The information security landscape has been shifting for quite some time, as the natural fight between cyber-criminals and antivirus vendors unfolds: new technologies make place to new attack vectors, which are fixed by new technologies again. It took more than 40 years for malware to morph from programming flaws and innocent pranks into a money-making industry cashing on the unwary, but it took it less than 5 years to reach its next evolutionary step and become one of the most feared weapons of cyber-warfare.
While Black-Hat SEO has sensibly diminished as compared to the first half of the year, critical 0-day vulnerabilities discovered in widespread software applications have played an important role in malware dissemination. Amongst the most targeted pieces of commercial software running on Windows were Adobe Reader and Internet Explorer. The Windows operating system itself suffered a series of critical vulnerabilities that made it easier for remote attackers to plant malware on users’ systems.
One of the most important e-threat leveraging on Windows 0-day vulnerabilities was the notorious Stuxnet worm, a highly sophisticated malicious tool primarily targeted at compromising industrial processes running on SCADA infrastructures. During the second half of the year, Stuxnet used no less than four distinct 0-day vulnerabilities1 to explosively infect home user and industrial systems alike. Its increased potential of infiltration, along with highly sophisticated stealth mechanisms propelled the Stuxnet worm to the top 10 e-threats for the second half of 2010.
During the last half of 2010 we also witnessed a series of high profile DoS attacks carried out against well-known financial institutions. Unlike the “average” Distributed Denial of Service attempts in the past, which were primarily fueled by financial gains, these massive attacks encompass a form of protest against opposing organizations on the Internet.
The malware landscape sees two old contenders – Trojan.AutorunInf and Win32.Worm.Downadup, ranking first and second, respectively. These pieces of malware that have their roots in the Windows XP era, but managed preserve their dominance, despite the fact that operating system upgrades or applying patches would have solved the security issues exploited by these pieces of malware.
The first six months of 2011 have been placed under the sign of vulnerabilities and data breaches. While the malware landscape has witnessed little to no significant changes or epidemics, the numbers of data breaches and outages have increased considerably during the monitored period. IT security companies have been the primary targets of cybercriminals in an attempt to take them offline and, at the same time, to diminish their expertise in the eyes of their customers. Two of the most important IT security vendors that have been slammed with such attacks are HBGary and RSA, the security division of EMC.
Another major data leak followed by almost one month of outage was the Sony PlayStation Network incident, which exposed credit card details of about two million PSN users. The data leak was disclosed with a significant delay. The damage inflicted to users is yet to be estimated.
Significant outages have also happened in Egypt, following the massive wave of protests that took place on January 28. In order to prevent demonstrations and protests, the Egyptian government had all the local ISPs pull the plug on the Internet, thus rendering the bulk of electronic communications useless. The Internet blackout in Egypt has brought up endless debates on the importance of digital communications and the catastrophic results of outages.
Social networks have played a key role in maintaining a climate of insecurity. Although the number of e-threats especially designed to infect social network users (such as the infamous Koobface and Boonana worms) has dramatically decreased, cyber-criminals have focused their efforts on pushing an unprecedented number of rogue applications. The purpose of these virally/spreading applications is two-fold: on the one side, they redirect the users to websites where they are forced to fill in surveys; on the other side, these applications collect exhaustive information about their victims and their friends, which are later used in targeted spam and phishing campaigns.
The document is a report on e-threats in the first half of 2012. It discusses the top malware threats which were largely unchanged from 2011. Trojan.AutorunInf and Win32.Worm.Downadup remained among the top three threats. Exploits surpassed other infection methods to become the most common way for malware to spread. The report also covers social networking threats on Facebook, the growing issue of Android malware, and trends in spam and phishing attacks. Looking ahead, state-sponsored cyberattacks are expected to continue as governments use malware to spy on other countries.
Trojan.Autorun.Inf was the most prevalent malware in the first half of 2009, accounting for 31% of infections globally. The Downadup/Conficker worm infected around 11 million computers worldwide before being brought under control. The top 10 malware list also included Trojans that used autorun, adware, and threats targeting digital media files and browsers.
This document discusses the rise in phishing attacks in Romania from 2007 to 2009, with most attacks targeting the same institution in 2009. It also humorously suggests some "easy" ways to start phishing, such as using social media profiles and botnets to target individuals and their friends, though clearly intends this as a joke to illustrate the harms of phishing. The document ends by asking if the reader has any questions.
The first six months of 2011 have been placed under the sign of vulnerabilities and data breaches. While the malware landscape has witnessed little to no significant changes or epidemics, the numbers of data breaches and outages have increased considerably during the monitored period. IT security companies have been the primary targets of cybercriminals in an attempt to take them offline and, at the same time, to diminish their expertise in the eyes of their customers. Two of the most important IT security vendors that have been slammed with such attacks are HBGary and RSA, the security division of EMC.
Another major data leak followed by almost one month of outage was the Sony PlayStation Network incident, which exposed credit card details of about two million PSN users. The data leak was disclosed with a significant delay. The damage inflicted to users is yet to be estimated.
Significant outages have also happened in Egypt, following the massive wave of protests that took place on January 28. In order to prevent demonstrations and protests, the Egyptian government had all the local ISPs pull the plug on the Internet, thus rendering the bulk of electronic communications useless. The Internet blackout in Egypt has brought up endless debates on the importance of digital communications and the catastrophic results of outages.
Social networks have played a key role in maintaining a climate of insecurity. Although the number of e-threats especially designed to infect social network users (such as the infamous Koobface and Boonana worms) has dramatically decreased, cyber-criminals have focused their efforts on pushing an unprecedented number of rogue applications. The purpose of these virally/spreading applications is two-fold: on the one side, they redirect the users to websites where they are forced to fill in surveys; on the other side, these applications collect exhaustive information about their victims and their friends, which are later used in targeted spam and phishing campaigns.
The document is a report on e-threats in the first half of 2012. It discusses the top malware threats which were largely unchanged from 2011. Trojan.AutorunInf and Win32.Worm.Downadup remained among the top three threats. Exploits surpassed other infection methods to become the most common way for malware to spread. The report also covers social networking threats on Facebook, the growing issue of Android malware, and trends in spam and phishing attacks. Looking ahead, state-sponsored cyberattacks are expected to continue as governments use malware to spy on other countries.
