User-Generated Content or User-Generated Threat

809
-1

Published on

April 16, 2009, Western Canada Information Security Conference, Winnipeg, MB, Canada

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
809
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide













  • Most Web 2.0 properties rely on UGC, helps virality
    ex: Facebook, Youtube, Digg



  • when people think of spam and mal. url distribution

    criminals not only use email to send URL, but web as well

    Content sometimes similar, sometimes different


  • - Mal. code authors take advantage of weaknesses in web content control
    - Unless you actively protect, you’re vulnerable
    - Custom solutions don’t work well: never-ending arms race
    - ex: blocking viagra in email


  • - a big annoyance

  • - infect your users

  • - if you don’t take the proper measures to counter this, chances are you are







  • -Acquired January
    -I’m the founder
    -Leverage Websense intelligence
    -More than just spam, malicious too




























  • Arms race, spam constantly evolves

  • - humans
    - robots solve them
    - annoy your users, drive them away





  • User-Generated Content or User-Generated Threat

    1. 1. User-Generated Content or User-Generated Threat? The good, the bad and the ugly. Carl Mercier (@cmercier) Director of software development, Websense Founder, Defensio.com cmercier@websense.com O U T S M A R T I N G E V I L S PA M
    2. 2. So, what’s UGC? O U T S M A R T I N G E V I L S PA M
    3. 3. So, what’s UGC? • Text field? O U T S M A R T I N G E V I L S PA M
    4. 4. So, what’s UGC? • Text field? • Submit button? O U T S M A R T I N G E V I L S PA M
    5. 5. So, what’s UGC? • Text field? • Submit button? • User content published on the site? O U T S M A R T I N G E V I L S PA M
    6. 6. So, what’s UGC? • Text field? • Submit button? • User content published on the site? O U T S M A R T I N G E V I L S PA M
    7. 7. So, what’s UGC? • Text field? • Submit button? • User content published on the site? • It’s user-generated content. O U T S M A R T I N G E V I L S PA M
    8. 8. Typepad WordPress Blogs Blogger Wikis Wikipedia Movable Type O U T S M A R T I N G E V I L S PA M
    9. 9. Twitter LinkedIn Ning Social Networks MySpace Facebook YouTube O U T S M A R T I N G E V I L S PA M
    10. 10. Support forums Discusson Forums Google Groups Yahoo! Finance O U T S M A R T I N G E V I L S PA M
    11. 11. UGC is GREAT... Encourage it. O U T S M A R T I N G E V I L S PA M
    12. 12. It gets your users involved O U T S M A R T I N G E V I L S PA M
    13. 13. Builds communities O U T S M A R T I N G E V I L S PA M
    14. 14. They’ll want to come back O U T S M A R T I N G E V I L S PA M
    15. 15. Users can generate new content faster than you could O U T S M A R T I N G E V I L S PA M
    16. 16. But like with many great things of this world, Protect Yourself! O U T S M A R T I N G E V I L S PA M
    17. 17. UGC can be a security threat if you don’t recognize it as such O U T S M A R T I N G E V I L S PA M
    18. 18. Protection on the web is often overlooked O U T S M A R T I N G E V I L S PA M
    19. 19. ~90% of all UGC is unwanted O U T S M A R T I N G E V I L S PA M
    20. 20. Is your website at risk? O U T S M A R T I N G E V I L S PA M
    21. 21. Is your website at risk? Probably. O U T S M A R T I N G E V I L S PA M
    22. 22. 2 big families of unwanted UGC O U T S M A R T I N G E V I L S PA M
    23. 23. Viagra Male Enhancement Casino Steroids SPAM Ringtones Vicodin Pr0n Xanax O U T S M A R T I N G E V I L S PA M
    24. 24. Phishing Trojans Rogue AV Malicious Content Viruses Worms Fraud O U T S M A R T I N G E V I L S PA M
    25. 25. Are you legally liable? O U T S M A R T I N G E V I L S PA M
