This page is left blank on purpose.
|
|
- Gerald Kevin Curtis
- 8 years ago
- Views:
Transcription
1
2 This page is left blank on purpose. page 1 of 30
3 Table of Contents 1. Introduction Summary Collecting Malware Processing Malware Identifying Malware Detecting Malware Classifying Malware Trends Adware Backdoors and Bots Exploits Rootkits Trojans Worms bit Malware Malicious Others Geolocation Final Word Appendix A: Detecting Malware Appendix B: Classifying Malware page 2 of 30
4 Table of Figures Figure 1: Unique New Malicious Files Q Figure 2: Space Needed for Storing Only Unique New Samples Q Figure 3: New Malicious Files in July... 9 Figure 4: New Malicious Files in August... 9 Figure 5: New Malicious Files in September Figure 6: July Processing - Detected vs Not Detected Figure 7: September Processing - Detected vs Not Detected Figure 8: August Processing - Detected vs Not Detected Figure 9: Amount of Identified Adware Q Figure 10: Amount of Identified Backdoors and Bots Q Figure 11: Amount of Identified Exploits Q Figure 12: Amount of Identified Rootkits Q Figure 13: Distribution of 'Rootkit.15158' Q Figure 14: Amount of Identified Trojans Q Figure 15: Amount of Identified Worms Q Figure 16: 64-Bit Malware Q Figure 17: Amount of Identified 64-Bit Malware Q Figure 18: DarkComet RAT-usage Europe Figure 19: Global View of Xtreme RAT-usage page 3 of 30
5 This page is left blank on purpose. page 4 of 30
6 1. Introduction This is the third quarterly trend report for 2014 from the RedSocks Malware Research Lab. RedSocks is a Dutch company specialising in malware detection. Our solution, RedSocks Malware Threat Defender, is a network appliance that analyses digital traffic flows in real-time, based on algorithms and lists of malicious indicators. This critical information is compiled by the RedSocks Malware Intelligence Team (RSMIT). The team consists of specialists whose job is to identify new threats on the Internet and to translate them into state-of-the-art malware detection capabilities. With this report, we hope to provide the reader with a deeper insight into the trends we see in the Malware we process. We will look at data collected during the third quarter of RedSocks analyses large numbers of malicious files on a daily basis, therefore we can cover only a few topics briefly in this trend report. Protecting your data from Internet-based threats is not an easy task and relying on protection from Anti-Virus companies, no matter how established their brand, is not enough. Comprehensive protection requires an entirely new approach. page 5 of 30
7 2. Summary The total number of new and unique malicious files processed per month went from 8.7 million in July to 7.4 million in August, and down to 6.6 million in September. The overall detection by Anti-Virus software this quarter remains roughly the same compared to the last quarter. The detection rate for July was percent. For August, it is percent and in September, the average detection was percent. This might not sound too bad, but it means that around 24 percent, 23 percent and 20 percent was not detected. There is a slight improvement, however, compared with the second quarter. Please note that identification rates can change based on samples chosen and time scanned. During the third quarter, the number of identified adware dropped from 1.2 million in July and August to 0.9 million in September. The drop in the numbers of identified backdoors and bots (B&B) reported in our Second Quarter Malware Trend Report, has come to an end. In July, the numbers dropped to 53,000. In August the numbers increased to 117,000 and, in September, the numbers increased further to 140,000 new B&B. Only 0.03 percent of the files were detected as exploit and 0.05 percent as rootkit in July by Anti- Virus software. In August, 0.03 percent was detected as rootkits and 0.09 percent as exploits. For September it is 0.04 percent exploits and 0.02 percent for the rootkits. Like in the first and second quarter of this year, trojans are by far the most popular type of malware. In July and August, they made up for 3.1 and 3.2 million. In September, 2.5 million unique files were identified as trojans. In July, 690,000 worm files were identified. In August, the number dropped to 381,000. In September, 463,000 worms were added to our databases. Grouped together, all other malicious files such as flooders, hacktools, spoofers, spyware, viruses, etc., make up for 39, 33 and 38 percent of the total for July, August and September, respectively. As in the second quarter, most Command & Control (C&C) servers were hosted in the United States, followed by the Russian Federation and then Germany. The Netherlands was the biggest riser in countries hosting C&C servers during the second quarter. During the third quarter, The Netherlands held 5 th place. page 6 of 30
