DOCSLIB.ORG

Emerging Threats Emerging Threats

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Emerging Threats Emerging Threats Emerging Threats จตุพร พึ่งเสือ, system engineer [email protected] Agenda Wha t an d Where are Threa ts Threat Trends Year in Review Conclusion Who we are/ How Cisco can help BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Wha t an d Where are Threa ts Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 What? Where? Why? Wha t is a Threa t? An indication or warning of probable trouble Where are Threats? Everywhere you can, and more importantly, cannot think of Why are there Threats? • The almighty dollar (or euro), the underground cyber criidtiime industry is a growth in dus try • Political and nationalistic motivations BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Examples of Threats TtdHkiTargeted Hacking Vulnerability Exploitation Malware Outbreaks Economic Espionage Intellectual Property Theft or Loss Network Access Abuse Theft of IT Resources Denial of Service BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Areas of Opportunity Users k cc sta Applications ee th pp Network Services g u nn Operating Systems ovi MM BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Operational Evolution of Threats Emerging Threat Nuisance Threat Threat Evolution Unresolved Threat n Policy and oo Process Reactive Process Socialized Process Formalized Process Definition Reacti Mitigation Technology Manual Process Human “In the Automated Loop” Response Burden Evolution perational OO End-User ort End-User en No End-User “Help-Desk” Aware— pp Increasingly Self- Awareness Knowledge Know Enough to Call Burd Reliant Sup BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Operational Evolution of Threats Emerging Threat Nuisance Threat Threat Evolution Unresolved Threat n Policy and oo Process Reactive Process Socialized Process Formalized Process Definition Reacti Mitigation Technology Manual Process Human “In the Automated Loop” Response Burden Evolution perational OO End-User ort End-User en No End-User “Help-Desk” Aware— pp Increasingly Self- Awareness Knowledge Know Enough to Call Burd Reliant Sup “New”, Unknown, or Largest Volume of Problems PblProblems WHWe Haven ’t FfMtfDtDFocus of Most of Day to Day Solved Yet Security Operations BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Threa t T rend s Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Trends Evolution of intent The cybercrime industry Botnets Blended attacks/Next Generation Spam Phishing Port 80 Web 2. 0 abuse BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Evolution of Intent 2003 2004 2005 2006 2007 2008 2009 2010 Notoriety SQL Slammer Netsky, Bagle, MyDoom Fame Zotob Money Conficker, ZeuS, Koobface = Major Media Event BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Cybercrime Industry: In the Past Writers Asset End Value Tool and Toolkit Writers Compromise Fame Individual Host or Application Theft Malware Writers Worms Espionage Compromise (Corporate/ Viruses Environment Government) Trojans BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Cybercrime Industry: Today First Stage Second Stage Writers Abusers Middle Men Abusers End Value Tool and Hacker / Direct Fame Toolkit Attack Compromised Writers Host and Theft Application Malware Extortionist/ Espionage Writers (Corporate/ Machine DDoS-for- Bot-Net Creation Hire Government) Worms Harvesting Spammers/ Extorted Pay-Offs Viruses Bot-Net Management: Affiliates For Rent, for Lease, Commercial Sales Trojans for Sale Phishers Information FdltSlFraudulent Sales Spyware Personal Harvesting Information Pharmer/DNS Poisoning Click-Through Revenue Information Brokerage Internal Theft: Identity Theft Financial Fraud Abuse of Privilege Electronic IP Leakage $$$ Flow of Money $$$ BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 “Noise” Level Large Scale Worms Public Awareness Targeted Attacks 2000 2008 Time BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Cyber Crime Profit Level Targeted Illicit Dollars Attacks Gained Large Scale Worms 2000 2008 Time Source: ICR 2001, 2007 BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Botnets Botnet: A collection of compromised machines running programs under a common command and control infrastructure Building the Botnet: Many, many malcode vectors Controlling the Botnet: CtCovert-channe l o f some form; typ ica lly IRC or cus tom IRC-like c hanne l Historically have used free DNS hosting services to point bots to the IRC server Recent attempts to sever the command infrastructure of botnets has resulted in more sophisticated control systems Control services increasingly placed on compromised high-speed machines Redundant systems and blind connects are implemented for resilience (fast-flux) DkifBtlDo you know if Bots are loose on your ne tk?twork? See Infiltrating a Botnet http://www.cisco.com/web/about/security/intelligence/bots.html Source: www.wikipedia.com BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Next Generation Spam Growing in sophistication Targeted Blending email and web New vectors include: SMS vishing IM SPAM (SPIM) Extensive use of social engineering 3rd Generation SPAM doesn’t embed malcode or links (please open service ports into your network) 50% of users still open SPAM or click links BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Phishing and Its Variants Traditional phishing still in use Spear-ppghishing Targeted phishing attempts IT Admins Specific job roles Spppecific companies Whaling Phishinggp attempts specifically targeting a high value target C level execs BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Port 80 —The New Internet 50% of traffic is “easy to classify” Predictable traffic, Recognized domains 50% of traffic is “hardtoclassifyhard to classify” 110M sites, growing 40% annually Mixture of legitimate sites, spyware and malware e mm Big Head raffic Volu raffic TT Long Tail # of Sites BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Malware Threat Distribution Malware Infections EilEmail VtVector Web Vector Time Malware infection vectors are shifting from email to web BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Web 2 . 0 Abuse Commercial tools for account creation, posting, CAPTCHA*, IP rotation are readily available Targets popular sites and blogs including Gmail, Yahoo!, Twitter, Facebook and Craigslist Enables abuse of many services including webmail account creation for spamming *Completely Automated Public Turing test to tell Computers and Humans Apart. BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 What Does This Mean? Threats and criminals are faster, smarter & more covert Criminals have more vulnerabilities to exploit Criminals are evolving their thitechniques, users mus ttt stay current BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 YiRiYear in Review Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Cisco Cybercrime ROI Matrix BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Cybercrime Product of the Year! Fake AV is 15% of all malware - “Antivirus XP has found 2794 Google threats. It is recommended to proceed with removal” BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Criminal SaaS Offerings Expand Service dedicated to checking if a malware executable is detectable by AV engines: BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Cisco Cybercrime Showcase Winner Most Audacious Criminal Operation ZeuS BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 ZeuS: Banking Trojan prime example “$10 million lost in one 24-hour period.” “…[C]riminals have used the Internet to steal more than $100 million from U.S. banks so far this year and they did it without ever having to draw a gun or pass a note to a teller…I've seen attacks where there's been $10 million lost in one 24-hour period.” -Sean Henry, an assistant director of the FBI in charge of the bureau's cyber division. BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Automation of Targeted & Blended Attacks BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Why ZeuS? BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 What Happened in Kentucky? County treasurer had ZeuS malware on his PC Criminals stole credentials and logged in to bank accounts from treasurer’s PC Reconnaissance used to plan theft Mule recruitment via Careerbuilder.com Created mules as fictitious employees Mules receive $9700 and sent $8700 to Ukraine via Western Union Transactions were wire transfers <$10,000 Total of $415k stolen BRKSEC 2001 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Screen Injection Your browser NOT on ZeuS: Your browser on ZeuS: Courtesy Silver Tail Systems BRKSEC 2001 © 2010 Cisco and/or its affiliates. All
Load more

Recommended publications
  • Statistical Structures: Fingerprinting Malware for Classification and Analysis
    Statistical Structures: Fingerprinting Malware for Classification and Analysis Daniel Bilar Wellesley College (Wellesley, MA) Colby College (Waterville, ME) bilar <at> alum dot dartmouth dot org Why Structural Fingerprinting? Goal: Identifying and classifying malware Problem: For any single fingerprint, balance between over-fitting (type II error) and under- fitting (type I error) hard to achieve Approach: View binaries simultaneously from different structural perspectives and perform statistical analysis on these ‘structural fingerprints’ Different Perspectives Idea: Multiple perspectives may increase likelihood of correct identification and classification Structural Description Statistical static / Perspective Fingerprint dynamic? Assembly Count different Opcode Primarily instruction instructions frequency static distribution Win 32 API Observe API calls API call vector Primarily call made dynamic System Explore graph- Graph structural Primarily Dependence modeled control and properties static Graph data dependencies Fingerprint: Opcode frequency distribution Synopsis: Statically disassemble the binary, tabulate the opcode frequencies and construct a statistical fingerprint with a subset of said opcodes. Goal: Compare opcode fingerprint across non- malicious software and malware classes for quick identification and classification purposes. Main result: ‘Rare’ opcodes explain more data variation then common ones Goodware: Opcode Distribution 1, 2 ---------.exe Procedure: -------.exe 1. Inventoried PEs (EXE, DLL, ---------.exe etc) on XP box with Advanced Disk Catalog 2. Chose random EXE samples size: 122880 with MS Excel and Index totalopcodes: 10680 3, 4 your Files compiler: MS Visual C++ 6.0 3. Ran IDA with modified class: utility (process) InstructionCounter plugin on sample PEs 0001. 002145 20.08% mov 4. Augmented IDA output files 0002. 001859 17.41% push with PEID results (compiler) 0003. 000760 7.12% call and general ‘functionality 0004.
