Deciphering and Mitigating Blackhole Spam from -borne Threats
|
|
- Eleanor Lee
- 8 years ago
- Views:
Transcription
1 Deciphering and Mitigating Blackhole Spam from -borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from -borne Threats 1
2 Outline 1 Background 2 Detection Challenges 3 How to get over it? 4 Dataset and Result 5 Conclusion Deciphering and Mitigating Blackhole Spam from -borne Threats 2
3 Spam Filter should be.. Effective Fast in detection Create very low number of false positives Low maintenance Deciphering and Mitigating Blackhole Spam from -borne Threats 3
4 Blackhole Spam Deciphering and Mitigating Blackhole Spam from -borne Threats 4
5 Lifecycle Blackhole Exploit Kit User receives fake notification containing malicious URL User is redirected to compromised site and then redirected to malicious site hosting Blackhole Exploit Blackhole Exploit determines software vulnerability and drops the malware Deciphering and Mitigating Blackhole Spam from -borne Threats 5
6 Thousands Daily BH Spam Volume at Symantec Spam Trap Deciphering and Mitigating Blackhole Spam from -borne Threats 6
7 Abuse of Brand Templates 9% 3% 3% Social Network Payroll Services 8% 11% 35% Fax Services Consumer & Business Services Tax Services Courier express services 31% Other Deciphering and Mitigating Blackhole Spam from -borne Threats 7
8 Characteristics of a BH attack Legit templates Hijacked domain Use of Botnets Randomization Short URL life Deciphering and Mitigating Blackhole Spam from -borne Threats 8
9 Proposal Message features Database profiling Static feature analyzer JavaScript analysis Obfuscation and encoded code Dynamic analysis Feature Extraction Pre-filter Feature Analyzer JavaScript Analyzer Downloader Deciphering and Mitigating Blackhole Spam from -borne Threats 9
10 Pre-filter Narrow the processing sample set Template matching Used features Volume features URI features Template features Relaxed yet powerful! Deciphering and Mitigating Blackhole Spam from -borne Threats 10
11 Feature Analyzer URL Patterns domain>/<8 alphanumeric characters>/index.html domain>/<short dictionary word>.html domain>/wp-content/<path>/<short dictionary word>.htm index page).php?t=<16-digit-hex-number> Template Subject: Verify your account From: [removed] Suspect URL: hxxp://zixxxxame.co.za/ffn1dcv8/index.html Deciphering and Mitigating Blackhole Spam from -borne Threats 11
12 Feature Analyzer IP Lookup IP reputation Dotted Quad IP reputation DNSBL Deciphering and Mitigating Blackhole Spam from -borne Threats 12
13 IP Lookup IP reputation Reputation Score Msgs Spam RDNS Lists Ancestors Bad TRUE css xx.x - added as SMTP server DNSBL Deciphering and Mitigating Blackhole Spam from -borne Threats 13
14 Feature Analyzer URL Reputation and Heuristics Deciphering and Mitigating Blackhole Spam from -borne Threats 14
15 Dynamic Checks Deciphering and Mitigating Blackhole Spam from -borne Threats 15
16 JS Analyzer JS Analyzer Analyze compromised webpage Analyze landing page Blackhole Exploit Kit Compromised webpage containing obfuscated JS Landing page containing encoded JS Deciphering and Mitigating Blackhole Spam from -borne Threats 16
17 JavaScript Obfuscation and <iframe> visibility:hidden src= main.php?page=298e0c1b8 9821c16 Deciphering and Mitigating Blackhole Spam from -borne Threats 17
18 Downloader Payload downloader Heuristic engine Connecting IP reputation Deciphering and Mitigating Blackhole Spam from -borne Threats 18
19 Connecting IP Reputation Example Deciphering and Mitigating Blackhole Spam from -borne Threats 19
20 System Deciphering and Mitigating Blackhole Spam from -borne Threats 20
21 Illustrative Example Feature Values Headers Origin IP DNS Initial URI JavaScript Subject: Option: Can New-Pope Benedict be Sued for [removed] Abuse Cases? [removed].com Source IP: xx.xxx Reputation: Neutral RDNS: false Tokens from JS [not shown] URI Tokens Dotted-quad: 0 Length: 1 Domain: 1 Index page: 1 Tokens: Domain, popeabuse.html Final URI Dotted-quad: 0 Length: 4 Domain: 1 Index page: 0 Tokens: Domain, /app, /data, /ap1.php?f=6189f Deciphering and Mitigating Blackhole Spam from -borne Threats 21
22 Result Stage Attribute Confidence Description Stage 1 IP_REP 0% IP reputation: neutral No evidence of spam messages HTML_ANALYSIS 10% Historical HTML pattern Template mapping MALFORMED_JS 10% Obfuscated JS Randomized JS URI_REP 0% URI reputation: neutral JS_ANALYSIS 60% Hidden iframe URI reputation: known bad URI pattern: bad Stage 2 BLACKHOLE_URI 60% Code analysis: bad System scan Deciphering and Mitigating Blackhole Spam from -borne Threats 22
23 Detection FP Detection Attack 1 Attack 2 Attack 3 Attack 4 Attack 5 Attack 6 Deciphering and Mitigating Blackhole Spam from -borne Threats 23
24 Detection % 99.80% 99.71% 99.60% 99.40% 99.20% 99.00% Attack 1 Attack 2 Attack 3 Attack 4 Attack 5 Attack 6 Deciphering and Mitigating Blackhole Spam from -borne Threats 24
