The document provides an overview of threats in the first quarter of 2012 according to McAfee Labs. It saw significant increases in many areas of malware and threats after declines in late 2011. Mobile malware targeting Android devices increased dramatically, reaching nearly 7,000 samples. Established rootkits like Koutodoor rebounded and the new ZeroAccess rootkit emerged. Signed malware and password-stealing Trojans also increased substantially. Spam volume grew early in the quarter but resumed its downward trend. The US continued to host the most malicious web content.
Since its debut, Android has quickly claimed significant market share in the mobile market. Unfortunately, such popularity (amongst other factors) makes Android a lucrative target for malware authors. New families and variants of malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new
families and variants discovered in Q1 2012 alone.
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
Malware detection techniques for mobile devicesijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to
the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In
this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.
Since its debut, Android has quickly claimed significant market share in the mobile market. Unfortunately, such popularity (amongst other factors) makes Android a lucrative target for malware authors. New families and variants of malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new
families and variants discovered in Q1 2012 alone.
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile
device became a must device for persons using information and communication technologies. In addition to
hardware rapid evolution, mobile applications are also increasing in their complexity and performance to
cover most the needs of their users. Both software and hardware design focused on increasing performance
and the working hours of a mobile device. Different mobile operating systems are being used today with
different platforms and different market shares. Like all information systems, mobile systems are prone to
malware attacks. Due to the personality feature of mobile devices, malware detection is very important and
is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and
analyze different malware detection techniques used for mobile operating systems. We will focus on the to
two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its
advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware
detection tool based on user profiling.
Malware detection techniques for mobile devicesijmnct
Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to
the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In
this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.
August was a big month for zero-day vulnerabilities, in which a total of 11 were reported. This is by far the largest number disclosed in a given month to-date.
Six of these zero-day vulnerabilities impact industrial control systems, devices used in industrial sectors and critical infrastructures, across five vendors. The vulnerabilities cover a wide range of possible attacks, including remote code execution and denial of service attacks.
Two further zero-day vulnerabilities were discovered in the Apple OS X operating system. When used in tandem, these two vulnerabilities can cause memory corruption in the OS X kernel and gain the attacker escalated privileges on the compromised computer.
These vulnerabilities come on the heels of a new OS X threat called OSX.Sudoprint. This threat exploits a local privilege escalation vulnerability in the OS X operating system, which was patched by Apple at the beginning of August. This threat comprised over 77 percent of the OS X threats we saw on OS X endpoints this month.
The 2015 Threat Report provides a comprehensive overview of the cyber
threat landscape facing both companies and individuals. Using data from 2015,
this report combines our observations on reported malware encounters with
threat intelligence, and identifies several key trends and developments.
The report introduces the Chain of Compromise as an analytical concept to
help readers, particularly those working in cyber security and information
technology roles, understand how attackers compromise security using
different combinations of tactics and resources. Some of 2015’s most prominent
threats, such as exploit kits, ransomware, and DNS hijacks, are discussed in
relation to this model, demonstrating how users become compromised by
modern cyber attacks.
Key findings discussed in the report include the establishment of worms,
exploits, and macro malware as trending threats; the increasing use of cryptoransomware
for online extortion; and an increase in the use and efficiency of
Flash vulnerabilities in exploit kits. The report also highlights the significance
of different cyber security events that occurred in 2015, including the discovery
of the XcodeGhost bug in Apple’s App Store, the exposure of the Dukes
advanced persistent threat group, and signs that the intersection between
geopolitics and cyber security is paving the way toward a cyber arms race.
Information on the global threat landscape is supplemented with details on
the prominent threats facing different countries and regions, highlighting the
fact that while the Internet connects everyone, attackers can develop and
distribute resources to selectively target people and companies with greater
efficiency
Symantec Intelligence Report December 2014Symantec
Welcome to the December edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
Security Trends to Watch in 2010 - A Mid-Year Status Check Symantec
As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions of what we expected to see in 2010. Now that we're half way through the year, we've taken a look back and evaluated ourselves based on how our forecasts have panned out thus far.
Malicious software, or malware in short, pose a serious threat to and can severely damage computer systems. A prime example of this was a ransomware that widely exploited a number of systems recently. Ransomware is a dangerous malware, which is used for extorting money and ransom from victims, failing which they could lose their data forever. In this paper, we used statistical analysis of Application Programming Interfaces (API) functions calls in order to detect ransomware adequately. First, we imported API functions calls for numerous ransomware and benign software applications samples, and saved them as strings in strings files. Subsequently, the imported API functions calls were counted and tabulated to generate a dataset. Then, we applied Chi-Square, Paired Sample t-test, and Correlation statistical analysis to our generated dataset. Our statistical analysis was able to detect ransomware effectively with almost 95% accuracy. In addition, we determined the relationship between each pair.
August was a big month for zero-day vulnerabilities, in which a total of 11 were reported. This is by far the largest number disclosed in a given month to-date.
Six of these zero-day vulnerabilities impact industrial control systems, devices used in industrial sectors and critical infrastructures, across five vendors. The vulnerabilities cover a wide range of possible attacks, including remote code execution and denial of service attacks.
Two further zero-day vulnerabilities were discovered in the Apple OS X operating system. When used in tandem, these two vulnerabilities can cause memory corruption in the OS X kernel and gain the attacker escalated privileges on the compromised computer.
These vulnerabilities come on the heels of a new OS X threat called OSX.Sudoprint. This threat exploits a local privilege escalation vulnerability in the OS X operating system, which was patched by Apple at the beginning of August. This threat comprised over 77 percent of the OS X threats we saw on OS X endpoints this month.
The 2015 Threat Report provides a comprehensive overview of the cyber
threat landscape facing both companies and individuals. Using data from 2015,
this report combines our observations on reported malware encounters with
threat intelligence, and identifies several key trends and developments.