8 2.1. Collecting Malware At the RedSocks Malware Research Labs, we track large numbers of malware from our globally-distributed honeypots, honey-clients, spamnets and various botnet monitoring sensors. Due to the distribution of our honeypots, we are able to automatically collect and process new malicious samples from across the globe. We also exchange large quantities of malicious files with the Anti-Virus industry. Figure 1: Unique New Malicious Files Q Processing Malware Working with malware is what we love to do. More than 200,000 new malicious files arrive every day at our automated malware collecting machines. All samples were renamed to their hash calculation. We then check to see if that particular piece of malware has already been processed. The picture on the right shows the total amount of disk space needed to store all the new malicious files. While the numbers Figure 2: Space Needed for Storing Only Unique New Samples Q3 of new malicious files stayed more or less the same, the average file size decreased a little bit. During the second quarter, we saw that malicious files, on average, shrunk percent. During the third quarter, the average file size increased with percent. New file metrics by month April May June July August September Average number of new files per day 236, , , , , ,353 Average file size in bytes 471, , , , , ,299 Average Anti-Virus Detection 75.52% 74.61% 79.76% 75.78% 77.50% 80.06% page 7 of 30
9 2.3. Identifying Malware At RedSocks, we collect all types and categories of malware for all operating systems but we do have a special interest in certain types and categories of malware. A simple means of identifying malware is by file type. RSMIT uses various analysis tools to statistically determine the most likely file type for each malware sample we analyse. The majority of malware samples target Windows users, which causes Windows executable files to be very common while executables for other operating systems are far less common. The top 10 file types are listed in the tables below. July August September Extension Amount Extension Amount Extension Amount EXE 7,360,993 EXE 6,143,113 EXE 5,500,664 DLL 813,347 DLL 827,924 DLL 720,834 OCX 197,634 SCR 223,397 OCX 141,419 SCR 134,100 OCX 126,126 SCR 89,343 AX 43,450 AX 28,134 AX 28,805 DOC 2,926 PDF 2,949 XLS 5,241 CAB 2,529 DOC 2,113 DOC 4,341 PDF 2,511 XLS 1,449 PDF 3,498 XLS 2,197 CPL 1,188 CAB 1,466 CPL 1,746 CAB 848 CPL 1,390 In the second quarter of this year, we saw a total of 47, 37 and 42 different extensions being used by malware, respectively. Like in the previous quarter,.exe files are by far the most popular way to distribute malware. Eighty-four (84) percent of all malicious files in the third quarter were.exe files an increase of 3 percent compared with the second quarter Detecting Malware At RedSocks Malware Labs we use an in-house classification system for grouping malware. We have classified over 300 types for which we have created detailed statistics. Once multiple anti-virus scanners (in paranoid mode) have performed their on-demand scan, we know which malware was detected and, perhaps more importantly, which was not. In graph below, the blue section shows all the new and unique malicious files per day, the green section shows the sum of all files identified by Anti-Virus software and, in red, the number of files not detected. page 8 of 30
10 Figure 3: New Malicious Files in July Figure 4: New Malicious Files in August page 9 of 30
11 Figure 5: New Malicious Files in September In July 2014, of all the malicious files we processed, about 24 percent of them were not detected by any of the Anti-Virus products we currently use. In August, 22 percent of the samples on average remained undetected. In September, the Anti-Virus detection improved, but still missed 20 percent of all malicious samples we processed. In Appendix A: Detecting Malware you will find detection results by both day and month. Figure 6: July Processing - Detected vs Not Detected page 10 of 30
12 Figure 8: August Processing - Detected vs Not Detected Figure 7: September Processing - Detected vs Not Detected 2.5. Classifying Malware We categorise malware according to its primary feature. In the third quarter, malware was grouped as follows: All Malware Adware B&B Exploits Rootkits Trojans Worms Others Adware Droppers Backdoors ADODB (D)DoS Trojans -Worms (D)DoS Tools Adware Downloaders Bots HTML Banking Trojans Generic Worms AV Tools Toolbars Java Batch Trojans IM-Worms Constructors JS FakeAV IRC-Worms DOS based Linux GameThief Trojans Net-Worms Encrypted Malware MSExcel Generic Trojans Net-Worms Flooders MSPPoint IRC Trojans P2P-Worms Fraud Tools MSWord Java Trojan Packed Worms Generic Malware OSX LNK Trojans Script Worms Hack Tools PDF Packed Trojans Macro based Script PasswordSt. Trojans Malware Heuristic SWF Proxy Trojans Monitors Win32 Randsom Trojans Nukers Win64 Rogue Trojans Porn-Dialers Script Trojans SMS Trojans Spy Trojans Trojan Clickers Porn-Downloaders Porn-Tools PSW-Tools PUP page 11 of 30
13 All Malware Trojan Dialers Trojan Downloaders Trojan Droppers Trojan Flooders Trojan Mailfinder Trojan Notifiers Trojan RATs WinREG Trojans RemoteAdmin Riskware Spammers Spoofers SpyTools Spyware Suspicious Viruses The Others category consists of malicious samples that do not fit in any of the six main categories. See Appendix B: Classifying Malware for the numbers by day, category and month. page 12 of 30
