Malware Behavior Comportamento De Programas Maliciosos

Total Page:16

File Type:pdf, Size:1020Kb

Malware Behavior Comportamento De Programas Maliciosos Andr´eRicardo Abed Gr´egio Malware Behavior Comportamento de Programas Maliciosos Campinas 2012 i ii Universidade Estadual de Campinas Faculdade de Engenharia El´etrica e de Computa¸c~ao Andr´eRicardo Abed Gr´egio Malware Behavior Comportamento de Programas Maliciosos Doctorate thesis presented to the School of Electrical and Computer Engineering in partial fulfillment of the requirements for the degree of Doctor in Electrical Engineering. Concentration area: Computer Engineering. Tese de doutorado apresentada `aFaculdade de Engenharia El´etrica e de Computa¸c~ao como parte dos requisitos exigidos para a obten¸c~aodo t´ıtulo de Doutor em Engenharia El´etrica. Area´ de concentra¸c~ao: Engenharia de Computa¸c~ao. Orientador (Tutor): Prof. Dr. Mario Jino Co-orientador (Co-Tutor): Prof. Dr. Paulo Licio de Geus Este exemplar corresponde `avers~aofinal da tese defendida pelo aluno, e orientada pelo Prof. Dr. Mario Jino. Campinas 2012 iii FICHA CATALOGRÁFICA ELABORADA PELA BIBLIOTECA DA ÁREA DE ENGENHARIA E ARQUITETURA - BAE - UNICAMP Grégio, André Ricardo Abed G861c Comportamento de programas maliciosos / André Ricardo Abed Grégio. --Campinas, SP: [s.n.], 2012. Orientador: Mario Jino. Coorientador: Paulo Licio de Geus. Tese de Doutorado - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação. 1. Redes de computadores - Medidas de segurança. 2. Tecnologia da informação - Segurança. 3. Software - Segurança. 4. Virus de computador. 5. Taxonomia. I. Jino, Mario, 1943-. II. Geus, Paulo Licio de, 1956-. III. Universidade Estadual de Campinas. Faculdade de Engenharia Elétrica e de Computação. IV. Título. Título em Inglês: Malware behavior Palavras-chave em Inglês: Computer networks - Security measures, Information technology - Security, Software - Security, Computer virus, Taxonomy Área de concentração: Engenharia de Computação Titulação: Doutor em Engenharia Elétrica Banca examinadora: Mario Jino, Eleri Cardozo, Ricardo Dahab, Adriano Mauro Cansian, Luiz Fernando Rust da Costa Carmo Data da defesa: 28-11-2012 Programa de Pós Graduação: Engenharia Elétrica iv v vi To my Family. vii viii Acknowledgments I would like to thank my advisors, Professors Paulo L´ıcio de Geus and Mario Jino, for support- ing me during the past years, listening to my frequent complaints and giving me freedom to pursue my goals. Their advice and ideas were essential not only to glue the pieces of this thesis together, but to allow me to grow as a scientist and as a better person. I thank the Brazilian Government, my employer, for investing in me as a researcher. I thank my former Bachelor and Masters research advisors, Professor Adriano Mauro Can- sian and Dr. Rafael Duarte Coelho dos Santos, for their friendship and for always standing by my side since I met them. I also thank Otavio Carlos Cunha da Silva for the very same reasons. They prevented me from \roundhouse kicking" people on the road. =] I also thank my friends, students and research colleagues for all the support, chit-chatting, laughs, coding, paper writing, hamburger eating and the late night coffee time, mainly Vitor Monte Afonso, Dario Sim~oes Fernandes Filho, Victor Furuse Martins, Isabela Liane de Oliveira, Roberto Alves Gallo Filho, Henrique Kawakami, Eduardo Ellery and Alexandre Or Cansian Baruque. If I forgot anyone, I am sorry, it is just because my cache is volatile... I finally thank my family, especially my wife Fabiana, my brother (N^e), my dad (Bastian) and my mom (Jamile). Their support, patience, love and friendship make my life more meaningful. ix x Oh, so they have Internet on computers now! Homer Simpson xi xii Resumo Ataques envolvendo programas maliciosos (malware) s~aoa grande amea¸caatual `aseguran¸cade sistemas. Assim, a motiva¸c~ao desta tese ´eestudar o comporta- mento de malware e como este pode ser utilizado para fins de defesa. O principal mecanismo utilizado para defesa contra malware ´eo antiv´ırus (AV). Embora seu prop´osito seja