Trojan.Autorun.Inf was the most prevalent malware in the first half of 2009, accounting for 31% of infections globally. The Downadup/Conficker worm infected around 11 million computers worldwide before being brought under control. The top 10 malware list also included Trojans that used autorun, adware, and threats targeting digital media files and browsers.
This document discusses the rise in phishing attacks in Romania from 2007 to 2009, with most attacks targeting the same institution in 2009. It also humorously suggests some "easy" ways to start phishing, such as using social media profiles and botnets to target individuals and their friends, though clearly intends this as a joke to illustrate the harms of phishing. The document ends by asking if the reader has any questions.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
The document provides career advice for getting into the tech field, including:
- Doing projects and internships in college to build a portfolio.
- Learning about different roles and technologies through industry research.
- Contributing to open source projects to build experience and network.
- Developing a personal brand through a website and social media presence.
- Networking through events, communities, and finding a mentor.
- Practicing interviews through mock interviews and whiteboarding coding questions.
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
1. Core updates from Google periodically change how its algorithms assess and rank websites and pages. This can impact rankings through shifts in user intent, site quality issues being caught up to, world events influencing queries, and overhauls to search like the E-A-T framework.
2. There are many possible user intents beyond just transactional, navigational and informational. Identifying intent shifts is important during core updates. Sites may need to optimize for new intents through different content types and sections.
3. Responding effectively to core updates requires analyzing "before and after" data to understand changes, identifying new intents or page types, and ensuring content matches appropriate intents across video, images, knowledge graphs and more.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
2. H2 2010 E-Threats Landscape Report
Author
Bogdan BOTEZATU, Senior Communication Specialist
Contributors
Loredana BOTEZATU, Communication Specialist – Malware & Web 2.0 Threats
Răzvan BENCHEA, Malware Analyst
Dragoş GAVRILUŢ, Malware Analyst
Alexandru Dan BERBECE - Database Administrator
Dan VANDACHEVICI - Spam Analyst
Irina RANCEA – Phishing Analyst
2
3. H2 2010 E-Threats Landscape Report
Table of Contents
Table of Contents .............................................................................................................................................. 3
Table of Figures ............................................................................................................................................. 4
Overview ........................................................................................................................................................ 5
Malware Spotlights ......................................................................................................................................... 6
Malware Threats in Review............................................................................................................................ 7
World’s Top Countries Hosting Malware .................................................................................................... 7
Top 10 E-Threats for H2 2010 ................................................................................................................... 8
Tools of Corporate Espionage: Win32.Stuxnet.A .................................................................................... 12
Botnet Intelligence ....................................................................................................................................... 14
Web 2.0 Malware ......................................................................................................................................... 16
Instant Messenger Malware ..................................................................................................................... 16
Social Networking Threats ....................................................................................................................... 17
Spam Threats in Review .............................................................................................................................. 21
Phishing and Identity Theft .......................................................................................................................... 23
Vulnerabilities, Exploits & Security Breaches .............................................................................................. 25
Overview of Exploits ................................................................................................................................. 26
Other Security Risks................................................................................................................................. 27
E-Threat Predictions .................................................................................................................................... 27
Botnet Activity ........................................................................................................................................... 27
Malicious Applications .............................................................................................................................. 28
Social Networking ..................................................................................................................................... 28
Other Threats ........................................................................................................................................... 28
Mobile Operating Systems ....................................................................................................................... 29
Disclaimer .................................................................................................................................................... 30
3
4. H2 2010 E-Threats Landscape Report
Table of Figures
Figure 1: Top 10 countries producing and hosting malware ............................................................................. 7
Figure 2: Top 10 countries affected by malware ............................................................................................... 8
Figure 3: Top 10 e-threats for H2 2010 ............................................................................................................. 9
Figure 4: The evolution of Stuxnet in the second half of 2010 ........................................................................ 13
Figure 5: Botnet activity between July and December .................................................................................... 14
Figure 6: Rogue application asking for full control over user's data and actions ............................................ 17
Figure 7: The scheme of a worm spreading on Facebook .............................................................................. 18
Figure 8: Tweets containing malicious JavaScript code ................................................................................. 19
Figure 9: Twitter glitch exploited by quick cash makers .................................................................................. 20
Figure 10: Sexual enhancement ads spammed throughout Yahoo! Groups .................................................. 21
Figure 11: Spam breakdown by type ............................................................................................................... 22
Figure 12: New message templates for medicine spam ................................................................................. 22
Figure 13: Replica spam using simple HTML templates ................................................................................. 23
Figure 14: Top 10 phished institutions and services during H2 2010 ............................................................. 24
Figure 15: Phishing message playing the account deactivation trick .............................................................. 24
Figure 16: PayPal Phishing Page hosted on fast-flux servers ........................................................................ 25
4
5. H2 2010 E-Threats Landscape Report
Overview
The information security landscape has been shifting for quite some time, as the natural fight between
cyber-criminals and antivirus vendors unfolds: new technologies make place to new attack vectors,
which are fixed by new technologies again. It took more than 40 years for malware to morph from
programming flaws and innocent pranks into a money-making industry cashing on the unwary, but it
took it less than 5 years to reach its next evolutionary step and become one of the most feared
weapons of cyber-warfare.
While Black-Hat SEO has sensibly diminished as compared to the first half of the year, critical 0-day
vulnerabilities discovered in widespread software applications have played an important role in
malware dissemination. Amongst the most targeted pieces of commercial software running on
Windows were Adobe Reader and Internet Explorer. The Windows operating system itself suffered a
series of critical vulnerabilities that made it easier for remote attackers to plant malware on users’
systems.
One of the most important e-threat leveraging on Windows 0-day vulnerabilities was the notorious
Stuxnet worm, a highly sophisticated malicious tool primarily targeted at compromising industrial
processes running on SCADA infrastructures. During the second half of the year, Stuxnet used no
1
less than four distinct 0-day vulnerabilities to explosively infect home user and industrial systems
alike. Its increased potential of infiltration, along with highly sophisticated stealth mechanisms
propelled the Stuxnet worm to the top 10 e-threats for the second half of 2010.