    26. 26. Are you legally liable? Talk to your attorney... O U T S M A R T I N G E V I L S PA M
    27. 27. But why? I didn’t do anything wrong! O U T S M A R T I N G E V I L S PA M
    28. 28. The Why’s of Bad UGC O U T S M A R T I N G E V I L S PA M
    29. 29. The Why’s of Bad UGC • There’s money to be made O U T S M A R T I N G E V I L S PA M
    30. 30. The Why’s of Bad UGC • There’s money to be made • Additional vector for spreading Vi@gra, pr0n, ringt0nes O U T S M A R T I N G E V I L S PA M
    31. 31. The Why’s of Bad UGC • There’s money to be made • Additional vector for spreading Vi@gra, pr0n, ringt0nes • Inexpensive O U T S M A R T I N G E V I L S PA M
    32. 32. The Why’s of Bad UGC • There’s money to be made • Additional vector for spreading Vi@gra, pr0n, ringt0nes • Inexpensive • Less defense vs email: easy to break in O U T S M A R T I N G E V I L S PA M
    33. 33. The Why’s of Bad UGC • There’s money to be made • Additional vector for spreading Vi@gra, pr0n, ringt0nes • Inexpensive • Less defense vs email: easy to break in • “Google-Juice” (tm) O U T S M A R T I N G E V I L S PA M
    34. 34. Mom... I’m scared! What does Websense do about this? O U T S M A R T I N G E V I L S PA M
    35. 35. O U T S M A R T I N G E V I L S PA M Anti-spam service for social web applications O U T S M A R T I N G E V I L S PA M
    36. 36. The average semi-active blog O U T S M A R T I N G E V I L S PA M
    37. 37. The average semi-active blog • 20,000 to 40,000 unwanted comments posted/ month O U T S M A R T I N G E V I L S PA M
    38. 38. The average semi-active blog • 20,000 to 40,000 unwanted comments posted/ month • Over 100,000 spam or malicious URLs O U T S M A R T I N G E V I L S PA M
    39. 39. The average semi-active blog • 20,000 to 40,000 unwanted comments posted/ month • Over 100,000 spam or malicious URLs • 5% is phishing or fraud (5,000) O U T S M A R T I N G E V I L S PA M
    40. 40. The average semi-active blog • 20,000 to 40,000 unwanted comments posted/ month • Over 100,000 spam or malicious URLs • 5% is phishing or fraud (5,000) • 1% is malicious exploit (1,000) O U T S M A R T I N G E V I L S PA M
    41. 41. 1 Month in the Defensio world Canada Saudi Ukraine 1.90% 1.90% Brazil 2.24% 2.83% 80% of web spammers China 2.88% are in top 10 countries Sweden 3.35% Russian 4.03% United Kingdom 36.79% Bots & HUMANS are USA 15.22% posting malicious content Germany O U T S M A R T I N G E V I L S PA M 28.86%
    42. 42. 1 Month in the Defensio world Chart 13 Dragonara.NET 23.30% 60% of web spammers are in top 20 /16 networks OTHERS 59.66% Top offenders 194.8/16 HetznerOnline 12.03% + 78.46/16 + 89.149/16 = 40% of all web spam INES Telecom 5.01% Dragonara.NET HetznerOnline INES Telecom OTHERS O U T S M A R T I N G E V I L S PA M
    43. 43. 1 Month in the Defensio world Among top offenders: Rogue AV O U T S M A R T I N G E V I L S PA M
    44. 44. 1 Month in the Defensio world Among top offenders: Rogue AV O U T S M A R T I N G E V I L S PA M
    45. 45. 1 Month in the Defensio world O U T S M A R T I N G E V I L S PA M
    46. 46. 1 Month in the Defensio world • Targets top web properties O U T S M A R T I N G E V I L S PA M
    47. 47. 1 Month in the Defensio world • Targets top web properties • my.barackobama.com O U T S M A R T I N G E V I L S PA M
    48. 48. 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg O U T S M A R T I N G E V I L S PA M
    49. 49. 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures O U T S M A R T I N G E V I L S PA M
    50. 50. 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google O U T S M A R T I N G E V I L S PA M
    51. 51. 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google • Youtube O U T S M A R T I N G E V I L S PA M
