Report. Catch Me If You Can. Antics of a Polymorphic Botnet

Size: px
Start display at page:

Download "Report. Catch Me If You Can. Antics of a Polymorphic Botnet"

Transcription

1 Report Catch Me If You Can Antics of a Polymorphic Botnet

2 Contents This report was researched and written by: Anand Bodke Abhishek Karnik Sanchit Karve Raj Samani Introduction 3 Meet the Worm 4 Evolution: as the W32/Worm-AAEH turns 5 Domain generation algorithm 6 Chained download mechanism 7 Polymorphic engine creates unique worm 8 Automated sample harvester 11 Prevalence 12 Preventing infection 13 Takedown 14 Summary 14

3 Introduction The analogy that fits cybercrime is a game of cat and mouse played among those fighting cybercrime and those seeking illegal profits. We see multiple examples in which technical innovation on both sides has resulted in one party getting ahead on one occasion and playing catch-up on another. This struggle has played out in multiple guises, as criminals have developed convoluted communications infrastructures to facilitate control capabilities for malware, payments, and laundering services for their ill-gotten gains. McAfee Labs discusses many examples in reports, white papers, and blogs that present the cybercrime ecosystem, emerging trends, and our engagement with key partners to disrupt or take down such operations. Earlier malware milestones seem rather rudimentary today, but the inescapable fact is that cybercrime is very big business. Last year, Intel Security commissioned a report by the Center for Strategic and International Studies to estimate the global cost of cybercrime. The report estimated that the annual cost to the global economy was more than US$400 billion. Although it is easy to debate whether that estimate was too high or too low, the inescapable fact is that cybercrime is a growth industry; cyberattacks can bring in significant revenue. With such high returns, it is no wonder that we are witnessing remarkable innovation from both sides, from peer-to-peer communications methods incorporating tens of thousands of domains for infected hosts communication, to advanced evasion techniques (AETs) being introduced into trusted network egress control points. This report illustrates one example of innovation: Cybercriminals created an AutoRun worm that avoids detection by continually changing its form with every infection. Its evolution was so prolific that new variants appeared as often as six times a day. In early April 2015, a global law enforcement action took down the control servers for this botnet. Up-to-the-minute details of the takedown can be found here. Raj Samani, McAfee Labs CTO for Europe, the Middle East, and Africa Follow McAfee Labs Catch Me If You Can: Antics of a Polymorphic Botnet 3

4 Meet the Worm A worm is a type of malware that replicates itself in order to spread to other computers. It typically uses a network to propagate itself, relying on security vulnerabilities in a target system to gain access. A worm often installs a backdoor in the infected system, making it into a zombie under the control of the worm s author. A network of zombie systems is known as a botnet. W32/Worm-AAEH is notable because it changes its systemspecific fingerprints many times each day to to evade detection. Writing code for criminal gain is done with a specific purpose in mind, usually focusing on stealing information such as banking credentials, data, or intellectual property. Unlike the ends we ve seen in other malware families, the ultimate goal of the cybercriminal behind this particular worm is to maintain persistence on the victim s machine. Known as W32/Worm-AAEH (as well as W32/Autorun.worm.aaeh, VObfus, VBObfus, Beebone, Changeup, and other names), the aim of this family is to support the download of other malware including banking password stealers, rootkits, fake antivirus, and ransomware. The malware includes wormlike functionality to spread quickly to new machines by propagating across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. The worm was written in Visual Basic 6. Using the inherent complex and undocumented nature of Visual Basic 6 and employing polymorphism and obfuscation, W32/Worm-AAEH has successfully maintained its relevance since it was discovered in June Polymorphic malware, which can change its form with every infection, is a very difficult threat to combat. W32/Worm-AAEH is a polymorphic downloader worm with more than five million unique samples known to McAfee Labs. This worm has had a devastating impact on customer systems (more than 100,000 infected since March 2014). Once aboard, it morphs every few hours and rapidly spreads across the network, downloading a multitude of malware including password stealers, ransomware, rootkits, spambots, and additional downloaders. Our tracking of this worm since March 2014 shows that the control server replaces samples with new variants one to six times per day and that the server-side polymorphic engine serves client-specific samples and guarantees a unique sample with each download request. Proactive, automated monitoring has helped McAfee Labs stay ahead of these adversaries in detection and removal, thereby preventing an onslaught of malware in customer environments. In this report we describe an automation system created in March 2014 by McAfee Labs to mimic the worm s communication behavior and tap into its control servers to harvest malware. This system has allowed our researchers zero-day access to the malware and has helped McAfee Labs monitor the botnet s activity prior to infecting customers. The automation has significantly reduced the number of customer system infections and escalations. Catch Me If You Can: Antics of a Polymorphic Botnet 4

