10 Giorni in una Botnet

Size: px
Start display at page:

Download "10 Giorni in una Botnet"

Transcription

1 In collaborazione con Lorenzo Cavallaro, Bob Gilbert, Bre8 Stone- Gross, Mar<n Szydlowski, Richard Kemmerer, Christopher Kruegel, e Giovanni Vigna

2 The malicious Web A security researcher has iden<fied a new a8ack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits. The SQL injec<on a8acks started in late November and appear to be the work of a rela<vely new malware gang. Hacked sites contain an invisible iframe that silently redirects users to 318x.com, which goes on to exploit known vulnerabili<es in at least five browser plugins. At <me of wri<ng, infected sites included yemen<mes.com, parisa[tude.com and knowledgespeak.com. People who visit infected pages receive an invisible link that pulls code from a series of sites <ed to 318x.com. The code looks for insecure versions of Adobe Flash, Internet Explorer, and several other Microso^ applica<ons, and when they are detected it exploits them to surrep<<ously install malware known as Backdoor.Win3.Buzus.croo. The rootkit- enabled program logs banking creden<als and may do other nefarious bidding, Landesman said. D. Goodin, Potent malware link infects almost 300,000 web pages, 2009

3 The malicious Web A security researcher has iden<fied a new a8ack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits. The SQL injec<on a8acks started in late November and appear to be the work of a rela<vely new malware gang. Hacked sites contain an invisible iframe that silently redirects users to 318x.com, which goes on to exploit known vulnerabili<es in at least five browser plugins. At <me of wri<ng, infected sites included yemen<mes.com, parisa[tude.com and knowledgespeak.com. People who visit infected pages receive an invisible link that pulls code from a series of sites <ed to 318x.com. The code looks for insecure versions of Adobe Flash, Internet Explorer, and several other Microso^ applica<ons, and when they are detected it exploits them to surrep<<ously install malware known as Backdoor.Win3.Buzus.croo. The rootkit- enabled program logs banking creden<als and may do other nefarious bidding, Landesman said. D. Goodin, Potent malware link infects almost 300,000 web pages, 2009

4 Web applica<ons Riddled with vulnerabili<es Insecure tools and languages Insecure culture (features first, security last) Frequent target of a8acks Web applica<on honeypot: 386,000 a8acks in 2 months [small:08:predator] Consequences Data losses Compromise of data and server integrity 3

5 Web clients Riddled with vulnerabili<es Complex applica<ons (OS 2.0?) Extendibility + third party plugins = vulnerabili<es Frequent target of a8acks 3M malicious URLs in 10 months [provos:08:iframes] 16 malicious pages every 10,000 crawled [ms^:09:sir] Consequences 12M new IPs part of botnets in 1 st quarter, 2009 Substan<al financial and privacy threats for users 4

6 A8ackers Cyber criminals Reputa<on Profit economy Underground industries Vulnerability markets Malware development Botnet ren<ng Financial data trading $276M worth of stolen goods ( ) [symc:08:economy] 5

7 The problem 6

8 The problem 7

9 The problem 8

10 The problem 9

11 The problem 10

12 The problem 11

13 The problem 12

14 The problem 13

15 The problem Part II Part I 14

16 What is this about? Measurement study on a medium- scale botnet Sinkholing of botnet C&Cs Appeared in CCS 2009 Measurement large- scale drive- by- download campaign Sinkholing of drive- by- download exploit sites Appeared in INFOCOM Mini- Conference 2011 Goals Understand what is out there Be8er understand techniques and tools used by a8ackers Basis to design be8er defense techniques 15

17 Part I TAKING OVER A BOTNET 16

18 Terminology Bot an applica<on that performs some ac<on or set of ac<ons on behalf of a remote controller installed on a vic<m machine (zombie) modular (plug in your func<onality/exploit/payload) Botnet network of infected machines controlled by a malicious en<ty Control channel required to send commands to bots and obtain results and status messages usually via IRC, HTTP, HTTPs, or Peer- to- Peer Botmaster owns control channel, sends commands to botnet army mo<va<ons are usually power or money 17

19 Torpig Trojan horse distributed via the Mebroot malware plaqorm injects itself into 29 different applica<ons as DLL steals sensi<ve informa<on (passwords, HTTP POST data) HTTP injec<on for phishing uses encrypted HTTP as C&C protocol uses domain flux to locate C&C server Mebroot spreads via drive- by downloads sophis<cated rootkit (overwrites master boot record) 18