14 3. Trends Discovering malware propagation trends starts with an analysis of the raw data behind the collection and processing of malware. From July to September, RedSocks Malware Research Labs identified the following trends by malware category Adware During the second quarter, we identified around 3 million files as adware. During the third quarter, we identified 3.3 million as adware. Like in the second quarter, this accounts for about 15 percent of the total. The overall popularity of adware stayed the same. Figure 9: Amount of Identified Adware Q On the 25 th of July, generic variations of Adware.Graftor , Adware.Dropper.101 and Adware.Dropper.103 were identified in 47,000, 26,000 and 15,000 files. Generic Malware ID Count Days active Q3 Adware.Dropper , Adware.Dropper , Adware.Dropper , Adware.Dropper.106 3, Adware.Dropper , Adware.Dropper.110 4, Adware.Dropper page 13 of 30
15 During the third quarter, 877,000 variations of the Adware.Dropper family were found. They can be grouped in seven major versions. Newer versions are clearly not always better or more popular compared to the days they were active on Backdoors and Bots Files identified as infected with a backdoor, or having bot functions, made up 2 percent in the second quarter. A total of 309,000 files were classified in this category in the third quarter. This is 1 percent of the total. Figure 10: Amount of Identified Backdoors and Bots Q Since May 2014, the distribution of new and variations of backdoors and bots (B&B), have been low. From the second week of September the numbers are rising again. On the 23 rd of August, 31,000 variations of Backdoor.Delf.ARS and 17,000 variations of Backdoor.Wabot.A were intercepted. page 14 of 30
16 3.3. Exploits An exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability. Looking at malicious files that were identified as exploits, we see some spikes above 250. Figure 11: Amount of Identified Exploits Q In the second quarter, we saw a slight decrease in the overall usage of exploits compared to the first quarter. This trend continued during the third quarter. Of the 461 major exploit families we identified, one jumps out: spread over 56 days, with 1,400 unique samples, is CVE C. This statistic makes it the most popular exploit of this quarter. Exploit CVE C identifies malicious PDF files downloaded by the Blackhole exploit kit that take advantage of a known vulnerability in Adobe Reader. To prevent successful exploitation, install the latest updates available for Adobe Reader and/or remove any old, unnecessary installations Rootkits A rootkit is a type of software designed to hide the fact that an operating system has been compromised. This can be done in various ways, such as replacing vital executables or by introducing a new kernel module. Rootkits allow malware to hide in plain sight. Rootkits themselves are not harmful they are simply used to hide malware, bots and worms. To install a rootkit, an attacker must first gain sufficient access the target operating system. This could be accomplished by using an exploit, by obtaining valid account credentials or through social engineering. Because rootkits are activated before your operating system boots up, they are very difficult to detect and therefore provide a powerful way for attackers to access and use the targeted page 15 of 30
17 computer without the owner being aware of it. Due to the way rootkits are used and installed, they are notoriously difficult to remove. Rootkits today are usually not used to gain elevated access, but are instead used to mask malware payloads more effectively. Figure 12: Amount of Identified Rootkits Q The huge spike on the 10 th of August was created by 2,600 different files containing Rootkit (or a slight modification of it). In the third quarter a total of 3,498 unique files were identified using this rootkit. Distribution started on the 1 st of August and was last seen on the 29 th of September. Figure 13: Distribution of 'Rootkit.15158' Q3 page 16 of 30
18 In the first and second quarter, we saw a slight drop in the usage of rootkits. This drop continued in the third quarter Trojans Trojans are by far the biggest category of malware, with more than 9.1 million (43 percent) new unique samples in the second quarter of this year. In the third quarter 8.8 million files (39 percent) were Trojans. Of all the trojan families, we will only discuss the top three. In third place we find Trojan.Agent.BEFC, with 188,000 different samples distributed over 64 days its best day was on the 5 th of July, with a little over 14,000 samples. In second place is Trojan.Agent.BDMJ, with 259,000 files spread over 89 days its best day was on the 1 st of July. Without a doubt, the most distributed trojan family is Trojan.Generic : in 58 days we counted nearly a 271,000 new samples. Figure 14: Amount of Identified Trojans Q AV-Identifier Total Count First Seen Last Seen Best Day Count Best Day Days Seen Trojan.Generic , , Trojan.Agent.BDMJ 258, , Trojan.Agent.BEFC 188, , page 17 of 30
