SlideShare a Scribd company logo

Surfing the Internet Safely: Avoiding Online Threats

Download as PPTX, PDF
I
inf8nity

This document provides an overview of how the internet can be a dangerous place due to cybercriminal activities like hacking and malware. It discusses popular exploit kits that package exploits and deliver malware payloads through drive-by downloads. Criminal tactics discussed include purchasing exploit kits, trojans, and victims in online black markets to setup infection campaigns. The document demonstrates how these campaigns work through phishing emails and compromised websites to exploit vulnerabilities and infect victims. It emphasizes that everyone is a target and provides tips to help protect yourself like keeping software updated, using safe browsing practices, and disabling plugins when possible.

Technology
1 of 77
Surfing with Sharks: Why the Internet is a Dangerous Place
Who am I? WHAT MY FAMILY AND FRIENDS THINK I DO WHAT BEING A SECURITY PROFESSIONAL CAN SOMETIMES FEEL LIKE WHAT I FEEL LIKE I DO
DISCLAIMER: DO NOT TRY THIS AT HOME. VISITING THE SITES DISCUSSED IN THIS PRESENTATION OR USING THE CYBERCRIME TOOLS DISCUSSED COULD BE HAZARDOUS TO YOUR COMPUTERS HEALTH AND LEAD TO BEING CALLED BY AN INMATE NUMBER INSTEAD OF YOUR NAME!
AGENDA THREAT LANDSCAPE
AGENDA CRIMINAL TACTICS & TOOLS
AGENDA DEMOS
Why am I here?
Do You Use One of These?
What Do They All Share In Common?
So Let’s Think Like A Bad Guy
MOST SECURE? MOST TARGETED? 1 4 3 2 2 3 4 1
Some Definitions Hackers and Black Hats Vulnerabilities, Exploits, and Payloads
Exploit kits • Tools for hackers – Popular exploits packaged together with controls and add-ons • Web applications which deliver malware payloads • Many different exploit kits out there
Blackhole exploit kit • Most popular kit on the black market • Robust stat tracking • Malware as a service – Sign up for a hosted service – Customer support • Exploits for browser plugins: – Adobe Reader – Adobe Flash – Java
Invisibility • Exploit kits like to use “iframes” • What are “iframes”? • Like a picture frame, just mount it on a website • To hide the content just make the frame really small “0x0 pixels” small • Now the website can show malicious content from another website without anyone noticing
Drive-by Downloads • Most exploit kits use “Drive-by Downloads” • What are drive-by downloads? – “A download that happens without a person's knowledge, often spyware, a computer virus or malware.” – Wikipedia – A download that happens in the background without you seeing it – How does this work?
Regular Download
Drive-By Download
How Bad is it? • Recent Norton cybercrime report shows: • $388 billion worldwide over the past year in costs caused by cyber crime • 35% of that number was incurred by individuals and businesses from the U.S. • 141 victims per minute • Keep in mind: this was just the reported costs . For every reported event or incident there are countless others that go unreported.
How Bad is it for businesses? In 2010 Trend Micro did a survey: • Of 130 businesses: 100% had some type of active malware • 72% had evidence of botnets • 56% had data stealing malware (eg. keyloggers) • 42% had worms (self-propagating) Things have only gotten worse.
How Bad is it? 2010 2011 • 286,000,000+ New • 403,000,000+ New variants of Malware variants of malware • 45,926 Malicious Web • 55,294 Malicious web domains domains
You ARE Not alone • It is important to know who else is in the “water” • What do they want? • Where do they lurk? • How do they catch their prey? • How can you spot them and protect yourself?
Why me? • Would you ask a real shark “why!? ” • Online Sharks want: – Reputation – Power – Information – Money • Bottom Line - If you use the Internet, you are a target
So who are the sharks? • Organized Crime Syndicates based in ASIA and the former USSR • Small groups of Hackers in the US, Asia, or the former USSR • Hacking has evolved into a very sophisticated industry of malware production • "Cybercrime is one of the fastest growing and lucrative industries of our time,“ - - Dave Marcus, Director of Security Research for McAfee Labs.
Why? How? • How do hackers go about obtaining these tools? • What do they do with it? • Why would someone do this?
Becoming a Shark
How to become aa“hacker” How to become “shark” Victims Exploit Infection Payload
All you really need is money! • Purchase an exploit kit • Purchase a trojan • Purchase victims? – Phishing services – Traffic services • Profit