20 Torpig botnet 19

21 Torpig HTML injec<on Domains of interest (~300) stored in configura<on file When domain of interest visited Torpig issues request to injec<on server server specifies a trigger page on target domain and a URL on injec<on server to be visited when user visits trigger page When user visits the trigger page Torpig requests injec<on URL from injec<on server Torpig injects the returned content into the user s browser Content is usually html phishing form that asks for sensi<ve data reproduces look and style of target web site 20

22 Torpig HTML injec<on 21

23 Domain flux Taking down a single bot has li8le effect on botmaster C&C servers are vulnerable to take down if you use a sta<c IP address, people will block or remove host if you use a DNS name, people will block or remove domain name Domain flux idea is to have bots periodically generate new C&C domain names o^en, use local date (system <me) as input botmaster needs to register one of these domains and respond properly so that bots recognize valid C&C server defenders must register all domains to take down botnet 22

24 Torpig domain flux Each bot has same domain genera<on algorithm (DGA) three fixed domains to be used if all else fails DGA generates weekly domain name (wd) daily domain name (dd) Every 20 minutes bot a8empts to connect in order to wd.com, wd.net, wd.biz if all three fail, then dd.com, dd.net, dd.biz if they also fail, then the three fixed domains Criminals normally registered wd.com (and wd.net) 23

25 Sinkholing Reverse engineered name genera<on algorithm and C&C protocol Observed domains for 01/25/ /15/2009 unregistered Registered these domains ourselves Unfortunately, Mebroot pushed new Torpig binary on 02/04/2009 We controlled the botnet for ~10 days Data 8.7 GB Apache logs 69 GB pcap data (contains stolen informa<on) 24

26 Sinkholing cont d Purchased hos<ng from two different hos<ng providers known to be unresponsive to complaints Registered wd.com and wd.net with two different registrars One was suspended 01/31 due to abuse complaint Set up Apache web servers to receive bot requests Recorded all network traffic Automa<cally downloaded and removed data from our hos<ng providers Enabled hosts a week early immediately received data from 359 infected machines 25

27 Data collec<on Bot connects to Torpig C&C every 20 minutes via HTTP POST Sends a header <mestamp, IP address, proxy ports, OS version, locale, nid, Torpig build and version number nid 8 byte value, used for encryp<ng header and data derived from hard disk informa<on or volume serial number serves as a convenient, unique iden<fier allows one to detect VMware machines Op<onal body data stolen informa<on (accounts, browser data, ) 26

28 Botnet size Count number of infec<ons usually based on unique IP addresses problema<c: DHCP and NAT effects (we saw 1.2M unique IPs) our count based on header informa<on: ~180K hosts seen 27

29 Threats 8,310 unique accounts from 410 financial ins<tu<ons Top 5: PayPal (1,770), Poste Italiane, Capital One, E*Trade, Chase 38% of creden<als stolen from browser s password manager 1,660 credit cards Top 3: Visa (1,056), Mastercard, American Express, Maestro, Discover US (49%), Italy (12%), Spain (8%) typically, one CC per vic<m, but there are excep<ons 28

30 Value of the Financial Informa<on Symantec [2008] es<mates Credit card value at $.10 to $25.00 Bank account at $10.00 to $1, Using Symantec es<mates,10 days of Torpig data valued at $83K to $8.3M 29

31 Part II HOW A BOTNET IS CREATED 30

32 Drive- by- download a8acks 31

33 Drive- by- download a8acks GET / 32

34 Drive- by- download a8acks <iframe> GET / 33

35 Drive- by- download a8acks <iframe> GET / 34

36 Drive- by- download a8acks <iframe> GET / 35

37 Drive- by- download a8acks evil.js <iframe> GET / 36

38 Drive- by- download a8acks evil.js <iframe> GET / 37

39 Drive- by- download a8acks evil.js <iframe> GET / 38

40 Malicious code 39

41 Exploit 40

42 Previous work Research mostly focused on detec<ng drive- by- download a8acks Moshchuk et al., NDSS 2006 Provos et al., USENIX Security 2007 Guarnieri and Livshits, USENIX Security 2009 Nazario, LEET 2009 Cova et al., WWW 2010 Rieck et al., ACSAC 2010 Some also provide measurement and analysis of these a8acks (e.g., Google and Microso^ studies) Mostly prevalence studies But lots of ques<ons remain open 41

43 Understanding drive- by- download A8acker What is the modus operandi of cyber- criminals? How do they cra^ and update their exploit code? What infrastructure do they use to host their a8acks? Infected web sites How is malicious code distributed? Which web sites are targeted? Vic<ms What so^ware are they using? What is the corresponding vulnerability surface? 42