5 Evolution: as the W32/Worm-AAEH turns The first known W32/Worm-AAEH sample (6ca70205cdd67682d6e86c8394ea459e) was found on June 22, 2009 (compiled on June 20). It is detected as Generic Packed.c. Despite being the first version released in the wild, the worm s authors intended to make it hard to analyze by storing every string as individual characters and concatenating them at runtime. Aside from this step, however, no other functionality prevented the analysis of the malware. The sample had modest capabilities: Executing at system startup and hiding in the User Profile directory. Copying itself in all removable drives and using a hidden autorun. inf file to launch automatically. Using the string Open folder to view files as the action text in the local language, supporting 16 European languages. Disabling Windows Task Manager s ability to terminate applications to prevent itself from being manually terminated by the user. Contacting a hardcoded domain (ns1.theimageparlour.net) to download and execute additional malware. Over time, the authors introduced new features. Currently, the worm can: Detect virtual machines and antivirus software. Terminate Internet connections to IP addresses at security companies. Use a domain generation algorithm (DGA) to find its control servers. Inject malware into existing processes. Use encryption. Disable tools from terminating it. Spread itself via removable CD/DVD drives. Exploit a LNK file vulnerability (CVE ). Insert itself in ZIP or RAR archives to aid its persistence and propagation. The feature set comprises two components: Beebone and VBObfus (also known as VObfus). The first component acts as a downloader for VBObfus, while the latter contains all the Trojan and worm functionality. Several obfuscation and antianalysis tricks make detection difficult, encryption techniques are updated often, and open-source software projects are occasionally included to further complicate analysis. It is no surprise that these tricks have kept this worm relevant since it was discovered in Catch Me If You Can: Antics of a Polymorphic Botnet 5

6 A domain generation algorithm is used by malware to periodically generate a large number of domain names that can be used by malware to exchange information. The large volume of generated domains makes it difficult for law enforcement to shut down botnets. Domain generation algorithm W32/Worm-AAEH uses a simple yet effective DGA that allows the malware distributors to change server IPs and domain names on demand (for example, when blocked by security products) while communicating with current infections. The algorithm can be represented as {secret_string}{n}.{tld} in which secret_string is a hardcoded obfuscated string stored in the malware sample. N is a number from 0 to 20. TLD is any of the following strings: com, org, net, biz, info. While N and TLD remain virtually constant, the secret string occasionally changes. At any time, the malware distributor sets the appropriate DNS records for the current secret string as well as the previous one to ensure that older samples can connect to the new servers for updates. For example, on September 14, 2014, the control server IP address was This IP address was registered under several domain names using the current secret string ns1.dnsfor and the previous string ns1.backdates. Some of the domain names from the DGA result in successful resolutions, as shown in the following image: The same control server IP address is registered against multiple secret strings. Catch Me If You Can: Antics of a Polymorphic Botnet 6

