180 likes | 317 Views
Web Exploits and the Rise of Cybercriminals. Roger Thompson AVG Chief Research Officer. WWW stands for. World War Web. Topics. How we got here Best solution Future. Ages of Malicious Code. Age 1 - 1987 – 1995 – Dos viruses Age 2 - 1995 – 2000 – Macro viruses
E N D
Web Exploits and the Rise of Cybercriminals Roger Thompson AVG Chief Research Officer
WWW stands for World War Web
Topics How we got here Best solution Future
Ages of Malicious Code • Age 1 - 1987 – 1995 – Dos viruses • Age 2 - 1995 – 2000 – Macro viruses • Age 3 - 1999 – 2002 – Mass mailing worms • Age 4 - 2001 – 2004 – Bots and worms • Age 5 - 2004 - ? - Web based attacks
Extinction Level Events • Age 1 – Windows 95 released • Age 2 – Office 2000 released • Age 3 – Email gateway scanning • Age 4 – XP service pack 2 • Age 5 – nothing yet
Why web? • New name for HTTP is GFBP (Generic Firewall Bypass Protocol) • When you start a browser, you start from a trusted place … inside the firewall • Instant tunnel
Why? For goodness sake • Age 1 – fun • Age 2 – fun • Age 3 – fun and profit (spam and botnets) • Age 4 – fun and profit (spam, botnets, adware, spyware) • Age 5 – profit only (they want your money)
Who? For goodness sake • Russia • China • Brazil
How? For goodness sake • 40 to 50,000 unique executable samples every day • All delivered by about 500 totalexploitsand social engineering tricks over the web • This is what’s known as an aptitude test
Exploit? Social engineering? • An exploit is code that takes advantage of a vulnerability in some program to force some other code to run. • Social engineering is code that takes advantage of a vulnerability in people’s common sense to trick them into running some code. (We’ll always have Paris)
So what’s the solution? • Option 1 is focus on 50k every day • Make your scanner work really hard • Get your researchers working really hard pulling sigs • Continue to automate your sig pulling • Find generic solutions / HIPS
So what’s the solution? • Option 2 is focus on 500 total http tricks • Multiple layers, oriented at http activity. • Block some ip addresses • Block some URLs • The real solution is … block the 500 http tricks
So why isn’t everyone doing it? • Automated community intelligence • Internet Neighborhood Watch • And, of course, LinkScanner • It’s not that easy, but they’re all going to try
The future • For the next few years, it is the web • If there is an ELE, the Bad Guys will find a new way, and our job is to be ready • The 10 most important words in the English language are “Never, never, never, never, never, never, never, never give up!”
Sales & Support Contacts • Web Exploits: www.avg.com/exploit • Sales – M-F 8:30-5:30 ET • Phone: 321.274.1888 (Option 2) • Fax: 321-274-1886 • Email: reseller@avg.com • Support – 24x7 • Phone: 321-274-1888 (Option 1) • Email: resellersupport@avg.com • Resellers receive priority technical support!