Embed Size (px)
Citation preview
1. Agenda (this one!) – check!
2. WW Phishing in the next (6, maybe 12) months
3. Phishing in Romania (2007-2009)
4. Why 2 & 3 ?
5. The current BitDefender approach
6. Other important aspects
7. This paper will have no conclusions slide so please pay attention! (yes, I’m talking to the guys in the back… where the power plugs are :p )
Agenda
WW Phishing in the next (6 - 12) months
• APWG on 2nd ½ of 2008
– Unique phishing reports submitted to APWG recorded a yearly high of 34,758 in October
– Unique phishing websites detected by APWG during the second half of 2008 saw a constant increase from July and in October reached a maximum of 27,739
IT WILL RISE!!,
or in Malcom Gladwell’s words: “This is going to tip” – (we trust him because he looks Einsteinian!
Phishing in Romania (2007-2009)
• 2007 – 7 attacks• 2008 – 26 attacks (50% targeting the same institution)• 2009 – 187 attacks already (98% targeting the same
institution)• 2009 – 1’st ½ … anyone want to make a prediction?
Don’t be fooled by randomness!
Now… why would anyone start phishing?
– With the current market turmoil, what's the easiest way to make a small fortune?
– Start off with a large one!
• Quote of the day (from a trader): "This is worse than a divorce. I've lost half my net worth and I still have a wife
• This market stinks so bad…that even Chuck Norris can’t make any money.
Well… I bet not anybody can phish!
Really… is must be more than this!!!
1. Open the yellow pages and pick someone
2. Search his name using a social media search-engine
3. If any SN profile found1. Download images, posts, comments, friend
2. Create a phishing attack customized for this exact person.
3. Continue with his friends
4. Complicated? Too much work? Dial 1-800 BOTNET for an army of computers to do this for you
PS: (success comes when the victim has profiles on more than one social network)
Current BitDefender Approach
• Technologies:• RBL• Website Forgery Detector• Signature Filter• Minutiae Analysis• Image Filter• AntiPharming Module
We protect: Spain, Germany, France, Italy, Romania and US (banks, SN accounts and webmail)…. For now….
The Matrix
We want to believe that this is proactive!
ebay paypal citybank whatever
account 2 1 1 2
card 0 1 1 0
user 1 1 1 1
password 2 2 2 2
phishing 1 1 1 1
ebay 1 0 0 0
and so on 2 1 2 1
Ignorance is bliss
• Showing the actual domain on which the page is hosted• Showing the real page that is being forged• Displaying information about the registrar, the
geographic location where the page is hosted and so on.• Requiring user confirmation before continuing loading
the page• Certificates challenge.
• We suggest all that AND, if possible, actually redirecting the user to the desired institution
Are you going to ask me something or
I will have to phish for questions???