44 Approach Campaigns: coordinated set of drive- by- download a8acks led by a group of a8ackers Study one drive- by- download campaign in depth Pro: can study all aspects of this campaign Cons: results may be biased by this sampling We focused in par<cular on the Mebroot drive- by- download campaign Several monitoring periods in 2009 and

45 Mebroot drive- by infrastructure 44

46 Domain Genera<on Algorithm Typically, target of redirec<on (exploit site) is hard- coded in infected sites (i.e., sta<c string) Take down the exploit site block the campaign DGA(t [, parameters]) - > domain name If exploit site is taken down, a8ackers need only to wait un<l DGA generates a new, fresh name for campaign to become ac<ve again Mebroot ini<ally used 2 DGAs, then added several new ones Tradi<onal variants A and B: since 2008 Twi8er variant: since April 26 th,

47 Tradi<onal DGA var suffixes = new Array('uno', 'dve', 'thr', 'fir', 'vif', 'xes', 'ves, 'ght', 'eni', 'etn', 'lev', 'twe'); var letters = new Array('a', 'b', 'c',..., 'x', 'y', 'z'); var numbers = new Array(1, 2, 3, 4, 5, 6, 7, 8, 9); function calculatemagicnumber(d, m, y) { return (((y + (3 * d)) + (m ^ d) * 3) + d); } function generatedomain(date) { var time = new Array(); time['year'] = date.getfullyear(); [...] // generate the second letter of the domain name mch = letters[((time['month'] + magicnum) % 25)]; // generate the fourth letter of the domain name if (((time['day'] * 2) >= 0) && ((time['day'] * 2) <= 9)) dch = numbers[(time['day'] % 10)]; else dch = letters[((time['day'] * 6) % 27)]; return ych2 + mch + ych1 + dch + suffixes[time['month'] - 1] + '.com'; } 46

48 Twi8er DGA document.write("<scr" + "ipt language=javascript" + " src='http://search.twitter.com/trends/daily.json? callback=callback'>" + "</scr" + "ipt>");... window.tw = // the result returned from Twitter // read the second character from Twitter trends shiftindex = window.tw.trends[shiftindex][0].query.charcodeat(1); // rest of the code is similar to traditional // variant... 47

49 Methodology We sinkholed a number of exploit sites Reverse engineer DGA, determine future domain names, register them before the a8ackers if possible When user visits infected web site, he/she is redirected to our server 22 exploit sites monitored in total 2 domains generated from the tradi<onal DGA variant A, 14 from the tradi<onal variant B, and 6 from the Twi8er DGA variant 48

50 Data collec<on Vic<ms Users visi<ng our servers We served JavaScript code that fingerprints user s browser (similar to Google Analy<cs) Infected sites User request may contain Referer header, which points to infected site Downloaded the infected pages Exploit sites Monitored all the sites used by Mebroot 49

51 EXPLOIT SITES 50

52 Infrastructure All exploit domains registered through a single domain registrar, OnlineNIC Servers hosted in handful of ASes: AS32475 (SINGLEHOP): 35 AS46475 (LIMESTONENETWORKS): 15 AS21844 (THEPLANET): 7 Bogus WHOIS informa<on 51

53 Registra<on <ming 52

54 VICTIMS 53

55 Data collec<on Coun<ng vic<ms: number of unique IPs visi<ng our servers Characterizing vic<ms JavaScript code that fingerprint vic<m s browser, i.e., browser version, installed plugins and Ac<veX Par<cularly interested in plugins and Ac<veX that are known to be vulnerable Limita<ons Vic<m may have JavaScript disabled Loading some plugins may raise browser alerts and users may then block their execu<on 54

56 Vic<ms Overall, 559,627 requests from 339,150 dis<nct IPs Removed requests that were incompa<ble with those caused by Mebroot code Removed requests from users that did not execute our fingerprin<ng code Usual geographical, OS, browser distribu<on US (27%), IT (9%), IN (5%) Windows XP (64%), Vista (23%), Mac OSX (5%) IE 7 (30%), FF 3.0.x (26%), IE 6 (17%) 55

57 Browser updates? If automa<c Percent of users (IPs) with latest browser version. 56

58 Plugin updates? Who cares 57

59 INFECTED SITES 58

60 Data collec<on We iden<fy infected web sites by looking at the value of the Referer header in requests to our servers Limita<ons Referer header may be suppressed Some redirec<on code used by Mebroot ac<vely suppresses the sending of the header double check against available list of known Mebroot- infected sites: no miss Header value may be bogus check that referred site is indeed infected by using Wepawet 59