Victims Exploit Infection Payload Purchasing An Exploit Kit
Black Market Forums • Exploit kit advertisements on various black market forums • BlackHole the first exploit kit to introduce a hosted option – Let the “professionals” configure and host it for you! – The most popular option – Includes free domain and support! – Hosting spread around the world
Black Market Forums • Payment is usually through virtual currencies like Liberty Reserve or WebMoney • User reputation and forum escrow services!
Quality and Service • Creators of the kit funneled their revenue back into improving their product • Updated frequently with the latest vulnerabilities – November 2011 – Only a few days to add the latest Java “1-day” to the kit – “We’d never seen an exploit kit update itself to use the latest vulnerabilities that quickly.” – Bradley Anstis, M86 VP of Technical Strategy • Russian and English language support • Banner advertisements
FEATURES • Statistical widgets – Geolocation, operating system, browser, exploit, and more!
MAC FlashBack Trojan • Delivered by hacked WordPress blogs and social networking sites • Infected over 600,000 Mac users (1.8% of Macs) • Made from reversed engineered Windows update in February • Steals passwords and other info
FEATURES • Vulnerability Detection – Built-in engine determines which exploit to use • Traffic redirection script based on rules • OS, Browser, Plugins, Date
MORE FEATURES • Advanced payload and exploit obfuscation • Some examples…
NOW THAT YOU HAVE YOUR BLACKHOLE EXPLOIT KIT WHAT DO YOU DO?
Victims Exploit Infection Payload TROJANS AND RATS
Trojans and RATS “Exploit kit is the gun, the payload is the ammo” • Trojans, Remote Administration Tools – Usually client / server design – Client makes outgoing calls to server • What kind of features would make a good trojan? – Info stealing – Hard to detect / remove – File downloading and execution – Computer control – RAT protection? Self-defense?
Fake Anti-Virus • One use of the Trojan is to trick you into buying fake anti-virus
CarBerp • Banking Trojan – Man-in-the-Middle forms grabber – Screenshots, Downloaders – Facebook scam • Carberp Trojan popular choice with BlackHole – Stopav.plug • avg9, ESET NOD32 Antivirus 3.x/4.x, McAfee AntiVirus Plus 10, Microsoft Security Essentials – Passw.plug – Miniav.plug • ZeuS, Limbo, Barracuda, Adrenalin, MyLoader, BlackEnergy, SpyEye • Unlike most malware (ZeuS, SpyEye), Carberp is not marketed publicly
ZEUS • Another banking Trojan – Man-in-the-Middle keylogger and form grabber – Only targets Windows – Costs $700 - $15,000 • Estimated botnet size 3,600,000 (US only) • Cyber crime network discovered by the FBI on Oct. 1, 2010 – Stole ~$70,000,000 US • Source code leaked May 2011 – Custom versions and off-shoots released soon after
Bifrost • Let’s take a look at the Bifrost RAT
Victims Exploits Infection Payload Obtaining Victims
Obtaining Victims • We need people to visit our Blackhole Kit so we can infect them • Two methods: – Phishing / spam e-mails – Iframe Traffic Generation • Again, all you need is money!
Obtaining Victims
Obtaining Victims • “Phishers” are Getting Smarter
Iframe traffic • Purchasing compromised website traffic • WordPress blogs are a prime target – One infected blog got over 150,000 hits – Pilfered FTP credentials – Plugin vulnerabilities
How does this work? • Search Engine Poisoning / Optimization (SEO) – #1 Vector for Malware (40%)
Search Engine Poisoning
Obtaining victims • Two main methods: – Phishing and spam emails – Purchasing iframe traffic • SEO, Compromised websites
Victims Exploits Infection Payloads Putting It All Together SURFING WITH SHARKS
The final product • So we have our exploit toolkit, our payload, and a way of obtaining victims. • Let’s show an infection: – Firing off a phishing e-mail – Client-side exploitation – Payload delivery – Game over
Protecting yourself
Everyone is a Target • Windows, Mac… – Even Smartphones and Tablets! – New Drive-by attacking android smart phones discovered in May 2012
Protecting Yourself • Attackers use tricks like phishing, SEO, and drive-by downloads • Keep your OS, plugins, and anti- virus up-to-date • Use safe browsing practices – Inspect links, be overly cautious – Not necessarily strange websites
Other tips • Disabling or uninstalling Java, Flash • Disabling JavaScript – Mozilla Firefox NoScript
Any Questions?

