• Save
User-Generated Content or User-Generated Threat
Upcoming SlideShare
Loading in...5
×
 

User-Generated Content or User-Generated Threat

on

  • 1,493 views

April 16, 2009, Western Canada Information Security Conference, Winnipeg, MB, Canada

April 16, 2009, Western Canada Information Security Conference, Winnipeg, MB, Canada

Statistics

Views

Total Views
1,493
Slideshare-icon Views on SlideShare
1,483
Embed Views
10

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 10

http://www.linkedin.com 7
http://www.slideshare.net 3

Accessibility

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • Most Web 2.0 properties rely on UGC, helps virality <br /> ex: Facebook, Youtube, Digg <br /> <br />
  • <br />
  • <br />
  • when people think of spam and mal. url distribution <br /> <br /> criminals not only use email to send URL, but web as well <br /> <br /> Content sometimes similar, sometimes different <br /> <br />
  • <br />
  • - Mal. code authors take advantage of weaknesses in web content control <br /> - Unless you actively protect, you’re vulnerable <br /> - Custom solutions don’t work well: never-ending arms race <br /> - ex: blocking viagra in email <br /> <br />
  • <br />
  • - a big annoyance <br /> <br />
  • - infect your users <br /> <br />
  • - if you don’t take the proper measures to counter this, chances are you are <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • -Acquired January <br /> -I’m the founder <br /> -Leverage Websense intelligence <br /> -More than just spam, malicious too <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • Arms race, spam constantly evolves <br />
  • <br />
  • - humans <br /> - robots solve them <br /> - annoy your users, drive them away <br />
  • <br />
  • <br />
  • <br />
  • <br />
  • <br />

User-Generated Content or User-Generated Threat User-Generated Content or User-Generated Threat Presentation Transcript

