Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Published byChrystal Kelley Modified over 9 years ago

Similar presentations

Presentation on theme: "Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,"— Presentation transcript:

1 Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title, place) Are signatures the new mp3? How to fight the misuse of intellectual property Magnus Kalkuhl, Senior Virus Analyst Global Research and Analysis Team, Germany Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010

2 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Setting up an AV company in 2000 Find valuable sources for new malware and become part of the AV social network Invest lots of money in fast and effective analysis and scan technologies Invest lots of money in initial research or hire trained analysts Establish worldwide distribution channels

3 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Setting up an AV company in 2010 Find a cheap server Find a cheap programmer Buy some AV scanners Ask your PR agency to announce your new product

4 Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10th, 2009Event details (title, place) Is it really that easy? Let's have a closer look

5 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 The power of AV comparison sites Virustotal, Jotti, etc. Entirely based on on-demand scaning Service helps many magazines and customers to decide whether a file is malicious or not

6 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 The power of AV comparison tests AV-Test.org: Performs paid comparison tests for major magazines all over the world AV comparatives: Regularly issues test results with proactive and on-demand comparisons being the most important ones Most tests are based on on-demand scanning

7 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 There are many ways to protect the user Content filters (anti-spam, anti-phishing, URL advisor etc.) Static detection (signature based) Emulation of the program before it is executed Behaviour-based detection while a program is running Sandbox isolating software from the rest of the system HIPS incl. application firewall preventing malicious actions and access Kaspersky Security Network (real-time in-the-cloud detection)

8 Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level Event details (title, place) On-demand detection is not the most important aspect for the user's security, but for his purchase decision

9 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 How to improve on-demand detection More aggresive heuristics → more false positives Investing more money into analysts, honeypots and analysis systems → very expensive Adding detection based on competitors‘ classifications →...ethical?

10 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Reusing expertise of other companies Level 1: OEM Partnership Level 2: Asking a competitor for samples Level 3: In-depth analysis of samples that were detected by a multiscanner Level 4: Simpy adding detection based on multiscanner results - or even worse: Extracting competitors' signatures directly from the signature update files

11 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Real life example? Source: http://malwarebytes.besttechie.net/2009/11/02/iobit-steals-malwarebytes-intellectual-property/

12 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Real life example? Source: http://blog.iobit.com/archives/tag/malwarebytes

13 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Real life example? Source: http://malwareresearchgroup.com/forum/viewtopic.php?f=7&t=159&p=509 Shortly after IObit was accused of plagiatism, their database shrank by 47.5%. According to this posting, this also affected their detection rate.

14 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Similarities to the music industry Users don't care where it comes from as long as it works for small money Every additional person using such a service means less money for real research As a consequence the companies which create/sell a product will have less money → lower quality for all

15 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 In-the-cloud AV will make things worse Setting up the infrastructure is cheap Using multiscanner detection ensures very high scan results Everything happens behind closed doors

16 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 What can be done about it? From a technical perspective: Not much, and superiour heuristics won't help as long as people love on-demand-scan- comparisons with millions of samples By using “marker” signatures, it might be easier to detect theft of intellectual property Laws need to be updated in order to protect AV companies‘ IP better

17 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Do you remember this picture? Experiment started by Computerbild magazine in 2009

18 Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title, place) Let's talk about it! Senior Virus Analyst, Global Research and Analysis Team, Germany Magnus Kalkuhl Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010

Download ppt "Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,"

Similar presentations

Click to edit Master title style. Click to edit Master subtitle style.

Click to edit Master title style. Click to edit Master subtitle style.
Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,
Click to edit Master title style Click to edit Master text styles  Second level ▫ Third level Fourth level Fifth level MIT Media Lab/MediaLabEurope www.medialabeurope.org.

Click to edit Master title style Click to edit Master text styles  Second level ▫ Third level Fourth level Fifth level MIT Media Lab/MediaLabEurope
Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Costs P6. Costs An important part of an e-commerce strategy is identifying the costs. Whether they are specific prices or just isolating where the business.

Costs P6. Costs An important part of an e-commerce strategy is identifying the costs. Whether they are specific prices or just isolating where the business.
Be able to plan e-commerce strategies. Hosting When setting up an e-commerce site, there are two issues of hosting which need to be decided - who will.

Be able to plan e-commerce strategies. Hosting When setting up an e-commerce site, there are two issues of hosting which need to be decided - who will.
Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete email server protection –Spam Blocking (95+ percent) Extremely.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.
KASPERSKY SECURITY FOR STORAGE Product Launch Presentation Global B2B Product Marketing Teams.

KASPERSKY SECURITY FOR STORAGE Product Launch Presentation Global B2B Product Marketing Teams.
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.
 Norton Antivirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures.

 Norton Antivirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures.
Kaspersky OpenSpace Security Kaspersky ® OpenSpace Security Christian Runte Biodata.

Kaspersky OpenSpace Security Kaspersky ® OpenSpace Security Christian Runte Biodata.
Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.

Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.
Market Analysis Decision Group.

Market Analysis Decision Group.
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.

OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.
Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level Fifth level June 10 th, 2009Event details (title,

Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level Fifth level June 10 th, 2009Event details (title,
Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Similar presentations

Ads by Google