1 / 18

Web Exploits and the Rise of Cybercriminals

Web Exploits and the Rise of Cybercriminals. Roger Thompson AVG Chief Research Officer. WWW stands for. World War Web. Topics. How we got here Best solution Future. Ages of Malicious Code. Age 1 - 1987 – 1995 – Dos viruses Age 2 - 1995 – 2000 – Macro viruses

hang
Download Presentation

Web Exploits and the Rise of Cybercriminals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Exploits and the Rise of Cybercriminals Roger Thompson AVG Chief Research Officer

  2. WWW stands for World War Web

  3. Topics How we got here Best solution Future

  4. Ages of Malicious Code • Age 1 - 1987 – 1995 – Dos viruses • Age 2 - 1995 – 2000 – Macro viruses • Age 3 - 1999 – 2002 – Mass mailing worms • Age 4 - 2001 – 2004 – Bots and worms • Age 5 - 2004 - ? - Web based attacks

  5. Extinction Level Events • Age 1 – Windows 95 released • Age 2 – Office 2000 released • Age 3 – Email gateway scanning • Age 4 – XP service pack 2 • Age 5 – nothing yet

  6. Why web? • New name for HTTP is GFBP (Generic Firewall Bypass Protocol) • When you start a browser, you start from a trusted place … inside the firewall • Instant tunnel

  7. Why? For goodness sake • Age 1 – fun • Age 2 – fun • Age 3 – fun and profit (spam and botnets) • Age 4 – fun and profit (spam, botnets, adware, spyware) • Age 5 – profit only (they want your money)

  8. Who? For goodness sake • Russia • China • Brazil

  9. How? For goodness sake • 40 to 50,000 unique executable samples every day • All delivered by about 500 totalexploitsand social engineering tricks over the web • This is what’s known as an aptitude test

  10. Exploit? Social engineering? • An exploit is code that takes advantage of a vulnerability in some program to force some other code to run. • Social engineering is code that takes advantage of a vulnerability in people’s common sense to trick them into running some code. (We’ll always have Paris)

  11. Attack styles

  12. Damage done

  13. So what’s the solution? • Option 1 is focus on 50k every day • Make your scanner work really hard • Get your researchers working really hard pulling sigs • Continue to automate your sig pulling • Find generic solutions / HIPS

  14. So what’s the solution? • Option 2 is focus on 500 total http tricks • Multiple layers, oriented at http activity. • Block some ip addresses • Block some URLs • The real solution is … block the 500 http tricks

  15. Life is full of 80/20 rules

  16. So why isn’t everyone doing it? • Automated community intelligence • Internet Neighborhood Watch • And, of course, LinkScanner • It’s not that easy, but they’re all going to try

  17. The future • For the next few years, it is the web • If there is an ELE, the Bad Guys will find a new way, and our job is to be ready • The 10 most important words in the English language are “Never, never, never, never, never, never, never, never give up!”

  18. Sales & Support Contacts • Web Exploits: www.avg.com/exploit • Sales – M-F 8:30-5:30 ET • Phone: 321.274.1888 (Option 2) • Fax: 321-274-1886 • Email: reseller@avg.com • Support – 24x7 • Phone: 321-274-1888 (Option 1) • Email: resellersupport@avg.com • Resellers receive priority technical support!

More Related