7 Chained download mechanism One of the reasons antivirus software struggles with this threat is that the worm can replace itself with new variants before signatures are created to combat them. This tactic is implemented using a chained download mechanism, in which both W32/Worm-AAEH components (Beebone and VBObfus) download new variants of each other. This step ensures that worm s persistence even if security software can detect one of the components because the undetected component will eventually download an undetected version of its counterpart. The chained download is initiated through another component, detected by McAfee Labs as Generic VB.kk. This sample arrives through exploit kits and social engineering attacks and exists solely to download Beebone. An unrelated component detected as Downloader-BJM is an IRC bot that communicates with the same control server but doesn t interact with W32/Worm-AAEH. This process is illustrated in the following diagram: Downloader-BJM (IRC bot) Victim machine #2 Control Server Available to malware via domain generation algorithm Generic VB.kk contacts control server with victim s information Control server returns Beebone Beebone contacts control server Control server returns a list of malware including VBObfus, and other third-party malware such as Cutwail, Necurs, Upatre, and Zbot VBObfus contacts control server Control server returns Beebone (again) 1 Victim visits malicious page 2 Exploit kit Exploit kit installs Generic VB.kk Victim machine #1 The W32/Worm-AAEH worm infection process. In the preceding illustration, Beebone (in Step 4) downloads a variant of VBObfus (6), which replaces the old Beebone with a new Beebone variant (8). A walkthrough of the download chain follows: The response received by Generic VB.kk in Step 3. Catch Me If You Can: Antics of a Polymorphic Botnet 7

8 This response includes the command (download), the URL, and the filename to use when saving the downloaded Beebone. The URL returns an RC4-encrypted binary large object (blob) that decrypts to Beebone. Encrypted Blob Decrypted Binary Unpacking this blob reveals a new variant of Beebone. Beebone contacts the control server again (7) and gets an encrypted blob decrypting to a set of URLs (8): Decrypted URLs provide further malware to the current location. Each URL returns encrypted blobs that decrypt to Beebone and additional malware, and the cycle repeats indefinitely. Polymorphic engine creates unique worms Before the worm switched to off-the-shelf cryptors in July 2014, W32/Worm- AAEH used a unique server-side polymorphic engine that generated victimspecific worm binaries. The engine did this by using information (serial number of C drive and username) in the download request as a seed to generate random strings. These strings were replaced at specific locations in the file, one of which was used as the decryption key for the embedded strings or binary and required the entire plaintext information to be encrypted using the new randomly generated strings: Catch Me If You Can: Antics of a Polymorphic Botnet 8

9 A byte-by-byte comparison between two binaries generated by the polymorphic engine. The executable header is identical. Differences in red between these two samples indicate the mutability of the malware. Catch Me If You Can: Antics of a Polymorphic Botnet 9

10 Differences in red reveal that the project names are modified each time a new binary is generated. Changes in encrypted data and strings. The polymorphic engine also stored information about the sample s origin within itself and prefixed it with a marker. Single-letter alphabets were mapped to individual download ports in the , , and ranges and indicated that the sample was downloaded by Beebone. Two-digit numbers indicated that the sample was downloaded by the VBObfus malware from the port range. Catch Me If You Can: Antics of a Polymorphic Botnet 10

11 Automated sample harvester In March 2014, McAfee Labs developed an automation system to communicate with W32/Worm-AAEH control servers to download new worms as soon as they are served by the malware distributor. Our automation engine is designed to mimic the worms communication with its control server at every stage in the communication sequence outlined in the previous section. So far, the system has collected more than 20,000 unique samples from more than 35 control servers all of which are located in Europe (see map, page 12) and it has helped McAfee Labs threat researchers write detections for samples before they can infect our customers. Our system also detected that the worm replaced its cryptor on July 21, On September 15, 2014, the worm introduced the 29A-Loader, which is sold in the underground market for $300. Using a new McAfee Labs clustering algorithm, we learned that the harvester collected more than 350 variants between March and August 2014, with about 55 samples for each variant. That s an average of 58 new variants per month. Clusters Found by the McAfee Labs Sample Harvester Visual Basic Code Hash Number of Samples e9e18926d027d7edf7d659993c4a40ab fb3e2e40af0cc22b11ac7d3e d daab37f395cb786141d32a a5bbc26a081360be58fa63d08d0a 379 d25a5071b7217d5b99aa10dcbade749d a d204f936f1cfa eae0e4d399be260cfc5b631a25855d e0ad6a6422bec1e847d629b474af b64de750539f45184b98315a7ace a5529a2d0d564633e389c932a Catch Me If You Can: Antics of a Polymorphic Botnet 11