19 During the first and second quarter there was a slight increase in trojan use. In the third quarter there was a 3 percent drop in trojan usage Worms In roughly 1.8 million new files we identified worm traces and functionalities. The first spike above 100,000, on the 16 th of July, was primarily caused by 83,000 samples of Worm.Generic On the 19 th of July, 82,000 minor variations of Win32.Worm.P2p.Picsys.C were counted. The last spike, on the 13 th of September, was again caused by Worm.Generic on this day we saw 54,000 files. Figure 15: Amount of Identified Worms Q The top 3 most identified Worm families include: AV-Identifier Total Amount First Seen Last Seen Best Day Amount Best Day Days Seen Win32.Worm.P2p.Picsys.C 290, , Worm.Generic , , Win32.Worm.VB.NZQ 110, , Members belonging to the peer-to-peer worm Picsys.C were responsible for the last spike, with 54,000 files on the 13 th of September. Compared with the second quarter, worm usage increased by 1.4 percent. page 18 of 30
20 bit Malware In the second quarter of this year, Expiro family members designed to infect 32-bit and 64-bit files ruled the 64-bit malware charts. The third quarter shows a drop in the old Expiro usage and the rise of the second and third generation. Figure 16: 64-Bit Malware Q Expiro aims to maximise profit and infects executable files on local, removable and network drives. As for the payload, this malware installs extensions for the Google Chrome and Mozilla Firefox browsers. The malware also steals stored certificates and passwords from Internet Explorer, Microsoft Outlook and from the FTP client FileZilla. Browser extensions are used to redirect the user to a malicious URL as well as to hijack confidential information, such as account credentials or online banking information. The virus disables some services on the compromised computer, including Windows Defender and Windows Security Center, and can also terminate processes. There were 33,000 intercepted 64-bit malware samples during the third quarter. page 19 of 30
21 Figure 17: Amount of Identified 64-Bit Malware Q Malicious Others After the adware, backdoors/bots, exploits, rootkits, worms and 64-bit malware, we are still left with 6.4 million identified malicious files. This is 28 percent of the total for this quarter. In the tables below, we divided the others over 10 categories. Q3 Q2 Category Count % of total +/- Count % of total +/- DOS based 2, % % 20, % % Encrypted Malware 10, % % 12, % n/a Generic Malware 4,083, % % 3,028, % % Macro based 9, % % 14, % % Malware Heuristic 153, % % 217, % % PUPs 2,088, % % 1,846, % % Riskware % % % n/a Suspicious 62, % % 42, % % (Hack)Tools 3, % % 16, % n/a Windows viruses 2, % % 5, % % Total 6,415, % % 5,203, % % % of total: The percentage of the category of all the malicious files processed in that quarter. +/-: Increase/decrease in percentage compared with the quarter before. Windows viruses: These are so called classic viruses for Microsoft Windows, true file infectors. page 20 of 30
22 4. Geolocation Last quarter, we located Command & Control (C&C) hotspots by plotting the servers with the most traffic and connections on a map this quarter we do the same for RATs. RATs are short for Remote Administration Trojans or Remote Access Trojans (sometimes described as Remote Access Tools). These are not regular administrator tools, but ones which are developed and used for malicious remote access. When talking about RATs, you need to turn the usual definition of client-server around. In this case the server is the RAT implant running on the infected system while the client is the controller application used by the attacker. From all the RATs, we would like to share the Geolocation of two of them. The first one is DarkComet, a freely available Remote Administration Tool which was developed by DarkCoderSC, an independent programmer and computer security specialist from France. He advertises DarkComet as a tool and not a trojan because of its many useful functions which could be used to administer a network at a very close level. However, he also mentions that his tool is often used by hackers and hence it is often detected by antivirus engines as being malicious. While the tool is free to download and use, he offers the VIP service, which gives the user access to direct support, updates about the product and the ability to post new ideas or software bugs all for 20 Euros or $25. Here is a list of some of the features of this RAT: Find out all system information, including hardware being used and the exact version of your operating system, including security patches. Control all the processes currently running on your system. View and modify your registry and Hosts file. Control your computer from a remote shell. Modify your startup processes and services, including adding a few of its own. Execute various types of scripts on your system. Modify/View/Steal your files. Put files of its own on your system. Steal your stored password. Listen to your microphone. Log your keystrokes. Scan your network and view your network shares. Steal your contacts / Add new contacts! Steal from your clipboard. Control your printer. Lock/Restart/Shutdown your computer. Update the implant with a new address to beacon to or new functionality. page 21 of 30