  • User-Generated Content or User-Generated Threat? The good, the bad and the ugly. Carl Mercier (@cmercier) Director of software development, Websense Founder, Defensio.com cmercier@websense.com O U T S M A R T I N G E V I L S PA M
  • So, what’s UGC? O U T S M A R T I N G E V I L S PA M
  • So, what’s UGC? • Text field? O U T S M A R T I N G E V I L S PA M
  • So, what’s UGC? • Text field? • Submit button? O U T S M A R T I N G E V I L S PA M
  • So, what’s UGC? • Text field? • Submit button? • User content published on the site? O U T S M A R T I N G E V I L S PA M
  • So, what’s UGC? • Text field? • Submit button? • User content published on the site? O U T S M A R T I N G E V I L S PA M
  • So, what’s UGC? • Text field? • Submit button? • User content published on the site? • It’s user-generated content. O U T S M A R T I N G E V I L S PA M
  • Typepad WordPress Blogs Blogger Wikis Wikipedia Movable Type O U T S M A R T I N G E V I L S PA M
  • Twitter LinkedIn Ning Social Networks MySpace Facebook YouTube O U T S M A R T I N G E V I L S PA M
  • Support forums Discusson Forums Google Groups Yahoo! Finance O U T S M A R T I N G E V I L S PA M
  • UGC is GREAT... Encourage it. O U T S M A R T I N G E V I L S PA M
  • It gets your users involved O U T S M A R T I N G E V I L S PA M
  • Builds communities O U T S M A R T I N G E V I L S PA M
  • They’ll want to come back O U T S M A R T I N G E V I L S PA M
  • Users can generate new content faster than you could O U T S M A R T I N G E V I L S PA M
  • But like with many great things of this world, Protect Yourself! O U T S M A R T I N G E V I L S PA M
  • UGC can be a security threat if you don’t recognize it as such O U T S M A R T I N G E V I L S PA M
  • Protection on the web is often overlooked O U T S M A R T I N G E V I L S PA M
  • ~90% of all UGC is unwanted O U T S M A R T I N G E V I L S PA M
  • Is your website at risk? O U T S M A R T I N G E V I L S PA M
  • Is your website at risk? Probably. O U T S M A R T I N G E V I L S PA M
  • 2 big families of unwanted UGC O U T S M A R T I N G E V I L S PA M
  • Viagra Male Enhancement Casino Steroids SPAM Ringtones Vicodin Pr0n Xanax O U T S M A R T I N G E V I L S PA M
  • Phishing Trojans Rogue AV Malicious Content Viruses Worms Fraud O U T S M A R T I N G E V I L S PA M
  • Are you legally liable? O U T S M A R T I N G E V I L S PA M
  • Are you legally liable? Talk to your attorney... O U T S M A R T I N G E V I L S PA M
  • But why? I didn’t do anything wrong! O U T S M A R T I N G E V I L S PA M
  • The Why’s of Bad UGC O U T S M A R T I N G E V I L S PA M
  • The Why’s of Bad UGC • There’s money to be made O U T S M A R T I N G E V I L S PA M
  • The Why’s of Bad UGC • There’s money to be made • Additional vector for spreading Vi@gra, pr0n, ringt0nes O U T S M A R T I N G E V I L S PA M
  • The Why’s of Bad UGC • There’s money to be made • Additional vector for spreading Vi@gra, pr0n, ringt0nes • Inexpensive O U T S M A R T I N G E V I L S PA M
  • The Why’s of Bad UGC • There’s money to be made • Additional vector for spreading Vi@gra, pr0n, ringt0nes • Inexpensive • Less defense vs email: easy to break in O U T S M A R T I N G E V I L S PA M
  • The Why’s of Bad UGC • There’s money to be made • Additional vector for spreading Vi@gra, pr0n, ringt0nes • Inexpensive • Less defense vs email: easy to break in • “Google-Juice” (tm) O U T S M A R T I N G E V I L S PA M
  • Mom... I’m scared! What does Websense do about this? O U T S M A R T I N G E V I L S PA M
  • O U T S M A R T I N G E V I L S PA M Anti-spam service for social web applications O U T S M A R T I N G E V I L S PA M
  • The average semi-active blog O U T S M A R T I N G E V I L S PA M
  • The average semi-active blog • 20,000 to 40,000 unwanted comments posted/ month O U T S M A R T I N G E V I L S PA M
  • The average semi-active blog • 20,000 to 40,000 unwanted comments posted/ month • Over 100,000 spam or malicious URLs O U T S M A R T I N G E V I L S PA M
  • The average semi-active blog • 20,000 to 40,000 unwanted comments posted/ month • Over 100,000 spam or malicious URLs • 5% is phishing or fraud (5,000) O U T S M A R T I N G E V I L S PA M
  • The average semi-active blog • 20,000 to 40,000 unwanted comments posted/ month • Over 100,000 spam or malicious URLs • 5% is phishing or fraud (5,000) • 1% is malicious exploit (1,000) O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world Canada Saudi Ukraine 1.90% 1.90% Brazil 2.24% 2.83% 80% of web spammers China 2.88% are in top 10 countries Sweden 3.35% Russian 4.03% United Kingdom 36.79% Bots & HUMANS are USA 15.22% posting malicious content Germany O U T S M A R T I N G E V I L S PA M 28.86%
  • 1 Month in the Defensio world Chart 13 Dragonara.NET 23.30% 60% of web spammers are in top 20 /16 networks OTHERS 59.66% Top offenders 194.8/16 HetznerOnline 12.03% + 78.46/16 + 89.149/16 = 40% of all web spam INES Telecom 5.01% Dragonara.NET HetznerOnline INES Telecom OTHERS O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world Among top offenders: Rogue AV O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world Among top offenders: Rogue AV O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties • my.barackobama.com O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google • Youtube O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google • Youtube • Microsoft Live O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google • Youtube • Microsoft Live • Yahoo! O U T S M A R T I N G E V I L S PA M
  • 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google • Youtube • Microsoft Live • Yahoo! • LinkedIn O U T S M A R T I N G E V I L S PA M
  • O U T S M A R T I N G E V I L S PA M
  • Posted 15 days ago, links to a site that did not yet exist. Target site registered 13 days ago! O U T S M A R T I N G E V I L S PA M
  • Differences to e-mail spam O U T S M A R T I N G E V I L S PA M
  • Differences to e-mail spam • Follows current events more closely • Barack Obama • Superbowl • NCAA March Madness O U T S M A R T I N G E V I L S PA M
  • Differences to e-mail spam • Follows current events more closely • Barack Obama • Superbowl • NCAA March Madness • Target large web properties • Helps their Google Juice • More people see it O U T S M A R T I N G E V I L S PA M
  • Differences to e-mail spam O U T S M A R T I N G E V I L S PA M
  • Differences to e-mail spam • Use of BOT is less • Outsourced to humans O U T S M A R T I N G E V I L S PA M
  • Differences to e-mail spam • Use of BOT is less • Outsourced to humans • Your site will likely be spammed within 10 days O U T S M A R T I N G E V I L S PA M
  • Differences to e-mail spam • Use of BOT is less • Outsourced to humans • Your site will likely be spammed within 10 days • Higher likelihood to link to malicious, phishing, fraud O U T S M A R T I N G E V I L S PA M
  • Differences to e-mail spam • Use of BOT is less • Outsourced to humans • Your site will likely be spammed within 10 days • Higher likelihood to link to malicious, phishing, fraud • Much less distributed than e-mail spam O U T S M A R T I N G E V I L S PA M
  • Similarities to e-mail spam O U T S M A R T I N G E V I L S PA M
  • Similarities to e-mail spam • Email and web spam often link to the same sites O U T S M A R T I N G E V I L S PA M
  • Similarities to e-mail spam • Email and web spam often link to the same sites • Similar motives, likely same people O U T S M A R T I N G E V I L S PA M
  • Similarities to e-mail spam • Email and web spam often link to the same sites • Similar motives, likely same people • Sometimes use same obfuscation tricks for URLs and hostnames O U T S M A R T I N G E V I L S PA M
  • Ok, I’m convinced. How do I protect myself? O U T S M A R T I N G E V I L S PA M
  • Doing it yourself is a bad idea. O U T S M A R T I N G E V I L S PA M
  • A word about CAPTCHAS... O U T S M A R T I N G E V I L S PA M
  • They DON’T WORK. O U T S M A R T I N G E V I L S PA M
  • You should deal with experts. O U T S M A R T I N G E V I L S PA M
  • LIKE US! ;-) O U T S M A R T I N G E V I L S PA M O U T S M A R T I N G E V I L S PA M
  • LIKE US! ;-) O U T S M A R T I N G E V I L S PA M • www.defensio.com O U T S M A R T I N G E V I L S PA M
  • LIKE US! ;-) O U T S M A R T I N G E V I L S PA M • www.defensio.com • Spam & malicious code protection for your web application O U T S M A R T I N G E V I L S PA M
  • LIKE US! ;-) O U T S M A R T I N G E V I L S PA M • www.defensio.com • Spam & malicious code protection for your web application • Now leveraging Websense’s awesome intelligence O U T S M A R T I N G E V I L S PA M
  • Questions? Twitter: @cmercier & @websense Email: cmercier@websense.com Web: www.defensio.com O U T S M A R T I N G E V I L S PA M