12 All of the worm s control servers detected by McAfee Labs between March 14, 2014, and September 14, 2014, were based in Europe. Prevalence The McAfee Labs malware zoo contains more than five million unique W32/ Worm-AAEH samples. We have detected more than 205,000 samples from 23,000 systems in These systems are spread across more than 195 countries, demonstrating the threat s global reach. The United States reported by far the greatest number of infections. Total Systems Infected by W32/Worm-AAEH in Systems in the United States are the main target for this worm. 9,000 8,000 7,000 6,000 5,000 4,000 3,000 2,000 1,000 0 Sweden Netherlands Italy Mexico Russia France China Brazil Taiwan USA Source: McAfee Labs, Catch Me If You Can: Antics of a Polymorphic Botnet 12

13 Learn how Intel Security can help protect against this threat. The preceding numbers are a conservative estimate of the infection s spread based on data gathered from detections reported from McAfee Labs nodes, which constitute a small subset of the total infections. The geolocation information here may be inconsistent with the actual spread because the geographic distribution of nodes may not be uniform. Preventing infection Intel Security products detect all variants of this family. Our detection names have the following prefixes: W32/Autorun.worm.aaeh W32/Worm-AAEH VBObfus Generic VB Although the threat is consistently polymorphic, the core behavior has remained virtually the same, allowing customers to easily prevent infections by taking these precautionary measures: Access Protection Rules to Stop W32/Worm-AAEH Category Common Maximum Protection User-defined User-defined Rule Prevent programs registering to AutoRun Prevent file execution in %USERPROFILE% directory Block outbound connections to ports , , , and (Legitimate applications may use these) Additional rules are published at https://kc.mcafee.com/corporate/ index?page=content&id=kb Firewall: Block access to DGA domains ns1.dnsfor{n}.{tld}, in which N is a number from 0 to 20 and TLD is any of the following: com, net, org, biz, info. Network Security Platform: Use this Snort rule to prevent malware downloads (instructions at https://community.mcafee.com/docs/ DOC-6086): alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: W32/Worm-AAEH C2 Server Communication Detected ; flow: to_server,established; content: User-Agent: Mozilla/4.0 (compatible\; MSIE 7.0\; Windows NT 5.1\; SV1) ; classtype: trojan-activity; ) Catch Me If You Can: Antics of a Polymorphic Botnet 13

14 Takedown In early April 2015, a global law enforcement action took down the control servers for this botnet. The U.S. Federal Bureau of Investigation, the European Cybercrime Centre (EC3), Intel Security, and the Shadowserver Foundation worked together to identify and disrupt the infrastructure for this botnet. Up-to-the-minute details of the takedown can be found here. Summary Cybercrime is big business and getting bigger so it is no surprise that cybercriminals continue to attack. As this example illustrates, thieves will go to great lengths to conceal themselves from IT security practitioners, the security industry, and global law enforcement so that they can continue to steal with abandon. To stop such attacks, a cooperative effort is required. Security vendors must share crucial information with one another, companies must be protected from legal action for coordinating with other companies and their governments to stop attacks, and global law enforcement agencies must work collaboratively with the security industry and affected companies to take down the most egregious attacks. It is only through a joint effort that we can slow the growth in cyber theft. Catch Me If You Can: Antics of a Polymorphic Botnet 14

15 About McAfee Labs Follow McAfee Labs McAfee Labs is one of the world s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. With data from millions of sensors across key threats vectors file, web, message, and network McAfee Labs delivers real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks. About Intel Security McAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence, Intel Security is intensely focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security combines the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. Intel Security s mission is to give everyone the confidence to live and work safely and securely in the digital world. McAfee. Part of Intel Security Mission College Boulevard Santa Clara, CA The information in this document is provided only for educational purposes and for the convenience of McAfee customers. The information contained herein is subject to change without notice, and is provided as is, without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2015 McAfee, Inc rpt_polymorphic-botnet_0315_fnl_PAIR