61 Infected sites In total, we iden<fied 33,195 dis<nct URLs from 6,541 sites Does it sound low? A^er all, massive SQL injec<on campaigns claimed tens of thousands of sites Methodology of how sites counted SQL injec<on may succeed in injec<ng code but may fail to make code ac<ve (e.g., malformed HTML) We only count sites that successfully redirected to our servers 60

62 Infected sites Domain Referring IPs Category torrentsgalaxy.com 18,149 BitTorrent movie- galleries.ztgals.com 14,914 Adult celebritymoviezone.com 11,747 Adult freehitmovies.org 9,570 Movies seemyorgasm.com 7,983 Adult megapornstarvids.com 6,196 Adult extazis.com 4,168 Adult solotouch.com 3,886 Adult thickbbwforum.com 3,702 Adult ero<cpornart.com 3,402 Adult Popular categories: business (22%), technology (15%), adult (10%), travel (9%), sport (5%) 61

63 Injected code Data collec<on Visit infected pages once per day We found 145 dis<nct instances of the Mebroot code Most varia<ons due to simple polymorphic techniques (e.g., random variable and func<on names) More interes<ng varia<ons: DGA, redirec<on code 62

64 Redirec<on techniques script tag Hidden iframe tag Hijacking the onmouseup and onclick event handlers Minimal user interac<on required IE does not send Referer header Evade (some) automated detec<on tools (e.g., Google) Code evolves 122 sites were upgraded to the newer variants of the code 63

65 Injec<on method No ground truth Injec<on is only step of Mebroot s drive- by- download campaign we did not have direct visibility A number of cues point to compromised FTP creden<als Mebroot operators have access to stolen FTP accounts (Mebroot botnet) Code is always inserted neatly into page (e.g., right before the closing body tag), unlike with many SQL injec<on a8acks In a number of cases (7%), code injected in JavaScript files, which typically are sta<c resources 64

66 Infec<on and cleanup dynamics Cleaning up infected sites takes a long <me A^er 25 days, only 50% sites cleaned up 80% cleanup rate achieved a^er 45 days Some<me, infinite amount of <me 900 sites out of the 4,927 were not cleaned up during our monitoring period 65

67 Infec<on and cleanup dynamics 66

68 Infec<on and cleanup dynamics Remedia<on not effec<ve 467 sites where the Mebroot code was removed and injected again a^er one or more days Interes<ng cases nemicidimaria.it Home page is cleaned up on June 30 Infected again on August 1 (code inserted in different part of the page) classoto.com Mebroot code removed But not clean: just subs<tuted with SEO spam code Two days later, spam code replaced by Mebroot code again 67

69 Network- level monitoring April 2010, given access for one week to mirror port of a switch connected to an exploit server Actual malicious server (not our monitoring server) 300 GB of data Requests from 202,879 unique IP addresses Of these, 45,816 hosts were exploited, and we observed the download of the malware binary 22.6% compromise rate Exploits Java 40.5%, IE exploit (33.9%), mul<ple Adobe Reader exploits (24.7%), and a DirectShow (7.5%) exploit 68

70 CONCLUSIONS & LESSONS LEARNED 69

71 Ethics botnet monitoring Principle 1: the sinkholed botnet should be operated so that any harm and/or damage to vic<ms and targets of a8acks would be minimized always responded with okn message never sent new/blank configura<on file Principle 2: the sinkholed botnet should collect enough informa<on to enable no<fica<on and remedia<on of affected par<es worked with law enforcement (FBI and DoD Cybercrime units) worked with bank security officers worked with ISPs 70

72 Ethics drive- by study Respect for persons Issue of privacy (iden<fica<on) we use aggregate sta<s<cs only Beneficence Risk/benefit balance Threat: running script in users browsers thorough design and tes<ng to sa<sfy confiden<ality, integrity (of data collected) and availability (of browser) Threat: sinkholing we interpose only on malicious web sites, thus users are not worse off due to our ac<vi<es Jus<ce/fairness No discrimina<on 71

73 Lessons learned Few rogue or ina8en<ve ISPs and registrars can be leveraged to build sophis<cated malicious infrastructures A8ackers are responsive Sinkholing Twi8er- based DGA Cleanup re- infec<on Users do not patch, unless it is automated Web sites not well managed, if at all Best before date [Stephan Frei] Servicing, like we do for cars? 72

74 Tools h8p://www.bothunter.net/ h8p://www.snort.org/ h8p://www.malwaredomainlist.com/ h8p://anubis.iseclab.org/ h8p://wepawet.cs.ucsb.edu/ 73

75 Ques<ons?

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park 21. Botnets ENEE 757 CMSC 818V Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park http://ter.ps/757 https://www.facebook.com/sdsatumd Today s Lecture Where we ve been AuthenDcaDon

More information

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.

