AVG (AU/NZ)'s Security Advisor, Michael McKinnon, details the latest emerging threats and trends in online security: toolkits, spam, rogue apps, printed malware, fake anti-virus, ransomware and mobile security.

1. AVG.COM.AU
AVG.CO.NZ
Emerging Threats and Trends
Michael McKinnon, Security Advisor
An Avalanche Technology Group Company

2. Emerging Threats & Trends - Overview
• Current Threats
• Toolkits, Spam, Mobile, Printed Malware,
Fake Anti-Virus, Ransomware
• Trends & Emerging
• Facebook, Mobile security, DNSSEC, Anonymous
• Dispel some common myths along the way 
2

3. Current Threats
• Compiled from our local support team; and
• AVG Community Powered Threat Report, Q4 2011
3

4. Blackhole Toolkit – What is it?
• Web based, distribution system for exploits and
malware; runs on a private or compromised server
4

5. Blackhole Toolkit – Targets many platforms
• Allows them to target many platforms, including Mac!
5

6. Blackhole Toolkit – Features & facts
• Other key “features”:
• Analytics network
• Built-in anti-virus scanning to avoid detection
• Does many complex tasks very easily
• Facts:
• In the last ¼ of 2011 it accounted for 80.2% of all known toolkits
being used
• Exploit toolkits account for 58% of threat activity on malicious
websites
6

7. Blackhole Toolkit – Mitigation
• Always keep computers updated with latest patches to
avoid 0day vulnerabilities
• Run up to date Internet Security solutions – but you
already know that!
7

8. Spam – SNAP POLL
• In Q4 of 2011, which country sent the most spam?
• China
• Romania
• United States
• Israel
8

9. Spam – Top countries
9

10. Spam – Top domains
10

11. Spam – Mitigation
• Run an anti-spam solution on servers & desktops
• Be proactive and know basic email handling tips
• We’ll be providing some tips and resources on how to
spot email scams in the near future…
11

12. Mobile Threats – Rogue apps
• Affecting mostly Android phone and tablet users
12

13. Mobile Threats – Rogue apps
• In Q4 we reported the emergence of rogue “signed”
applications available in the Android Marketplace
• Signed with stolen/leaked digital certificates
• Permission prompts on Android is weak – doesn’t make
the user think at all
• Risks are mostly around spying and premium SMS
• Google has recently announced they are scanning apps
in the Marketplace with “bouncer”
13

14. Mobile Threats – Mitigation
• Update your Android device – if you cannot upgrade
past Android 2.2 then BUY A NEW PHONE! (Same can
be said of older iPhones stuck on iOS 4.3)
• ONLY install applications from the Android Marketplace
– nowhere else
• Have a look at AVG Mobilation for scanning
14

15. Printed Malware – QR codes
15

16. Printed Malware – QR codes
Just like URL shorteners (like bit.ly for
example), QR codes don’t reveal too much about
themselves until you use them
In Q4 2011 we observed a QR code being used
in a Russian forum website that linked to a
malicious mobile app
These are something to keep your eye
on, especially with large, well-known, trusted
brands starting to use them for marketing
16

17. Fake AV – What is it?
• Our support team has been helping clean up the
following Fake AV’s for customers:
• Security Shield
• System Fix
• XP Antivirus 2012
• Internet Security 2012
• Let’s have a look at what they can do…
17

18. Fake AV – Fake “Blue Screen of Death”
18

19. Fake AV – Nag screens and pop-ups
19

20. Fake AV – Mitigation & removal
• Can be very tricky to remove completely, usually
involves reverting to safe-mode and removing files
manually
• Some tricks for removal have, in some cases, been to
enter the fake AV licence key to get rid of it!
• Preventing fake AV from being installed usually involves
keeping the PC up to date, in combination with some
user awareness
20

21. Ransomware – What is it?
• Has been observed being served up by Blackhole
toolkits
• Unlike fake AV – this malicious code just locks up your
computer and demands money!
• Usually pretends to be
from the government or
a law enforcement
agency
21

22. Ransomware – Your PC has been seized!
22

23. Ransomware – Mitigation
• Update, update, update!
• Since the vector for this is 0day vulnerabilities, usually
exploited by a toolkit (like Blackhole) – staying updated
is the first line of defence
• And, of course, AVG 2012 Internet Security
• Browsing questionable websites (i.e. user habit) could
also be a contributory factor in these examples
23

24. Trends & Emerging Threats
• Predictions for 2012
• And some overall stats and trends
24

25. Top 10 Web Threats – Q4 2011
25

26. Trends & Emerging – Facebook or Scambook?
• Global spam levels are decreasing
• Scammers are now using Facebook, which provides:
• Instant access to 850+ million users
• Built-in word of mouth provides viral spread
• Default “trust” with Facebook is still high
26

27. Trends & Emerging – Mobile Security
• Did you know?
• Lost/stolen smartphones & tablets can be located using
GPS tracking
• Mobile devices can be remote wiped if fallen into the
wrong hands
• PIN number should always be used, but also
these can be activated remotely
27

28. Trends & Emerging – DNSSEC
• The Domain Name System (DNS) is vulnerable, so
DNSSEC promises to cryptographically secure it
• We should see improvements over time with true
verification of legitimate sites, good for eCommerce and
consumer confidence online
• Will make stolen SSL certificates much harder to exploit
in the wild
• Should start to have some impacts on
reducing spam levels further, in conjunction
with DMARC
28

29. Trends & Emerging – #opGlobalBlackout
• “Anonymous” announced that it is attempting to bring
down the Internet on 31st March 2012
• http://pastebin.com/NKbnh8q8
• Will be interesting to see what happens, if anything, I
suspect the Internet will be just fine 
• No doubt it will hit the news
29

30. Thank You!
Connect with us to stay up to date with the latest news and information
about online threats and scams. We also provide simple and useful
security tips, designed to keep out community safe.
Come and say hello!
twitter.com/avgaunz facebook.com/avgaunz
Copyright © 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved.
30