Recommended

Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityStopTheHacker
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKelly Robertson
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
The most dangerous places on the web
The most dangerous places on the webThe most dangerous places on the web
The most dangerous places on the webJoel May
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya
 

Recommended

Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityStopTheHacker
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKelly Robertson
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
The most dangerous places on the web
The most dangerous places on the webThe most dangerous places on the web
The most dangerous places on the webJoel May
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya
 
Computer and internet security
Computer and internet securityComputer and internet security
Computer and internet securityhoshmand kareem
 
Presentation
PresentationPresentation
PresentationMohd Arif
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityAVG Technologies AU
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWAReScott Sutherland
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesQuick Heal Technologies Ltd.
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 

More Related Content

What's hot

Computer and internet security
Computer and internet securityComputer and internet security
Computer and internet securityhoshmand kareem
 
Presentation
PresentationPresentation
PresentationMohd Arif
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityAVG Technologies AU
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthAGILLY
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 

What's hot (15)

Computer and internet security
Computer and internet securityComputer and internet security
Computer and internet security
 
Presentation
PresentationPresentation
Presentation
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online Security
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
Malware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient TruthMalware on Smartphones and Tablets - The Inconvenient Truth
Malware on Smartphones and Tablets - The Inconvenient Truth
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
 
Internet security
Internet securityInternet security
Internet security
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted List
 

Similar to Surfing the Internet Safely: Avoiding Online Threats

Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesQuick Heal Technologies Ltd.
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationSecurity Innovation
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against RansomwareKevo Meehan
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoTouhami Kasbaoui
 
Ethical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedEthical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedKavin K
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 

Similar to Surfing the Internet Safely: Avoiding Online Threats (20)

Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entities
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Dos and Don'ts of Internet Security
Dos and Don'ts of Internet SecurityDos and Don'ts of Internet Security
Dos and Don'ts of Internet Security
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
 
Defend Your Company Against Ransomware
Defend Your Company Against RansomwareDefend Your Company Against Ransomware
Defend Your Company Against Ransomware
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
 
Ethical hacking : Beginner to advanced
Ethical hacking : Beginner to advancedEthical hacking : Beginner to advanced
Ethical hacking : Beginner to advanced
 
NPTs
NPTsNPTs
NPTs
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Surfing the Internet Safely: Avoiding Online Threats