During the last half of 2010 we also witnessed a series of high profile DoS attacks carried out against
well-known financial institutions. Unlike the “average” Distributed Denial of Service attempts in the
past, which were primarily fueled by financial gains, these massive attacks encompass a form of
protest against opposing organizations on the Internet.
The malware landscape sees two old contenders – Trojan.AutorunInf and Win32.Worm.Downadup,
ranking first and second, respectively. These pieces of malware that have their roots in the Windows
XP era, but managed preserve their dominance, despite the fact that operating system upgrades or
applying patches would have solved the security issues exploited by these pieces of malware.
1
The Print Spooler Server vulnerability had been discovered about one year ago, but it was never
patched.
5
6. H2 2010 E-Threats Landscape Report
Malware Spotlights
Social networks have constantly been in the cyber-criminals focus. With a user base of more
2
than 500 million active users , Facebook ranks as the largest social network in the world.
Cyber-criminals have been increasingly interested in disseminating their malicious creations to
the social network’s user base, while also trying to harvest whatever information they find on
users’profiles to carry on subsequent attacks.
While the web still remains the favorite channel of infection, the increased presence of
Autorun worms & Trojans reveal that removable media plays a key role in disseminating
malware.
Rogue security software has been constantly increasing its presence during the second half of
2010. Following the rules of evolution, rogue AV creators have refurbished their products to
mislead the user that their creations are actually genuine antivirus software from trustworthy
publishers. More than that, rogue software extended their scope to other system utilities such
as “hard-disk defragmenters” and “registry fixing” software.
Do-It-Yourself malware has made it easier for script kiddies and people with limited IT
knowledge to launch attacks against other computer users. The Facebook Hacker, Gmail
Hacker and the iStealer keylogger have been some of the tools of choice for junior cyber-
criminals.
Phishers have paid much more attention to social networks than to financial institutions.
During the past six months, Facebook has become the prime target of cyber-criminals, with
PayPal and Visa ranking second and third, respectively. Online gaming websites conclude the
list of the most targeted institutions and services.
2
Statistics taken from the Facebook Stats page, available at
http://www.facebook.com/press/info.php?statistics
6
7. H2 2010 E-Threats Landscape Report
Malware Threats in Review
The malware top for the second half of the year suffered some minor modifications as compared to
the first semester, with Trojan.AutorunInf, Win32.Worm.Downadup and Exploit.PDF-JS as top three e-
threats. This semester’s noteworthy additions are Exploit.CPlLnk.Gen – the Control Panel exploit used
by the Stuxnet worm – as well as s variant of the Virtob virus that infects .exe and .scr files and opens
backdoors for remote attackers.
World’s Top Countries Hosting Malware
Information gathered during the past six months revealed that the e-threat landscape has remained
relatively unchanged, except for some minor shifts. China, Russia and Brazil are still ranking first,
second and third, respectively in the top ten countries hosting malware. As compared to the H1 2010
th th
landscape, Ukraine has advanced 2 positions from the 10 place to the 8 , although the malware
percentage hosted in Ukraine has regressed 0.15 percent from the value in H1.
2,29% 11,09% China
2,96%
3,31% 31,30% Russia
3,60% Brazil
United Kingdom
United States
5,40%
Spain
5,96%
Germany
8,10% 21,88% Ukraine
4,11%
Sweden
France
Others
Figure 1: Top 10 countries producing and hosting malware
A closer look on the files hosted in China reveals that the most frequently encountered e-threats are
password stealers for online games and a wide range of downloader Trojans which are used to install
7
8. H2 2010 E-Threats Landscape Report
additional malware onto the compromised systems. The malware identified in Russia is mostly related
to Rogue Antivirus, or more complex e-threats, such as the Zeus bot, peer-to-peer worms and
backdoors. Brazil’s malware industry is almost exclusively based around Banker Trojans and
information stealers used for man-in-the-middle and man-in-the-browser attacks. Interesting enough,
Brazil is the prime target for the notorious compile-a-virus malware called Win32.Induc.A, a side effect
of using the Delphi RAD tool (versions 4 through 7) to write Banker Trojans.
During the second half of the year, the most affected countries by malware have been France, the
United States and China, where BitDefender logged most of the malware-related incidents.
3,08% 2,95% 2,38%
3,59% 3,15% Others
3,65% France
3,95% 39,48% United States
5,45% China
Spain
10,61% Romania
Australia
Germany
21,71%
Canada
India
Mexico
Figure 2: Top 10 countries affected by malware
Top 10 E-Threats for H2 2010
The international malware top for the second semester shows little modifications as compared to the
first half of 2010, with Trojan.AutorunInf, Win32.Worm.Downadup and Exploit.PDF-JS ranking as top
three global e-threats. As a side note, both Trojan.AutorunInf and Win32.Worm.Downadup are two
pieces of malware that have their roots in the Windows XP era, and which could be easily mitigated by
simply upgrading the operating system.
8
9. H2 2010 E-Threats Landscape Report
Trojan.AutorunINF.Gen
10% 6% Win32.Worm.Downadup.Gen
4%
3% Exploit.PDF-JS.Gen
3% Trojan.Generic.4170878
Trojan.Wimad.Gen.1
63% 3% Win32.Sality.OG
2%
Trojan.Autorun.AET
2% 2%
Worm.Autorun.VHG
2%
Exploit.CplLnk.Gen
Win32.Virtob.Gen.12
Figure 3: Top 10 e-threats for H2 2010
1. Trojan.AutorunInf.Gen
The top ranking e-threat, Trojan.AutorunInf.Gen holds 10.42 percent of the worldwide infections.
This e-threat is a specially crafted autorun.inf file that automatically launches malware from infected
removable storage devices without the users’ interaction. Some of the most well-known families of
plug-and-play malware that rely on autorun.inf files to automatically execute when an infected flash
drive is plugged in are Win32.Worm.Downadup, Win32.Zimuse.A, Win32.Sality,
Trojan.PWS.OnlineGames, Win32.Worm.Sohanad and Win32.Worm.Stuxnet.A.
2. Win32.Worm.Downadup
Win32.Worm.Downadup (also known as the Conficker or Kido) hardly needs any introduction. During
the past three years, it managed to become the living nightmare of any system administrator, and
although the last year hasn’t brought any development, the worm is still active and wreaking havoc
amongst a considerable number of computers.