    [Show full text]
  • Éric FREYSSINET Lutte Contre Les Botnets
    THÈSE DE DOCTORAT DE L’UNIVERSITÉ PIERRE ET MARIE CURIE Spécialité Informatique École doctorale Informatique, Télécommunications et Électronique (Paris) Présentée par Éric FREYSSINET Pour obtenir le grade de DOCTEUR DE L’UNIVERSITÉ PIERRE ET MARIE CURIE Sujet de la thèse : Lutte contre les botnets : analyse et stratégie Présentée et soutenue publiquement le 12 novembre 2015 devant le jury composé de : Rapporteurs : M. Jean-Yves Marion Professeur, Université de Lorraine M. Ludovic Mé Enseignant-chercheur, CentraleSupélec Directeurs : M. David Naccache Professeur, École normale supérieure de thèse M. Matthieu Latapy Directeur de recherche, UPMC, LIP6 Examinateurs : Mme Clémence Magnien Directrice de recherche, UPMC, LIP6 Mme Solange Ghernaouti-Hélie Professeure, Université de Lausanne M. Vincent Nicomette Professeur, INSA Toulouse Cette thèse est dédiée à M. Celui qui n’empêche pas un crime alors qu’il le pourrait s’en rend complice. — Sénèque Remerciements Je tiens à remercier mes deux directeurs de thèse. David Naccache, officier de réserve de la gendarmerie, contribue au développement de la recherche au sein de notre institution en poussant des personnels jeunes et un peu moins jeunes à poursuivre leur passion dans le cadre académique qui s’impose. Matthieu Latapy, du LIP6, avec qui nous avions pu échanger autour d’une thèse qu’il encadrait dans le domaine difficile des atteintes aux mineurs sur Internet et qui a accepté de m’accueillir dans son équipe. Je voudrais remercier aussi, l’ensemble de l’équipe Réseaux Complexes du LIP6 et sa responsable d’équipe actuelle, Clémence Magnien, qui m’ont accueilli à bras ouverts, accom- pagné à chaque étape et dont j’ai pu découvrir les thématiques et les méthodes de travail au fil des rencontres et des discussions.
    [Show full text]
  • Symantec White Paper
    QUARTERLY REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: QUARTERLY Symantec Intelligence Quarterly July - September, 2009 Published October 2009 Technical Brief: Symantec Enterprise Security Symantec Intelligence Quarterly July - September, 2009 Contents Introduction . 1 Highlights . 2 Metrics. 2 Meeting the Challenge of Sophisticated Attacks . 8 Timeline of a zero-day event . 8 How secure are security protocols?. 11 Why attackers use packers. 14 Protection and Mitigation . 16 Appendix A—Best Practices . 18 Appendix B—Methodologies. 20 Credits . 24 Symantec Intelligence Quarterly July - September, 2009 Introduction Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network. More than 240,000 sensors in over 200 countries monitor attack activity through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management System, Symantec™ Managed Security Services and Norton™ consumer products, as well as additional third-party data sources. Symantec also gathers malicious code intelligence from more than 130 million client, server, and gateway systems that have deployed its antivirus products. Additionally, the Symantec distributed honeypot network collects data from around the globe, capturing previously unseen threats and attacks and providing valuable insight into attacker methods. Spam data is captured through the Symantec probe network, a system of more than 2.5 million decoy email accounts, Symantec MessageLabs™ Intelligence, and other Symantec technologies in more than 86 countries from around the globe. Over 8 billion email messages, as well as over 1 billion Web requests, are scanned per day across 16 data centers. Symantec also gathers phishing information through an extensive antifraud community of enterprises, security vendors, and more than 50 million consumers.