More information

Peering Through the iframe

Peering Through the iframe Peering Through the iframe Brett Stone-Gross, Marco Cova, Christopher Kruegel, and Giovanni Vigna University of California, Santa Barbara University of Birmingham, United Kingdom {bstone,chris,vigna}@cs.ucsb.edu

More information

Operation Liberpy : Keyloggers and information theft in Latin America

Operation Liberpy : Keyloggers and information theft in Latin America Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation

More information

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones Network Security Security in Compu5ng, Chapter 7 Topics l Network AAacks l Reconnaissance l AAacks l Spoofing l Web Site Vulnerabili5es l Denial of Service l Network Defences l Firewalls l Demilitarised

More information

DNS Traffic Monitoring. Dave Piscitello VP Security and ICT Coordina;on, ICANN

DNS Traffic Monitoring. Dave Piscitello VP Security and ICT Coordina;on, ICANN DNS Traffic Monitoring Dave Piscitello VP Security and ICT Coordina;on, ICANN Domain Names ICANN coordinates the administra2on of global iden2fier systems Domain names provide user friendly identification

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Intro Fun. S#ck- figure strip humor sourced and courtesy of h8p://xkcd.com and is provided for informa#ve use only.

Intro Fun. S#ck- figure strip humor sourced and courtesy of h8p://xkcd.com and is provided for informa#ve use only. Intro Fun S#ck- figure strip humor sourced and courtesy of h8p://xkcd.com and is provided for informa#ve use only. Security & Trust Trends on security and trust within the Internet A focus on Phishing

More information

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................

More information

Introduction: 1. Daily 360 Website Scanning for Malware

Introduction: 1. Daily 360 Website Scanning for Malware Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover

More information

Defending Against Web App A0acks Using ModSecurity. Jason Wood Principal Security Consultant Secure Ideas

Defending Against Web App A0acks Using ModSecurity. Jason Wood Principal Security Consultant Secure Ideas Defending Against Web App A0acks Using ModSecurity Jason Wood Principal Security Consultant Secure Ideas Background Info! Penetra?on Tester, Security Engineer & Systems Administrator!!!! Web environments

More information

PATRIOT BANK CUSTOMERS. Corporate Account Takeover & Information Security Awareness

PATRIOT BANK CUSTOMERS. Corporate Account Takeover & Information Security Awareness PATRIOT BANK CUSTOMERS Corporate Account Takeover & Information Security Awareness What will be covered! What is Corporate Account Takeover?! How does it work?! Sta9s9cs! Current Trend Examples! What can

More information

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Botnets: The Advanced Malware Threat in Kenya's Cyberspace Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)

More information

A Critical Investigation of Botnet

A Critical Investigation of Botnet Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 9 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning

More information

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and

More information

Rogue Programs. Rogue Programs - Topics. Security in Compu4ng - Chapter 3. l Rogue programs can be classified by the way they propagate

Rogue Programs. Rogue Programs - Topics. Security in Compu4ng - Chapter 3. l Rogue programs can be classified by the way they propagate Rogue Programs Security in Compu4ng - Chapter 3 Rogue Programs - Topics l Rogue programs can be classified by the way they propagate l Virus l Trojan l Worm l Or how they are ac4vated l Time Bomb l Logic

More information

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013 Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a

More information

FORBIDDEN - Ethical Hacking Workshop Duration

FORBIDDEN - Ethical Hacking Workshop Duration Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes

More information

A WOLF IN SHEEP'S CLOTHING The Dangers of Persistent Web Browser Storage

A WOLF IN SHEEP'S CLOTHING The Dangers of Persistent Web Browser Storage Michael Su+on VP, Security Research A WOLF IN SHEEP'S CLOTHING The Dangers of Persistent Web Browser Storage Twi+er Ques9ons: @zscaler_su+on Who Am I? Company Zscaler SaaS solu9on for web browser security

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

Kaseya Fundamentals Workshop DAY THREE. Developed by Kaseya University. Powered by IT Scholars

Kaseya Fundamentals Workshop DAY THREE. Developed by Kaseya University. Powered by IT Scholars Kaseya Fundamentals Workshop DAY THREE Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.5 Last updated March, 2014 Day Two Overview Day Two Lab Review Patch Management Configura;on

More information

Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion

Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion Internet Security Seminar 2013 Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion An overview of the paper In-depth analysis of fake Antivirus companies