The report introduces the Chain of Compromise as an analytical concept to
help readers, particularly those working in cyber security and information
technology roles, understand how attackers compromise security using
different combinations of tactics and resources. Some of 2015’s most prominent
threats, such as exploit kits, ransomware, and DNS hijacks, are discussed in
relation to this model, demonstrating how users become compromised by
modern cyber attacks.
Key findings discussed in the report include the establishment of worms,
exploits, and macro malware as trending threats; the increasing use of cryptoransomware
for online extortion; and an increase in the use and efficiency of
Flash vulnerabilities in exploit kits. The report also highlights the significance
of different cyber security events that occurred in 2015, including the discovery
of the XcodeGhost bug in Apple’s App Store, the exposure of the Dukes
advanced persistent threat group, and signs that the intersection between
geopolitics and cyber security is paving the way toward a cyber arms race.
Information on the global threat landscape is supplemented with details on
the prominent threats facing different countries and regions, highlighting the
fact that while the Internet connects everyone, attackers can develop and
distribute resources to selectively target people and companies with greater
efficiency
Symantec Intelligence Report December 2014Symantec
Welcome to the December edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
Security Trends to Watch in 2010 - A Mid-Year Status Check Symantec
As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions of what we expected to see in 2010. Now that we're half way through the year, we've taken a look back and evaluated ourselves based on how our forecasts have panned out thus far.
Malicious software, or malware in short, pose a serious threat to and can severely damage computer systems. A prime example of this was a ransomware that widely exploited a number of systems recently. Ransomware is a dangerous malware, which is used for extorting money and ransom from victims, failing which they could lose their data forever. In this paper, we used statistical analysis of Application Programming Interfaces (API) functions calls in order to detect ransomware adequately. First, we imported API functions calls for numerous ransomware and benign software applications samples, and saved them as strings in strings files. Subsequently, the imported API functions calls were counted and tabulated to generate a dataset. Then, we applied Chi-Square, Paired Sample t-test, and Correlation statistical analysis to our generated dataset. Our statistical analysis was able to detect ransomware effectively with almost 95% accuracy. In addition, we determined the relationship between each pair.
Sachitra ratna-darana
See my 5 blogs: P.V.Radhakrishna (parakri)cell:9966455872 -:
శ్రీ మేథా దక్షిణామూర్తి జ్యోతిష నిలయం : http://medhadakshinamurtyjyotishanilayam.blogspot.in/,
సాధన ఆరాధన : http://parakrijaya-parakri.blogspot.in/,
పరాక్రి పదనిసలు : http://jayaparakri.blogspot.in
తెలుగు పండిత దర్శిని : http://teluguteachers-parakri.blogspot.in/
See my Astrology Website:- http://telugujatakam.webs.com/
Medha Dakshinamurty Matrimony - బ్రాహ్మణ వివాహ సంబంధాలు - స్వయంవర వేదిక: http://medhadakshinamurtymatrimony.blogspot.in/
Welcome to the Threatsploit Report of covering some of the important cybersecurity events, incidents and exploits that occurred this month such as Application Security, Mobile App Security, Network Security, Website Security, API Security, Cloud Security, Host Level Security, Cyber Intelligence, Thick Client Security, Threat Vulnerability, Database Security, IOT Security, Wireless Security.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
In the first six months of 2012, the malware landscape remained relatively constant, with Trojan.AutorunInf, Win32.Worm.Downadup and Exploit.CplLnk as the top three e-threats worldwide. The first two pieces of malware are more than four years old and, even though the vulnerabilities that allow them to infect systems have been addressed, they still claim victims.
TrendLabs 2012 Annual Security Roundup: Evolved Threats in a “Post-PC” WorldInfinigate Group
Experts have been predicting the coming “post PC” era for a few
years. So the question has been, “when will we know that it’s
really here?” A simple answer is, we’ll know it’s really here when
cybercriminals move beyond the PC. By that measure, 2012 is truly
the year we entered the post-PC era as cybercriminals moved to
embrace Android, social media platforms, and even Macs with their
attacks.
The largest data breach reported in June resulted in the exposure up 1.3 million identities. This seems like a small number when compared to the 145 million exposed in the largest breach of May. However, while reported in June, this breach also took place during the month of May. This brings the total number of identities exposed in May to over 147 million, which is the second-worst month for data breaches in the last 12 months.
There was an average of 88 spear-phishing attacks per day in June. This appears to be a return of spear-phishing levels seen in the months of March and April, after the average per day dropped in May.
A relatively new OSX threat by the name of OSX.Stealbit.B topped our list of OSX malware, responsible for 25.7 percent of OSX threat found on OSX systems. This threat looks for specific bitcoin-related software on OSX computers and will attempt to modify the programs in order to steal bitcoins.
The number of Android variants per family reached the lowest levels seen in the last twelve months. While there was not a significant change in the number of families discovered in June, this may indicate that attackers have had more success with their current set of threats, reducing their need to create multiple variants.
June was a quiet month for vulnerabilities, where (only) 438 were reported—tying the lowest number reported in the last 12 months. There were no zero day vulnerabilities disclosed during the month.
Highlights from June 2014 Intelligence Report
Key Findings
There was an average of 88 spear-phishing attacks per day in June.
The number of Android variants per family reached the lowest levels seen in the last twelve months, at 18 variants per family.
The largest data breach reported in June took place in May, and resulted in the exposure of 1.3 million identities.
The Avast Threat Report provides an overview of global threat activity for Q1 2015.
Avast malware researchers and Avast customers work 24/7 to protect each other. Avast protects 230 million people worldwide in more than 186 different countries — we are present in more countries than McDonalds and protect more people than any other antivirus security provider.
The Q1 security report looks at the state of cyberthreats as it relates to Wi-Fi, PC threats, mobile threats, and the steady evolution of ransomware.
The report for Q1 2018 includes:
- WatchGuard Firebox Feed Trends. In this regular section, we analyze threat intelligence shared by tens of thousands of WatchGuard security appliances. This analysis includes details about the top malware and network attacks we saw globally throughout the quarter. Using that data, we identify the top attack trends, and how you might defend against them.