    [Show full text]
  • Ilomo Botnet a Study of the Ilomo / Clampi Botnet
    Ilomo A study of the Ilomo / Clampi botnet Ilomo Botnet A study of the Ilomo / Clampi Botnet by Alice Decker: Network Analysis David Sancho: Reverse Engineering Max Goncharov: Network Analysis Robert McArdle: Project Coordinator Release Date: 20 August 2009 Classification: Public Ilomo A study of the Ilomo / Clampi botnet Table of Contents Introduction ........................................................................................................................................................... 3 Ilomo Analysis ....................................................................................................................................................... 4 Stage 1: Dropper ....................................................................................................................................... 4 Stage 2: Main Executable ........................................................................................................................ 7 Stage 3: Injected Code ............................................................................................................................ 12 VMProtect Obfuscator ........................................................................................................................................ 17 Background Information .......................................................................................................................... 17 Technical Information .............................................................................................................................
    [Show full text]
  • Ronald L. Chichester*
    30990-txb_44-1 Sheet No. 4 Side A 02/01/2012 14:53:16 ZOMBIES (DO NOT DELETE) 10/27/2011 12:39 PM SLAYING ZOMBIES IN THE COURTROOM:TEXAS ENACTS THE FIRST LAW DESIGNED SPECIFICALLY TO COMBAT BOTNETS Ronald L. Chichester* I. INTRODUCTION ............................................................................................... 2 II. WHAT IS A BOTNET? ...................................................................................... 2 III. ZOMBIFICATION—CREATING THE BOTNET ............................................ 3 IV. OTHER CURRENT COMPUTER MISUSE STATUTES ................................. 4 V. A SHORT DESCRIPTION OF THE FIRST ANTI-BOTNET STATUTE ........ 6 VI. UTILIZING S.B. 28—THE CAUSE OF ACTION ............................................ 8 VII. GATHERING THE EVIDENCE ........................................................................ 9 VIII. FINDING THE PERPETRATOR(S) .................................................................. 9 IX. CONCLUSIONS ............................................................................................... 10 X. APPENDIX A ................................................................................................... 10 30990-txb_44-1 Sheet No. 4 Side A 02/01/2012 14:53:16 * Ron Chichester is an attorney, a certified computer forensic examiner, and an Adjunct Professor at the University of Houston Law Center, where he teaches “Digital Transaction” (www.digitaltransactions.info). Ron is admitted to practice in the State of Texas, the U.S. Courts for the Southern District of
    [Show full text]
  • Common Threats to Cyber Security Part 1 of 2
    Common Threats to Cyber Security Part 1 of 2 Table of Contents Malware .......................................................................................................................................... 2 Viruses ............................................................................................................................................. 3 Worms ............................................................................................................................................. 4 Downloaders ................................................................................................................................... 6 Attack Scripts .................................................................................................................................. 8 Botnet ........................................................................................................................................... 10 IRCBotnet Example ....................................................................................................................... 12 Trojans (Backdoor) ........................................................................................................................ 14 Denial of Service ........................................................................................................................... 18 Rootkits ......................................................................................................................................... 20 Notices .........................................................................................................................................