On the technical side, the worm exploits the Microsoft Windows Server Service RPC Handling Remote
Code Execution Vulnerability (MS08-67) in order to propagate. After it has successfully infected the
computer, it restricts users’ access to the Windows Update service, as well as to security vendors’
web pages. The latest variants of the worm can download and install rogue antivirus and other e-
threats.
9
10. H2 2010 E-Threats Landscape Report
3. Exploit.PDF-JS.Gen
BitDefender’s third e-threat for the second half of 2010 is Exploit.PDF-JS.Gen, which holds 3.66 of
the total number of infections worldwide. This generic detection deals with malformed PDF files
exploiting different vulnerabilities found in Adobe PDF Reader's Javascript engine in order to execute
malicious code on users’ computer. Upon opening an infected PDF file, a specially-crafted Javascript
code triggers the download and automatic execution of malicious binaries from remote locations.
PDF exploits have been extremely popular during this semester, when they peaked with the series of
spamvertised PDF files posing as invitations to the Nobel Prize. Upon opening the PDF file, the
above-mentioned JavaScript code drops a malicious file embedded into the PDF document and
executes it.
4. Trojan.Generic.4170878
Trojan.Generic.4170878 holds the fourth place with 3.14 percent of the number of recorded infections
for the second half of the year. It is a backdoor that provides cybercriminals with remote access to the
infected system. Data gathered by the BitDefender labs revealed that the Trojan usually comes
bundled with the so-called “cracks” and “keygens” that are used to circumvent the protection
algorithms of commercial software applications.
5. Trojan.Wimad.Gen.1
The fifth place in the BitDefender malware top for the second half of 2010 is taken by Trojan.Wimad,
This e-threat is disseminated via Torrent websites, camouflaged as episodes of your favorite series or
as a not-yet-aired but soon-to-be blockbuster. These counterfeit video files connect to a specific URL
and download malware “advertised” as the appropriate codec required in order to play the file.
Trojan.Wimad.Gen.1 is mostly active before or immediately after box-office premieres.
6. Win32.Sality.OG
The sixth place with 2.83 percent of the infections triggered globally is taken by Win32.Sality.OG. This
malicious e-threat is a polymorphic file infector that appends its encrypted code to executable files
(.exe and .scr binaries). It deploys a rootkit and kills antivirus applications running on the computer in
order to hide its presence on the infected machine. After it has successfully defeated local security,
the virus tries to deploy a keylogger that would intercept all passwords and login accounts, and then
send them to a pre-defined e-mail address. More than that, Win32.Sality.OG has backdoor features,
which means that the remote attacker can seize full control over the remote machine.
10
11. H2 2010 E-Threats Landscape Report
7. Trojan.Autorun.AET
Trojan.Autorun.AET is a piece of malware that spreads through the Windows shared folders, as well
as through removable storage devices. This e-threat ranks seventh with 2.14 percent of the worldwide
infections. This is one of the Trojans that exploit the Autorun feature implemented in Windows for
automatically launching applications when an infected storage device is plugged in. It is also
representative for the generation of computers running Windows XP and Vista SP1, since Microsoft
pulled this feature out for any removable media except for CD and DVD-ROM storage devices.
8. Worm.Autorun.VHG
Worm.Autorun.VHG is an Internet /network worm that exploits the Windows MS08-067 vulnerability in
order to execute itself remotely using a specially crafted RPC (remote procedure call) package. This
method of propagation has also been used by Win32.Worm.Downadup, which means that this specific
worm also targets computers running the Windows XP operating system without the security patches
in place. The worm ranks eighth with 2.05 percent of the global infections.
9. Exploit.CplLnk.Gen
The ninth place in the malware top goes to Exploit.CplLnk.Gen (2.01%) - a detection specific to lnk
(shortcut) files that makes use of a vulnerability in all Windows® operating systems to execute
arbitrary code. This exploit has seen a significant boost these past few weeks as it managed to
become one of the top 10 e-threats in less than 5 months. It is also one of the four zero-day exploits
that have been intensively used by the Stuxnet worm to compromise local security.
10. Win32.Virtob.Gen.12
th
Ranking 10 with 1.59 percent of the global number of infections worldwide, Win32.Virtob.Gen.12 is a
file infector whose code is entirely written in assembly language. Upon execution, it starts infecting
.scr and .exe files, but it spares critical system files and dll s. The highly encrypted viral code is
continuously attempting to connect to an IRC server. When a connection has been established, it
awaits for the remote attacker’s instructions. The virus also opens a backdoor for the remote attacker
to take control of the infected system.
11
12. H2 2010 E-Threats Landscape Report
Malware top for July – December 2010
01. TROJAN.AUTORUNINF.GEN 10,42%
02. Win32.Worm.Downadup.Gen 6,00%
03. EXPLOIT.PDF-JS.GEN 3,66%
04. Trojan.Generic.4170878 3,14%
05. TROJAN.WIMAD.GEN.1 2.84%
06. WIN32.SALITY.OG 2.83%
07. TROJAN.AUTORUN.AET 2.14%
08. Worm.Autorun.VHG 2.05%
09. EXPLOIT.CPLLNK.GEN 2.01%
10. Win32.Virtob.Gen.12 1.59%
11. OTHERS 63.32%
Tools of Corporate Espionage: Win32.Stuxnet.A
The Stuxnet worm has undoubtedly been the most spectacular e-threat in the past years. As one of
the most complex pieces of malware to date, Win32.Worm.Stuxnet.A is touted to have been created in
order to disturb the activity of a nuclear facility in Teheran.
The worm has been initially spotted in June 2009, but it has been considered yet another variant of
the Zlob Trojan. During the year that elapsed between its emergence and its identification,
Win32.Worm.Stuxnet.A has gathered the necessary data for its masters to get a glimpse at the power
plant’s critical processes and systems.
The worm is built on a variety of technologies, ranging from rootkit protection to a series of critical 0-
day exploits that allows it to breach the local security. The rootkit driver accompanying the worm
prevents the user from seeing the malicious files; however, this sophisticated e-threat has yet another
layer of protection to ensure that it is not caught: a valid digital signature.