More information

WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA

WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA Email {wei.xu, ksanders, yzhang}@ paloaltonetworks.com ABSTRACT Malicious domains

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Attacks 2011: How Complexity Evaded Defenses and Strategies for Prevention TOMER TELLER CHECK POINT SOFTWARE TECHNOLOGIES. Session Classification:

Attacks 2011: How Complexity Evaded Defenses and Strategies for Prevention TOMER TELLER CHECK POINT SOFTWARE TECHNOLOGIES. Session Classification: Attacks 2011: How Complexity Evaded Defenses and Strategies for Prevention TOMER TELLER CHECK POINT SOFTWARE TECHNOLOGIES Session ID: SPO1-303 Session Classification: General Interest Welcome to RSA 2013.

More information

Exploring the Black Hole Exploit Kit

Exploring the Black Hole Exploit Kit Exploring the Black Hole Exploit Kit Updated December 20, 2011 Internet Identity Threat Intelligence Department http://www.internetidentity.com http://www.internetidentity.com 12/29/11 Page 1/20 Summary

More information

FTC Data Security Standard

FTC Data Security Standard FTC Data Security Standard The FTC takes the posi6on (Being tested now in li6ga6on) that Sec6on 5 of the FTC Act requires Reasonable Security under the circumstances: that companies have reasonable controls

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains

LASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way

More information

UNMASKCONTENT: THE CASE STUDY

UNMASKCONTENT: THE CASE STUDY DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...

More information

Loophole+ with Ethical Hacking and Penetration Testing

Loophole+ with Ethical Hacking and Penetration Testing Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,

More information

Advancements in Botnet Attacks and Malware Distribution

Advancements in Botnet Attacks and Malware Distribution Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering

More information

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,

More information

We Know It Before You Do: Predicting Malicious Domains

We Know It Before You Do: Predicting Malicious Domains We Know It Before You Do: Predicting Malicious Domains Abstract Malicious domains play an important role in many attack schemes. From distributing malware to hosting command and control (C&C) servers and

More information

Web Application Worms & Browser Insecurity

Web Application Worms & Browser Insecurity Web Application Worms & Browser Insecurity Mike Shema Welcome Background Hacking Exposed: Web Applications The Anti-Hacker Toolkit Hack Notes: Web Security Currently working at Qualys

More information

Computer Security Incident Handling Detec6on and Analysis

Computer Security Incident Handling Detec6on and Analysis Computer Security Incident Handling Detec6on and Analysis Jeff Roth, CISSP- ISSEP, CISA, CGEIT Senior IT Security Consultant 1 Coalfire Confiden+al Agenda 2 SECURITY INCIDENT CONTEXT TERMINOLOGY DETECTION

More information

Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS

Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS Trend Micro Incorporated Research Paper 2012 Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS By: Jon Oliver, Sandra Cheng, Lala Manly, Joey Zhu, Roland

More information

Current counter-measures and responses by CERTs

Current counter-measures and responses by CERTs Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure

More information

Phase 2: Scanning Detec0ng informa0on useful for break- in Live machines Network topology Firewall configura0on Applica0ons and OS types Vulnerabili0es

Phase 2: Scanning Detec0ng informa0on useful for break- in Live machines Network topology Firewall configura0on Applica0ons and OS types Vulnerabili0es Phase 2: Scanning Detec0ng informa0on useful for break- in Live machines Network topology Firewall configura0on Applica0ons and OS types Vulnerabili0es Finding live hosts Ping sweep TCP SYN sweep Map network

More information

Sophos Ltd. All rights reserved.

Sophos Ltd. All rights reserved. Sophos Ltd. All rights reserved. 1 Sophos Approach to Unified Security Integrated Security for Be9er Protec;on James Burchell & Greg Iddon, Sales Engineers UK&I, Technology Services What we re going to

More information

Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology

Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology Alexey Kirichenko, F- Secure Corpora7on ICT SHOK, Future Internet program 30.5.2012 Outline 1. Security WP (WP6) overview

More information

Adventures in Bouncerland. Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs

Adventures in Bouncerland. Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs Adventures in Bouncerland Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs Agenda Introduc5ons Our Mo5va5ons What We Knew About Bouncer Research Approach & Process Phase 0 Phase 1 7 Final Test What

More information

CS 558 Internet Systems and Technologies

CS 558 Internet Systems and Technologies CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.

More information

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology

More information

GlobalSign Malware Monitoring

GlobalSign Malware Monitoring GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...

