SunbeltLabs Quarterly Briefing Malware Unmasked
Upcoming SlideShare
Loading in...5
×
 

SunbeltLabs Quarterly Briefing Malware Unmasked

on

  • 421 views

SunbeltLabs

SunbeltLabs

Statistics

Views

Total Views
421
Views on SlideShare
409
Embed Views
12

Actions

Likes
0
Downloads
5
Comments
0

1 Embed 12

http://www.lmodules.com 12

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

SunbeltLabs Quarterly Briefing Malware Unmasked SunbeltLabs Quarterly Briefing Malware Unmasked Presentation Transcript

  • Presents a Quarterly Briefing: Turn the Tables on the Bad Guys,  Malware Unmasked
  • Agenda Dodi Glenn, Malware Response Manager Brian Jack, Lead Security Analyst • Current threats, what's prevalent Some of the most dangerous and complicated threats in the wild • How application vulnerabilities leaves the door open Malicious PDFs & rogue AV • Best Practices‐Protection and Remediation How to protect your network Using tools like Sunbelt’s CWSandbox™ as part of a cyberdefense strategy  for  your enterprise • Q & A
  • Current Threats Significant rise in PDF Exploits • In Q4 2009, 80% of in the wild  exploits were from PDFs¹ • 20 Software Flaws (CVE) issued for  Adobe Reader for the past 3  months² ¹ ScanSafe ²Nist.Gov
  • Current Threats Target attacks 2009 Source: F‐Secure
  • Zero‐day Detections SunbeltLabs Daily Detections 18000 16000 14000 12000 Samples 10000 Total  Daily Detections Detected Using CWSandbox 8000 Detected By AV Scanners 6000 4000 2000 0 1 2 3 4 Day
  • Current Threats Distribution Vectors • “Drive‐by” Infections are becoming  more prevalent  • Tools to create malicious  PDFs Readily available online • Exploit kits YES, Eleonore, and  Neosploit Purchasing on black market  & require little to no  programming skills to  operate
  • Current Threats What is the typical payload? • PDF exploits Drops rogue AV downloaders or  backdoors ie. Zbot • Specific rogues Antispyware Soft and Digital  Protection are distributed by  malicious PDFs • Antispyware Soft changes proxy  settings Routing traffic to malware’s C & C
  • Best Practices Layered Security • Application Security Disable JavaScript  support in Adobe  Reader Disable “PDF in  Browser” • OS Security Machines are updated  and patched • Use Anti‐virus AV software is  installed and updated
  • Turn the Tables  Resources • Free Sunbelt Tools Public sandbox http://SunbeltSandbox.com VIPRE Rescue http://live.sunbeltsoftware.com • SunbeltLabs Licensed Tools CWSandbox‐in house  analysis ThreatTrack™‐data feeds
  • Malware Unmasked CWSandbox can analyze almost any file Non‐Executables Executables •Flash •pdf •gif •exe •HTML •doc  •mp3 •bat •JavaScript •xls •wmv •dll •JavaApplets •ppt •avi •com •URLs •mdb Extensive logging and reporting of all analysis data:
  • Analyst vs. CWSandbox Analyst CWSandbox • Multiple Applications  • 1 Application  • Multiple Reports • 1 Report • ½ Hour – Days per Sample • Parseable reports • Multiple Platform Comparisons • 1 – 3 Minutes per Sample • Searchable Repository
  • Contact Us: oemsales@sunbeltsoftware.com CWSandbox: http://www.sunbeltsandbox.com Sunbelt Software: http://www.sunbeltsoftware.com © 2010 Sunbelt Software Inc. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.