Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Similar presentations


Presentation on theme: "Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,"— Presentation transcript:

1 Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title, place) Are signatures the new mp3? How to fight the misuse of intellectual property Magnus Kalkuhl, Senior Virus Analyst Global Research and Analysis Team, Germany Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010

2 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Setting up an AV company in 2000 Find valuable sources for new malware and become part of the AV social network Invest lots of money in fast and effective analysis and scan technologies Invest lots of money in initial research or hire trained analysts Establish worldwide distribution channels

3 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Setting up an AV company in 2010 Find a cheap server Find a cheap programmer Buy some AV scanners Ask your PR agency to announce your new product

4 Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10th, 2009Event details (title, place) Is it really that easy? Let's have a closer look

5 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 The power of AV comparison sites Virustotal, Jotti, etc. Entirely based on on-demand scaning Service helps many magazines and customers to decide whether a file is malicious or not

6 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 The power of AV comparison tests AV-Test.org: Performs paid comparison tests for major magazines all over the world AV comparatives: Regularly issues test results with proactive and on-demand comparisons being the most important ones Most tests are based on on-demand scanning

7 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 There are many ways to protect the user Content filters (anti-spam, anti-phishing, URL advisor etc.) Static detection (signature based) Emulation of the program before it is executed Behaviour-based detection while a program is running Sandbox isolating software from the rest of the system HIPS incl. application firewall preventing malicious actions and access Kaspersky Security Network (real-time in-the-cloud detection)

8 Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level Event details (title, place) On-demand detection is not the most important aspect for the user's security, but for his purchase decision

9 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 How to improve on-demand detection More aggresive heuristics → more false positives Investing more money into analysts, honeypots and analysis systems → very expensive Adding detection based on competitors‘ classifications →...ethical?

10 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Reusing expertise of other companies Level 1: OEM Partnership Level 2: Asking a competitor for samples Level 3: In-depth analysis of samples that were detected by a multiscanner Level 4: Simpy adding detection based on multiscanner results - or even worse: Extracting competitors' signatures directly from the signature update files

11 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Real life example? Source: http://malwarebytes.besttechie.net/2009/11/02/iobit-steals-malwarebytes-intellectual-property/

12 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Real life example? Source: http://blog.iobit.com/archives/tag/malwarebytes

13 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Real life example? Source: http://malwareresearchgroup.com/forum/viewtopic.php?f=7&t=159&p=509 Shortly after IObit was accused of plagiatism, their database shrank by 47.5%. According to this posting, this also affected their detection rate.

14 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Similarities to the music industry Users don't care where it comes from as long as it works for small money Every additional person using such a service means less money for real research As a consequence the companies which create/sell a product will have less money → lower quality for all

15 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 In-the-cloud AV will make things worse Setting up the infrastructure is cheap Using multiscanner detection ensures very high scan results Everything happens behind closed doors

16 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 What can be done about it? From a technical perspective: Not much, and superiour heuristics won't help as long as people love on-demand-scan- comparisons with millions of samples By using “marker” signatures, it might be easier to detect theft of intellectual property Laws need to be updated in order to protect AV companies‘ IP better

17 Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010 Do you remember this picture? Experiment started by Computerbild magazine in 2009

18 Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title, place) Let's talk about it! Senior Virus Analyst, Global Research and Analysis Team, Germany Magnus Kalkuhl Kaspersky Lab International Press Tour “Cyberthreat Landscape 2009: Outcomes, Trends and Forecasts”, Moscow, January 28-31, 2010


Download ppt "Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,"

Similar presentations


Ads by Google