- Top Story: GitHub DDoS Attack In Q1 2018, attackers launched a record-breaking distributed denial of service (DDoS) attack against GitHub using a technique called UDP amplification. In this section we analyze this attack and describe how the lesser-known Memcached service allowed this huge amplification.
- Announcing The 443 Podcast Rather than our normal threat research section, this quarter we announce a new podcast from the WatchGuard Threat Labs team, and the authors of this report. Learn what this new podcast contains and come subscribe wherever podcasts are found.
- The Latest Defense Tips As usual, this report isn’t just meant to inform you of the latest threats, but to help you update your defenses based on the latest attacks. Throughout the report, we share defensive learnings and tips, with a summary of the most important defenses at the end.
This white paper explores the current state of cybercrime and what organizations can expect in 2013. Topics include malware development, hacktivism, DDoS attacks and online account takeover.
The first six months of 2011 have been placed under the sign of vulnerabilities and data breaches. While the malware landscape has witnessed little to no significant changes or epidemics, the numbers of data breaches and outages have increased considerably during the monitored period. IT security companies have been the primary targets of cybercriminals in an attempt to take them offline and, at the same time, to diminish their expertise in the eyes of their customers. Two of the most important IT security vendors that have been slammed with such attacks are HBGary and RSA, the security division of EMC.
Another major data leak followed by almost one month of outage was the Sony PlayStation Network incident, which exposed credit card details of about two million PSN users. The data leak was disclosed with a significant delay. The damage inflicted to users is yet to be estimated.
Significant outages have also happened in Egypt, following the massive wave of protests that took place on January 28. In order to prevent demonstrations and protests, the Egyptian government had all the local ISPs pull the plug on the Internet, thus rendering the bulk of electronic communications useless. The Internet blackout in Egypt has brought up endless debates on the importance of digital communications and the catastrophic results of outages.
Social networks have played a key role in maintaining a climate of insecurity. Although the number of e-threats especially designed to infect social network users (such as the infamous Koobface and Boonana worms) has dramatically decreased, cyber-criminals have focused their efforts on pushing an unprecedented number of rogue applications. The purpose of these virally/spreading applications is two-fold: on the one side, they redirect the users to websites where they are forced to fill in surveys; on the other side, these applications collect exhaustive information about their victims and their friends, which are later used in targeted spam and phishing campaigns.
Objectives- Research and analyze malware- Post must be at least 200 wo.pdfAugstore
Objectives: Research and analyze malware. Post must be at least 200 words.
Background / Scenario: Malware, or malicious software, refers to a variety of malicious software
programs that can be used to cause harm to computer systems, steal data, and bypass security
measures. Malware can also attack critical infrastructure, disable emergency services, cause
assembly lines to make defective products, disable electric generators, and disrupt transportation
services. Security experts estimate that more than one million new malware threats are released
each day. McAfee Labs Threats Report 2019 indicates the discovery of new ransomware
techniques, the exposing of billions of accounts through high profile data dumps, significant
HTTP web exploitation, defects in Windows, Microsoft Office, and Apple iOS, and continued
attacks on IoT personal devices. Find the most current version of the report by doing a web
search for McAfee Labs Threats Report or the 2022 Consumer Mobile Threat Report.
Instructions: Conduct a Search of Recent Malware and Report on your Findings Using your
favorite search engine, conduct a search for recent malware. During your search, choose one
example of malware, include the type of malware, and discuss details on what each does, how it
is transmitted and the impact it causes. Examples of malware types include: Ransomware,
Trojan, Hoax, Adware, Malware, PUP, Exploit, Exploit Kit and Vulnerability. Search for
malware by visiting the following websites using the following search terms: McAfee Threat
Center Threat Landscape Dashboard Malwarebytes Labs Threat Center (Top 10 Malware)
Securityweek.com > virus-threats > virus-malware Technewsworld.com > security > malware
Compile your findings into this Discussion post. Include any resources or references..
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
2. McAfee Threats Report: First Quarter 20122
Table of Contents
Mobile Threats 4
Malware Threats 6
Signed Malware 9
Messaging Threats 11
Botnet Breakdowns 13
Network Threats 17
Web Threats 20
Cybercrime 23
Crimeware tools 23
Bots and botnets 24
Actions against cybercriminals 24
Hacktivism 26
About the Authors 27
About McAfee Labs 27
About McAfee 27
3. 3
The Greek philosopher Heraclitus, known for his doctrine of change as central to the universe, once
wrote that “everything flows, nothing stands still.” The first quarter of 2012 embodies Heraclitus’
doctrine in almost all areas of the threat landscape. Although we observed declines in the numbers
of many areas of malware and threats at the end of 2011, this quarter is almost its polar opposite.
PC malware had its busiest quarter in recent history, and mobile malware also increased at a huge rate.
We saw growth in established rootkits as well as the emergence of several new families. Many of the
familiar malware we analyze and combat rebounded this quarter, but none more so than password-
stealing Trojans. In this edition of the Threats Report we introduce our tracking of new threats such as
the ZeroAccess rootkit and signed malware. We also have prepared our most detailed breakout to date
of network attacks.
Spam volume grew again early in the quarter but then resumed its downward trend. We saw an increase
in malware targeting the Mac. The trend was not extreme, but the growth is there nonetheless.
Despite spam numbers remaining relatively low around the world, we still see diversity and growth in
certain geographies, including Germany and China. New botnet infections leveled off during this period,
though several countries, especially Spain and Japan, showed growth.
The United States once again hosted the greatest amount of malicious web content in the world. You
will note this trend as well in our expanded network-based attack section, which contains detailed
geographical breakdowns from the perspective of both attackers and victims. Active malicious URLs
continued the upward growth that was clearly established the previous quarter. The web is a dangerous
place for the uninformed and unprotected.
Java and Flash exploits were popular in crimeware tools and toolkits this quarter. Law enforcement made
some very significant arrests and moves against cybercriminals and hacktivists. The most famous are
probably the kelihos/waledac botnet takedown and the very public arrests of members of Anonymous
and LulzSec. It is always a positive thing to see successful legal action in these areas, although other
threats will remain with us.