  • 1. Surfing with Sharks: Why the Internet is a Dangerous Place
  • 2. Who am I? WHAT MY FAMILY AND FRIENDS THINK I DO WHAT BEING A SECURITY PROFESSIONAL CAN SOMETIMES FEEL LIKE WHAT I FEEL LIKE I DO
  • 3. DISCLAIMER: DO NOT TRY THIS AT HOME. VISITING THE SITES DISCUSSED IN THIS PRESENTATION OR USING THE CYBERCRIME TOOLS DISCUSSED COULD BE HAZARDOUS TO YOUR COMPUTERS HEALTH AND LEAD TO BEING CALLED BY AN INMATE NUMBER INSTEAD OF YOUR NAME!
  • 6. AGENDA DEMOS
  • 7. Why am I here?
  • 8. Do You Use One of These?
  • 9. What Do They All Share In Common?
  • 10. So Let’s Think Like A Bad Guy
  • 11.
  • 12. MOST SECURE? MOST TARGETED? 1 4 3 2 2 3 4 1
  • 13. Some Definitions Hackers and Black Hats Vulnerabilities, Exploits, and Payloads
  • 14. Exploit kits • Tools for hackers – Popular exploits packaged together with controls and add-ons • Web applications which deliver malware payloads • Many different exploit kits out there
  • 15. Blackhole exploit kit • Most popular kit on the black market • Robust stat tracking • Malware as a service – Sign up for a hosted service – Customer support • Exploits for browser plugins: – Adobe Reader – Adobe Flash – Java
  • 16. Invisibility • Exploit kits like to use “iframes” • What are “iframes”? • Like a picture frame, just mount it on a website • To hide the content just make the frame really small “0x0 pixels” small • Now the website can show malicious content from another website without anyone noticing
  • 17. Drive-by Downloads • Most exploit kits use “Drive-by Downloads” • What are drive-by downloads? – “A download that happens without a person's knowledge, often spyware, a computer virus or malware.” – Wikipedia – A download that happens in the background without you seeing it – How does this work?
  • 20.
  • 21. How Bad is it? • Recent Norton cybercrime report shows: • $388 billion worldwide over the past year in costs caused by cyber crime • 35% of that number was incurred by individuals and businesses from the U.S. • 141 victims per minute • Keep in mind: this was just the reported costs . For every reported event or incident there are countless others that go unreported.
  • 22. How Bad is it for businesses? In 2010 Trend Micro did a survey: • Of 130 businesses: 100% had some type of active malware • 72% had evidence of botnets • 56% had data stealing malware (eg. keyloggers) • 42% had worms (self-propagating) Things have only gotten worse.
  • 23. How Bad is it? 2010 2011 • 286,000,000+ New • 403,000,000+ New variants of Malware variants of malware • 45,926 Malicious Web • 55,294 Malicious web domains domains
  • 24.
  • 25. You ARE Not alone • It is important to know who else is in the “water” • What do they want? • Where do they lurk? • How do they catch their prey? • How can you spot them and protect yourself?
  • 26. Why me? • Would you ask a real shark “why!? ” • Online Sharks want: – Reputation – Power – Information – Money • Bottom Line - If you use the Internet, you are a target
  • 27. So who are the sharks? • Organized Crime Syndicates based in ASIA and the former USSR • Small groups of Hackers in the US, Asia, or the former USSR • Hacking has evolved into a very sophisticated industry of malware production • "Cybercrime is one of the fastest growing and lucrative industries of our time,“ - - Dave Marcus, Director of Security Research for McAfee Labs.
  • 28. Why? How? • How do hackers go about obtaining these tools? • What do they do with it? • Why would someone do this?
  • 30. How to become aa“hacker” How to become “shark” Victims Exploit Infection Payload
  • 31. All you really need is money! • Purchase an exploit kit • Purchase a trojan • Purchase victims? – Phishing services – Traffic services • Profit
  • 32. Victims Exploit Infection Payload Purchasing An Exploit Kit
  • 33. Black Market Forums • Exploit kit advertisements on various black market forums • BlackHole the first exploit kit to introduce a hosted option – Let the “professionals” configure and host it for you! – The most popular option – Includes free domain and support! – Hosting spread around the world
