Learn which members of the community are the most vulnerable to cybercrime and view examples of the the latest online threats - including Exploit Toolkits, Second Click Redirection, Fake AV, Ransomware and Printed Malware.
The Endless Wave of Online Threats - Protecting our Community
1. AVG.COM.AU
AVG.CO.NZ
The Endless Wave of Online Threats – Protecting our
Community
Michael McKinnon – Security Advisor, AVG (AU/NZ)
An Avalanche Technology Group company
2. Presentation Overview
• Overview of the AVG Community Protection Network
• Details and examples of the latest online threats:
• Web threats
• PC threats
• Mobile threats
• Printed malware
• Trends & issues
2
3. About AVG
• Best known globally for AVG Anti-Virus FREE
• Over 114 million active users, as of May 2012
• Windows based end-point security
• Consumer market
• SMB (typically up to 200)
• Mobile security product for the Android™ platform –
AVG Mobilation
• Other research
• AVG Digital Diaries – www.avgdigitaldiaries.com/
3
8. AVG Community Protection Network
• User is asked whether they would like to opt-in during
the installation process of their AVG product
• Operating since the start of 2011
8
9. Web Threats
• Overview
• Exploit Toolkits (Blackhole)
• Second Click Redirect Mechanism
9
11. Blackhole Toolkit – What is it?
• Web based, distribution system for exploits and
malware; runs on a private or compromised server
11
12. Blackhole Toolkit – Targets many platforms
• Allows them to target many platforms, including Mac!
12
13. Blackhole Toolkit – Features & Facts
• Interesting features:
• Geo-IP detection & distribution
• Built-in anti-virus scanning, re-obfuscation upon detection
• Facts:
• In Q4 2011, it accounted for 80.2% of all known toolkits being used
• Exploit toolkits account for 58% of threat activity on malicious websites
13
14. Second Click Redirection – What is it?
• Scripting technique for distributing malware
• User visits a site, typically with thumbnail images (video content, photos etc.)
• Cookie is set on first click, link goes to intended site
• If visitor returns, on second click, redirected to a fake anti-virus scan page –
user tricked into installing fake anti-virus software (know as Fake AV)
• Subsequent clicks, link goes back to intended site
• AVG Community Protection Network detected ~8 million pages doing this,
mostly from ~1700 domains
14
18. PC Threats
• Fake AV – Security Shield, System Fix etc.
• Ransomware
18
19. Fake AV – What is it?
• Our support team has been helping clean up the
following Fake AVs for customers:
• Security Shield
• System Fix
• XP Antivirus 2012
• Internet Security 2012
• Let’s have a look at what they can do…
19
22. Ransomware – What is it?
• Has been observed being served up by blackhole
toolkits
• Unlike Fake AV – this malicious code just locks up your
computer and demands money!
• Usually pretends to be
from the Government or
a law enforcement
agency
22
25. Spammers are becoming Facebook scammers
• Global spam levels are decreasing
• Scammers are now using Facebook, which provides:
• Instant access to 900+ million users
• Built-in word of mouth provides viral spread
• Default “trust” with Facebook is still high
• Some people think that Facebook
*is* the internet
• Gen-Y using messaging apps more
than email
25
26. Mobile Threats
• Stolen private encryption keys for developer certificates
• Premium SMS scams making money in Europe
26
27. Mobile Threats – Rogue Apps & Rootkits
• In Q4 2011, AVG reported the emergence of rogue “signed”
applications available in the Android™ Marketplace
• Signed with stolen/leaked digital certificates
• Permission prompts on Android™ is weak – doesn’t make the user
think at all
• Risks are mostly around spying and premium SMS
• Google has recently announced they are scanning apps in the
Marketplace with “Bouncer”
27
30. Printed Malware – QR Codes
• Just like URL shorteners (like bit.ly for example), QR
codes don’t reveal anything themselves until you
use them
• In Q4 2011, we observed a QR code being used in a
Russian forum website that linked to a malicious
mobile app
• These are something to keep our focus
on, especially with large, well-known, trusted
brands starting to use them for marketing
30
31. Trends & Issues
• Motives – data or money?
• Could better reporting of cybercrime reduce it?
31
32. Motives – Data or Money?
• Lots of talk about information theft – protecting
corporate data
• Our data, at the consumer and SMB space
indicates, there are much more basic motives at play
• Money making scams:
• Digital extortion (Fake AV)
• Other fraud (banking Trojans)
• Clearly, just as there are vendors operating in different
markets, there are cybercriminals also specialising in
different markets
32
33. Can reporting cybercrime reduce it?
• Verizon DBIR 2011
• Shows large reduction of data breaches reported
• Enterprises becoming very good at reporting incidents
when they occur
• Consumers and small businesses still left in the dark
and MOST low-level crimes continue to go unreported
• High volume of small incidents – what do these add up
to in terms of lost time/productivity?
33