SlideShare una empresa de Scribd logo

SunbeltLabs Quarterly Briefing Malware Unmasked

N
nicholaskeuning

SunbeltLabs

Tecnología
1 de 12
Descargar para leer sin conexión
Presents a Quarterly Briefing: Turn the Tables on the Bad Guys,  Malware Unmasked
Agenda Dodi Glenn, Malware Response Manager Brian Jack, Lead Security Analyst • Current threats, what's prevalent Some of the most dangerous and complicated threats in the wild • How application vulnerabilities leaves the door open Malicious PDFs & rogue AV • Best Practices‐Protection and Remediation How to protect your network Using tools like Sunbelt’s CWSandbox™ as part of a cyberdefense strategy  for  your enterprise • Q & A
Current Threats Significant rise in PDF Exploits • In Q4 2009, 80% of in the wild  exploits were from PDFs¹ • 20 Software Flaws (CVE) issued for  Adobe Reader for the past 3  months² ¹ ScanSafe ²Nist.Gov
Current Threats Target attacks 2009 Source: F‐Secure
Zero‐day Detections SunbeltLabs Daily Detections 18000 16000 14000 12000 Samples 10000 Total  Daily Detections Detected Using CWSandbox 8000 Detected By AV Scanners 6000 4000 2000 0 1 2 3 4 Day
Current Threats Distribution Vectors • “Drive‐by” Infections are becoming  more prevalent  • Tools to create malicious  PDFs Readily available online • Exploit kits YES, Eleonore, and  Neosploit Purchasing on black market  & require little to no  programming skills to  operate
Current Threats What is the typical payload? • PDF exploits Drops rogue AV downloaders or  backdoors ie. Zbot • Specific rogues Antispyware Soft and Digital  Protection are distributed by  malicious PDFs • Antispyware Soft changes proxy  settings Routing traffic to malware’s C & C
Best Practices Layered Security • Application Security Disable JavaScript  support in Adobe  Reader Disable “PDF in  Browser” • OS Security Machines are updated  and patched • Use Anti‐virus AV software is  installed and updated
Turn the Tables  Resources • Free Sunbelt Tools Public sandbox http://SunbeltSandbox.com VIPRE Rescue http://live.sunbeltsoftware.com • SunbeltLabs Licensed Tools CWSandbox‐in house  analysis ThreatTrack™‐data feeds
Malware Unmasked CWSandbox can analyze almost any file Non‐Executables Executables •Flash •pdf •gif •exe •HTML •doc  •mp3 •bat •JavaScript •xls •wmv •dll •JavaApplets •ppt •avi •com •URLs •mdb Extensive logging and reporting of all analysis data:
Analyst vs. CWSandbox Analyst CWSandbox • Multiple Applications  • 1 Application  • Multiple Reports • 1 Report • ½ Hour – Days per Sample • Parseable reports • Multiple Platform Comparisons • 1 – 3 Minutes per Sample • Searchable Repository
Contact Us: oemsales@sunbeltsoftware.com CWSandbox: http://www.sunbeltsandbox.com Sunbelt Software: http://www.sunbeltsoftware.com © 2010 Sunbelt Software Inc. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.

Recomendados

Taking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept XTaking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept X
Sophos Benelux
 
Webcast: The Similarity Evidence Explorer For Malware
Webcast: The Similarity Evidence Explorer For Malware Webcast: The Similarity Evidence Explorer For Malware
Webcast: The Similarity Evidence Explorer For Malware
Invincea, Inc.
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
Invincea, Inc.
 
Sandbox
SandboxSandbox
Sandbox
ayush_nitt
 
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Invincea, Inc.
 
Sandboxing
SandboxingSandboxing
Sandboxing
Lan & Wan Solutions
 
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Benelux
 
Sandboxing
SandboxingSandboxing
Sandboxing
Lan & Wan Solutions
 

Recomendados

Taking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept XTaking the battle to Ransomware with Sophos Intercept X
Taking the battle to Ransomware with Sophos Intercept X
Sophos Benelux
 
Webcast: The Similarity Evidence Explorer For Malware
Webcast: The Similarity Evidence Explorer For Malware Webcast: The Similarity Evidence Explorer For Malware
Webcast: The Similarity Evidence Explorer For Malware
Invincea, Inc.
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
Invincea, Inc.
 
