Your SlideShare is downloading. ×
The Endless Wave of Online Threats - Protecting our Community
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The Endless Wave of Online Threats - Protecting our Community


Published on

Learn which members of the community are the most vulnerable to cybercrime and view examples of the the latest online threats - including Exploit Toolkits, Second Click Redirection, Fake AV, …

Learn which members of the community are the most vulnerable to cybercrime and view examples of the the latest online threats - including Exploit Toolkits, Second Click Redirection, Fake AV, Ransomware and Printed Malware.

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. AVG.COM.AUAVG.CO.NZThe Endless Wave of Online Threats – Protecting ourCommunityMichael McKinnon – Security Advisor, AVG (AU/NZ) An Avalanche Technology Group company
  • 2. Presentation Overview• Overview of the AVG Community Protection Network• Details and examples of the latest online threats: • Web threats • PC threats • Mobile threats • Printed malware• Trends & issues 2
  • 3. About AVG• Best known globally for AVG Anti-Virus FREE• Over 114 million active users, as of May 2012• Windows based end-point security • Consumer market • SMB (typically up to 200)• Mobile security product for the Android™ platform – AVG Mobilation• Other research • AVG Digital Diaries – 3
  • 4. In our community, who are the mostvulnerable internet users?
  • 5. Future Generations 5
  • 6. Mature Generations 6
  • 7. AVG Community Protection Network 7
  • 8. AVG Community Protection Network• User is asked whether they would like to opt-in during the installation process of their AVG product• Operating since the start of 2011 8
  • 9. Web Threats• Overview• Exploit Toolkits (Blackhole)• Second Click Redirect Mechanism 9
  • 10. Web Threats - Overview 10
  • 11. Blackhole Toolkit – What is it?• Web based, distribution system for exploits and malware; runs on a private or compromised server 11
  • 12. Blackhole Toolkit – Targets many platforms• Allows them to target many platforms, including Mac! 12
  • 13. Blackhole Toolkit – Features & Facts• Interesting features: • Geo-IP detection & distribution • Built-in anti-virus scanning, re-obfuscation upon detection• Facts: • In Q4 2011, it accounted for 80.2% of all known toolkits being used • Exploit toolkits account for 58% of threat activity on malicious websites 13
  • 14. Second Click Redirection – What is it?• Scripting technique for distributing malware• User visits a site, typically with thumbnail images (video content, photos etc.)• Cookie is set on first click, link goes to intended site• If visitor returns, on second click, redirected to a fake anti-virus scan page – user tricked into installing fake anti-virus software (know as Fake AV)• Subsequent clicks, link goes back to intended site• AVG Community Protection Network detected ~8 million pages doing this, mostly from ~1700 domains 14
  • 15. Second Click Redirection – Fake AV Webpage 15
  • 16. Second Click Redirection – Top 25 Domains 16
  • 17. Second Click Redirection – Site Owners 17
  • 18. PC Threats• Fake AV – Security Shield, System Fix etc.• Ransomware 18
  • 19. Fake AV – What is it?• Our support team has been helping clean up the following Fake AVs for customers: • Security Shield • System Fix • XP Antivirus 2012 • Internet Security 2012• Let’s have a look at what they can do… 19
  • 20. Fake AV – Fake “Blue Screen of Death” 20
  • 21. Fake AV – Nag screens and pop-ups 21
  • 22. Ransomware – What is it?• Has been observed being served up by blackhole toolkits• Unlike Fake AV – this malicious code just locks up your computer and demands money!• Usually pretends to be from the Government or a law enforcement agency 22
  • 23. Ransomware – Your PC has been seized! 23
  • 24. Email Scams – Still prevalent, but declining 24
  • 25. Spammers are becoming Facebook scammers• Global spam levels are decreasing• Scammers are now using Facebook, which provides: • Instant access to 900+ million users • Built-in word of mouth provides viral spread • Default “trust” with Facebook is still high • Some people think that Facebook *is* the internet • Gen-Y using messaging apps more than email 25
  • 26. Mobile Threats• Stolen private encryption keys for developer certificates• Premium SMS scams making money in Europe 26
  • 27. Mobile Threats – Rogue Apps & Rootkits• In Q4 2011, AVG reported the emergence of rogue “signed” applications available in the Android™ Marketplace• Signed with stolen/leaked digital certificates• Permission prompts on Android™ is weak – doesn’t make the user think at all• Risks are mostly around spying and premium SMS• Google has recently announced they are scanning apps in the Marketplace with “Bouncer” 27
  • 28. Printed Malware• QR Codes 28
  • 29. Printed Malware – QR Codes 29
  • 30. Printed Malware – QR Codes• Just like URL shorteners (like for example), QR codes don’t reveal anything themselves until you use them• In Q4 2011, we observed a QR code being used in a Russian forum website that linked to a malicious mobile app• These are something to keep our focus on, especially with large, well-known, trusted brands starting to use them for marketing 30
  • 31. Trends & Issues• Motives – data or money?• Could better reporting of cybercrime reduce it? 31
  • 32. Motives – Data or Money?• Lots of talk about information theft – protecting corporate data• Our data, at the consumer and SMB space indicates, there are much more basic motives at play• Money making scams: • Digital extortion (Fake AV) • Other fraud (banking Trojans)• Clearly, just as there are vendors operating in different markets, there are cybercriminals also specialising in different markets 32
  • 33. Can reporting cybercrime reduce it?• Verizon DBIR 2011 • Shows large reduction of data breaches reported• Enterprises becoming very good at reporting incidents when they occur• Consumers and small businesses still left in the dark and MOST low-level crimes continue to go unreported• High volume of small incidents – what do these add up to in terms of lost time/productivity? 33
  • 34. Thank You! Connect with us to stay up to date with the latest news and information about online threats and scams. We also provide simple and useful security tips, designed to keep our community safe. Come and say hello! Copyright © 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved. 34