25 Conclusions Spam is a bigger problem! Malicious attacks are becoming sophisticated by the day Just reputation and content filtering is not enough Solution Static and dynamic analysis Payload analysis Deciphering and Mitigating Blackhole Spam from -borne Threats 25
26 Questions? Deciphering and Mitigating Blackhole Spam from -borne Threats 26
27 Thank you! Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Deciphering and Mitigating Blackhole Spam from -borne Threats 27
Protecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationMalicious Websites uncover vulnerabilities (browser, plugins, webapp, server), initiate attack steal sensitive information, install malware, compromise victim s machine Malicious Websites uncover vulnerabilities
More informationEVILSEED: A Guided Approach to Finding Malicious Web Pages
+ EVILSEED: A Guided Approach to Finding Malicious Web Pages Presented by: Alaa Hassan Supervised by: Dr. Tom Chothia + Outline Introduction Introducing EVILSEED. EVILSEED Architecture. Effectiveness of
More informationThreat Spotlight: Angler Lurking in the Domain Shadows
White Paper Threat Spotlight: Angler Lurking in the Domain Shadows Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant
More informationIntercept Anti-Spam Quick Start Guide
Intercept Anti-Spam Quick Start Guide Software Version: 6.5.2 Date: 5/24/07 PREFACE...3 PRODUCT DOCUMENTATION...3 CONVENTIONS...3 CONTACTING TECHNICAL SUPPORT...4 COPYRIGHT INFORMATION...4 OVERVIEW...5
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationExploring the Black Hole Exploit Kit
Exploring the Black Hole Exploit Kit Updated December 20, 2011 Internet Identity Threat Intelligence Department http://www.internetidentity.com http://www.internetidentity.com 12/29/11 Page 1/20 Summary
More informationBig Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data
More informationBillion Dollar Botnets:
Billion Dollar Botnets: An Examination of the Current Trend in Android Botnets Cathal Mullaney Senior Software Engineer @threatintel Symantec Security Response 1 Presentation agenda 1 2 Android botnets
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationwhite paper Malware Security and the Bottom Line
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
More informationSPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015
SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015 The Usual Players Indebtedness for driving on toll road Transaction receipts Notice to appear Major and Emerging Trends
More informationeprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide
eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide This guide is designed to help the administrator configure the eprism Intercept Anti-Spam engine to provide a strong spam protection
More informationTHE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
More informationBlackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS
Trend Micro Incorporated Research Paper 2012 Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS By: Jon Oliver, Sandra Cheng, Lala Manly, Joey Zhu, Roland
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationSOLUTION CARD WHITE PAPER
WHITE PAPER Why Education is Among the Worst Affected Industries by Malware The Contradiction Between Perceived Anti-Virus Readiness and Actual Malware Infection Rates in the Education Industry About This
More informationescan Anti-Spam White Paper
escan Anti-Spam White Paper Document Version (esnas 14.0.0.1) Creation Date: 19 th Feb, 2013 Preface The purpose of this document is to discuss issues and problems associated with spam email, describe
More informationWhose IP Is It Anyways: Tales of IP Reputation Failures
Whose IP Is It Anyways: Tales of IP Reputation Failures SESSION ID: SPO-T07 Michael Hamelin Lead X-Force Security Architect IBM Security Systems @HackerJoe What is reputation? 2 House banners tell a story
More informationEmail Quick Reference. Administrator Guide
Email Quick Reference Administrator Guide Email Services Quick Reference Documentation version: 1.0 Legal Notice Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationKeeping Eyes on Malicious Websites ChkDeface against Fraudulent Sites
Keeping Eyes on Malicious Websites ChkDeface against Fraudulent Sites Hiroshi KOBAYASHI, Takayuki UCHIYAMA Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) Agenda Background Increase
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationSpam DNA Filtering System
The Excedent Spam DNA Filtering System provides webmail.us customers with premium and effective junk email protection. Threats to email services are rising rapidly. A Growing Problem As of November 2002,
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationWhen Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper
When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationWhen Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling
When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection
