This is the baseline; nowadays, doing it is the cost of doing business.
Here we have the list of leading vulnerable applications in 2012. We know, with a very good confidence level, that we’ll have similar numbers this year as well.
Documents leaked from “Syrian Ministry of Foreign Affairs” by a branch of Anonymous called “Par:AnoIA” (new wikileak site)One of the document contains an exploit for CVE-2010-0188 Once exploited, it connects to a C&C (over SSL) an awaits for commands from the C&C master.0x1: System Identification, 0x4: Run Updater, 0x5: Disable Autorun , 0x6: Interactive Shell, 0x7: File Manager, 0x16: Change connection delay4.This exploit is wide spread, but the specific implementation is very rare (Seen <150 times worldwide)5. The exploit also spawns a new PDF process and shows a picture of a document, this is so the end-user would not suspect that anything happen.Source: http://www.securelist.com/en/blog/774/A_Targeted_Attack_Against_The_Syrian_Ministry_of_Foreign_Affairs
The fake picture that is opened in a new process – gives the user a sense that everything is fine.Talk about who is the target? It can be the Syrian ministry, but it also can be someone who’s expected to open the leaked document (we don’t know if it was infected originally)Source: http://www.securelist.com/en/blog/774/A_Targeted_Attack_Against_The_Syrian_Ministry_of_Foreign_Affairs
The malicious attachment can be the Syrian attack, but also a much more common attack
1. Small joke – you give the file to a monkey to eat - not
Regarding performance – talk about the fact that computers have Anti-VM detection capabilities – we try to detect that the malware is checking whether it is running on a VM, rather than trying to mimic a physical computer perfectly
See this slide as optional if time is borderline
Not only Threat Emulation customers enjoy Threat Emulation, but all of the participants of the Threat Cloud
Talk about the value of the Check Point SSL inspection integration – expert solutions which don’t includes this capability are as easy to pass
An average of 70,000 to 100,000 new malware samples are created and distributed each day, often through automated, "polymorphic" programs that automatically alter malware into a new, previously unseen form factor each time it is delivered. Oct 15, 2012Dark Reading