    52. 52. 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google • Youtube • Microsoft Live O U T S M A R T I N G E V I L S PA M
    53. 53. 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google • Youtube • Microsoft Live • Yahoo! O U T S M A R T I N G E V I L S PA M
    54. 54. 1 Month in the Defensio world • Targets top web properties • my.barackobama.com • Digg • Sony Pictures • Google • Youtube • Microsoft Live • Yahoo! • LinkedIn O U T S M A R T I N G E V I L S PA M
    55. 55. O U T S M A R T I N G E V I L S PA M
    56. 56. Posted 15 days ago, links to a site that did not yet exist. Target site registered 13 days ago! O U T S M A R T I N G E V I L S PA M
    57. 57. Differences to e-mail spam O U T S M A R T I N G E V I L S PA M
    58. 58. Differences to e-mail spam • Follows current events more closely • Barack Obama • Superbowl • NCAA March Madness O U T S M A R T I N G E V I L S PA M
    59. 59. Differences to e-mail spam • Follows current events more closely • Barack Obama • Superbowl • NCAA March Madness • Target large web properties • Helps their Google Juice • More people see it O U T S M A R T I N G E V I L S PA M
    60. 60. Differences to e-mail spam O U T S M A R T I N G E V I L S PA M
    61. 61. Differences to e-mail spam • Use of BOT is less • Outsourced to humans O U T S M A R T I N G E V I L S PA M
    62. 62. Differences to e-mail spam • Use of BOT is less • Outsourced to humans • Your site will likely be spammed within 10 days O U T S M A R T I N G E V I L S PA M
    63. 63. Differences to e-mail spam • Use of BOT is less • Outsourced to humans • Your site will likely be spammed within 10 days • Higher likelihood to link to malicious, phishing, fraud O U T S M A R T I N G E V I L S PA M
    64. 64. Differences to e-mail spam • Use of BOT is less • Outsourced to humans • Your site will likely be spammed within 10 days • Higher likelihood to link to malicious, phishing, fraud • Much less distributed than e-mail spam O U T S M A R T I N G E V I L S PA M
    65. 65. Similarities to e-mail spam O U T S M A R T I N G E V I L S PA M
    66. 66. Similarities to e-mail spam • Email and web spam often link to the same sites O U T S M A R T I N G E V I L S PA M
    67. 67. Similarities to e-mail spam • Email and web spam often link to the same sites • Similar motives, likely same people O U T S M A R T I N G E V I L S PA M
    68. 68. Similarities to e-mail spam • Email and web spam often link to the same sites • Similar motives, likely same people • Sometimes use same obfuscation tricks for URLs and hostnames O U T S M A R T I N G E V I L S PA M
    69. 69. Ok, I’m convinced. How do I protect myself? O U T S M A R T I N G E V I L S PA M
    70. 70. Doing it yourself is a bad idea. O U T S M A R T I N G E V I L S PA M
    71. 71. A word about CAPTCHAS... O U T S M A R T I N G E V I L S PA M
    72. 72. They DON’T WORK. O U T S M A R T I N G E V I L S PA M
    73. 73. You should deal with experts. O U T S M A R T I N G E V I L S PA M
    74. 74. LIKE US! ;-) O U T S M A R T I N G E V I L S PA M O U T S M A R T I N G E V I L S PA M
    75. 75. LIKE US! ;-) O U T S M A R T I N G E V I L S PA M • www.defensio.com O U T S M A R T I N G E V I L S PA M
    76. 76. LIKE US! ;-) O U T S M A R T I N G E V I L S PA M • www.defensio.com • Spam & malicious code protection for your web application O U T S M A R T I N G E V I L S PA M
    77. 77. LIKE US! ;-) O U T S M A R T I N G E V I L S PA M • www.defensio.com • Spam & malicious code protection for your web application • Now leveraging Websense’s awesome intelligence O U T S M A R T I N G E V I L S PA M
    78. 78. Questions? Twitter: @cmercier & @websense Email: cmercier@websense.com Web: www.defensio.com O U T S M A R T I N G E V I L S PA M

    ×