Sandbox
SandboxSandbox
Sandbox
ayush_nitt
 
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Webinar: Operation DeathClick: Uncovering Micro-Targeted Malvertising Against...
Invincea, Inc.
 
Sandboxing
SandboxingSandboxing
Sandboxing
Lan & Wan Solutions
 
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Benelux
 
Sandboxing
SandboxingSandboxing
Sandboxing
Lan & Wan Solutions
 
Sophos Security Day Belgium - The Hidden Gems of Sophos
Sophos Security Day Belgium - The Hidden Gems of SophosSophos Security Day Belgium - The Hidden Gems of Sophos
Sophos Security Day Belgium - The Hidden Gems of Sophos
Sophos Benelux
 
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
PaloAltoNetworks
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
Lan & Wan Solutions
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept X
Sophos Benelux
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...
Jisc
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy Anton
DevSecCon
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
What a locked down law firm looks like updated
What a locked down law firm looks like updatedWhat a locked down law firm looks like updated
What a locked down law firm looks like updated
Denim Group
 
Bescherm jezelf tegen ransomware
Bescherm jezelf tegen ransomwareBescherm jezelf tegen ransomware
Bescherm jezelf tegen ransomware
Sophos Benelux
 
Managing third party libraries
Managing third party librariesManaging third party libraries
Managing third party libraries
n|u - The Open Security Community
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
Andy Hoernecke
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
Sander Temme
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOps
Amazon Web Services
 
Proactive Security AppSec Case Study
Proactive Security AppSec Case StudyProactive Security AppSec Case Study
Proactive Security AppSec Case Study
Andy Hoernecke
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
Alert Logic
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
Stephan Chenette
 
Ce hv6 module 63 botnets
Ce hv6 module 63 botnetsCe hv6 module 63 botnets
Ce hv6 module 63 botnets
Vi Tính Hoàng Nam
 
The Near Future of CSS
The Near Future of CSSThe Near Future of CSS
The Near Future of CSS
Rachel Andrew
 

Más contenido relacionado

La actualidad más candente

From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
Stephan Chenette
 

La actualidad más candente (20)

Sophos Security Day Belgium - The Hidden Gems of Sophos
Sophos Security Day Belgium - The Hidden Gems of SophosSophos Security Day Belgium - The Hidden Gems of Sophos
Sophos Security Day Belgium - The Hidden Gems of Sophos
 
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept X
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy Anton
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
What a locked down law firm looks like updated
What a locked down law firm looks like updatedWhat a locked down law firm looks like updated
What a locked down law firm looks like updated
 
Bescherm jezelf tegen ransomware
Bescherm jezelf tegen ransomwareBescherm jezelf tegen ransomware
Bescherm jezelf tegen ransomware
 
Managing third party libraries
Managing third party librariesManaging third party libraries
Managing third party libraries
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOps
 
Proactive Security AppSec Case Study
Proactive Security AppSec Case StudyProactive Security AppSec Case Study
Proactive Security AppSec Case Study
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
 

Destacado

Activism x Technology
Activism x TechnologyActivism x Technology
Activism x Technology
WebVisions
 

Destacado (7)

Ce hv6 module 63 botnets
Ce hv6 module 63 botnetsCe hv6 module 63 botnets
Ce hv6 module 63 botnets
 
The Near Future of CSS
The Near Future of CSSThe Near Future of CSS
The Near Future of CSS
 
The Presentation Come-Back Kid
The Presentation Come-Back KidThe Presentation Come-Back Kid
The Presentation Come-Back Kid
 
How to Battle Bad Reviews
How to Battle Bad ReviewsHow to Battle Bad Reviews
How to Battle Bad Reviews
 
Activism x Technology
Activism x TechnologyActivism x Technology
Activism x Technology
 
Classroom Management Tips for Kids and Adolescents
Classroom Management Tips for Kids and AdolescentsClassroom Management Tips for Kids and Adolescents
Classroom Management Tips for Kids and Adolescents
 
The Buyer's Journey - by Chris Lema
The Buyer's Journey - by Chris LemaThe Buyer's Journey - by Chris Lema
The Buyer's Journey - by Chris Lema
 

Similar a SunbeltLabs Quarterly Briefing Malware Unmasked

Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...
Denim Group
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
 
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Phil Agcaoili
 
Failure Of Antivirus
Failure Of AntivirusFailure Of Antivirus
Failure Of Antivirus
amarnath
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
Invincea, Inc.
 