  • 34. Black Market Forums • Payment is usually through virtual currencies like Liberty Reserve or WebMoney • User reputation and forum escrow services!
  • 35. Quality and Service • Creators of the kit funneled their revenue back into improving their product • Updated frequently with the latest vulnerabilities – November 2011 – Only a few days to add the latest Java “1-day” to the kit – “We’d never seen an exploit kit update itself to use the latest vulnerabilities that quickly.” – Bradley Anstis, M86 VP of Technical Strategy • Russian and English language support • Banner advertisements
  • 36. FEATURES • Statistical widgets – Geolocation, operating system, browser, exploit, and more!
  • 37.
  • 38.
  • 39.
  • 40. MAC FlashBack Trojan • Delivered by hacked WordPress blogs and social networking sites • Infected over 600,000 Mac users (1.8% of Macs) • Made from reversed engineered Windows update in February • Steals passwords and other info
  • 41. FEATURES • Vulnerability Detection – Built-in engine determines which exploit to use • Traffic redirection script based on rules • OS, Browser, Plugins, Date
  • 42. MORE FEATURES • Advanced payload and exploit obfuscation • Some examples…
  • 43.
  • 44.
  • 45. NOW THAT YOU HAVE YOUR BLACKHOLE EXPLOIT KIT WHAT DO YOU DO?
  • 46. Victims Exploit Infection Payload TROJANS AND RATS
  • 47. Trojans and RATS “Exploit kit is the gun, the payload is the ammo” • Trojans, Remote Administration Tools – Usually client / server design – Client makes outgoing calls to server • What kind of features would make a good trojan? – Info stealing – Hard to detect / remove – File downloading and execution – Computer control – RAT protection? Self-defense?
  • 48. Fake Anti-Virus • One use of the Trojan is to trick you into buying fake anti-virus
  • 49. CarBerp • Banking Trojan – Man-in-the-Middle forms grabber – Screenshots, Downloaders – Facebook scam • Carberp Trojan popular choice with BlackHole – Stopav.plug • avg9, ESET NOD32 Antivirus 3.x/4.x, McAfee AntiVirus Plus 10, Microsoft Security Essentials – Passw.plug – Miniav.plug • ZeuS, Limbo, Barracuda, Adrenalin, MyLoader, BlackEnergy, SpyEye • Unlike most malware (ZeuS, SpyEye), Carberp is not marketed publicly
  • 50.
  • 51.
  • 52.
  • 53. ZEUS • Another banking Trojan – Man-in-the-Middle keylogger and form grabber – Only targets Windows – Costs $700 - $15,000 • Estimated botnet size 3,600,000 (US only) • Cyber crime network discovered by the FBI on Oct. 1, 2010 – Stole ~$70,000,000 US • Source code leaked May 2011 – Custom versions and off-shoots released soon after
  • 54.
  • 55.
  • 56.
  • 57.
  • 58. Bifrost • Let’s take a look at the Bifrost RAT
  • 59. Victims Exploits Infection Payload Obtaining Victims
  • 60. Obtaining Victims • We need people to visit our Blackhole Kit so we can infect them • Two methods: – Phishing / spam e-mails – Iframe Traffic Generation • Again, all you need is money!
  • 62.
  • 64.
  • 65. Iframe traffic • Purchasing compromised website traffic • WordPress blogs are a prime target – One infected blog got over 150,000 hits – Pilfered FTP credentials – Plugin vulnerabilities
  • 66.
  • 67. How does this work? • Search Engine Poisoning / Optimization (SEO) – #1 Vector for Malware (40%)
  • 69. Obtaining victims • Two main methods: – Phishing and spam emails – Purchasing iframe traffic • SEO, Compromised websites
  • 70. Victims Exploits Infection Payloads Putting It All Together SURFING WITH SHARKS
  • 71. The final product • So we have our exploit toolkit, our payload, and a way of obtaining victims. • Let’s show an infection: – Firing off a phishing e-mail – Client-side exploitation – Payload delivery – Game over
  • 72.
  • 74. Everyone is a Target • Windows, Mac… – Even Smartphones and Tablets! – New Drive-by attacking android smart phones discovered in May 2012
  • 75. Protecting Yourself • Attackers use tricks like phishing, SEO, and drive-by downloads • Keep your OS, plugins, and anti- virus up-to-date • Use safe browsing practices – Inspect links, be overly cautious – Not necessarily strange websites
  • 76. Other tips • Disabling or uninstalling Java, Flash • Disabling JavaScript – Mozilla Firefox NoScript