23 These are only a few of the features of this RAT. Plotting DarkComet RAT on a map reveals its popularity in Europe: Figure 18: DarkComet RAT-usage Europe The second RAT we would like to share is Xtreme RAT. During the first quarter of this year, hackers were dropping standard malware such as Zeus, in favour of more advanced but harder-to-use RATs such as Xtreme RAT. Senior researcher at FireEye, Nart Villeneuve, reported uncovering this trend in a blog post 1 : "During our investigation we found that the majority of Xtreme RAT activity is associated with spam campaigns that typically distribute Zeus variants and other banking-focused malware," he said. "This seems odd, considering RATs require manual labour as opposed to automated banking Trojans." When plotted on a global map, we see that this RAT is very popular in the Middle East. At the moment we can only speculate on the usage of this RAT in the Middle East. 1 : FireEye blog post (Nart Villeneuve) page 22 of 30
24 Figure 19: Global View of Xtreme RAT-usage Xtreme RAT is a notorious RAT that has been freely available on a number of cyber black markets. Hackers can also customise Xtreme RAT to add new abilities, as its source code has been leaked online. Many of the DarkComet and Xtreme RATs are using a dynamic DNS construction via the services of XS Usenet B.V. in Sweden besides local IP addresses. Below is some information regarding this ISP and the used IP range: AS /24 XS Usenet B.V. inetnum: netname: XSUSENET descr: XS Usenet B.V. country: SE org: ORG-XU1-RIPE admin-c: XUH1-RIPE tech-c: XUH1-RIPE tech-c: NN1175-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT mnt-by: MNT-XSU mnt-routes: MNT-XSU mnt-domains: MNT-XSU source: RIPE # Filtered page 23 of 30
25 During the second quarter of 2014, there were only minor changes at the top of the C&C landscape. Below are the top 10 countries from the second quarter of 2014: Top 10 Countries Hosting C&C April May June United States 1274 United States 1203 United States 1128 Russian Federation 453 Russian Federation 474 Russian Federation 490 Germany 289 Germany 236 Germany 257 China 226 United Kingdom 206 United Kingdom 200 United Kingdom 213 China 172 The Netherlands 184 Iran 185 The Netherlands 166 China 182 Turkey 142 Turkey 138 Turkey 133 The Netherlands 137 Korea 123 Korea 126 Korea 130 Ukraine 110 Iran 118 Ukraine 118 France and Sweden 107 Ukraine 113 In the third quarter the United States still led the pack, followed by the Russian Federation and Germany: Top 10 Countries Hosting C&C July August September United States 1491 United States 1163 United States 870 Russian Federation 521 Russian Federation 529 Russian Federation 446 Germany 315 Germany 318 Germany 260 United Kingdom 311 United Kingdom 302 United Kingdom 259 Netherlands 225 Netherlands 208 Netherlands 156 China 216 Ukraine 202 China 152 Ukraine 160 China 196 Turkey 146 Korea 132 Turkey 154 Ukraine 130 France 129 Korea 137 Korea 102 Turkey 129 France 132 France 101 In August and September, Microsoft has been actively shutting down C&C servers in the United States. page 24 of 30
26 5. Final Word In the second quarter of 2014, the total number of new malicious files processed was 21.1 million. For the third quarter it was 22.6 million an increase of 7 percent. The overall detection by Anti-Virus software improved by 1.15 percent compared with the second quarter. Altogether, around 4.9 million malicious files went undetected during the third quarter. By grouping and classifying the identified malware, we detected a decrease of popularity in 5 of the 7 main malware categories during the third quarter. These five categories are: adware, backdoors and bot, exploits, rootkits and trojans. The remaining two categories, worms and other malware, increased. Category Total % of Total +/- compared to Q2 Largest Family Total number Q3 Adware 3,317, % % Gen:Variant.Adware.Dropper ,809 Backdoors/Botnets 309, % % Backdoor.Bot ,704 Exploit 7, % % Exploit:W32/CVE C 1,423 Rootkits 12, % % Rootkit ,498 Trojans 8,815, % % Trojan.Generic ,613 Worms 1,804, % % Win32.Worm.P2p.Picsys.C 290,077 Others 8,293, % % Win32.Ramnit.N 1,425,643 Within the top 10 of countries hosting C&C servers, there was little change. The top 5 countries stayed the same during the third quarter. United States led the third quarter of 2014, followed by the Russian Federation, Germany and the United Kingdom. The Netherlands can be found in 5 th place, in July, August and September. Dutch CryptoLocker campaign: For the last couple of days there has been a CryptoLocker malware campaign on the RedSocks visible radar. On various forums people report spam seemingly sent from PostNL. The spam contains URLs like postnl-track.com, postnl-track.info, postnl-track.org, postnl-track.net or postnltracktrace.com. Via these domains cyber criminals try to infect visitors with the CryptoLocker malware. Once the spam mail is opened and the user clicks on the link, they are asked to type in a number that enables them to download more information regarding their postal package. But, instead, the user downloads a.zip file containing an Windows executable with track_[nummer].exe as the filename (every downloaded executable has its own unique MD5 hash value). page 25 of 30
