Your SlideShare is downloading. ×
0
Presents a Quarterly Briefing:
Turn the Tables on the Bad Guys, 
      Malware Unmasked
Agenda



Dodi Glenn, Malware Response Manager                             Brian Jack, Lead Security Analyst

            ...
Current Threats
   Significant rise in PDF Exploits



       • In Q4 2009, 80% of in the wild 
         exploits were fro...
Current Threats
                   Target attacks 2009




Source: F‐Secure
Zero‐day Detections
 SunbeltLabs Daily Detections
              18000

              16000

              14000

         ...
Current Threats
 Distribution Vectors

• “Drive‐by”
      Infections are becoming 
      more prevalent 


• Tools to crea...
Current Threats
     What is the typical payload?


• PDF exploits
      Drops rogue AV downloaders or 
      backdoors ie...
Best Practices
Layered Security
• Application Security
      Disable JavaScript 
      support in Adobe 
      Reader
    ...
Turn the Tables 
 Resources

• Free Sunbelt Tools
      Public sandbox
     http://SunbeltSandbox.com
      VIPRE Rescue
 ...
Malware Unmasked
        CWSandbox can analyze almost any file

            Non‐Executables               Executables
    ...
Analyst vs. CWSandbox
              Analyst                     CWSandbox
 • Multiple Applications      • 1 Application 
 ...
Contact Us: oemsales@sunbeltsoftware.com
                    CWSandbox: http://www.sunbeltsandbox.com
            Sunbelt ...
Upcoming SlideShare
Loading in...5
×

SunbeltLabs Quarterly Briefing Malware Unmasked

333

Published on

SunbeltLabs

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
333
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "SunbeltLabs Quarterly Briefing Malware Unmasked"

  1. 1. Presents a Quarterly Briefing: Turn the Tables on the Bad Guys,  Malware Unmasked
  2. 2. Agenda Dodi Glenn, Malware Response Manager Brian Jack, Lead Security Analyst • Current threats, what's prevalent Some of the most dangerous and complicated threats in the wild • How application vulnerabilities leaves the door open Malicious PDFs & rogue AV • Best Practices‐Protection and Remediation How to protect your network Using tools like Sunbelt’s CWSandbox™ as part of a cyberdefense strategy  for  your enterprise • Q & A
  3. 3. Current Threats Significant rise in PDF Exploits • In Q4 2009, 80% of in the wild  exploits were from PDFs¹ • 20 Software Flaws (CVE) issued for  Adobe Reader for the past 3  months² ¹ ScanSafe ²Nist.Gov
  4. 4. Current Threats Target attacks 2009 Source: F‐Secure
  5. 5. Zero‐day Detections SunbeltLabs Daily Detections 18000 16000 14000 12000 Samples 10000 Total  Daily Detections Detected Using CWSandbox 8000 Detected By AV Scanners 6000 4000 2000 0 1 2 3 4 Day
  6. 6. Current Threats Distribution Vectors • “Drive‐by” Infections are becoming  more prevalent  • Tools to create malicious  PDFs Readily available online • Exploit kits YES, Eleonore, and  Neosploit Purchasing on black market  & require little to no  programming skills to  operate
  7. 7. Current Threats What is the typical payload? • PDF exploits Drops rogue AV downloaders or  backdoors ie. Zbot • Specific rogues Antispyware Soft and Digital  Protection are distributed by  malicious PDFs • Antispyware Soft changes proxy  settings Routing traffic to malware’s C & C
  8. 8. Best Practices Layered Security • Application Security Disable JavaScript  support in Adobe  Reader Disable “PDF in  Browser” • OS Security Machines are updated  and patched • Use Anti‐virus AV software is  installed and updated
  9. 9. Turn the Tables  Resources • Free Sunbelt Tools Public sandbox http://SunbeltSandbox.com VIPRE Rescue http://live.sunbeltsoftware.com • SunbeltLabs Licensed Tools CWSandbox‐in house  analysis ThreatTrack™‐data feeds
  10. 10. Malware Unmasked CWSandbox can analyze almost any file Non‐Executables Executables •Flash •pdf •gif •exe •HTML •doc  •mp3 •bat •JavaScript •xls •wmv •dll •JavaApplets •ppt •avi •com •URLs •mdb Extensive logging and reporting of all analysis data:
  11. 11. Analyst vs. CWSandbox Analyst CWSandbox • Multiple Applications  • 1 Application  • Multiple Reports • 1 Report • ½ Hour – Days per Sample • Parseable reports • Multiple Platform Comparisons • 1 – 3 Minutes per Sample • Searchable Repository
  12. 12. Contact Us: oemsales@sunbeltsoftware.com CWSandbox: http://www.sunbeltsandbox.com Sunbelt Software: http://www.sunbeltsoftware.com © 2010 Sunbelt Software Inc. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×