Operation Liberpy : Keyloggers and information theft in Latin America

Operation Liberpy : Keyloggers and information theft in Latin America Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation

More information

McAfee Labs Threat Advisory W32/Autorun.worm.aaeb-h

McAfee Labs Threat Advisory W32/Autorun.worm.aaeb-h Summary McAfee Labs Threat Advisory W32/Autorun.worm.aaeb-h August 9, 2013 W32/Autorun.worm.aaeb-h has the ability to infect removable media devices, as well as mounted network shares. Infection starts

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

White Paper. Emergency Incident Response: 10 Common Mistakes of Incident Responders

White Paper. Emergency Incident Response: 10 Common Mistakes of Incident Responders Emergency Incident Response: 10 Common Mistakes of Incident Responders Table of Contents This white paper was written by: Michael G. Spohn Principal Consultant McAfee Foundstone Professional Services Incident

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

Security Business Review

Security Business Review Security Business Review Security Business Review Q4: 2014 2 By Bitdefender Labs Security Business Review Botnet Anonymization Raises New Security Concerns Executive Overview While botnets, which are large

More information

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency. Optimize your defense, resilience, and efficiency. Table of Contents Need Stronger Network Defense? Network Concerns Security Concerns Cost of Ownership Manageability Application and User Awareness High

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians? From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spear Phishing Attacks Why They are Successful and How to Stop Them White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

McAfee Security Architectures for the Public Sector

McAfee Security Architectures for the Public Sector White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed

More information

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013 Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,

More information

This report is a detailed analysis of the dropper and the payload of the HIMAN malware.

This report is a detailed analysis of the dropper and the payload of the HIMAN malware. PAGE 5 Check Point Malware Research Group HIMAN Malware Analysis December 12, 2013 Researcher: Overview This report is a detailed analysis of the dropper and the payload of the HIMAN malware. This malware

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

WildFire. Preparing for Modern Network Attacks

WildFire. Preparing for Modern Network Attacks WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends

More information

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success HACKER INTELLIGENCE INITIATIVE The Secret Behind 1 1. Introduction The Imperva Application Defense Center (ADC) is a premier research organization for security analysis, vulnerability discovery, and compliance

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Multifaceted Approach to Understanding the Botnet Phenomenon

Multifaceted Approach to Understanding the Botnet Phenomenon Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic

More information

Trust the Innovator to Simplify Cloud Security

Trust the Innovator to Simplify Cloud Security Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like

More information

Breaking the Cyber Attack Lifecycle

Breaking the Cyber Attack Lifecycle Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee

More information

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director sfrei@secunia.com

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director sfrei@secunia.com The Fundamental Failures of End-Point Security Stefan Frei Research Analyst Director sfrei@secunia.com Agenda The Changing Threat Environment Malware Tools & Services Why Cybercriminals Need No 0-Days

More information

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure. McAfee Endpoint Protection for SMB You grow your business. We keep it secure. Big Protection for Small to Medium-Sized Businesses With the Internet and connected devices now an integral part of your business,

More information

WHITE PAPER. Understanding How File Size Affects Malware Detection

WHITE PAPER. Understanding How File Size Affects Malware Detection WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through

More information

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009 Protecting Data From the Cyber Theft Pandemic A FireEye Whitepaper - April, 2009 Table of Contents Executive Summary Page 3 Today s Insider Threat Is Stealth Malware Page 3 Stealth Malware Attacks Are

More information

Brought to you by: Justin White https://www.linkedin.com/in/justinwhitesecurity

Brought to you by: Justin White https://www.linkedin.com/in/justinwhitesecurity An off the beaten path, impudent, unconventional, downright unorthodox look at garden-fresh information security issues. Brought to you by: Justin White https://www.linkedin.com/in/justinwhitesecurity

More information

Computer Security DD2395

Computer Security DD2395 Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare

More information

Symantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.

Symantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics. Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based

More information

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious

More information

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Botnets: The Advanced Malware Threat in Kenya's Cyberspace Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)

More information

Symantec Cyber Security Services: DeepSight Intelligence

Symantec Cyber Security Services: DeepSight Intelligence Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with

More information

False Sense of Security:

False Sense of Security: False Sense of Security: New Anti-Virus Testing Methodologies are Critical to Educate Customers Charlotte Dunlap Independent Security Analyst Charlotte Dunlap is an independent security analyst and regular

More information

Executive Summary. McAfee Labs Threats Report: Third Quarter 2013

Executive Summary. McAfee Labs Threats Report: Third Quarter 2013 Executive Summary McAfee Labs Threats Report: Third Quarter Although summer can be a relatively slow season for cybercriminal activity (even the bad guys need a break occasionally), the third quarter of

More information

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document ESET CYBER SECURITY PRO for Mac Quick Start Guide Click here to download the most recent version of this document ESET Cyber Security Pro provides state-of-the-art protection for your computer against

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Symantec Intelligence Report: February 2013

Symantec Intelligence Report: February 2013 Symantec Intelligence Symantec Intelligence Report: February 2013 Welcome to the February edition of the Symantec Intelligence report, which provides the latest analysis of cyber security threats, trends,

More information

Email Encryption Made Simple

Email Encryption Made Simple Email Encryption Made Simple For organizations large or small Table of Contents Who Is Reading Your Email?....3 The Three Options Explained....3 Organization-to-organization encryption....3 Secure portal

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

More information

Defending Against. Phishing Attacks

Defending Against. Phishing Attacks Defending Against Today s Targeted Phishing Attacks DeFending Against today s targeted phishing attacks 2 Introduction Is this email a phish or is it legitimate? That s the question that employees and

More information

Alert (TA14-212A) Backoff Point-of-Sale Malware

Alert (TA14-212A) Backoff Point-of-Sale Malware Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity

More information

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12 Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,

More information

The Nitro Attacks. Security Response. Stealing Secrets from the Chemical Industry. Introduction. Targets. Eric Chien and Gavin O Gorman

The Nitro Attacks. Security Response. Stealing Secrets from the Chemical Industry. Introduction. Targets. Eric Chien and Gavin O Gorman The Nitro Attacks Stealing Secrets from the Chemical Industry Eric Chien and Gavin O Gorman Contents Introduction... 1 Targets... 1 Attack methodology... 2 Geographic Spread... 3 Attribution... 4 Technical

More information

VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation

VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE Distribution: Merchants, Acquirers Who should read this: Information security, incident response, cyber intelligence staff Summary Kuhook

More information

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud 1 st Half 2009 Committed to Wiping Out Internet Scams and Fraud January June 2009 Phishing Report Scope The quarterly APWG analyzes phishing attacks reported to the APWG by its member companies, its Global

More information

The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report:

The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: The author(s) shown below used Federal funds provided by the U.S. Department of Justice and prepared the following final report: Document Title: Author: Examining the Creation, Distribution, and Function

More information

Commtouch RPD Technology. Network Based Protection Against Email-Borne Threats

Commtouch RPD Technology. Network Based Protection Against Email-Borne Threats Network Based Protection Against Email-Borne Threats Fighting Spam, Phishing and Malware Spam, phishing and email-borne malware such as viruses and worms are most often released in large quantities in

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and

More information

The Hidden Data Economy

The Hidden Data Economy Report The Hidden Data Economy The Marketplace for Stolen Digital Information Contents This report was researched and written by: Charles McFarland François Paget Raj Samani Introduction 3 Hidden in Plain

More information

Microsoft Security Response Center (MSRC) Microsoft Malware Protection Center (MMPC)

Microsoft Security Response Center (MSRC) Microsoft Malware Protection Center (MMPC) Security@Microsoft Trustworthy Computing (TwC) Programs supporting security outreach and engagement Microsoft Active Protections Program (MAPP), Government Security Program (GSP) (was SCP) Microsoft Security

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

white paper Malware Security and the Bottom Line

white paper Malware Security and the Bottom Line Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3