Threats continue to evolve, and attackers continue to push the envelope. We remain vigilant in
defending against them.
McAfee Threats Report: First Quarter 2012
4. 4 McAfee Threats Report: First Quarter 2012
Mobile Threats
This quarter we report a large increase in mobile malware. The jump was targeted almost solely at the
Android platform. Hundreds of Android threats in the middle of 2011 have moved into the thousands
this year. Due to significant improvements in our ability to collect, process, and detect mobile malware,
the count further accelerated this quarter: Android threats now reach almost 7,000, with more than
8,000 total mobile malware in our database.
201220112010200920082007200620052004
Total Mobile Malware Samples in the Database
0
2,000
4,000
6,000
8,000
10,000
Q1
2011
Q2
2011
Q3
2011
Q1
2012
Q4
2011
Q4
2010
Q3
2010
Q2
2010
Q1
2010
New Mobile Malware
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
5. 5McAfee Threats Report: First Quarter 2012
Android
Symbian
Symbian 3rd Edition
Java ME
Others
Total Mobile Malware by Platform
The great majority of mobile attacks, and their malware, stem from and attack third-party markets,
particularly in China and Russia. In most cases, we do not find this malware in the official Android
market. Google’s app store has suffered from some incidents, but so far those counts are moderate.
McAfee Labs advises customers to use install software only from the official market. That step should
greatly reduce the risk of compromising your Android device.
This quarter we saw significant amounts of new adware and mobile backdoor malware, along with
some very simple premium-rate SMS-sending malware. Mobile adware displays ads on a victim’s phone
without permission. (This does not include ad-supported games or apps.) Adware ranges from wallpaper
with added sales pitches (Android/Nyearleaker.A) to fake versions of games that send visitors to
advertising sites (Android/Steek.A). Adware doesn’t necessarily reduce users’ security, but it does subject
them to unwanted ads.
Backdoor Trojans on Android have gotten a bit more sophisticated. Instead of performing just one action,
they use root exploits and launch additional malware. Android/FoncyDropper.A, for example, uses a root
exploit to gain control of the phone and launch an IRC bot that receives commands from the attacker. It
also sends premium-rate SMS messages based on the country of the SIM card.
In a similar vein, Android/Rootsmart.A uses a root exploit to download Android/DrdLive.A, a backdoor
Trojan that sends premium-rate SMS messages and takes commands from a control server.
Android/Stiniter.A uses a root exploit to download additional malware and sends information from the
phone to sites under the control of the attacker. It also sends text messages to premium-rate numbers.
The attacker’s control server updates the message body and the number the hijacked phone sends to.
This quarter, malware writers created one of the first destructive Android Trojans, Android/Moghava.A.
Instead of damaging apps or other executables this malware goes after photos. Moghava.A searches
for photos stored on the SD card, and adds the image of the Ayatollah Khomeini to each picture. The
malware is also a bit buggy, so it will continue to add to the pictures until there is no more space on
the card.
The writing is clearly on the wallpaper: We must protect all devices, mobile or otherwise, that have
valuable data. If not, today’s cybercriminals will be happy to handle it for us.
6. McAfee Threats Report: First Quarter 20126
Malware Threats
To kick off our malware discussion, we’ll crib Thin Lizzy and say that the boys are back in town. The
respite from the overall growth of PC-based malware that McAfee Labs saw throughout the past
two quarters of 2011 seems to have ended. We shouldn’t say just “ended”; in fact this period shows
the largest number of malware detected per quarter in the last four years! Going into 2012 we had
collected more than 75 million samples in our combined “malware zoo,” but with the tremendous
growth this quarter we have already topped 83 million pieces of malware. We don’t know when we will
top the 100 million mark, but it will certainly happen in the next few quarters. With increases in rootkits
and their functionality, signed malware, and rampant growth across most other threat vectors, 2012
might prove to be a bumpy year on the security superhighway.
Total Malware Samples in the Database
0
20,000,000
40,000,000
60,000,000
80,000,000
100,000,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Q1
2011
Q2
2011
Q3
2011
Q1
2012
Q4
2011
Q4
2010
Q3
2010
Q2
2010
Q1
2010
Q4
2009
Q3
2009
Q2
2009
Q1
2009
New Malware
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
8,000,000
Growth in rootkits bounced back this quarter, with more activity from Koutodoor, though it’s nowhere
near the malware’s height of 12 months ago. Beginning with this report, we break out the rootkit
ZeroAccess. This malware is already popular with cybercriminals and other malicious actors. Rootkits,
or stealth malware, are one of the nastiest classifications of malware. They have a heavy influence
on almost all other areas of malware and are designed to evade detection and “live” on a system for
prolonged periods.
8. 8 McAfee Threats Report: First Quarter 2012
New ZeroAccess Samples
0
50,000
100,000
150,000
200,000
250,000
Q1
2012
Q4
2011
Q3
2011
Q2
2011
Q1
2011
Q4
2010
Q3
2010
Q2
2010
Q1
2010
Q4
2009
Q3
2009
Q2
2009
Q1
2009
Let’s turn to our other “favorites”: Fake AV (bogus security software), AutoRun, and password-stealing
Trojans are still with us. The first two have continued to drop slightly while password stealers showed a
strong surge this quarter.
