8. Use multiple layers of reputation services 4 AV Exposure Layer inspection based on source (URL, domain) http://abc.com /xyz.exe Infection Layer inspection based on file content (code, hash) http://abc.com /xyz.exe
15. But like Prohibition, we’re not the main victims … … more likely, we’re unwitting accessories.
16. Today‘s Infection Chain Malware Writer Criminals Spyware/Trojan Downloader Web Drive By Downloader Email Spam Port Scan Vulnerabilities Infection Vector Spam & Phishing Dedicated Denial of Service Data Leakage Adware/Clickware Recruitment Activities Wait for Instructions Get Updates from Command & Control Fool the AV Host Management Host Infection HTTP IRC DNS Bot Herder Botnet Command & Controller
27. … and no small amount of money Online ad revenues of Google, Yahoo, Microsoft, & AOL are more than $8b per quarter … … click fraud is more than $5b per year.
32. … billions of times a day E-mail reputation queries 6.2 billion E-mail reputation blocks 4.4 billion Web reputation queries 41 billion Web reputation blocks 585 million Trend Micro Smart Protection Network Tuesday, 14 Sep. 2010
33. Protection from the Cloud E-mail (IP) Reputation Load 295 GB per day Web (URL) Reputation Load 1305 GB per day File (MD5) Reputation Load 334 GB per day