More informationKaspersky Anti-Spam 3.0
Kaspersky Anti-Spam 3.0 Whitepaper Collecting spam samples The Linguistic Laboratory Updates to antispam databases Spam filtration servers Spam filtration is more than simply a software program. It is
More informationCommtouch RPD Technology. Network Based Protection Against Email-Borne Threats
Network Based Protection Against Email-Borne Threats Fighting Spam, Phishing and Malware Spam, phishing and email-borne malware such as viruses and worms are most often released in large quantities in
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationEnd to End Security do Endpoint ao Datacenter
do Endpoint ao Datacenter Piero DePaoli & Leandro Vicente Security Product Marketing & Systems Engineering 1 Agenda 1 Today s Threat Landscape 2 From Endpoint: Symantec Endpoint Protection 3 To Datacenter:
More informationMcAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version 8.1.0 and earlier
Application Note TrustedSource in McAfee Firewall Enterprise McAfee version 8.1.0 and earlier Firewall Enterprise This document uses a question and answer format to explain the TrustedSource reputation
More informationAdvancements in Botnet Attacks and Malware Distribution
Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering
More informationAnalysis of the Australian Web Threat Landscape Christopher Ke, Jonathan Oliver and Yang Xiang
Analysis of the Australian Web Threat Landscape Christopher Ke, Jonathan Oliver and Yang Xiang Deakin University, 221 Burwood Highway, Burwood, Victoria 3125, Australia Trend Micro 606 St Kilda Road, Melbourne,
More informationEmail Security.cloud Configuring DLP on to your email flow and applying security to your hosted email deployment
Email Security.cloud Configuring DLP on to your email flow and applying security to your hosted email deployment Phil Walters Principal Learning Consultant, Technical Field Enablement Email Security.cloud
More informationSymantec Protection Suite Add-On for Hosted Email and Web Security
Symantec Protection Suite Add-On for Hosted Email and Web Security Overview Your employees are exchanging information over email and the Web nearly every minute of every business day. These essential communication
More informationWhen Reputation is Not Enough. Barracuda Email Security Gateway s Predictive Sender Profiling. White Paper
When Reputation is Not Enough Barracuda Email Security Gateway s Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level
More informationGFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall
GFI Product Comparison GFI MailEssentials vs Barracuda Spam Firewall GFI MailEssentials Barracuda Spam Firewall Integrates closely with Microsoft Exchange Server 2003/2007/2010 Integrates closely with
More informationEmail Data Protection. Administrator Guide
Email Data Protection Administrator Guide Email Data Protection Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec,
More informationImproving Business Outcomes: Plug in to Security As A Service Adrian Covich
Improving Business Outcomes: Plug in to Security As A Service Adrian Covich Principal Systems Engineer, Symantec.cloud 1 Who We Are 2 Security Challenges in Education 3 Security As A Service Email, Web,
More informationUP L13: Leveraging the full protection of SEP 12.1.x
UP L13: Leveraging the full protection of SEP 12.1.x Martial RICHARD Principal Field Enablement Manager Endpoint Security UP L13 1 Threat landscape (ISTR Vol.18 April 2013) http://www.symantec.com/threatreport/
More informationSymantec Intelligence Report: February 2013
Symantec Intelligence Symantec Intelligence Report: February 2013 Welcome to the February edition of the Symantec Intelligence report, which provides the latest analysis of cyber security threats, trends,
More informationUser Documentation Web Traffic Security. University of Stavanger
User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...
More informationISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones
ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones Web Security Deployment Options 1 1 The threat landscape 2 Why Symantec web security 3 Generic
More informationDo you need to... Do you need to...
TM Guards your Email. Kills Spam and Viruses. Do you need to... Do you need to... Scan your e-mail traffic for Viruses? Scan your e-mail traffic for Viruses? Reduce time wasted dealing with Spam? Reduce
More informationDragonfly: Energy Companies Under Sabotage Threat Symantec Security Response
Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response Dragonfly: Western Energy Companies Under Sabotage Threat 1 What is Dragonfly? Ongoing cyberespionage campaign Targeting the
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationUsing big data analytics to identify malicious content: a case study on spam emails
Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime
More informationUNMASKCONTENT: THE CASE STUDY
DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...