detectar (e remover) programas maliciosos de m´aquinas infectadas, os resultados desta detec¸c~aoprov^eem, para usu´arios e analistas, informa¸c~oes insufi- cientes sobre o processo de infec¸c~ao realizado pelo malware. Al´emdisso, n~ao h´aum padr~ao de esquema de nomenclatura para atribuir, de maneira consistente, nomes de identifica¸c~aopara exemplares de malware detectados, tornando dif´ıcil a sua clas- sifica¸c~ao. De modo a prover um esquema de nomenclatura para malware e melhorar a qualidade dos resultados produzidos por sistemas de an´alise din^amica de malware, prop~oe-se, nesta tese, uma taxonomia de malware com base nos comportamentos potencialmente perigosos observados durante v´arios anos de an´alise de exemplares encontrados em campo. A meta principal desta taxonomia ´eser clara, de simples manuten¸c~aoe extens~ao, e englobar tipos gerais de malware (worms, bots, spyware). A taxonomia proposta introduz quatro classes e seus respectivos comportamentos de alto n´ıvel, os quais representam atividades potencialmente perigosas. Para avali´a-la, foram utilizados mais de 12 mil exemplares ´unicos de malware pertencentes a difer- entes classes (atribu´ıdas por antiv´ırus). Outras contribui¸c~oesprovenientes desta tese incluem um breve hist´orico dos programas maliciosos e um levantamento das taxono- mias que tratam de tipos espec´ıficos de malware; o desenvolvimento de um sistema de an´alise din^amica para extrair perfis comportamentais de malware; a especializa- ¸c~ao da taxonomia para lidar com exemplares de malware que roubam informa¸c~oes (stealers), conhecidos como bankers, a implementa¸c~ao de ferramentas de visualiza- ¸c~ao para interagir com tra¸cos de execu¸c~aode malware e, finalmente, a introdu¸c~ao de uma t´ecnica de agrupamento baseada nos valores escritos por malware na mem´oria e nos registradores. Palavras-chave: Seguran¸cade Redes e Computadores. Comportamento de Progra- mas Maliciosos. An´alise Din^amica de Malware. Taxonomia de Malware. Classifi- ca¸c~aode Malware. Visualiza¸c~aode Dados de Seguran¸ca. xiii xiv Abstract Attacks involving malicious software (malware) are the major current threats to systems security. The motivation behind this thesis is to study malware behavior with that purpose. The main mechanism used for defending against malware is the antivirus (AV) tool. Although the purpose of an AV is to detect (and remove) ma- licious programs from infected machines, this detection usually provides insufficient information for users and analysts regarding the malware infection process. Further- more, there is no standard naming scheme for consistently labeling detected malware, making the malware classification process harder. To provide a meaningful naming scheme, as well as to improve the quality of results produced by dynamic analysis systems, we propose a malware taxonomy based on potentially dangerous behav- iors observed during several years of analysis of malware found in the wild. The main goal of the taxonomy is, in addition to being simple to understand, extend and maintain, to embrace general types of malware (e.g., worms, bots, spyware). Our behavior-centric malware taxonomy introduces four classes and their respective high-level behaviors that represent potentially dangerous activities. We applied our taxonomy to more than 12 thousand unique malware samples from different classes (assigned by AV scanners) to show that it is useful to better understand malware infections and to aid in malware-related incident response procedures. Other con- tributions of our work are: a brief history of malware and a survey of taxonomies that address specific malware types; a dynamic analysis system to extract behavioral profiles from malware; specialization of our taxonomy to handle information stealers known as bankers; proposal of visualization tools to interact with malware execution traces and, finally, a clustering technique based on values that malware writes into memory or registers. Keywords: Network and Computer Security. Malicious Programs Behavior. Mal- ware Dynamic Analysis. Malware Taxonomy. Malware Classification. Security Data Visualization. xv xvi List of Figures 3.1 Behavioral matrix based on our taxonomy. 