27 When the malicious file is executed, a big red warning appears notifying the user that their files have been encrypted with CryptoLocker encrypted files have.encrypted appended to their filenames. The CryptoLocker malware encrypts all documents and some other files. For 400 Euro, CryptoLocker promises to decrypt all the files. In contrast with most Dutch spam, there are only a few minor spelling errors in this campaign. For more information and details on CryptoLocker see the blog post of Rickey Gevers 2. We hope you that you enjoyed our third Malware Trend Report of this year and that it provides you with insight into the trends we have seen during the third quarter of We continue to innovate, so please check back with us for our next quarterly trend report. Questions, comments and requests can be directed towards the RedSocks Malware Research Labs. G.J.Vroon Anti-Malware Behavioural Researcher RedSocks B.V. W: T: +31 (0) E: info@redsocks.nl 2: CryptoLocker blog post (Rickey Gevers) page 26 of 30
28 Appendix A: Detecting Malware July August September Day Files/day Detected Undetected Files/day Detected Undetected Files/day Detected Undetected 1 231, ,512 29, , ,840 25, , ,846 37, , ,561 32, , ,811 36, , ,112 38, , ,721 30, , ,697 76, , ,851 49, , ,315 41, , ,971 73, , ,227 16, , ,158 42, , ,693 78, , ,990 62, , ,897 61, , ,493 81, , ,210 50, , ,891 72, , ,117 47, , ,161 63, , ,484 76, , ,156 68, , ,793 52, , ,356 44, , ,228 54, , ,982 51, , , , , ,947 32, ,565 54, , , ,441 37, , , , ,433 72,158 43, , ,470 29, , ,213 48, , ,766 42, , ,893 38, , ,552 32, , ,905 41, , ,275 70, , ,480 61, , ,074 42, , ,741 38, , ,120 39, , ,792 46, , ,286 28, , ,304 22, , ,477 30, , ,258 60, , ,340 29, , ,957 46, , ,257 54, , ,758 37, , ,991 40, , , , , ,880 38, , ,353 37, , ,630 66, , , , , ,961 36, , ,830 41, , ,695 49, , ,365 32, , , , , ,382 32, , ,764 39, , ,387 82, , ,318 51, , ,900 19, , , , , ,048 42, , ,630 45, , ,135 85, , ,899 42, , ,341 36, , ,478 73, , ,982 62, , ,440 22, , ,304 75, , ,045 20, , ,810 24, , ,790 90, , ,493 38, , ,067 22, , ,639 19, , ,217 48, , ,774 29, , ,929 98, , ,605 61, , ,577 16, , ,636 82, , ,566 38,367 8,679,053 6,600,383 2,078,670 7,370,596 5,741,449 1,629,147 6,580,581 5,339,495 1,241,086 page 27 of 30
29 Appendix B: Classifying Malware July Day Adware Backdoors Exploits Rootkits Trojans Worms Other 1 17,952 2, ,525 5, , ,181 2, ,898 23, , , ,895 8,485 55, , ,739 75,918 86, ,972 1, ,306 11, , , ,262 8,146 93, , ,971 1,927 66, ,239 1, ,575 2, , , ,085 24,622 77, ,505 1, ,602 9, , , ,682 22,955 86, , ,574 16, , ,233 1, ,441 28, , ,529 1, ,027 8, , ,154 1, ,542 39, , , , ,551 60, ,785 1, ,464 10, , ,912 1, ,221 14, , ,703 3, , , , ,681 1, ,635 11,697 89, ,924 1, ,841 67, , ,920 2, ,535 52, , ,856 4, ,418 43, , ,414 7, ,528 83, , ,400 1, ,749 5,188 73, ,241 1, ,789 6,266 53, ,083 1, ,518 7, , ,064 1, ,665 13, , ,998 1, ,044 12, , ,904 2, ,573 6,917 66, ,650 1, ,576 7,332 48,276 Total 1,173,067 52,504 2,414 4,389 3,114, ,150 3,371,865 page 28 of 30
30 August Day Adware Backdoors Exploits Rootkits Trojans Worms Other 1 45,975 1, ,413 7,518 67, ,864 1, ,685 3,495 50, ,959 1, ,862 4,779 73, ,396 1, ,507 4,298 46, , ,193 12, , ,302 1, ,303 3,567 63, ,127 1, ,282 18,190 54, ,024 1, ,454 15,343 89, ,015 1, ,968 19,498 67, ,343 2, , ,727 5,945 50, ,145 1, ,665 5,369 60, ,649 1, ,587 45, , ,747 1, ,258 52, , ,593 1, ,549 6,572 47, , ,079 3,948 47, , ,279 4, , , ,732 12, , ,943 5, ,601 4, , ,397 1, ,446 18, , ,432 1, ,810 12,620 79, ,951 1, ,465 3,304 67, ,203 9, ,040 20,621 61, ,308 56, ,319 31,292 99, ,640 5, ,562 9,605 69, ,260 2, ,647 15,815 85, ,481 2, ,976 6,698 73, , ,807 13, , ,610 1, ,077 2,762 31, ,851 2, ,494 6,646 42, ,684 2, ,557 7,127 64, ,716 1, ,086 2,927 30,776 Totals 1,197, ,281 2,192 7,232 3,220, ,849 2,444,932 page 29 of 30
31 September Day Adware Backdoors Exploits Rootkits Trojans Worms Other 1 37,360 1, ,361 10, , ,676 1, ,354 4,355 73, ,992 1, ,436 3,643 32, , ,774 1,992 25, ,112 2, ,710 7,181 82, ,702 1, ,300 7,373 60, ,520 1, ,354 29, , ,852 1, ,773 3,157 65, ,450 1, ,376 5,128 74, , ,258 3,543 70, ,968 1, ,959 1,159 27, ,828 2, ,509 3,147 36, ,243 2, , ,198 80, ,667 2, ,687 2,711 54, ,271 7, ,674 5, , ,215 6, ,864 5,718 90, ,397 5, ,871 6, , ,942 11, ,427 33, , ,345 11, ,227 15,120 83, ,621 6, ,639 10,986 81, ,963 3, ,793 36,512 86, ,139 2, ,695 14,654 90, ,985 3, ,910 10,216 45, ,427 8, ,151 24, , ,867 6, ,000 23,080 93, ,363 13, ,587 20,498 94, ,171 9, ,141 13, , ,821 7, ,448 15, , ,052 5, ,468 15, , ,975 5, ,747 11, ,600 Totals 946, ,599 2,503 1,307 2,480, ,150 2,546,208 page 30 of 30
32
Malware Trend Report, Q2 2014 April May June
Malware Trend Report, Q2 2014 April May June 5 August 2014 Copyright RedSocks B.V. 2014. All Rights Reserved. Table of Contents 1. Introduction... 3 2. Overview... 4 2.1. Collecting Malware... 5 2.2. Processing...