The digital signature is a fundamental concept in the information security field, as it ensures the
recipient the validity of a message or document. Since the binary files signed with a valid digital
certificate are proven to be safe, some antivirus vendors tend to skip them from scanning, which
allowed Stuxnet to also infect systems running security software.
12
13. H2 2010 E-Threats Landscape Report
500
400
300
200
100
0
05.08.2010
15.07.2010
22.07.2010
29.07.2010
12.08.2010
19.08.2010
26.08.2010
02.09.2010
09.09.2010
16.09.2010
23.09.2010
30.09.2010
07.10.2010
14.10.2010
21.10.2010
28.10.2010
04.11.2010
11.11.2010
18.11.2010
25.11.2010
Figure 4: The evolution of Stuxnet in the second half of 2010
Stuxnet’s payload is primarily targeted at interfering with the behavior of computer systems that
control ultra-high-speed electric engines. The worm’s components come packed in a single DLL file,
which makes it extremely viral even in environments with no connection to the Internet.
Win32.Worm.Stuxnet.A is currently spreading via infected memory sticks, as well as through the
Windows shared folders. In order to “jump” from one computer to another, the Stuxnet worm
enumerates all the user accounts present on the system and tries to access all the shared folders on
the network for every user. This approach relies on the Windows Server Service RPC Handling
Remote Code Execution Vulnerability (MS08-67) that has been previously used by
Win32.Worm.Downadup to infect about 5 million computers.
If it manages to copy itself on a computer on the network (usually in the folder that hosts the operating
3
system ), it creates a .job file pointing to a file named defrag[number].tmp. The job file ensures that the
malware gets executed two minutes after the Worm has been copied on the local computer.
Win32.Worm.Stuxnet.A is more than a simple e-threat whose infection potential got out of proportion.
It is a highly-advanced piece of malware written by a team of professionals with in-depth knowledge of
both operating systems and industrial process control software.
3
In order to copy itself in the directory hosting the operating system, the worm exploits a vulnerability
in the print spooler service. This vulnerability has been discovered in early 2009, but it hasn’t been
exploited by any other e-threat to date.
13
14. H2 2010 E-Threats Landscape Report
Botnet Intelligence
During the past 6 months, botnets have played a significant role in the global malware landscape.
From spam sending to vengeful attacks against companies, botnets have done it all. However, while
the first half of the year has been quite favorable for the development and exploitation of botnets, the
second semester saw some of the most important spam networks taken down by authorities or
crippled by the sudden desappearence of their affiliate programs.
0,90% 17,60%
2,40% 29,90% Rustock
3,20% Grum.A / Tedroo
Cutwail Family
Crypt.HO
22,60%
23,40% Mega-D
Oderoor
Others
Figure 5: Botnet activity between July and December
1. Rustock
The second half of 2010 shows Rustock as the world’s most proficient bot, but – unlike the first half –
its activity has considerably reduced as of mid-September. If Rustock owned about half the spam
market alone during the first six months of 2010 and continued to dramatically increase between July
and September, it has minimized its presence during the last quarter of the year.
Overall, Rustock remains one of the most sophisticated spam bots ever. Protected by a rootkit driver,
each bot is capable of sending more than 25,000 messages per hour. In order to detect whether the
infected machine is connected to the Internet, the bot performs DNS MX queries on popular websites.
It then queries a list of domain names to locate its command and control center. After it has located
the C&C center, it tries to log in via a POST request and then downloads the templates and email
addresses that will be used for spamming. Spam mail coming from Rustock is easy to tell, as it never
comes bundled with malware, but rather focuses on male enhancement pills and other pharma-related
messages.
14
15. H2 2010 E-Threats Landscape Report
2. Grum (a.k.a. Tedroo)
During the past six months, Grum’s activity has witnessed an impressive comeback, which
translates in a whopping 23.4 percent of the spam market. Just like Rustock, the Grum bot deploys
a kernel-mode rootkit and starts pumping up to 4000 spam messages per hour. Although it is less
capable of sending spam as compared to the Rustock bot, Grum can download a multitude of spam
templates from multiple download locations. Usually, the unsolicited mail sent by Tedroo advertises
pharmaceutical products, but occasionally, the botmasters run their own infection campaigns by
sending out links to bots in messages mentioning international celebrities.
3. The Cutwail Family
The Cutwail botnet has gained considerable ground throughout 2010, reaching the third place in the
spam industry. During the first half of 2010, the Cutwail bot is the spamming component of the Pushdo
botnet, which ranked second in our previous E-Threat Landscape Report. Upon infection, the local
computer is instructed to download the Cutwail rootkit dropper and the spammer component. Apart
from the already “traditional” rootkit driver to hide its presence, the bot comes with extra layers of
protection, such as the ability to launch, send a burst of messages, and then terminate itself. When it
starts again (which happens almost immediately), the bot gets a new process identifier (PID), and
becomes almost impossible to kill.
Although impressive enough, the Cutwail bot is more than a spam-sending machine. Every new
version of the bot is upgraded with new features, such the ability to send itself through instant
messaging applications, to open backdoors or to install additional malware. Also, while other botnets
usually experience severe difficulties when C & C servers get shut down, the Cutwail bots get
upgraded via the fail-safe mechanism offered by Pushdo / Kobka.
4. Crypt.HO (a.k.a. Maazben)
The Maazben botnet seems to have become larger during the past six months, although the number
of Maazben bots may look ridiculous as compared to the top 3 botnets presented above. The botnet
started to get shape in May 2009 and ever since, it has constantly managed to add new zombified
computers to its infrastructure. Despite its significant number of infected drones, Maazben keeps a low
profile by sending moderate number of spam messages. At the moment, Maazben is one of the very
few botnets that send Casino-related spam.
15
16. H2 2010 E-Threats Landscape Report
5. Mega-D (a.k.a. Ozdok)
Once known as one of the largest botnets in the world, the Mega-D network has gained unwanted attention
from the authorities. After a couple of failed attempts to terminate the botnet by taking down the C & C
servers, security researchers found a flaw in the bot’s proprietary communication protocol, which allowed a
third party to download the spam templates and train spam filters on them before these spam waves get sent
to their victims. The second half of 2010 saw the Mega-D botnet lose its drones, but the real hit came in
November 2010, when its alleged operator was arrested for CAN-SPAM act violations.
