4. Some numbers…
30k new malicious URLs each day
80% legitimate webs
Sources:
• http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf
• http://www.barracudalabs.com/wordpress/index.php/2012/03/28/maliciousness-in-top-ranked-alexa-domains/
2 popular websites (alexa TOP 25k)
Drive by downloads
• http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf
7. WEB SECURITY IS BECOMING MORE
CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-service
http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
8. WEB SECURITY IS BECOMING MORE
CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-service
http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
9. WEB SECURITY IS BECOMING MORE
CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-service
http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
10. WEB SECURITY IS BECOMING MORE
CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-service
http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
11. WEB SECURITY IS BECOMING MORE
CHALLENGING
Source: Manufacturing compromise: The emergence of Exploit-as-a-service
http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
12. HOW LONG malicious?
Source: Manufacturing compromise: The emergence of Exploit-as-a-service
http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
2.5h average lifetime
13. HOW LONG malicious?
Source: Manufacturing compromise: The emergence of Exploit-as-a-service
http://cseweb.ucsd.edu/~voelker/pubs/eaas-ccs12.pdf
2.5h average lifetime44 daysaverage lifetime
compromised?
52. Desenmascara.me features:
• Show a security awareness value
• Infrastructure details in plain words
• Suspicious iframes
• Check website blacklisted
• Ranking best websites
57. Thank you!
“I’ve seen estimates that over 99% of all
internet attacks could be prevented if the web
systems administrators would just use the most
current versions”
Bruche Schneier on <Secrets & Lies>
“Webmasters need to ensure that
their websites are running good code
that isn’t open to exploitation”
Ian Fette, Google Security Team