More information

Beyond Aurora s Veil: A Vulnerable Tale

Beyond Aurora s Veil: A Vulnerable Tale Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF

More information

Networks and Security Lab. Network Forensics

Networks and Security Lab. Network Forensics Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite

More information

Melde- und Analysestelle Informationssicherung MELANI Torpig/Mebroot Reverse Code Engineering (RCE)

Melde- und Analysestelle Informationssicherung MELANI Torpig/Mebroot Reverse Code Engineering (RCE) Melde- und Analysestelle Informationssicherung MELANI Torpig/Mebroot Reverse Code Engineering (RCE) Andreas Greulich, MELANI Swiss Cyber Storm, 18 April 2009 Agenda Part 1: Introduction (~5 ) Infection

More information

BotNets- Cyber Torrirism

BotNets- Cyber Torrirism BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation

More information

Website Security: What do I need to know? What do I need to do?

Website Security: What do I need to know? What do I need to do? Website Security: What do I need to know? What do I need to do? This document describes some of the emerging security issues for and threats to websites as well as some of the options to address them.

More information

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers

More information

Threat Spotlight: Angler Lurking in the Domain Shadows

Threat Spotlight: Angler Lurking in the Domain Shadows White Paper Threat Spotlight: Angler Lurking in the Domain Shadows Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION Kleissner & Associates Botconf 14, 3-5 Dec 2014, Nancy/France Worlds largest botnet monitoring system Since September 2012 Originally

More information

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

VoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov

VoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov VoIP Security How to prevent eavesdropping on VoIP conversa8ons Dmitry Dessiatnikov DISCLAIMER All informa8on in this presenta8on is provided for informa8on purposes only and in no event shall Security

More information

Security testing the Internet-of-things

Security testing the Internet-of-things Security testing the Internet-of-things Lindholmen Software Development Day 2014-10-16 Emilie Lundin Barse Informa(on Security Consultant, Combitech emilie.barse@combitech.se Contents State of security

More information

Current Threat Scenario and Recent Attack Trends

Current Threat Scenario and Recent Attack Trends Current Threat Scenario and Recent Attack Trends Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Objectives Current Cyber space Nature of cyberspace and associated risks

More information

NUIT Tech Talk. Peeking Behind the Curtain of Security. Jeff Holland Security Vulnerability Analyst Information & Systems Security/Compliance

NUIT Tech Talk. Peeking Behind the Curtain of Security. Jeff Holland Security Vulnerability Analyst Information & Systems Security/Compliance NUIT Tech Talk Peeking Behind the Curtain of Security Jeff Holland Security Vulnerability Analyst Information & Systems Security/Compliance Definitions Malware: The Virus/Trojan software we ve all come

More information

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009 Protecting Data From the Cyber Theft Pandemic A FireEye Whitepaper - April, 2009 Table of Contents Executive Summary Page 3 Today s Insider Threat Is Stealth Malware Page 3 Stealth Malware Attacks Are

More information

Shellshock. Oz Elisyan & Maxim Zavodchik

Shellshock. Oz Elisyan & Maxim Zavodchik Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable

More information

Multifaceted Approach to Understanding the Botnet Phenomenon

Multifaceted Approach to Understanding the Botnet Phenomenon Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic

More information

ZNetLive Malware Monitoring

ZNetLive Malware Monitoring Introduction The criminal ways of distributing malware or malicious software online have gone through a change in past years. In place of using USB drives, attachments or disks to distribute viruses, hackers

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

A TASTE OF HTTP BOTNETS

A TASTE OF HTTP BOTNETS Botnets come in many flavors. As one might expect, these flavors all taste different. A lot of Internet users have had their taste of IRC, P2P and HTTP based botnets as their computers were infected with

More information

Koobface on Facebook: How malicious contents sneak into social networking. Mohammad Reza Faghani

Koobface on Facebook: How malicious contents sneak into social networking. Mohammad Reza Faghani Koobface on Facebook: How malicious contents sneak into social networking Mohammad Reza Faghani Outline Introduction Trend of Web malware Social networks malware What is XSS!? Potentials of XSS Worms Social

More information

Malware Trend Report, Q2 2014 April May June

Malware Trend Report, Q2 2014 April May June Malware Trend Report, Q2 2014 April May June 5 August 2014 Copyright RedSocks B.V. 2014. All Rights Reserved. Table of Contents 1. Introduction... 3 2. Overview... 4 2.1. Collecting Malware... 5 2.2. Processing...

More information

DATA SHEET. What Darktrace Finds

DATA SHEET. What Darktrace Finds DATA SHEET What Darktrace Finds Darktrace finds anomalies that bypass other security tools, due to the uniqueness of the Enterprise Immune System, capable of detecting threats without reliance on rules,

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

ReadySpace Limited Unit J, 16/F Reason Group Tower, 403-413 Castle PeakRoad, Kwai Chung, N.T.