    [Show full text]
  • Emerging Threats and Attack Trends
    Emerging Threats and Attack Trends Paul Oxman Cisco Security Research and Operations PSIRT_2009 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Agenda What? Where? Why? Trends 2008/2009 - Year in Review Case Studies Threats on the Horizon Threat Containment PSIRT_2009 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2 What? Where? Why? PSIRT_2009 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 3 What? Where? Why? What is a Threat? A warning sign of possible trouble Where are Threats? Everywhere you can, and more importantly cannot, think of Why are there Threats? The almighty dollar (or euro, etc.), the underground cyber crime industry is growing with each year PSIRT_2009 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 4 Examples of Threats Targeted Hacking Vulnerability Exploitation Malware Outbreaks Economic Espionage Intellectual Property Theft or Loss Network Access Abuse Theft of IT Resources PSIRT_2009 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 5 Areas of Opportunity Users Applications Network Services Operating Systems PSIRT_2009 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 6 Why? Fame Not so much anymore (more on this with Trends) Money The root of all evil… (more on this with the Year in Review) War A battlefront just as real as the air, land, and sea PSIRT_2009 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 7 Operational Evolution of Threats Emerging Threat Nuisance Threat Threat Evolution Unresolved Threat Policy and Process Reactive Process Socialized Process Formalized Process Definition Reaction Mitigation Technology Manual Process Human “In the Automated Loop” Response Evolution Burden Operational End-User “Help-Desk” Aware—Know End-User No End-User Increasingly Self- Awareness Knowledge Enough to Call Burden Reliant Support PSIRT_2009 © 2009 Cisco Systems, Inc.
    [Show full text]
  • Improving the Effectiveness of Behaviour-Based Malware Detection
    Improving the Effectiveness of Behaviour-based Malware Detection Mohd Fadzli Marhusin BSc. Information Studies (Hons) (Information Systems Management) UiTM, Malaysia Master of Information Technology (Computer Science) UKM, Malaysia A thesis submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy at the School of Engineering and Information Technology University of New South Wales Australian Defence Force Academy Copyright 2012 by Mohd Fadzli Marhusin PLEASE TYPE THE UNIVERSITY OF NEW SOUTH WALES Thesis/Dissertation Sheet Surname or Family name: MARHUSIN First name: MOHD FADZLI Other name/s: Abbreviation for degree as given in the University calendar: PhD (Computer Science) School: School of Engineering and Information Technology (SEIT) Faculty: Title: Improving the Effectiveness of Behaviour-based Malware Detection Abstract 350 words maximum: (PLEASE TYPE) Malware is software code which has malicious intent but can only do harm if it is allowed to execute and propagate. Detection based on signature alone is not the answer, because new malware with new signatures cannot be detected. Thus, behaviour-based detection is needed to detect novel malware attacks. Moreover, malware detection is a challenging task when most of the latest malware employs some protection and evasion techniques. In this study, we present a malware detection system that addresses both propagation and execution. Detection is based on monitoring session traffic for propagation, and API call sequences for execution. For malware detection during propagation, we investigate the effectiveness of signature-based detection, anomaly-based detection and the combination of both. The decision-making relies upon a collection of recent signatures of session-based traffic data collected at the endpoint level.
    [Show full text]
  • Monthly Report on Online Threats in The
    MONTHLY REPORT ON ONLINE THREATS REPORTING PERIOD: IN THE BANKING SECTOR 19.04–19.05.2014 One of the main events during the reporting period was the leakage of payment credentials belonging to eBay users. Details of the incident and other detected threats can be found in the section ‘Key events in the online banking sphere’ below. Overall statistics During the reporting period, Kaspersky Lab solutions blocked 341,216 attempts on user computers to launch malware capable of stealing money from online banking accounts. This figure represents a 36.6% increase compared to the previous reporting period (249,812). This increase in banking malware activity is most likely related to the onset of the vacation season, when customers actively use their payment data to make all types of purchases online. 24 001 - 78 000 16 001 - 24 000 7101 - 16 000 2101 - 7100 1 - 2100 Number of users targeted by banking malware The number of users attacked using these types of programs during the reporting period is shown in the diagram below (Top 10 rating based on the number of users attacked, in descending order): 77,412 27,071 21,801 22,115 13,876 15,651 17,333 5417 6883 7347 France Vietnam Austria India Germany United USA Russian Italy Brazil Kingdom Federation © 1997-2014 Kaspersky Lab ZAO. All Rights Reserved. The table below shows the programs most commonly used to attack online banking users, based on the number of infection attempts: Total notifications of Verdict* Number of users Number of notifications attempted infections by Trojan-Spy.Win32.Zbot 198