6. Oderoor (a.k.a Bobax)
Oderoor is the oldest (and, back in 2008, the largest) botnets in the world. It has become popular during mid-
2008, but it appears that it has been active since 2005. The Oderoor C&Cs have taken a huge blow by
having its C&C servers shut down. At the moment, Oderoor barely gets one percent of the spam market
Web 2.0 Malware
Social networks, blogging and micro-blogging platforms play a significant role in users’ lives. Social
networking accounts are packed full with valuable information for cyber-criminals and include home
addresses, e-mails and lists of contacts, along with significant intelligence on users’ habits and routines.
More than that, the social network space offers the malware author exposure to about half a billion
members, a market place that is much larger than the entire population of the United States of America.
Instant Messenger Malware
Ever since the beginning of the year, malware authors have focused their attention towards instant
messenger users. E-threats such as Win32.Worm.Palevo.DS, Win32.Worm.IM.J or the rootkit-based
Backdoor.Tofsee have traditionally tried to infect the user and use their resources for a wide range of
criminal purposes, such as DDoS-ing, sending spam or credit card fraud. However, although these e-threats
are still making victims, the last half of the year brought a significant shift in the way cyber-criminals tackle
Instant Messenger users.
Some of the Instant Messenger malware identified during the last six months of 2010 include
Worm.FaceBlocker (also known as the Ymfoca worm) and a wide assortment of other bots that do not send
infected links, but rather links to rogueware products.
16
17. H2 2010 E-Threats Landscape Report
One of the most interesting pieces of malware that spreads via IM is the Worm.FaceBlocker, an e-threat that
sends infected links via Yahoo Messenger. If the user follows these links and gets infected, they will also
start spreading the messages, but will also have access to the Facebook website conditioned by the
participation in surveys. Judging by the prices displayed in the affiliation program, every survey brings the
attacker $1.Multiply it by thousands of infected users who fill in an average of 3 surveys per day: that’s what
infected computers are worth to the attacker.
Social Networking Threats
Social networks have been particularly important for malware authors during the past six months. Taking
advantage of the enormous number of active users, cyber-criminals have launched numerous malicious
campaigns via the Facebook platform. If most of these campaigns carried via Facebook during the first half
of 2010 were related to malware and adware (such as the Koobface worm and various multimedia players,
respectively), the second half of the year has been dominated by rogue Facebook applications written by
third parties and leading to surveys. Most of these applications require access to users’ personal data, as
well as permission to post everything on the users’ behalf.
Figure 6: Rogue application asking for full control over user's data and actions
17
18. H2 2010 E-Threats Landscape Report
Using inciting messages to lure users into clicking the links, these messages take the unwary social
networker to websites that ask the victim to fill in surveys as a security check before accessing the
actual content. Of course, once the user complies with the request, they will be presented more
surveys instead of the promised content.
Figure 7: The scheme of a worm spreading on Facebook
18
19. H2 2010 E-Threats Landscape Report
The infection scheme of such campaigns is simple:
1. The infected user unwarily posts the message and link to their wall. It will be visible to all friends,
luring them into further clicking on the link.
2. Friends clicking on the link will be required to allow the malicious application perform some tasks
on the user’s behalf, such as accessing the basic information and posting on the respective user’s
wall, among others.
3. The same message appears immediately on the user’s wall, right after they have authorized the
application for the above-mentioned tasks, thus spreading the infection further.
4. The application takes the user to a page that displays an alleged Flash player with the “incredible
video”, which turns to be a JPEG image linking to a domain outside of the social network.
5. As the user arrives on the external domain, they will be asked to fill-in surveys in order to be
granted access to the promised video.
During the last months of the year, Java-based malware has witnessed a dramatic increase on
Facebook and Twitter. Taking advantage of the fact that Java is a multi-platform environment that can
run on Windows and Mac OS X, Java.Trojan.Boonana.A, initially runs as a Java applet that acts as a
downloader for other malicious files. After it has successfully started, the Trojan hijacks all social
networking accounts to post on the user’s behalf and periodically checks with the C & C server to run
whatever actions the botmaster has instructed it to perform.
Facebook was not the only major social network targeted by cyber-crooks. Late September saw a
large-scale attack using specially crafted tweets that exploited a vulnerability in the way the social
networking platform treated JavaScript.
Figure 8: Tweets containing malicious JavaScript code
When moving the mouse over the compromised link, the user involuntarily gets redirected to an
arbitrary website - usually domains used by rogue antivirus to launch “scan simulations”.
19
20. H2 2010 E-Threats Landscape Report
While Twitter rapidly fixed the glitch and removed the offending accounts, a new malicious scheme
was built for Twitter users who panicked that their accounts might have been hacked into. A large
number of tweets announced an alleged step-by-step guide on how to “unhack” your own Twitter
account. However, in order to access the respective content, the user was asked to complete a
survey.
Figure 9: Twitter glitch exploited by quick cash makers
Social networking spam has been another major party-wrecker during the second half of 2010. Most
of the spam waves carried via social networking platforms were related to the activity of malicious
applications posting objectionable content on users’ behalf. Some of the spam messages are directed
at selling products and services, while others are aimed at collecting information about the victims and
their circle of friends.
20
21. H2 2010 E-Threats Landscape Report
Figure 10: Sexual enhancement ads spammed throughout Yahoo! Groups
Spam Threats in Review
During the second half of 2010, the spam industry has taken an important blow, as one of the most
important affiliate programs shut their doors for good. The domain spamit.com, a notorious hub for
underground spammers ready to turn their botnets into fully-fledged cash cows, was especially known
for its involvement with Canadian Pharmacy.
One of the most remarkable aspects in the spam landscape for the second half of the year is the
significant decrease of pharmaceutical spam, from a whopping 66 percent of the global amount of
spam in H1 to 48 percent in H2. With Canadian Pharmacy almost extinct as of October 10 and with
other botnets such as Pushdo and Mega-D severely crippled by C & C takedowns, the overall spam
volume index has dropped considerably, but maintained the same breakdown as seen in the previous
semester.
What is particularly important is the increase in casino spam, a strong indicator of the fact that the
Crypt.HO / Maazben botnet has been hard at work and ramped up spam distribution probably to
compensate for Rustock and Grum bots that have got nearly silent as of early October.