More information

INDUSTRY OVERVIEW: FINANCIAL

INDUSTRY OVERVIEW: FINANCIAL ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL

More information

Top Ten Cyber Threats

Top Ten Cyber Threats Top Ten Cyber Threats Margaret M. McMahon, Ph.D. ICCRTS 2014 Introduction 2 Motivation Outline How malware affects a system Top Ten (Simple to complex) Brief description Explain impacts Main takeaways

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

McAfee Next Generation Firewall

McAfee Next Generation Firewall McAfee Next Generation Firewall Services solutions for Managed Service Providers (MSPs) McAfee Next Generation Firewall offers the advanced security, flexibility, and multitenant control needed to protect

More information

A New Approach to Assessing Advanced Threat Solutions

A New Approach to Assessing Advanced Threat Solutions A New Approach to Assessing Advanced Threat Solutions December 4, 2014 A New Approach to Assessing Advanced Threat Solutions How Well Does Your Advanced Threat Solution Work? The cyber threats facing enterprises

More information

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. 2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by

More information

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor

More information

White Paper. PCI Guidance: Microsoft Windows Logging

White Paper. PCI Guidance: Microsoft Windows Logging PCI Guidance: Microsoft Windows Logging Table of Contents Introduction...3 This white paper was written by: Cayce Beames, CISSP, QSA, Technical Practice Director, Strategic Services, Intel Security Preparation

More information

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS Traditionally, IT risk management has balanced security investment and the impact of the threat, allowing each business

More information

Context Threat Intelligence

Context Threat Intelligence Context Threat Intelligence Threat Advisory The Monju Incident Context Ref. Author TA10009 Context Threat Intelligence (CTI) Date 27/01/2014 Tel +44 (0) 20 7537 7515 Fax +44 (0) 20 7537 1071 Email threat@contextis.co.uk

More information

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee Web 2.0 and Data Protection Paul Tsang Security Consultant McAfee Criminal Motivators For Profit Targeted Attacks Cyber Warfare (Credit Cards, PII, Criminal Infrastructure) (Nation-State Secrets, Trade

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

CIT 480: Securing Computer Systems. Malware

CIT 480: Securing Computer Systems. Malware CIT 480: Securing Computer Systems Malware Topics 1. Anti-Virus Software 2. Virus Types 3. Infection Methods 4. Rootkits 5. Malware Analysis 6. Protective Mechanisms 7. Malware Factories 8. Botnets Malware

More information

Innovations in Network Security

Innovations in Network Security Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.

More information

Covert Operations: Kill Chain Actions using Security Analytics

Covert Operations: Kill Chain Actions using Security Analytics Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Kaspersky Lab. Contents

Kaspersky Lab. Contents KASPERSKY DDOS INTELLIGENCE REPORT Q3 2015 Contents Contents... 1 Q3 events... 2 Attacks on financial organizations... 2 Unusual attack scenario... 2 XOR DDoS bot activity... 2 DDoS availability... 3 Statistics

More information

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious

More information

Next Generation IPS and Reputation Services

Next Generation IPS and Reputation Services Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become

More information

Basic Security Considerations for Email and Web Browsing

Basic Security Considerations for Email and Web Browsing Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable

More information

Achieve Deeper Network Security

Achieve Deeper Network Security Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order

More information

The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection

The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection Trend Micro, Incorporated Marco Dela Vega and Norman Ingal Threat Response Engineers A Trend Micro Research Paper I November

More information

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your

More information

Malware Trend Report, Q2 2014 April May June

Malware Trend Report, Q2 2014 April May June Malware Trend Report, Q2 2014 April May June 5 August 2014 Copyright RedSocks B.V. 2014. All Rights Reserved. Table of Contents 1. Introduction... 3 2. Overview... 4 2.1. Collecting Malware... 5 2.2. Processing...

More information

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Addressing Big Data Security Challenges: The Right Tools for Smart Protection Addressing Big Data Security Challenges: The Right Tools for Smart Protection Trend Micro, Incorporated A Trend Micro White Paper September 2012 EXECUTIVE SUMMARY Managing big data and navigating today

More information