More informationDan Hubbard VP Security Research
Dan Hubbard VP Security Research Perpetual Beta = Live Testing = Trouble Airline Terminals using Active Script Start : Middle : End Wait, the Web has version numbers? Web Two Dot UH-OH or Exploit 2.0 An
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationContentCatcher. Voyant Strategies. Best Practice for E-Mail Gateway Security and Enterprise-class Spam Filtering
Voyant Strategies ContentCatcher Best Practice for E-Mail Gateway Security and Enterprise-class Spam Filtering tm No one can argue that E-mail has become one of the most important tools for the successful
More informationSecuring the endpoint and your data
#SymVisionEmea #SymVisionEmea Securing the endpoint and your data Piero DePaoli Sr. Director, Product Marketing Marcus Brownell Sr. Regional Product Manager Securing the Endpoint and Your Data 2 Safe harbor
More informationComprehensive Email Filtering. Whitepaper
Comprehensive Email Filtering Whitepaper Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks and the alarming influx of spam, email loses
More informationIpswitch IMail Server with Integrated Technology
Ipswitch IMail Server with Integrated Technology As spammers grow in their cleverness, their means of inundating your life with spam continues to grow very ingeniously. The majority of spam messages these
More informationGlobal Reputation Monitoring The FortiGuard Security Intelligence Database WHITE PAPER
Global Reputation Monitoring The FortiGuard Security Intelligence Database WHITE PAPER FORTINET Global Reputation Monitoring PAGE 2 Overview Fortinet s FortiGuard Security Services delivers two essential
More informationHow To Protect Your Email From Spam On A Barracuda Spam And Virus Firewall
Comprehensive Email Filtering: Barracuda Spam & Virus Firewall Safeguards Legitimate Email Email has undoubtedly become a valued communications tool among organizations worldwide. With frequent virus attacks
More informationOverview An Evolution. Improving Trust, Confidence & Safety working together to fight the e-mail beast. Microsoft's online safety strategy
Overview An Evolution Improving Trust, Confidence & Safety working together to fight the e-mail beast Holistic strategy Prescriptive guidance and user education, collaboration & technology Evolution of
More informationIBM Security X-Force Threat Intelligence
IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security
More informationOn and off premises technologies Which is best for you?
On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationEmerging Trends in Fighting Spam
An Osterman Research White Paper sponsored by Published June 2007 SPONSORED BY sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 866
More informationCountering Insider Threats Jeremy Ho
Countering Insider Threats Jeremy Ho Strategic Sales Group (ASEAN) 1 CONFIDENTIAL Key Challenges Impacting Organization Today REGULATORY COMPLIANCE Rising Data Volumes Changing Requirements Prioritization
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationDetecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
More informationAcunetix Website Audit. 5 November, 2014. Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build 20120808)
Acunetix Website Audit 5 November, 2014 Developer Report Generated by Acunetix WVS Reporter (v8.0 Build 20120808) Scan of http://filesbi.go.id:80/ Scan details Scan information Starttime 05/11/2014 14:44:06
More informationInsight. Security Response. Deployment Best Practices
Insight Deployment Best Practices Overview Symantec Insight is a reputation-based security technology that leverages the anonymous software adoption patterns of Symantec s hundreds of millions of users
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationBasheer Al-Duwairi Jordan University of Science & Technology
Basheer Al-Duwairi Jordan University of Science & Technology Outline Examples of using network measurements /monitoring Example 1: fast flux detection Example 2: DDoS mitigation as a service Future trends
More informationSR B10: Improving Antispam Effectiveness and Protecting Against Threats with Submissions 2.0
SR B10: Improving Antispam Effectiveness and Protecting Against Threats with Submissions 2.0 Angelos Kottas, Sr. Manager, Product Management Amanda Grady, Sr. Product Manager SR B10: Submissions 2.0 1
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationSymantec Cyber Security Services: DeepSight Intelligence
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
More informationContext Adaptive Scanning Engine: Protecting Against the Broadest Range of Blended Threats
Context Adaptive Scanning Engine: Protecting Against the Broadest Range of Blended Threats W h i t e P a p e r Executive Summary The email and Web security problem can no longer be addressed by point solutions
More informationCloud Services. Email Anti-Spam. Admin Guide
Cloud Services Email Anti-Spam Admin Guide 10/23/2014 CONTENTS Introduction to Anti- Spam... 4 About Anti- Spam... 4 Locating the Anti- Spam Pages in the Portal... 5 Anti- Spam Best Practice Settings...