21
22. H2 2010 E-Threats Landscape Report
0,69% 0,30% 0,20% 4,16%
3,17% 0,99% Pharmaceuticals
4,46%
Casino
4,95%
Replica
7,13% 48,12% Loans
Software
6,93%
Diploma
Employment
18,91%
Malware
Dating + Adult
Scams
Phishing
Other
Figure 11: Spam breakdown by type
Although it has diminished in number of messages per day, pharmacy spam hasn’t gone completely
extinct, but rather suffered a transformation. The new spam messages advertise the same old knock-
off pills made in China, but the familiar templates ripped off from legit newsletters have turned into the
new layouts similar to the image below:
Figure 12: New message templates for medicine spam
Casino and online gambling spam ranked second during the past six months, a significant increase
from the modest fifth place it occupied during the first half of the year. Replica spam has moved down
one place. While most of the templates we have seen during the first half were graphics-intensive, the
current replica spam campaigns mostly rely on text-based messages accompanied by one hyperlink.
22
23. H2 2010 E-Threats Landscape Report
Figure 13: Replica spam using simple HTML templates
Spam messages accompanied by malware have declined during the last half of 2010. Among the
most intensively spammed malware there are the Zeus bot, various variants of Bredolab, as well as a
large number of malicious PDF files exploiting various vulnerabilities in the Adobe Reader PDF
viewer.
Spam Trends for H2 2010
During the last 6 months of 2010, spam has dropped from 86.2 to 85.1 percent of all the e-mail
messages sent globally. On average, a spam message is 4 KB, with text as the format of choice for
sending unsolicited mail. Depending on the spam campaign specifics, the message size varied
between 3 and 9 KB per email.
The third quarter of 2010 saw a massive flux of Canadian Pharmacy spam, including large image-
based messages, which completely dropped off the radar as of October, along with the termination of
the SpamIt affiliate service. Most of the pharmaceutical spam sent during the last quarter of the year is
related to weight loss medicine and sexual enhancements sold by an emerging business called US
Drugs. The majority of spam messages advertising such products are sent in plain text and
accompanied by hyperlinks to 5-letter random domain names registered in Russia which act as
proxies and redirect the user towards clone websites.
Phishing and Identity Theft
Traditionally, phishing mostly targets banking services or other financial institutions. However, unlike
the first half of 2010, when Paypal was the prime target of cyber-criminals, phishing took an interesting
turn towards social networks and online gaming communities. The BitDefender phishing top places
Facebook as number one identity abused by phishers.
23
24. H2 2010 E-Threats Landscape Report
3,36% 2,75% 1,26% 0,87% 0,86%
0,60% Facebook
3,71%
PayPal
Visa
43,59%
21,33% WOW
eBay
HSBC
21,66% Capital One
Bank Of America
Lloyds
Steam
Figure 14: Top 10 phished institutions and services during H2 2010
This rapid escalation from the fourth place straight to the top reveals the fact that phishers put a lot of
value to personal data, which may be used for a wide range of purposes, such as building customer
profiles based on interests, building personal information databases to be sold to third party
spammers or carrying further spear-phishing attacks against victim’s friends and friends of friends.
Figure 15: Phishing message playing the account deactivation trick
24
25. H2 2010 E-Threats Landscape Report
Payment processing service PayPal ranks second in the top of the most phished brands for the
second half of 2010. Amongst the multitude of spam waves targeting the system is a message
originating from Romania that asks the user to confirm their data in order to unblock the account and
be able to get payments in due time.
Figure 16: PayPal Phishing Page hosted on fast-flux servers
Although the primary targets of cyber-crooks during the last half of 2010 have been social networks
and payment processors, online gaming communities such as Steam® and World of Warcraft® have
also been intensively exploited. Online gaming accounts are particularly marketable, as they contain
either serial numbers for games that can be re-sold through the notorious “OEM Software” portals, or
their resources (virtual gold and items) can be transferred to other players in exchange of real-world
money.
Vulnerabilities, Exploits & Security Breaches
Just like the first semester of 2010, the second half of the year was extremely rich in 0-day exploits
and security breaches. These flaws range from the “usual” Adobe 0-day exploits affecting the Reader
4
and Acrobat applications prior to version X to extremely sophisticated code taking advantage of
multiple vulnerabilities, as it was the case with the Stuxnet worm. August saw no less than 14 security
bulletins for Microsoft products, of which 6 have been labelled as Critical, an all-time record of hotfixes
to be issued on Patch Tuesday.
4
Version 10 of the popular PDF reader application has been sandboxed in order to isolate the
Reader’s processes from one another, as well as from the other processes on the system. By isolating
them, the application runs everything in an extremely confined environment with a minimum of
privileges on the respective machine.
25
26. H2 2010 E-Threats Landscape Report
Overview of Exploits
Early September brought into the spotlight a couple of 0-day flaws that have been simultaneously
exploited in the Stuxnet corporate espionage tool. Apart from the notorious (and already patched)
MS08-067 vulnerability used by the Conficker worm, Stuxnet brought into the game a new LNK
(Windows Shortcut) flaw identified by BitDefender as Exploit.CplLnk.Gen, a zero-day bug in the Print
Spooler Service that allows arbitrary code to be transferred and executed on a remote machine and
two other flaws that allow elevation of privileges for malicious code to run as administrator. The
impressive number of infections worldwide has propelled the Control Panel link exploit to the ninth
place in the BitDefender H2 2010 malware top.
Popular media player Winamp has also been slammed with four critical vulnerabilities in the 5.x
branch, which allow a remote user to successfully open a backdoor. The exploit code is embedded
into a malformed MTM file and only triggers when the specific file gets loaded into the playlist or its
properties are viewed.
Internet browsers have also had a hard time during the second half of the year. Most of the exploit
packs that sell on underground forums, such as Eleonore and Crimepack, are equipped with malicious
5 6
code to exploit flaws in Internet Explorer and Firefox browsers.
Late October also brought a series of exploits designed for Mozilla Firefox versions 3.5 and 3.6. The
exploit code has been planted via iFrame injections on a series of high-profile websites such as the
Nobel Prize webpage, among others. This specific exploit involves triggering a use-after-free error, a
technique that has been successfully used by attackers in the IE8 Exploit in January, commonly
known as Operation Aurora.