More informationMalware Trend Report, Q4 2014 October November December
Malware Trend Report, Q4 2014 October November December January 2015 Copyright RedSocks B.V. 2014-2015. All Rights Reserved. This page is left blank on purpose. Page 1 of 28 Table of Contents 1. Introduction...
More informationMalware Trend Report, Q1 2015 January February March
Malware Trend Report, Q1 215 January February March April 215 Copyright RedSocks B.V. 214-215. All Rights Reserved. This page is left blank on purpose. Page 1 Table of Contents 1. Introduction... 4 2.
More informationWindows Malware Annual Report 2014 And prognosis 2015
Windows Malware Annual Report 2014 And prognosis 2015 February 2015 Copyright RedSocks B.V. 2014-2015. All Rights Reserved. This page is left blank on purpose. Page 1 Table of Contents 1. Introduction...
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationPhishing Activity Trends Report June, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationMalware B-Z: Inside the Threat From Blackhole to ZeroAccess
Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and
More informationPhishing Activity Trends Report for the Month of December, 2007
Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationHow to easily clean an infected computer (Malware Removal Guide)
How to easily clean an infected computer (Malware Removal Guide) Malware, short for malicious (or malevolent) software, is software used or programmed by attackers to disrupt computer operation, gather
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationComputer Viruses: How to Avoid Infection
Viruses From viruses to worms to Trojan Horses, the catchall term virus describes a threat that's been around almost as long as computers. These rogue programs exist for the simple reason to cause you
More informationUsing big data analytics to identify malicious content: a case study on spam emails
Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime
More informationBotnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic
The Leader in Cloud Security RESEARCH REPORT Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic ABSTRACT Zscaler is a cloud-computing,
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationGlobal Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team
Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers
More informationA TASTE OF HTTP BOTNETS
Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with
More informationProtection for Mac and Linux computers: genuine need or nice to have?
Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationBotnets: The Advanced Malware Threat in Kenya's Cyberspace
Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)
More informationPhishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud
1 st Half 2009 Committed to Wiping Out Internet Scams and Fraud January June 2009 Phishing Report Scope The quarterly APWG analyzes phishing attacks reported to the APWG by its member companies, its Global
More informationBOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL
BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationTECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains
TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................
More informationZNetLive Malware Monitoring
Introduction The criminal ways of distributing malware or malicious software online have gone through a change in past years. In place of using USB drives, attachments or disks to distribute viruses, hackers
More informationEmail David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More informationGlobalSign Malware Monitoring
GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationMalicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats
Malicious Software Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Outline Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus
More informationTen Tips to Avoid Viruses and Spyware
Ten Tips to Avoid Viruses and Spyware By James Wilson, CPA (480) 839-4900 ~ JamesW@hhcpa.com Oh, the deck is stacked. Don t think for a minute it s not. As a technology professional responsible for securing
More informationSpyware Doctor Enterprise Technical Data Sheet
Spyware Doctor Enterprise Technical Data Sheet The Best of Breed Anti-Spyware Solution for Businesses Spyware Doctor Enterprise builds on the strength of the industry-leading and multi award-winning Spyware
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationSecurity workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013
Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a
More informationTrust the Innovator to Simplify Cloud Security
Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like
More informationFrom Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?
From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that
More informationMOBILE MALWARE REPORT
TRUST IN MOBILE MALWARE REPORT THREAT REPORT: H2/2014 CONTENTS At a Glance 03-03 Forecasts and trends 04-04 Current situation: 4.500 new Android malware instances every day 05-05 Third-party App-Stores
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationBeyond Aurora s Veil: A Vulnerable Tale
Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationContext Threat Intelligence
Context Threat Intelligence Threat Advisory The Monju Incident Context Ref. Author TA10009 Context Threat Intelligence (CTI) Date 27/01/2014 Tel +44 (0) 20 7537 7515 Fax +44 (0) 20 7537 1071 Email threat@contextis.co.uk
More informationFirewalls and Software Updates
Firewalls and Software Updates License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents General
More informationEthical Hacking Course Layout
Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type
More informationSpyware: Securing gateway and endpoint against data theft
Spyware: Securing gateway and endpoint against data theft The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationSoftware Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS
Software Engineering 4C03 Class Project Computer Networks and Computer Security COMBATING HACKERS Done By: Ratinder Ricky Gill Student Number: 0048973 E-Mail: gillrr@mcmaster.ca Due: Tuesday April 5, 2005
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationSophos Endpoint Security and Control Help
Sophos Endpoint Security and Control Help Product version: 10.3 Document date: June 2014 Contents 1 About Sophos Endpoint Security and Control...3 2 About the Home page...4 3 Sophos groups...5 4 Sophos
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationSpyware. Summary. Overview of Spyware. Who Is Spying?