More informationEmail AntiSpam. Administrator Guide and Spam Manager Deployment Guide
Email AntiSpam Administrator Guide and Spam Manager Deployment Guide AntiSpam Administration and Spam Manager Deployment Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationGovernment of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam
Government of Canada Managed Security Service (GCMSS) Date: June 8, 2012 TABLE OF CONTENTS 1 ANTISPAM... 1 1.1 QUALITY OF SERVICE...1 1.2 DETECTION AND RESPONSE...1 1.3 MESSAGE HANDLING...2 1.4 CONFIGURATION...2
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationCisco Reputation Filtering: Providing New Levels of Network Security. Solution Overview
Solution Overview Table of Contents Executive Summary...3 Dangerous Threats on the Rise...3 Traditional Defenses Unequal to the Level of Sophisticated Attacks...4 Cisco s Response Cloud-Based Global Intelligence
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationPublic-Facing Websites: A Loaded Gun Pointing at Customers, Partners and Employees
Public-Facing Websites: A Loaded Gun Pointing at Customers, Partners and Employees The Importance of Incorporating Digital Property Security Into Your IT Strategy Public-Facing Websites: A Loaded Gun Pointing
More informationWhat do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware
What do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware Contents Introduction.................................2 Installation: Social engineering
More informationHow To Integrate Hosted Email Security With Office 365 And Microsoft Mail Flow Security With Microsoft Email Security (Hes)
A Trend Micro Integration Guide I August 2015 Hosted Email Security Integration with Microsoft Office 365» This document highlights the benefits of Hosted Email Security (HES) for Microsoft Office 365
More informationRecurrent Patterns Detection Technology. White Paper
SeCure your Network Recurrent Patterns Detection Technology White Paper January, 2007 Powered by RPD Technology Network Based Protection against Email-Borne Threats Spam, Phishing and email-borne Malware
More informationMeasures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org
Measures to Protect (University) Domain Registrations and DNS Against Attacks Dave Piscitello, ICANN dave.piscitello@icann.org Why are we talking about Domain names and DNS? Domain names and URLs define
More informationLASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages
LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,
More informationSecurity for a Smarter Planet. 2011 IBM Corporation All Rights Reserved.
Security for a Smarter Planet The Smarter Planet Our world is getting Instrumented Our world is getting Interconnected Our world is getting Intelligent Growing Security Challenges on the Smarter Planet
More informationDomain Name Abuse Detection. Liming Wang
Domain Name Abuse Detection Liming Wang Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 2 Why?
More informationContent Filters A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER
Content Filters A WORD TO THE WISE WHITE PAPER BY LAURA ATKINS, CO- FOUNDER CONTENT FILTERS 2 Introduction Content- based filters are a key method for many ISPs and corporations to filter incoming email..
More informationRIA SECURITY TECHNOLOGY
RIA SECURITY TECHNOLOGY Ulysses Wang Security Researcher, Websense Hermes Li Security Researcher, Websense 2009 Websense, Inc. All rights reserved. Agenda RIA Introduction Flash Security Attack Vectors
More informationThreat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com
Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little
More informationThe Prevalence of Flash Vulnerabilities on the Web
TECHNICAL BRIEF FLASH FLOODING The Prevalence of Flash Vulnerabilities on the Web Adobe Flash Player is a cross-platform, browser plugin that provides uncompromised viewing of expressive applications,
More informationMalware B-Z: Inside the Threat From Blackhole to ZeroAccess
Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and
More informationAnti-Phishing Best Practices for ISPs and Mailbox Providers
Anti-Phishing Best Practices for ISPs and Mailbox Providers Version 2.01, June 2015 A document jointly produced by the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG) and the Anti-Phishing
More informationTargeted attacks begin with spearphishing
Targeted attacks begin with spearphishing Jasper Evertzen jevertzen@proofpoint.com Sales Director Benelux & Nordics Charles Rami crami@proofpoint.com SE Manager France Benelux& Nordics threat protection
More informationLessons learned: Sinkholing the Zeroaccess botnet. Ross Gibb. Attack Investigations Team Symantec Security Response.
Lessons learned: Sinkholing the Zeroaccess botnet Ross Gibb Attack Investigations Team Symantec Security Response AIT - Zeroaccess 1 Agenda 1 Introduction to Zeroaccess 2 Details of the P2P protocol 3
More informationUnified Security Management and Open Threat Exchange
13/09/2014 Unified Security Management and Open Threat Exchange RICHARD KIRK SENIOR VICE PRESIDENT 11 SEPTEMBER 2014 Agenda! A quick intro to AlienVault Unified Security Management (USM)! Overview of the
More informationChallenges and Best Practices in Fighting Financial Fraud in Brazil
Challenges and Best Practices in Fighting Financial Fraud in Brazil Cristine Hoepers cristine@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br - Network Information Center Brazil CGI.br -
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More information