ReadySpace Limited Unit J, 16/F Reason Group Tower, 403-413 Castle PeakRoad, Kwai Chung, N.T. Reputation and Blacklist Monitoring Basic Professional Business Enterprise Reputation Monitoring Blacklist Monitoring Standard Malware Detection Scan for known Malware Scan for known viruses All pages

More information

BadUSB On accessories that turn evil

BadUSB On accessories that turn evil BadUSB On accessories that turn evil Karsten Nohl Sascha Krißler Jakob Lell SRLabs Template v12 Demo 1 USB s&ck takes over Windows machine 2 Agenda

More information

Your Botnet is My Botnet: Analysis of a Botnet Takeover

Your Botnet is My Botnet: Analysis of a Botnet Takeover Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna University

More information

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most

More information

Botnets Die Hard Owned and Operated

Botnets Die Hard Owned and Operated Botnets Die Hard Owned and Operated,,, Las Vegas, 2012 Aditya K Sood Richard J Enbody SecNiche Security Department of Computer Science and Engineering Michigan State University Aditya K Sood About Us PhD

More information

Main Research Gaps in Cyber Security

Main Research Gaps in Cyber Security Comprehensive Approach to cyber roadmap coordina5on and development Main Research Gaps in Cyber Security María Pilar Torres Bruna everis Aerospace and Defence Index CAMINO WP2: Iden8fica8on and Analysis

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

Personalized Search Under Attacks

Personalized Search Under Attacks Personalized Search Under Attacks Wenke Lee College of Computing Georgia Institute of Technology What Your Search Does Not Tell You Search park west gallery on Google Nega6ve comments: Vic6ms of a Park

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

DNS REBINDING DENIS BARANOV, POSITIVE TECHNOLOGIES

DNS REBINDING DENIS BARANOV, POSITIVE TECHNOLOGIES DNS REBINDING DENIS BARANOV, POSITIVE TECHNOLOGIES TABLE OF CONTENTS 1 Bypassing The Restrictions 3 2 Putting It into Practice 5 3 Actual Load 7 4 Detection Of The Application Version 5 Guessing A/The

More information

Detecting Bots with Automatically Generated Network Signatures

Detecting Bots with Automatically Generated Network Signatures Detecting Bots with Automatically Generated Network Signatures Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, Engin Kirda,, {pw,tho}@seclab.tuwien.ac.at Institute Eurecom,

More information

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Albert Rees Computer Crime and Intellectual Property Section (CCIPS) Criminal Division,

More information

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS May 2012 As of April 30th, 2012 the Citadel Trojan was at its fourth upgrade with Version 1.3.4.0 already in the hands of its customers. Citadel s features, bug

More information

Insecurity breeds at home

Insecurity breeds at home Insecurity breeds at home - Vulnerabilities in SOHO routers Amrita Center for Cyber Security Amrita University Small Office Home Office(SOHO) Routers 2 Problem at hand No technology available to detect/prevent

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Thanks for showing interest in Vortex IIT Delhi & What After College (WAC) Ethical Hacking Workshop.

Thanks for showing interest in Vortex IIT Delhi & What After College (WAC) Ethical Hacking Workshop. Thanks for showing interest in Vortex IIT Delhi & What After College (WAC) Ethical Hacking Workshop. Our aim is to address the students apprehensions and anxieties regarding their career prospects in Ethical

More information

Stopping zombies, botnets and other email- and web-borne threats

Stopping zombies, botnets and other email- and web-borne threats Stopping zombies, botnets and other email- and web-borne threats Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This

More information

Design and Evalua.on of a Real- Time URL Spam Filtering Service

Design and Evalua.on of a Real- Time URL Spam Filtering Service Design and Evalua.on of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Jus.n Ma, Vern Paxson, Dawn Song University of California, Berkeley Interna.onal Computer Science Ins.tute Mo.va.on

More information

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)

More information

A Brief Overview of the Mobile App Ecosystem. September 13, 2012

A Brief Overview of the Mobile App Ecosystem. September 13, 2012 A Brief Overview of the Mobile App Ecosystem September 13, 2012 Presenters Pam Dixon, Execu9ve Director, World Privacy Forum Jules Polonetsky, Director and Co- Chair, Future of Privacy Forum Nathan Good,

More information

Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions Security Awareness For Website Administrators State of Illinois Central Management Services Security and Compliance Solutions Common Myths Myths I m a small target My data is not important enough We ve

More information

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information