Академический Документы
Профессиональный Документы
Культура Документы
Ecosystem
Hrvoje Dogan
IronPort Systems Engineer, Emerging Markets
Cisco IronPort Systems, LLC
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda
1. Recent Stories
USAid Website Hacked
Digg.com Serving Malicious Codecs
Conficker/Downadup Worm
Scareware Spyware
2. Threat Landscape
3. Web - #1 Threat Vector
4. A Bit of Good News
2
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Recent Stories
3
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
azerbaijan.usaid.gov
orderasia.cn/index.php 2
orderasia.cn/iepdf.php?f=old 3
fileuploader.cn/check/check.php
The malwares phone home location is a domain that was
exclusively used by the Russian Business Network (RBN) back in
January, 2008.
5
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Digg.com Serving Malicious Codec's
7
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Scareware Spyware
8
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Current Scareware Spyware Attacks
9
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Click Yes to Remove 2794 virii
10
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Security Threat Landscape
11
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Security Threat Landscape
12
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Web is #1
13
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
1. Whats on that Web Page
Web pages are like paint by numbers
1
1. Web pages return html
which indicates objects to
fetch
2. Objects are fetched from
specified location 2
15
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Mpack: Infection rates per country
16
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
3. Malware Defeats Anti-Virus Signatures
Race to Zero at DefCon Conference
17
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
4. Web Servers Vulnerable
18
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
4. Attack Vector: Vulnerable Web Servers
19
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
minnesotahomefinance.com web site
Loading
aarmrgdxrv.com
20
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Whats really happening
21
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Some Good News
22
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Some 2008 Good News
1. Intercage, a US hosting provider associated with the Russian
Business Network, was taken offline
Operated in US for years from San Francisco supporting all types of criminal activity
23
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Impact of McColo Shut Down
24
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Spam Volume Growth Reprieve
SenderBase Perspective
SenderBase provides
unparalleled visibility
30B+ queries daily
150+ email and Web parameters
30% of the Worlds Traffic
Cisco Network Devices
Global
SenderBase
Queries
25
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Spam Volume Growth Reprieve
SpamCop Perspective
26
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
27
Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential