Learn which members of the community are the most vulnerable to cybercrime and view examples of the the latest online threats - including Exploit Toolkits, Second Click Redirection, Fake AV, Ransomware and Printed Malware.

1. AVG.COM.AU
AVG.CO.NZ
The Endless Wave of Online Threats – Protecting our
Community
Michael McKinnon – Security Advisor, AVG (AU/NZ)
An Avalanche Technology Group company

2. Presentation Overview
• Overview of the AVG Community Protection Network
• Details and examples of the latest online threats:
• Web threats
• PC threats
• Mobile threats
• Printed malware
• Trends & issues
2

3. About AVG
• Best known globally for AVG Anti-Virus FREE
• Over 114 million active users, as of May 2012
• Windows based end-point security
• Consumer market
• SMB (typically up to 200)
• Mobile security product for the Android™ platform –
AVG Mobilation
• Other research
• AVG Digital Diaries – www.avgdigitaldiaries.com/
3

4. In our community, who are the most
vulnerable internet users?

5. Future Generations
5

6. Mature Generations
6

7. AVG Community Protection Network
7

8. AVG Community Protection Network
• User is asked whether they would like to opt-in during
the installation process of their AVG product
• Operating since the start of 2011
8

9. Web Threats
• Overview
• Exploit Toolkits (Blackhole)
• Second Click Redirect Mechanism
9

10. Web Threats - Overview
10

11. Blackhole Toolkit – What is it?
• Web based, distribution system for exploits and
malware; runs on a private or compromised server
11

12. Blackhole Toolkit – Targets many platforms
• Allows them to target many platforms, including Mac!
12

13. Blackhole Toolkit – Features & Facts
• Interesting features:
• Geo-IP detection & distribution
• Built-in anti-virus scanning, re-obfuscation upon detection
• Facts:
• In Q4 2011, it accounted for 80.2% of all known toolkits being used
• Exploit toolkits account for 58% of threat activity on malicious websites
13

14. Second Click Redirection – What is it?
• Scripting technique for distributing malware
• User visits a site, typically with thumbnail images (video content, photos etc.)
• Cookie is set on first click, link goes to intended site
• If visitor returns, on second click, redirected to a fake anti-virus scan page –
user tricked into installing fake anti-virus software (know as Fake AV)
• Subsequent clicks, link goes back to intended site
• AVG Community Protection Network detected ~8 million pages doing this,
mostly from ~1700 domains
14

15. Second Click Redirection – Fake AV Webpage
15

16. Second Click Redirection – Top 25 Domains
16

17. Second Click Redirection – Site Owners
17

18. PC Threats
• Fake AV – Security Shield, System Fix etc.
• Ransomware
18

19. Fake AV – What is it?
• Our support team has been helping clean up the
following Fake AVs for customers:
• Security Shield
• System Fix
• XP Antivirus 2012
• Internet Security 2012
• Let’s have a look at what they can do…
19

20. Fake AV – Fake “Blue Screen of Death”
20

21. Fake AV – Nag screens and pop-ups
21

22. Ransomware – What is it?
• Has been observed being served up by blackhole
toolkits
• Unlike Fake AV – this malicious code just locks up your
computer and demands money!
• Usually pretends to be
from the Government or
a law enforcement
agency
22

23. Ransomware – Your PC has been seized!
23

24. Email Scams – Still prevalent, but declining
24

25. Spammers are becoming Facebook scammers
• Global spam levels are decreasing
• Scammers are now using Facebook, which provides:
• Instant access to 900+ million users
• Built-in word of mouth provides viral spread
• Default “trust” with Facebook is still high
• Some people think that Facebook
*is* the internet
• Gen-Y using messaging apps more
than email
25

26. Mobile Threats
• Stolen private encryption keys for developer certificates
• Premium SMS scams making money in Europe
26

27. Mobile Threats – Rogue Apps & Rootkits
• In Q4 2011, AVG reported the emergence of rogue “signed”
applications available in the Android™ Marketplace
• Signed with stolen/leaked digital certificates
• Permission prompts on Android™ is weak – doesn’t make the user
think at all
• Risks are mostly around spying and premium SMS
• Google has recently announced they are scanning apps in the
Marketplace with “Bouncer”
27

28. Printed Malware
• QR Codes
28

29. Printed Malware – QR Codes
29

30. Printed Malware – QR Codes
• Just like URL shorteners (like bit.ly for example), QR
codes don’t reveal anything themselves until you
use them
• In Q4 2011, we observed a QR code being used in a
Russian forum website that linked to a malicious
mobile app
• These are something to keep our focus
on, especially with large, well-known, trusted
brands starting to use them for marketing
30

31. Trends & Issues
• Motives – data or money?
• Could better reporting of cybercrime reduce it?
31

32. Motives – Data or Money?
• Lots of talk about information theft – protecting
corporate data
• Our data, at the consumer and SMB space
indicates, there are much more basic motives at play
• Money making scams:
• Digital extortion (Fake AV)
• Other fraud (banking Trojans)
• Clearly, just as there are vendors operating in different
markets, there are cybercriminals also specialising in
different markets
32

33. Can reporting cybercrime reduce it?
• Verizon DBIR 2011
• Shows large reduction of data breaches reported
• Enterprises becoming very good at reporting incidents
when they occur
• Consumers and small businesses still left in the dark
and MOST low-level crimes continue to go unreported
• High volume of small incidents – what do these add up
to in terms of lost time/productivity?
33

34. Thank You!
Connect with us to stay up to date with the latest
news and information about online threats and scams.
We also provide simple and useful security
tips, designed to keep our community safe.
Come and say hello!
avg.com.au facebook.com/avgaunz
avg.co.nz
twitter.com/avgaunz
Copyright © 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved.
34