Application Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability ManagerApplication Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability Manager
Denim Group
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
Mike Spaulding
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSA
Denim Group
 

Similar a SunbeltLabs Quarterly Briefing Malware Unmasked (20)

Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...
 
Genomics Applications in the Cloud with the DNAnexus Platform
Genomics Applications in the Cloud with the DNAnexus PlatformGenomics Applications in the Cloud with the DNAnexus Platform
Genomics Applications in the Cloud with the DNAnexus Platform
 
Failure Of Antivirus
Failure Of AntivirusFailure Of Antivirus
Failure Of Antivirus
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Application Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability ManagerApplication Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability Manager
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
 
ThreadFix 2.1 and Your Application Security Program
ThreadFix 2.1 and Your Application Security ProgramThreadFix 2.1 and Your Application Security Program
ThreadFix 2.1 and Your Application Security Program
 
Android system security
Android system securityAndroid system security
Android system security
 
Internet Security in corporate environment
Internet Security in corporate environment Internet Security in corporate environment
Internet Security in corporate environment
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSA
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Último (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

SunbeltLabs Quarterly Briefing Malware Unmasked

  • 2. Agenda Dodi Glenn, Malware Response Manager Brian Jack, Lead Security Analyst • Current threats, what's prevalent Some of the most dangerous and complicated threats in the wild • How application vulnerabilities leaves the door open Malicious PDFs & rogue AV • Best Practices‐Protection and Remediation How to protect your network Using tools like Sunbelt’s CWSandbox™ as part of a cyberdefense strategy  for  your enterprise • Q & A
  • 3. Current Threats Significant rise in PDF Exploits • In Q4 2009, 80% of in the wild  exploits were from PDFs¹ • 20 Software Flaws (CVE) issued for  Adobe Reader for the past 3  months² ¹ ScanSafe ²Nist.Gov
  • 4. Current Threats Target attacks 2009 Source: F‐Secure
  • 5. Zero‐day Detections SunbeltLabs Daily Detections 18000 16000 14000 12000 Samples 10000 Total  Daily Detections Detected Using CWSandbox 8000 Detected By AV Scanners 6000 4000 2000 0 1 2 3 4 Day
  • 6. Current Threats Distribution Vectors • “Drive‐by” Infections are becoming  more prevalent  • Tools to create malicious  PDFs Readily available online • Exploit kits YES, Eleonore, and  Neosploit Purchasing on black market  & require little to no  programming skills to  operate
  • 7. Current Threats What is the typical payload? • PDF exploits Drops rogue AV downloaders or  backdoors ie. Zbot • Specific rogues Antispyware Soft and Digital  Protection are distributed by  malicious PDFs • Antispyware Soft changes proxy  settings Routing traffic to malware’s C & C
  • 8. Best Practices Layered Security • Application Security Disable JavaScript  support in Adobe  Reader Disable “PDF in  Browser” • OS Security Machines are updated  and patched • Use Anti‐virus AV software is  installed and updated
  • 9. Turn the Tables  Resources • Free Sunbelt Tools Public sandbox http://SunbeltSandbox.com VIPRE Rescue http://live.sunbeltsoftware.com • SunbeltLabs Licensed Tools CWSandbox‐in house  analysis ThreatTrack™‐data feeds
  • 10. Malware Unmasked CWSandbox can analyze almost any file Non‐Executables Executables •Flash •pdf •gif •exe •HTML •doc  •mp3 •bat •JavaScript •xls •wmv •dll •JavaApplets •ppt •avi •com •URLs •mdb Extensive logging and reporting of all analysis data:
  • 11. Analyst vs. CWSandbox Analyst CWSandbox • Multiple Applications  • 1 Application  • Multiple Reports • 1 Report • ½ Hour – Days per Sample • Parseable reports • Multiple Platform Comparisons • 1 – 3 Minutes per Sample • Searchable Repository
  • 12. Contact Us: oemsales@sunbeltsoftware.com CWSandbox: http://www.sunbeltsandbox.com Sunbelt Software: http://www.sunbeltsoftware.com © 2010 Sunbelt Software Inc. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.