Spyware US-CERT Summary This paper gives an overview of spyware and outlines some practices to defend against it. Spyware is becoming more widespread as online attackers and traditional criminals use it
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationWHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2
FAQ WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2 WHAT IS UPTIME AND SPEED MONITORING 2 WHEN I TRY TO SELECT A SERVICE FROM
More informationES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security
More informationPrinted Documentation
Printed Documentation Table of Contents K7AntiVirus Premium...1 K7AntiVirus Premium Help... 1 Feature Summary... 2 Online Help Conventions... 3 Managing the Alerts... 9 Configuring Alerts... 9 Backing
More informationKeeping you and your computer safe in the digital world.
Keeping you and your computer safe in the digital world. After completing this class, you should be able to: Explain the terms security and privacy as applied to the digital world Identify digital threats
More informationExploring the Black Hole Exploit Kit
Exploring the Black Hole Exploit Kit Updated December 20, 2011 Internet Identity Threat Intelligence Department http://www.internetidentity.com http://www.internetidentity.com 12/29/11 Page 1/20 Summary
More informationCIT 480: Securing Computer Systems. Malware
CIT 480: Securing Computer Systems Malware Topics 1. Anti-Virus Software 2. Virus Types 3. Infection Methods 4. Rootkits 5. Malware Analysis 6. Protective Mechanisms 7. Malware Factories 8. Botnets Malware
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes
More informationOverview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms
Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More informationCybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com
Cybercrime: evoluzione del malware e degli attacchi Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com About Palo Alto Networks We are the network security company World-class
More informationThe Underground Economy of the Pay-Per-Install (PPI) Business
The Underground Economy of the Pay-Per-Install (PPI) Business Kevin Stevens, Security Researcher SecureWorks Counter Threat Unit (CTU) History of the PPI Business The Pay-Per-Install business model (PPI)
More informationSecurity Business Review
Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large
More informationIndian Computer Emergency Response Team (CERT-In) Annual Report (2010)
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology
More informationOhio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide
Ohio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide Definitions Malware is term meaning malicious software. Malware is software designed to disrupt a computer system.
More informationYou ll learn about our roadmap across the Symantec email and gateway security offerings.
#SymVisionEmea In this session you will hear how Symantec continues to focus our comprehensive security expertise, global intelligence and portfolio on giving organizations proactive, targeted attack protection
More informationHoneypot that can bite: Reverse penetration
Honeypot that can bite: Reverse penetration By Alexey Sintsov, Russian Defcon Group #7812 Introduction The objectives of this work are to determine the benefits and opportunities in conducting counter
More informationGuideline for Prevention of Spyware and other Potentially Unwanted Software
Guideline for Prevention of Spyware and other Potentially Unwanted Software Introduction Most users are aware of the impact of virus/worm and therefore they have taken measures to protect their computers,
More informationIntroduction to Computer Security Table of Contents
Introduction to Computer Security Table of Contents Introduction... 2 1 - Viruses... 3 Virus Scanners... 3 2 - Spyware... 7 Spyware Scanners... 8 3 - Firewalls... 10 Windows Firewall... 10 4 - References...
More informationAirtel PC Secure Trouble Shooting Guide
Airtel PC Secure Trouble Shooting Guide Table of Contents Questions before installing the software Q: What is required from my PC to be able to use the Airtel PC Secure? Q: Which operating systems does
More informationTRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness
TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This
More informationANDRA ZAHARIA MARCOM MANAGER
10 Warning Signs that Your Computer is Malware Infected [Updated] ANDRA ZAHARIA MARCOM MANAGER MAY 16TH, 2016 6:05 Malware affects us all The increasing number of Internet users worldwide creates an equal
More informationMifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness
Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationCyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security
Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationThreat Events: Software Attacks (cont.)
ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationCS 356 Lecture 9 Malicious Code. Spring 2013
CS 356 Lecture 9 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationSophos Endpoint Security and Control Help. Product version: 11
Sophos Endpoint Security and Control Help Product version: 11 Document date: October 2015 Contents 1 About Sophos Endpoint Security and Control...5 2 About the Home page...6 3 Sophos groups...7 3.1 About
More informationThe Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them
The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the
More informationUnderstanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them
Lab Exercises Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Review Questions 1) In class, we made the distinction between a front-door attack and
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationMalware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS
Malware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS Detailed Lab Testing Report 18 November 2014 Miercom www.miercom.com Contents 1.0 Executive Summary...
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationTHE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness
THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More information2010 Carnegie Mellon University. Malware and Malicious Traffic
Malware and Malicious Traffic What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working
More information