New Fake AV Samples
0
100,000
200,000
300,000
400,000
500,000
600,000
700,000
800,000
900,000
Q1
2012
Q4
2011
Q3
2011
Q2
2011
Q1
2011
Q4
2010
Q3
2010
Q2
2010
Q1
2010
Q4
2009
Q3
2009
Q2
2009
Q1
2009
New Autorun Samples
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
Q1
2011
Q2
2011
Q3
2011
Q1
2012
Q4
2011
Q4
2010
Q3
2010
Q2
2010
Q1
2010
Q4
2009
Q3
2009
Q2
2009
Q1
2009
9. 9McAfee Threats Report: First Quarter 2012
New Password Stealers Samples
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
Q1
2011
Q2
2011
Q3
2011
Q1
2012
Q4
2011
Q4
2010
Q3
2010
Q2
2010
Q1
2010
Q4
2009
Q3
2009
Q2
2009
Q1
2009
Signed Malware
In an excellent McAfee Labs blog, senior researcher Craig Schmugar discussed why malware writers use
digital signatures with their malware:
“Attackers sign malware in an attempt to trick users and admins into trusting the file, but also in an
effort to evade detection by security software and circumvent system policies. Much of this malware
is signed with stolen certificates, while other binaries are self-signed or ‘test signed.’ Test signing is
sometimes used as part of a social engineering attack.”1
This quarter more than 200,000 new and unique malware binaries have been found with valid digital
signatures. In our 2012 Threats Predictions we foresaw that this technique, likely inspired by the success
of Duqu and Stuxnet, would rise.2
After three months it certainly seems to be coming to fruition.
Total Malicious Signed Binaries
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
DEC 1
2011
JAN 1
2012
NOV 1
2011
FEB 1
2012
MAR 1
2012
APR 1
2012
OCT 1
2011
SEP 1
2011
10. 10 McAfee Threats Report: First Quarter 2012
New Malicious Signed Binaries
0
20,000
40,000
60,000
80,000
100,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
Malware for Apple’s Mac continues to show consistent growth. As always, malware on the Mac appears
relatively tame when compared with PC malware, but malware can be written for any operating system
and platform. All users must take precautions.
New Mac Malware
0
100
200
300
400
500
600
700
Q1
2011
Q2
2011
Q3
2011
Q1
2012
Q4
2011
Q4
2010
Q3
2010
Q2
2010
Q1
2010
Q4
2009
Q3
2009
Q2
2009
Q1
2009
After its big spike in the middle of last year, Fake AV malware for the Mac has apparently found
some consistency.
New Mac Fake AV Malware
0
100
200
300
400
500
600
Q1
2012
Q4
2011
Q3
2011
Q2
2011
Q1
2011
Q4
2010
Q3
2010
Q2
2010
Q1
2010
11. 11McAfee Threats Report: First Quarter 2012
Messaging Threats
We noted in our last edition that we saw spam levels reach record lows at the end of 2011. Although
another spike occurred in January, by the end of the quarter spam levels had again fallen to the lows of
the previous period. In the last three months, we observed increases in China, Germany, Poland, Spain,
and the United Kingdom; but volumes in Brazil, Indonesia, and Russia declined. Despite global levels
dropping, spearphishing and spam are as dangerous as ever; consumers and businesses must remain
vigilant. The sophistication of today’s threats remains high.
0.0
0.5
1.0
1.5
2.0
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Global Email Volume, in Trillions of Messages
Monthly Spam
Legitimate Email
Spam Volume
Argentina
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
3,500,000
4,000,000
Australia
0
20,000,000
40,000,000
60,000,000
80,000,000
100,000,000
120,000,000
Brazil
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
China
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
18,000,000
Colombia
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Germany
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
12. 12 McAfee Threats Report: First Quarter 2012
Spam Volume
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
Italy
0
10,000,000
20,000,000
30,000,000
40,000,000
50,000,000
60,000,000
70,000,000
80,000,000
Indonesia
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
Japan
0
10,000,000
20,000,000
30,000,000
40,000,000
50,000,000
60,000,000
70,000,000
80,000,000
90,000,000
100,000,000
Russia
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
30,000,000
35,000,000
40,000,000
45,000,000
50,000,000
South Korea
0
20,000,000
40,000,000
60,000,000
80,000,000
100,000,000
India
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
Spain
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
United Kingdom
0
10,000,000
20,000,000
30,000,000
40,000,000
50,000,000
60,000,000
70,000,000
80,000,000
Venezuela
0
50,000,000
100,000,000
150,000,000
200,000,000
250,000,000
United States
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
13. 13McAfee Threats Report: First Quarter 2012
Botnet Breakdowns
Overall messaging botnet growth jumped up sharply from last quarter. Infections rose in Colombia,
Japan, Poland, Spain, and the United States. Indonesia, Portugal, and South Korea continued to decline.
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Global Botnet Infections
New Botnet Senders
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
40,000
45,000
50,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Argentina
0
2,000
4,000
6,000
8,000
10,000
12,000
14,000
16,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Australia
0
50,000
100,000
150,000
200,000
250,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Brazil
0
50,000
100,000
150,000
200,000
250,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
China
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
90,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Germany
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
India
14. 14 McAfee Threats Report: First Quarter 2012
New Botnet Senders
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Indonesia
0
5,000
10,000
15,000
20,000
25,000
30,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Japan
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Poland
0
50,000
100,000
150,000
200,000
250,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Russia
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
South Korea
0
10,000
20,000
30,000
40,000
50,000
60,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
United Kingdom United States
0
50,000
100,000
150,000
200,000
250,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Spain
15. 15McAfee Threats Report: First Quarter 2012
Many of the leading messaging botnets this quarter showed flat growth or a decline in new infections—
with the exception of Cutwail, which increased significantly.
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
Leading Global Botnet Infections
Bobax
Cutwail
Grum
Lethic
Maazben
Remember that new infections do not mean that current infections have gone away. Our breakdown
of botnets by country shows that many of these botnets are still quite active around the world, even
though the rate of new infections may be on the decline. Cutwail is the global leader in new infections
and in current infections except in Brazil, where Grum is most prevalent.
Australia Brazil China
Colombia Germany India
Japan Russia South Korea
Spain United Kingdom United States
Bobax
Cutwail
Grum
Lethic
Maazben
Others
Botnets
16. 16 McAfee Threats Report: First Quarter 2012
Spain United Kingdom United States
Bobax
Cutwail
Grum
Lethic
Maazben
Others
Botnets
As always, social engineering lures and spam subject lines vary greatly depending on the part of the
world in which we find them. Lures vary by month or season, often taking advantage of holidays,
sporting events, and tragedies. In Brazil, gambling-related spam was popular while drug-centric spam
was the top subject line in many countries. The United States, on the other hand, was plagued by bogus
domain system notifications (DSN). Different lures appeal to different cultures.
