyler.moore@winsoftware.com To: XXXXXXXXXXXXXX I am contacting you on behalf of WinSoftware Company. Recently our Quality Assurance Department discovered that parts of our product, WinAntiVirus Pro 2006, were added to your anti-malware database, and are currently being detected as malware. WinSoftware believes this may have been done inadvertently; nevertheless this has a big impact on our Company's reputation and on customer satisfaction level. WinSoftware, therefore, requests that you remove these product from your base no later than fourteen (14) days from receipt of this notification. Please confirm receipt of this message. Best regards, Tyler Moore Senior Vice-President, Legal Compliance WinSoftware Ltd. Rogue Antivirus

19 Consequences

20 Ineffective defense Simple signature approach doesn’t work With 200 mil. malicious files we need -3GB of MD5 signatures -800MB of CRC32 signatures (the number of collisions would be enormous ;-)) With 300k of new malicious files every day -Update size is too big -No chance to receive and process all files to create signatures

21 Effective defense Heuristics -simulates work of an AV expert (emulates the code in virtualized environment, analyses code and data and tries to identify suspicious behavior) Smart signatures -contain behavior patterns and fingerprints of malware families (1 signature detects most mutations of particular threat) -need for sophisticated technology, big database of malware and legitimate software behavior patterns, experienced virus analyst team -database only ~16MB for current threats

22 The Renown Tests A Couple of 100K ~ 1 Million 500K – 1 Million Number of Samples in the Test Sets

23 Testing labs Work with relatively small number of malicious files Volume of files is too big to be processed correctly (corrupted, non-working, non-malicious, etc) Sample submissions from AV companies can skew results Samples circulating among AV companies and test centers are well-known and products can be “tuned”

24 The Weakest Link

25 End-Users Unaware of basic safety Deliberately ignore policies (adult content on bus laptop) Susceptible to phishing and other attacks which prey on greed, fear, lust, ignorance, etc.

26 A Real Fresh Phish - 5/27/09

27 A Fun Exercise Spot the “Phish Factors”

28 7 Current Malware Trends Threats attacking popular browsers drive-by downloads, exploitation of vulnerabilities in browsers and plugins Increasing threats to OS X, game boxes and Linux Malicious PDFs and other Trojan-like piggy- backing/exploitation of “trustworthy” documents Social engineering attacks, more sophistication in the techniques used. Fake antivirus and antispyware products Exploitation of the Windows Autorun Online Game password stealers

29 Conclusions Active malware is expanding geometrically Cybercrime is becoming more organized and flexible To fight it effectively we need: -Innovative technology -More informed and security conscious users -Policies that reflect reality of user experience

30 Childhood’s end. Thank you!

Download ppt "The End of Childhood Cybercrime Dan Clark, VP Marketing and Research."

Similar presentations

The Threat Landscape Jan 2013. 2013 Threat Report 2.

The Threat Landscape Jan Threat Report 2.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
PAGE 1 | Gradient colors 14 149 115 0 121 91 13 137 105 RGBRGB Diagrams 142 230 0 127 205 0 137 222 0 RGBRGB 242 174 107 255 131 0 240 161 82 RGBRGB 166.

PAGE 1 | Gradient colors RGBRGB Diagrams RGBRGB RGBRGB 166.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Breaking Trust On The Internet

Breaking Trust On The Internet
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.

#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
Security for Internet Every Day Use Standard Security Practices and New Threats.

Security for Internet Every Day Use Standard Security Practices and New Threats.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
INTERNET SAFETY FOR EVERYONE

INTERNET SAFETY FOR EVERYONE
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Www.sophos.com Sophos anti-virus and anti-spam for business OARNET October 13, 2004.

Sophos anti-virus and anti-spam for business OARNET October 13, 2004.
CS266 Software Reverse Engineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso,

CS266 Software Reverse Engineering (SRE) Identifying, Monitoring, and Reporting Malware Teodoro (Ted) Cipresso,
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
Viruses & Destructive Programs

Viruses & Destructive Programs
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Similar presentations

Ads by Google