Another important 0-day bug on the Windows platforms has been discovered in late November and
affects the Windows kernel itself. The vulnerability allows an attacker to bypass the User Account
Control on systems running Windows Vista and Windows 7. A working proof of concept example,
along with a step-by-step exploitation how-to has been available on an extremely popular
programming forum for a couple of hours.
The exploit code relies on takes advantage of a programming flaw in the NtGdiEnableEudc() function
in wi32k.sys. The proof of concept code author iterates through the open processes via
IoGetCurrentProces() and looks for services.exe. When it is found, it copies its security token and
overwrites the security token of another process (in this case, the piece of malware).
5
These crimepacks include two exploit codes for Internet Explorer: MS09-002 (Internet Explorer 7
exploit 1/2009) and MDAC – ActiveX (Internet Explorer exploit, 3/2007).
6
The only exploit for Firefox included in the Eleonore pack targets a vulnerability from 2005. New
browsers are not vulnerable anymore to the Eleonore code.
26
27. H2 2010 E-Threats Landscape Report
Other Security Risks
In August security researchers have discovered a vulnerability in the way a multitude of applications
are designed. This DLL loading flaw – also known as “binary planting” – affects the way applications
try to load one or more DLL files from folders outside of the Windows directory. Shortly put, an
attacker can run malicious code when a vulnerable file type is opened from within a directory
controlled by the attacker.
This kind of exploitation is particularly possible when users run or load files from an extracted archive,
a remote network share or a USB drive, even if the file opened by the user does not contain
executable code.
To date, multimedia players are the most likely to be exploited, since the user perceives avi and mp3
file formats as safe. However, when loading them from a remote shared folder, the multimedia player
will first look for and load one or more DLL files from the same directory as the opened file.
E-Threat Predictions
Year 2010 has been full of unexpected surprises in terms of security. The e-threat landscape has
witnessed new and unusual activity, such as the advent of the Stuxnet worm. Also, the recent events
related to the Wikileaks scandal has triggered a massive wave of protest from select groups of internet
users, who turned their Low-Orbit Ion Canons against the institutions that withdrew support for
Wikileaks or publicly condemned their actions.
The massive wave of distributed denial-of-service attacks has paralyzed network activity for Internet
service providers, payment processors and government websites. Unlike regular DDoS attacks which
rely on infected computers to launch the bulk of packets against their victim, this was a voluntary,
coordinated effort of millions of users who willingly surrendered their computers to unknown persons
to provide the necessary attack power.
Botnet Activity
For years, botnets have represented the backbone of the malware industry. These hordes of
zombified computers can be used to send spam, launch DDoS attacks, provide 0-cost webhosting for
phishing pages and malware, or to offer proxies for credit card fraud. The recent termination of the
SpamIt service has dramatically reduced the amount of spam sent throughout the infected bots, yet it
has not disturbed the botnet infrastructure in any way.
27
28. H2 2010 E-Threats Landscape Report
Throughout 2011, new spam affiliate programs will emerge, while the existing ones will consolidate,
and spam production will ramp up to “normal levels”, with medicine spam as top product.
Along with conventional botnets comprised of infected computers, new threats will emerge from
botnets created with users’ consent. These networks of computers will likely focus of performing
DDoS attacks as forms of social protest against institutions that regulate the use of the Internet.
Malicious Applications
During 2011, malware authors will pay special attention to making their creations as stealthy as
possible. The highly successful debut of malware signed with genuine stolen digital certificates or with
counterfeit ones (as seen in Stuxnet and various variants of ZBot) will likely continue in 2011. Since
some security solutions traditionally skip digitally-signed binaries from scanning, this approach allows
the malware to install kernel-mode drivers even on Windows Vista and Windows 7.
Rogue everything: rogue antivirus software is hardly news. Since 2008, rogue AV hasn’t evolved
much and users have started to tell the difference. 2011 will bring an even larger offering of utilities,
ranging from rogue disk defragmenters to tune-up applications.
Social Networking
Social networking is becoming a global phenomenon: in less than 6 months, Facebook’s user base
jumped from 400 to 500 million of active accounts, which post and update a great pool of personal
data. Phishers may corroborate data from the social networking profiles with current workplaces and
whereabouts to launch high-profile social engineering attacks and plant advanced persistent threats in
corporate networks and use them for industrial espionage or for illegal purposes. BitDefender
estimates that 2011 will bring a larger number of rogue applications and plugins for social networks,
which will try to capitalize on the user by redirecting them to surveys or persuading them into installing
adware.
Other Threats
Widespread access to HTML 5 as an incipient technology will offer the user new ways to interact
with the online media. Since HTML 5 is currently implemented across all major browsers, it might
become universally exploitable regardless of the operating system platform the browser runs on.
28
29. H2 2010 E-Threats Landscape Report
0-day exploits will also play a key role in the malware distribution circuit for 2011. With cyber-crime
packs such as Eleonore, Crime Pack, Fragus, Siberia and the upcoming Ares exploit kit licensed to
thousands of users, malware creation has become accessible to anyone, regardless of their level of
technical knowledge.
Cross-platform malware: the emergence of the Java-based Boonana Trojan
(Java.Trojan.Boonana.A) that affects both Mac OS X and Windows users has proven to be a
successful experiment in writing one piece of malware for two of the most prominent operating
systems in the world. It is likely that the number of multi-platform worms and Trojans will continue to
grow during 2011.
Mobile Operating Systems
Smartphones are rapidly gaining market share and the increased presence of hotspots in urban
areas is already offering unlimited Internet connectivity to mobile users. This will increase the
number of phishing attempts taking advantage of the limited screen space on the mobile phone’s
display to trick the user into disclosing sensitive information while shopping or performing e-banking
transactions.
The rapid rise of Google’s Android operating system and the availability of an intuitive software
development kit will simplify malware writers’ efforts to create rogue applications for both Android-
based phones and the upcoming Android-based tablet PCs.
Malware targeting Android phones is already here. There are a number of fake applications that dial
to premium-rate numbers, as well as a botnet-capable latest e-threat dubbed “Geinimi” that steals
personal data and contacts. Since Android is an open-source operating system which is also
extremely flexible it won’t take long for malware authors to bring up malware that takes full control
over the infected phone.
29