Gambling
DSN
Drugs
Diplomas
Adult Products
419 Scams
Brazil
419 Scams
DSN
Casinos
Drugs
Fashion
Lottos
Marketing
Newsletters
Phishing
Third Parties
Viruses
Watches
Spam Types
419 Scams
Adult Products
Diplomas
Drugs
DSN
Gambling
Newsletters
Phishing
Products
Third Parties
Viruses
Watches
Gambling
DSN
Drugs
Diplomas
Adult Products
419 Scams
Belarus
419 Scams
DSN
Casinos
Drugs
Fashion
Lottos
Marketing
Newsletters
Phishing
Third Parties
Viruses
Watches
France
Gambling
DSN
Drugs
Diplomas
Adult Products
419 Scams
Germany
Gambling
DSN
Drugs
Diplomas
Adult Products
419 Scams
India Indonesia
Gambling
DSN
Drugs
Diplomas
Adult Products
419 Scams
Pakistan
Gambling
DSN
Drugs
Diplomas
Adult Products
419 Scams
Russia South Korea
Gambling
DSN
Drugs
Diplomas
Adult Products
419 Scams
United Kingdom
Gambling
DSN
Drugs
Diplomas
Adult Products
419 Scams
United States Venezuela
17. 17McAfee Threats Report: First Quarter 2012
Network Threats
Is the United States the biggest source of cyberattacks? Determining the origination and attribution of
attacks is a complex business. Just a few years ago most customers, whether consumer or enterprise,
did not ask “Where did this attack come from?” or “Who is responsible for this attack?” Today we
hear these queries, yet it’s difficult to answer them accurately. Most attribution or attack sourcing relies
heavily on IP addresses and basic geographic functions. These elements are a good start, but no more
than a start because location or IP address does not imply identity or actor.
Many times a compromised machine is used as a proxy for spam, botnets, denial of service, or other
types of malicious activities. These machines can be located anywhere in the world and, judging by this
quarter’s numbers, many are located in the United States.
Let’s dig into a few areas as collected and analyzed from the McAfee Global Threat Intelligence™
network. We have also significantly expanded our network-based analysis reports for this quarter’s
Threats Report.
The leading network threats were again remote procedure call and SQL injection attacks. Cross-site
scripting threats dropped quite a bit, to 8 percent from 19 percent last quarter.
Remote Procedure Call
SQL Injection
Browser
Cross-Site Scripting
Others
Top Network Threats
For SQL Injection attacks, the United States took the top spot as the source of attacks as well as
the targets.
United Kingdom
United States
Venezuela
Germany
Netherlands
China
Turkey
South Korea
Others
Top SQL-Injection Attackers
18. 18 McAfee Threats Report: First Quarter 2012
United States
China
Germany
United Kingdom
Spain
South Korea
Japan
France
Others
Top SQL-Injection Victims
The United States by a large margin topped the list of sources of detected cross-site scripting (XSS)
attacks this quarter, and it was also the primary victim country, with Taiwan in second place.
United States
Taiwan
Canada
Germany
United Kingdom
Others
Top XSS Attackers
United States
Taiwan
Malaysia
China
Others
Top XSS Victims
19. 19McAfee Threats Report: First Quarter 2012
This quarter we have also added a view of top network botnet detections. The clear leader was
Mariposa, a financial botnet that steals credit card and banking data. Pushdo (an alias for Cutwail) was
a distant second.
Mariposa UDP Probe Packets
Pushdo SSL DoS
IRC Scans
SpyBot
Ainslot.B Traffic
Others
Top Botnet Detections
The United States topped another of our network lists. Almost half of new botnet control servers
detected by McAfee Global Threat Intelligence reside in the United States.
United States
China
Japan
Germany
United Kingdom
South Korea
France
Others
Top Botnet Control Servers
Botnet victims, also a new section for this report, were most prevalent in Venezuela, with the United
States well behind in second place.
Venezuela
United States
Chile
Colombia
Argentina
Morocco
Russia
Others
Top Botnet Victims
20. 20 McAfee Threats Report: First Quarter 2012
Web Threats
Websites can gain bad or malicious reputations for a variety of reasons. Reputations can be based on
full domains and any number of subdomains, as well as on a single IP address or even a specific URL.
Malicious reputations are influenced by the hosting of malware, potentially unwanted programs, or
phishing sites. Often we observe combinations of questionable code and functionality. These are several
of the factors that contribute to our rating of a site’s reputation.
Last quarter McAfee Labs recorded an average of 9,300 new bad sites per day. Including spam email
URLs, this figure reached 11,000 hits per day. During this period, however, the latter figure dropped to
9,000 hits per day.
APR 1
2012
JAN 1
2012
FEB 1
2012
MAR 1
2012
5,000
0
10,000
15,000
20,000
25,000
30,000
35,000
New Bad-Reputation URLs
Although the number of “bad” URLs is decreasing, the number of our customers being directed to
malicious websites is increasing. Last quarter, McAfee on average each day prevented a web-based
malware attack on one out of eight customers. (The other seven customers did not visit risky sites.)
This quarter, however, that ratio increased to one out of six customers. This number held constant
throughout the quarter and represents how successful cybercriminals are in redirecting users to their bad
sites. The vast majority of new malicious sites are located in the United States. Looking closely by region,
we can see that no area of the global Internet is without risk.
21. 21McAfee Threats Report: First Quarter 2012
Location of Servers Hosting Malicious Content
South Africa
Reunion
Morocco
Others
Africa
South Korea
China
Singapore
Asia/Pacific Region
Hong Kong
Indonesia
Others
Asia-Pacific
Australia
New Zealand
Australia and New Zealand
Netherlands
United Kingdom
Germany
Switzerland
France
Others
Europe and Middle East
Bahamas
Brazil
British Virgin Islands
Cayman Islands
Others
Latin America
United States
Canada
North America
22. 22 McAfee Threats Report: First Quarter 2012
The number of websites hosting malicious downloads or browser exploits is still increasing.