Editor's Notes

  1. You are probably asking yourself this question – I’m at an education technology conference – so why is a Security guy standing on the stage?
  2. Let me answer that for you!
  3. Well they all run one of these
  4. If all of these components share these things in common (for the most part) where would be the best place for me to attack?Bingo – Internet components!
  5. Quick show of hands – who thinks:- PC’s are the Safest?MAC’s are the Safest?Android Devices?iOS (iPhone/iPAD/iPod) Devices?Well in terms of safety while surfing the internet I would rank them as follows. Notice I didn’t say most secure. What if I asked “What is the Most Targeted?” What would that look like? You may be safer using a certain type of device but it is, in most cases, not due to a technology being more secure but really associated with it being less targeted. As use of these devices increases they will most certainly be targeted by cyber criminals.
  6. Exploit kits are packs containing malicious programs that are mainly used to carry out automated ‘drive-by’ attacks in order to spread malware. These kits are sold on the black market, where prices ranging from several hundred to over a thousand dollars are paid. Nowadays, it is also quite common to rent hosted exploit kits. Because of this, it is a competitive market with lots of players and many different authors.Source: “http://www.securelist.com/en/analysis/204792160/Exploit_Kits_A_Different_View”
  7. TheBlackhole kit in particular is A type of crimeware Web application developed in Russia to help hackers take advantage of unpatched exploits in order to hack computers via malicious scripts planted on compromised websites. Unsuspecting users visiting these compromised sites would be redirected to a browser vulnerability-exploiting malware portal website in order to distribute banking Trojans or similar malware through the visiting computer.Blackhole exploit kits are based on PHP and a MySQL backend and incorporate support for exploiting the most widely used and vulnerable security flaws in order to provide hackers with the highest probability of successful exploitation. The kits typically target versions of the Windows operating system and applications installed on Windows platforms.Some kits in the wild have been seen to call and exploit windows media player as well. The most probable reason for this is the fact that windows media player updates are usually shown as “optional updates” unless included in major updates such as service packs. With newer versions of the kit come upgrades in exploits, strategy, and functionality.
  8. In a normal download, you send requests and the website responds.If you send a download request, you often get a confirmation “Are you sure?” which you can visibly see as the user.So you see the download happening, as it saves to your computer.
  9. In a drive-by, while you interact or view the site, the site will start an invisible download to your computer.As a user, you won’t see it and you will have no indication of it occurring. It won’t ask you for your permission and you don’t know that the website is saving something to your computer.Once it’s done, your computer is now under the hacker’s control (invisibly).
  10. Visit compromisedWordPress blog – startcooking.comOnly indication of compromise is that Java starts up while visiting.Open up TaskManager and see cs8v0k.exe (Malware downloader) with garbled description.Soon that closes and efzi.exe starts up – same description – this is the malware bot.Infected! It’s that easy.
  11. Unlike the beach where lifeguards will post signs if a Shark has been sited or if someone is attacked – on the Internet you generally have no idea if Sharks are lurking in your area…so you need to remember that just like in the ocean --
  12. Exploit Kits are very specific to their name, they are meant to help exploit or hack users, what happens after exploitation really depends on what specific payload or malware is used after. In the wild it is very common to see info stealers combine with backdoors. This means access and information, hackers want resources weather it be information to sell for money or access to computers to use as a bot net. It is always possible that it could much more targeted such as espionage or personal reasons.The first Blackhole exploit kit appeared on the black market in August 2010 as a Web application available for sale on a subscription basis ($1,500 for an annual license).The question that will be answered coming up:How do you buy it?How much does the new one cost?Where can you buy it?Any examples? Forums, etc?What can you do with it?How would you use it?
  13. Visits liveblackhole site.Key is already in URL – starts removing the values in all the parameters and refreshes page – gets the main dashboard.Able to sort by date.Views hits by country, browsers, exploits, operating systems.
  14. Flashback is the name of a recent piece of malware out for macs which has been reported to have infected over 600,000 Mac users. This malware was made from a flash vulnerability found to affect the Windows operating system. Malware makers reversed engineered a Windows update in February of 2012 and produced another strain of malware for Macs. What does it do? This malware will steal passwords and other information through Web browsers and other applications and send the information back to the attackers over the internet. Earlier instances of this piece of malware disguised itself as a flash update but newer versions do not require any user interaction allowing for a silent installation and infection. Apple released updates which patched against this vulnerability 2 weeks after the malwares discovery. This rise in levels of malware for macs only emphasizes the need for safe user practices for both Windows and Mac users. Spohos recently release a study showing 20% of Mac computers carried at least one type of windows malware if not more. While Windows malware may not affect Mac computers they can still spread through them to other systems. Aside from the Windows targeted malware, every 1 in 36 Macs were found to be infected with malware designed for Macs. In these statistics a point to be made would be the fact that most infections could have been prevented through proper and regular use of antivirus software and safe practices. There is a free tool available through f-secure.com to automatically detect and remove the Flashback malware. http://www.f-secure.com/weblog/archives/00002346.html
