1 / 11

Agenda (this one!) – check! WW Phishing in the next (6, maybe 12) months

Agenda. Agenda (this one!) – check! WW Phishing in the next (6, maybe 12) months Phishing in Romania (2007-2009) Why 2 & 3 ? The current BitDefender approach Other important aspects

joie
Download Presentation

Agenda (this one!) – check! WW Phishing in the next (6, maybe 12) months

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agenda • Agenda (this one!) – check! • WW Phishing in the next (6, maybe 12) months • Phishing in Romania (2007-2009) • Why 2 & 3 ? • The current BitDefender approach • Other important aspects • This paper will have no conclusions slide so please pay attention! (yes, I’m talking to the guys in the back… where the power plugs are :p )

  2. WW Phishing in the next (6 - 12) months • APWG on 2nd ½ of 2008 • Unique phishing reports submitted to APWG  recorded a yearly high of 34,758 in October  • Unique phishing websites detected by APWG during the second half of 2008 saw a constant increase from July  and in October reached a maximum of 27,739  IT WILL RISE!!, or in Malcom Gladwell’s words: “This is going to tip” – (we trust him because he looks Einsteinian!

  3. Phishing in Romania (2007-2009) • 2007 – 7 attacks • 2008 – 26 attacks (50% targeting the same institution) • 2009 – 187 attacks already (98% targeting the same institution) • 2009 – 1’st ½ … anyone want to make a prediction? Don’t be fooled by randomness!

  4. Now… why would anyone start phishing? • With the current market turmoil, what's the easiest way to make a small fortune? • Start off with a large one! • Quote of the day (from a trader): "This is worse than a divorce. I've lost half my net worth and I still have a wife • This market stinks so bad…that even Chuck Norris can’t make any money.

  5. Well… I bet not anybody can phish!

  6. Really… is must be more than this!!! • Open the yellow pages and pick someone • Search his name using a social media search-engine • If any SN profile found • Download images, posts, comments, friend • Create a phishing attack customized for this exact person. • Continue with his friends 4. Complicated? Too much work? Dial 1-800 BOTNET for an army of computers to do this for you PS: (success comes when the victim has profiles on more than one social network)

  7. Current BitDefender Approach • Technologies: • RBL • Website Forgery Detector • Signature Filter • Minutiae Analysis • Image Filter • AntiPharming Module • We protect: Spain, Germany, France, Italy, Romania and US (banks, SN accounts and webmail)…. For now….

  8. The Matrix We want to believe that this is proactive!

  9. Ignorance is bliss • Showing the actual domain on which the page is hosted • Showing the real page that is being forged • Displaying information about the registrar, the geographic location where the page is hosted and so on. • Requiring user confirmation before continuing loading the page • Certificates challenge. • We suggest all that AND, if possible, actually redirecting the user to the desired institution

  10. Are you going to ask me something or I will have to phish for questions???

More Related