0
100,000
200,000
300,000
400,000
500,000
600,000
700,000
800,000
900,000
MAR
2012
FEB
2012
JAN
2012
DEC
2011
NOV
2011
OCT
2011
SEP
2011
AUG
2011
JUL
2011
JUN
2011
MAY
2011
APR
2011
MAR
2011
FEB
2011
JAN
2011
Active Malicious URLs
The number of websites delivering malware and potentially unwanted programs dropped by about a
third this quarter, with an average of around 4,200 new sites per day, compared with about 6,500 per
day during the fourth quarter of 2011.
0
2,000
4,000
6,000
8,000
10,000
12,000
14,000
16,000
18,000
20,000
JAN 1
2012
FEB 1
2012
MAR 1
2012
APR 1
2012
New Malware Sites
Phishing sites were unchanged from last quarter. We again identified an average of approximately
2,200 new phishing URLs per day this quarter. Phishing sites continue to pose a significant risk to
web surfers; more sites host phishing attempts than solely malicious downloads or spam.
0
2,000
4,000
6,000
8,000
10,000
JAN 1
2012
FEB 1
2012
MAR 1
2012
APR 1
2012
New Phishing Sites
23. 23McAfee Threats Report: First Quarter 2012
Cybercrime
Crimeware tools
This quarter, in addition to the usual updated exploit packs, a wave of newcomers appeared. At first
these crimeware tools heavily leveraged the October 2011 disclosure of the Java Rhino vulnerability
(CVE-2011-3544) but soon took advantage of two vulnerabilities from this year:
• The MIDI Remote Code Execution Vulnerability in Windows Multimedia Library (CVE-2012-0003),
resolved with the January MS012-004 security update.
• The Java Runtime Environment sandbox breach (CVE-2012-0507), remediated in mid-February
as part of the Oracle Java SE critical patch update advisory.3
This exploit is known as Java
AtomicReferenceArray.
In the following table only the Phoenix Exploit Kit includes the CVE-2012-0507 Java Atomic exploit.
However, on various blogs and forums, we’ve read about similar updates for BlackHole, Eleonore, and
Incognito. We expect many exploits kits to use this vulnerability in the coming months.
Name Origin Exploit Details
Sakura 1.0 Russia or Eastern Europe Three exploits including Java Rhino (CVE-2011-3544)
Hierarchy Russia or Eastern Europe 16 exploits, with two from 2011:
• Flash 10 (CVE-2011-0611)
• Java Rhino
Yang Pack
January
China Four exploits, including:
• Flash 10.3.181.x (CVE-2011-2110)
• Flash 10.3.183.x (CVE-2011-2140)
• Java Rhino
Zhi Zhu
February
China Five exploits, including:
• HTML+TIME (CVE-2011-1255)
• Flash 10.3.181.x
• Flash 10.3.183.x
• WMP MIDI (CVE-2012-0003)
Gong Da Pack
February
China Three exploits:
• Flash 10.3.183.x
• Java Rhino
• WMP MIDI
Phoenix Exploit Kit 3.1
March
Russia In our Threats Report for the fourth quarter of 2011,
we noted Version 3.0, which included the Java Rhino
exploit (CVE-2011-3544). Version 3.1 includes Java
Atomic (CVE-2012-0507).
We recommend the Kahu Security blog for those searching for details regarding the preceding
Chinese packs.
24. 24 McAfee Threats Report: First Quarter 2012
Bots and botnets
Underground forums offer numerous advertisements for botnet packages. The following tables show
that certain botnets command a premium:
Name Prices (in U.S. dollars)
Darkness by SVAS/Noncenz
Distributed Denial of Service
(DDoS) bot
Update to Version 10 in January: $120
Packages
• Minimum: DDoS bot, no free updates, no modules = $450
• Standard: DDoS bot, 1 month free updates, password grabber module = $499
• Bronze: DDoS bot, 3 months free updates, password grabber module, 1 free rebuild = $570
• Silver: DDoS bot, 6 months free updates, password grabber module, 3 free rebuilds = $650
• Gold: DDoS bot, lifetime free updates, password grabber and “hosts” editor modules, 5 free
rebuilds, 8% discount on other products = $699
• Platinum: DDoS bot, lifetime free updates, password grabber module, unlimited free rebuilds,
20% discount on other products = $825
• Brilliant: DDoS bot, lifetime free updates, unlimited free rebuilds, all modules for free, 25%
discount on other products = $999
Other:
• Rebuild (changing URLs) = $35.
• Sources = $3,500–$5,000
• Web-panel reinstallation (first time is free) = $50
Citadel5
Zeus variant, financial botnet
• Bot builder and admin panel = $2,399 plus $125 monthly “rent” (price as of December 2011)
• Automatic update facilities for antivirus evasion = $395. Each update costs $15.
THOR by TheGrimReap3r
Multipurpose peer-to-peer
botnet
• $8,000 for the package without modules. Discount of $1,500 for the first five buyers.
• Expected modules under development are advanced bot killer, DDoS, form grabber,
keylogger/password stealer, and mass mailer
Carberp
Financial botnet
• Loader, grabbers, all basic functionality (except for the following) = $2,500
• The preceding plus back-connect 500 connections and Internet Explorer and FireFox injection
= $5,000
• The preceding plus hidden browser (similar to VNC) = $8,000
The Carberp offer is surprising. It was dated March 21, yet on March 20 Russian authorities announced
the arrest of the Carberp gang. (Read the next section for more details.)