  15. Stopav.plugvg8, avg9, arca2009, arca2008, avast5, ESET NOD32 Antivirus 3.x/4.x, ESET Smart Security 3.x/4.x, Avira Premium Security Suite, Avira AntiVir Premium, Avira AntiVir Professional, BitDefender Antivirus 2010, McAfee AntiVirus Plus 10, Microsoft Security Essentials, DrWeb
  16. This demo not yet uploaded.
  17. Severa is short for “Peter Severa,” a Russian who is listed at #5 onSpamhaus‘s Register of Known Spam Operations (ROKSO). According to Spamhaus, Severa is one of the longest operating criminal spam-lords on the Internet. Severa advertises his spamming services on several invite-only cyber crime forums.
  18. E-mail list of CIO’s, Presidents, COO’s, etc.Sold in 5 hours.
  19. Blackhat SEO uses techniques like hidden text, invisible / off screen divs, etc.
  20. So here is a quick example. What is more innocent than a crafty apple search? Well, in this google image search result five (5) of the top 14 returned results are actually links to site that will try to infect your computer if you click on the image. Google tries to protect you by putting the image in a frame and previewing it; however, the site uses specific tricks to automatically break out of the Google frame. At that point you would see a pop-up trying to convince you that your computer is infected with malware. Once infected the malware will try to convince you to purchase a removal tool and will also stage your computer for future control by the malware author.
  21. Open up Bifrost again like before.Our victim checks his e-mail and sees something wrong with his Facebook account.Once he clicks the link, he’s already infected. We can turn on a keylogger and steal his password as he types it in.We have full access to his computer, if we like. Full control – just from a click.
  22. This past May user “georgiabiker” of Reddit.com recently came across a new drive-by malware attack website that automatically downloads installation files to your phone upon browsing to the website. This new drive-by attack website lays down the foreshadowing of security trends and issues to come with android and other mobile operating systems. The drive-by attack utilized a malicious iframe injected into the website which could analyze the “User Agent” string of the users browser to see if the browsers operating system was of Android or not. Upon determining that the viewing browser was from an Android OS it would redirect users to a malicious Android installation file (APK).According to an analysis performed by Lookout Mobile Security, “Based on our current research,  NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy.” This means that this malware could be used to gain access to other devices and/or steal information. Figure 1 (Screenshots from redditor, Georgiabiker)This instance of Android drive-by malware appears to be in its early stages as it still depends on the user to install the deceivingly named malicious install file “update.apk”. As Android based malware and attacks evolve users will need to be ever more diligent. As with computers the best security practices are safe user browsing practices such as having “Unknown sources” setting disabled as well as a up to date antivirus programs.
  23. Drive-by download sites are one of the largest and growing threats on the internet. Attackers can use phishing to trick users to navigating to their malicious website or even infect legitimate websites compromising users as they trustingly go by. When you become a victim of a drive-by download attack many times the infection results in backdoors to your machine, theft of information, and/or malicious access to other devices within the same network. Use these tips and tricks to stay out of the statistics and in control of your own computer and information.Drive-by downloads usually attack browser plugins, keep plugins up-to-date. When you see the java icon in the corner saying there is an update available don’t ignore it. You can use websites such as https://browsercheck.qualys.com/ to scan plugins for updates and browsers for security issues. Keep antivirus up-to-date, sometimes it’s hard to tell if a link is malicious or a website compromised, at the least protect yourself with the latest virus signatures. Use safe browsing practices, the website isn’t going anywhere, take the time to check if you recognize the URL behind the links. You can usually see a links URL by hovering you mouse over the link. If you’re really unsure but need to visit the website you can scan the URL, websites such as the following will allow you to check if website has been reported to be an attack website:https://www.virustotal.com/#urlhttp://www.urlvoid.com/http://www.avgthreatlabs.com/sitereportsWhile it may make browsing a bit tedious it’s a safe practice to disable JavaScript in your browser and only allow JavaScript to run on websites you trust and recognize. If you’re a Firefox user use the NoScript Add-On.