    [Show full text]
  • Modeling of Computer Virus Spread and Its Application to Defense
    University of Aizu, Graduation Thesis. March, 2005 s1090109 1 Modeling of Computer Virus Spread and Its Application to Defense Jun Shitozawa s1090109 Supervised by Hiroshi Toyoizumi Abstract 2 Two Systems The purpose of this paper is to model a computer virus 2.1 Content Filtering spread and evaluate content filtering and IP address blacklisting with a key parameter of the reaction time R. Content filtering is a containment system that has a We model the Sasser worm by using the Pure Birth pro- database of content signatures known to represent par- cess in this paper. Although our results require a short ticular worms. Packets containing one of these signa- reaction time, this paper is useful to obviate the outbreak tures are dropped when a containment system member of the new worms having high reproduction rate λ. receives the packets. This containment system is able to stop computer worm outbreaks immediately when the systems obtain information of content signatures. How- 1 Introduction ever, it takes too much time to create content signatures, and this system has no effect on polymorphic worms In recent years, new computer worms are being created at a rapid pace with around 5 new computer worms per a [10]. A polymorphic worm is one whose code is trans- day. Furthermore, the speed at which the new computer formed regularly, so no single signature identifies it. worms spread is amazing. For example, Symantec [5] 2.2 The IP Address Blacklisting received 12041 notifications of an infection by Sasser.B in 7 days. IP address blacklisting is a containment system that has Computer worms are a kind of computer virus.
    [Show full text]
  • Security Testing Is a Popular, but Often Misunderstood Concept
    As lowering temperatures signal the last days of summer, many of you are already behind your workstations tackling new threats and looking fondly back at the days at the beach. Youʼre not alone, the security landscape is evidently waking up, as both black hats and white hats are back at their keyboards. During the past few months weʼve been sorting through a significant number of article submissions. The result is another issue of (IN)SECURE we think youʼll enjoy. While wrapping up on this issue, we finalized our travel plans to attend ENISAʼs Summer School on Network and Information Security in Greece, SOURCE Conference in Barcelona and BruCON in Brussels. This means weʼll be seeing many of you during September and listening to a myriad of inspiring talks. Itʼs going to be an stimulating month! Mirko Zorz Editor in Chief Visit the magazine website at www.insecuremag.com (IN)SECURE Magazine contacts Feedback and contributions: Mirko Zorz, Editor in Chief - [email protected] News: Zeljka Zorz, News Editor - [email protected] Marketing: Berislav Kucan, Director of Marketing - [email protected] Distribution (IN)SECURE Magazine can be freely distributed in the form of the original, non modified PDF document. Distribution of modified versions of (IN)SECURE Magazine content is prohibited without the explicit permission from the editor. Copyright (IN)SECURE Magazine 2010. www.insecuremag.com The dramatic increase of vulnerability disclosures Vulnerability disclosures are increasing dramatically, having reached record levels for the first half of 2010, according to IBM. Overall, 4,396 new vulnerabilities were documented by the X-Force team in the first half of 2010, a 36% increase over the same time period last year.
    [Show full text]
  • Tools Found on Siftworkstation 2.12Final
    TOOLS FOUND ON SIFT WORKSTATION 2.12 FINAL Contents SIFT 2.1 Development and Thanks ................................................................................................................ 2 Background ................................................................................................................................................... 2 Basic Configuration Information ................................................................................................................... 2 SIFT Workstation Recommended Software Requirements .......................................................................... 3 SIFT Workstation 2.12 Capabilities ............................................................................................................... 5 Tools, Locations, and Descriptions ................................................................................................................ 7 1 –D http://computer‐forensics.sans.org TOOLS FOUND ON SIFT WORKSTATION 2.12 FINAL SIFT 2.1 Development and Thanks Lead – Rob Lee Community Contributors/Testers – Hal Pomeranz – Doug Koster – Lenny Zeltser – Kristinn Gudjonsson – Lee Whitfield – Eric Huber – Chad Tilbury – Jess Garcia – Josh More – Mark Mckinnon – Ramon Garo – Mark Hallman – Jonathan Bridbord – Brad Garnett – Frank Mclain – Glyn Gowing – Tim Mugherini Background Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit(SIFT) Workstation featured in the Advanced Computer Forensics and Incident Response course (FOR 508) in order to show that
    [Show full text]