Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Endless Wave of Online Threats - Protecting our Community


Published on

Learn which members of the community are the most vulnerable to cybercrime and view examples of the the latest online threats - including Exploit Toolkits, Second Click Redirection, Fake AV, Ransomware and Printed Malware.

Published in: Technology
  • Be the first to comment

The Endless Wave of Online Threats - Protecting our Community

  1. 1. AVG.COM.AUAVG.CO.NZThe Endless Wave of Online Threats – Protecting ourCommunityMichael McKinnon – Security Advisor, AVG (AU/NZ) An Avalanche Technology Group company
  2. 2. Presentation Overview• Overview of the AVG Community Protection Network• Details and examples of the latest online threats: • Web threats • PC threats • Mobile threats • Printed malware• Trends & issues 2
  3. 3. About AVG• Best known globally for AVG Anti-Virus FREE• Over 114 million active users, as of May 2012• Windows based end-point security • Consumer market • SMB (typically up to 200)• Mobile security product for the Android™ platform – AVG Mobilation• Other research • AVG Digital Diaries – 3
  4. 4. In our community, who are the mostvulnerable internet users?
  5. 5. Future Generations 5
  6. 6. Mature Generations 6
  7. 7. AVG Community Protection Network 7
  8. 8. AVG Community Protection Network• User is asked whether they would like to opt-in during the installation process of their AVG product• Operating since the start of 2011 8
  9. 9. Web Threats• Overview• Exploit Toolkits (Blackhole)• Second Click Redirect Mechanism 9
  10. 10. Web Threats - Overview 10
  11. 11. Blackhole Toolkit – What is it?• Web based, distribution system for exploits and malware; runs on a private or compromised server 11
  12. 12. Blackhole Toolkit – Targets many platforms• Allows them to target many platforms, including Mac! 12
  13. 13. Blackhole Toolkit – Features & Facts• Interesting features: • Geo-IP detection & distribution • Built-in anti-virus scanning, re-obfuscation upon detection• Facts: • In Q4 2011, it accounted for 80.2% of all known toolkits being used • Exploit toolkits account for 58% of threat activity on malicious websites 13
  14. 14. Second Click Redirection – What is it?• Scripting technique for distributing malware• User visits a site, typically with thumbnail images (video content, photos etc.)• Cookie is set on first click, link goes to intended site• If visitor returns, on second click, redirected to a fake anti-virus scan page – user tricked into installing fake anti-virus software (know as Fake AV)• Subsequent clicks, link goes back to intended site• AVG Community Protection Network detected ~8 million pages doing this, mostly from ~1700 domains 14
  15. 15. Second Click Redirection – Fake AV Webpage 15
  16. 16. Second Click Redirection – Top 25 Domains 16
  17. 17. Second Click Redirection – Site Owners 17
  18. 18. PC Threats• Fake AV – Security Shield, System Fix etc.• Ransomware 18
  19. 19. Fake AV – What is it?• Our support team has been helping clean up the following Fake AVs for customers: • Security Shield • System Fix • XP Antivirus 2012 • Internet Security 2012• Let’s have a look at what they can do… 19
  20. 20. Fake AV – Fake “Blue Screen of Death” 20
  21. 21. Fake AV – Nag screens and pop-ups 21
  22. 22. Ransomware – What is it?• Has been observed being served up by blackhole toolkits• Unlike Fake AV – this malicious code just locks up your computer and demands money!• Usually pretends to be from the Government or a law enforcement agency 22
  23. 23. Ransomware – Your PC has been seized! 23
  24. 24. Email Scams – Still prevalent, but declining 24
  25. 25. Spammers are becoming Facebook scammers• Global spam levels are decreasing• Scammers are now using Facebook, which provides: • Instant access to 900+ million users • Built-in word of mouth provides viral spread • Default “trust” with Facebook is still high • Some people think that Facebook *is* the internet • Gen-Y using messaging apps more than email 25
  26. 26. Mobile Threats• Stolen private encryption keys for developer certificates• Premium SMS scams making money in Europe 26
  27. 27. Mobile Threats – Rogue Apps & Rootkits• In Q4 2011, AVG reported the emergence of rogue “signed” applications available in the Android™ Marketplace• Signed with stolen/leaked digital certificates• Permission prompts on Android™ is weak – doesn’t make the user think at all• Risks are mostly around spying and premium SMS• Google has recently announced they are scanning apps in the Marketplace with “Bouncer” 27
  28. 28. Printed Malware• QR Codes 28
  29. 29. Printed Malware – QR Codes 29
  30. 30. Printed Malware – QR Codes• Just like URL shorteners (like for example), QR codes don’t reveal anything themselves until you use them• In Q4 2011, we observed a QR code being used in a Russian forum website that linked to a malicious mobile app• These are something to keep our focus on, especially with large, well-known, trusted brands starting to use them for marketing 30
  31. 31. Trends & Issues• Motives – data or money?• Could better reporting of cybercrime reduce it? 31
  32. 32. Motives – Data or Money?• Lots of talk about information theft – protecting corporate data• Our data, at the consumer and SMB space indicates, there are much more basic motives at play• Money making scams: • Digital extortion (Fake AV) • Other fraud (banking Trojans)• Clearly, just as there are vendors operating in different markets, there are cybercriminals also specialising in different markets 32
  33. 33. Can reporting cybercrime reduce it?• Verizon DBIR 2011 • Shows large reduction of data breaches reported• Enterprises becoming very good at reporting incidents when they occur• Consumers and small businesses still left in the dark and MOST low-level crimes continue to go unreported• High volume of small incidents – what do these add up to in terms of lost time/productivity? 33
  34. 34. Thank You! Connect with us to stay up to date with the latest news and information about online threats and scams. We also provide simple and useful security tips, designed to keep our community safe. Come and say hello! Copyright © 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved. 34