Actions against cybercriminals
During this quarter law enforcement and other good guys enjoyed some significant takedowns and
actions against cybercriminals. In January, Microsoft filed a complaint against a Saint Petersburg, Russia,
inhabitant suspected of controlling the Kelihos (alias Waledac) botnet.6
According to security maven
Brian Krebs, from 2005 to 2007 the suspect was a senior system developer and project manager for
a Russian antivirus firm named Agnitum.7
In an interview with the Gazeta.ru newspaper, the alleged
operator denied the charges.8
25. 25McAfee Threats Report: First Quarter 2012
A Russian citizen detained in Zurich, Switzerland, since March 2011 was extradited to New York in
January. Along with his son, who remains at large, he has been charged with eight counts of conspiracy,
mail fraud, wire fraud, computer fraud, aggravated identity theft, and securities fraud via bogus
websites since 2005.9
On March 16, the U.S. Secret Service, in coordination with U.S. Immigration and Customs Enforcement,
announced the results of “Operation Open Market” against 50 individuals allegedly engaged in crimes
such as identity theft and counterfeit credit card trafficking.10
The suspects were linked in a transnational
organized crime operating on multiple cyberplatforms, buying and selling stolen personal and financial
information through online forums. All of the defendants are said to be members, associates, or
employees of a criminal organization called Carder.su (which also includes Carder.info, Crdsu.su, Carder.
biz, and Carder.pro).
On March 20, the Russian Ministry of Internal Affairs and the Federal Security Service (FSB) announced
the arrest of eight alleged cybercriminals who reportedly stole more than 60 million rubles (US$2 million)
from at least 90 victims’ bank accounts with the help of the Carberp Trojan.11
Two men, arrested in May 2011, were charged in March in the United Kingdom with hacking into
Sony Music’s computers and stealing music valued at approximately GB£160 million.12
Britain’s Serious
Organised Crime Agency said the hacking reportedly took place last year just as other hackers accessed
the PlayStation Network, and downloaded personal information from 77 million registered users. This
case is not believed to be linked to Anonymous or LulzSec attacks.
This quarter, several Anonymous members or affiliates were the target of law enforcement operations.
After the LulzSec member “Sabu” pleaded guilty in August 2011 and cooperated with FBI, law
enforcement agents caught other top members of the computer hacking group. The suspects—who
included two men from the United Kingdom, two from Ireland, and two from the United States—were
indicted in the Southern District of New York.13
Earlier in the quarter, Interpol announced the arrest of
25 suspected members of Anonymous in Argentina, Chile, Colombia, and Spain.14
W0rmer and Kahuna,
two members of CabinCr3w, a hacker group close to Anonymous, were arrested on March 20 in the
United States.15
This quarter we saw that not only the police can disrupt cybercriminal operations. In a January post,
the famous researcher Dancho Danchev exposed the identity and data he discovered about a Russian
individual linked to the gang behind Koobface.16
Some days later, The New York Times disclosed four
other names that a group of security researchers had planned to announce.17
We close with Microsoft’s Operation B71, which focused on botnets using Zeus, SpyEye, and Ice-IX
variants. On March 23, Microsoft unveiled a joint lawsuit with the Financial Services Information Sharing
and Analysis Center (FS-ISAC) and the National Automated Clearing House Association (NACHA).
Microsoft and its agents captured four hours of network traffic and seized servers from two hosting
locations in Pennsylvania and Illinois. In addition, more than 1,700 domain names were analyzed to
understand their role in this business.18
26. 26 McAfee Threats Report: First Quarter 2012
Hacktivism
Aside from events surrounding the arrest of Sabu, attacks in reply to the forced closure of Megaupload
were the big news in hacktivism this quarter. Through Twitter accounts and press releases, Anonymous
claimed that its OpMegaupload had thousands of people taking part in the takedown of several
websites, namely those of the Department of Justice, Recording Industry Association of America, Motion
Picture Association of America, BMI, and the FBI. Perhaps more interesting is that in Europe Anonymous
was also able to mobilize their sympathizers in the street. Taking the closing of Megaupload as a
pretext, demonstrations organized by Anonymous protested on February 11 and February 25 against
the controversial SOPA, PIPA, and ACTA laws in more than 100 cities in about 15 countries. This was
certainly an interesting mix of digital-based hacktivism and physical world activism. Could this be a
portent of things to come?
Anti-ACTA demonstrations were widespread in Europe on February 11.
This quarter, we also noticed dozens of scattered operations around the globe. None had a great impact,
and it is difficult for us to highlight some of them:
• #OpGlobalBlackout on March 31 came and went with no global blackout. Security researchers were in
almost full agreement that it was never a technically feasible attack. However, it is interesting to note
the sheer amount of coverage and discussion this #Op generated. Anonymous continues to show it
can shape the news with its media savvy.
• The ArcelorMittal hack: Reacted to the decision to close down two blast furnaces in the Belgian city
of Liège19
• The Vatican DDoS: An attack not against Catholics around the world, but against the “corrupt”
Church20
• The Anonymous-OS Linux release immediately announced as a fake21
27. 27McAfee Threats Report: First Quarter 2012
About the Authors
This report was prepared and written by Zheng Bu, Toralv Dirro, Paula Greve, Yichong Lin, David Marcus,
François Paget, Craig Schmugar, Jimmy Shah, Dan Sommer, Peter Szor, and Adam Wosotowsky of
McAfee Labs.
About McAfee Labs
McAfee Labs is the global research team of McAfee. With the only research organization devoted to all
threat vectors—malware, web, email, network, and vulnerabilities—McAfee Labs gathers intelligence
from its millions of sensors and its cloud-based service McAfee Global Threat Intelligence™
. The McAfee
Labs team of 350 multidisciplinary researchers in 30 countries follows the complete range of threats
in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant
remediation to protect enterprises and the public.
About McAfee
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated
security technology company. McAfee delivers proactive and proven solutions and services that help
secure systems, networks, and mobile devices around the world, allowing users to safely connect to the
Internet, browse, and shop the web more securely. Backed by its unrivaled Global Threat Intelligence,
McAfee creates innovative products that empower home users, businesses, the public sector, and service
providers by enabling them to prove compliance with regulations, protect data, prevent disruptions,
identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly
focused on finding new ways to keep our customers safe. www.mcafee.com