32 3.2 Behavioral matrix for M[DU;BI]:S[CS]......................... 33 3.3 Mapping sets of behaviors to their classes and the security principles they violate. 34 4.1 Framework's overall architecture. 38 4.2 Steps to pinpoint suspicious behavior. 40 4.3 Overview of the samples distribution over the classes plus \None". 45 4.4 Distribution of samples among the possible combinations of classes. 45 4.5 Amount of samples distributed over multiple classes (percentages rounded up). 46 4.6 Percentage of samples that presented each of the compiled behaviors. 46 4.7 Discriminant behavior's matrix for Allaple. 48 4.8 Discriminant behavior's matrix for Swizzor. 49 4.9 Discriminant behavior's matrix for Atraps. 49 4.10 Discriminant behavior's matrix for Crypt. 49 4.11 Discriminant behavior's matrix for Virut. 51 4.12 Discriminant behavior's matrix for Hupigon. 52 4.13 Screenshot of a Porndialer sample execution. 53 4.14 Discriminant behavior's matrix for Expiro. 53 4.15 Behaviors exhibited by AV-\UNDECIDED" samples. 54 4.16 Behaviors exhibited by AV-\CLEAN" samples. 55 5.1 Additional Internet banking authentication factors . 59 5.2 A successful phishing message. 61 5.3 Banker screen to steal token value. 62 5.4 Distraction screens to allow an attacker to steal online banks while the user waits. 62 5.5 Banker screen to steal all values from the user's password table. 63 5.6 Overview of BanDIT. 65 5.7 Percentage of banker samples per presented behavior. 68 5.8 BanDIT's identification results . 70 5.9 Screenshot of BanDIT's Web site. 71 6.1 Timeline and Magnifier tool representing malicious events. 80 6.2 Sequence of selected events (user and automatic). 80 xvii 6.3 Behavioral spirals for `Pincav' (a) and `Zbot' (b). 82 6.4 Three `Allaple' worm variants. 83 6.5 Visual behavior extracted from four malware families.
Recommended publications
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • Symantec Report on Rogue Security Software July 08 – June 09
    REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: Symantec Report on Rogue Security Software July 08 – June 09 Published October 2009 Confidence in a connected world. White Paper: Symantec Enterprise Security Symantec Report on Rogue Security Software July 08 – June 09 Contents Introduction . 1 Overview of Rogue Security Software. 2 Risks . 4 Advertising methods . 7 Installation techniques . 9 Legal actions and noteworthy scam convictions . 14 Prevalence of Rogue Security Software . 17 Top reported rogue security software. 17 Additional noteworthy rogue security software samples . 25 Top rogue security software by region . 28 Top rogue security software installation methods . 29 Top rogue security software advertising methods . 30 Analysis of Rogue Security Software Distribution . 32 Analysis of Rogue Security Software Servers . 36 Appendix A: Protection and Mitigation. 45 Appendix B: Methodologies. 48 Credits . 50 Symantec Report on Rogue Security Software July 08 – June 09 Introduction The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. This includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors. It includes a brief discussion of some of the more noteworthy scams, as well as an analysis of the prevalence of rogue security software globally. It also includes a discussion on a number of servers that Symantec observed hosting these misleading applications. Except where otherwise noted, the period of observation for this report was from July 1, 2008, to June 30, 2009. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network.
    [Show full text]
  • Classification of Malware Persistence Mechanisms Using Low-Artifact Disk
    CLASSIFICATION OF MALWARE PERSISTENCE MECHANISMS USING LOW-ARTIFACT DISK INSTRUMENTATION A Dissertation Presented by Jennifer Mankin to The Department of Electrical and Computer Engineering in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical and Computer Engineering in the field of Computer Engineering Northeastern University Boston, Massachusetts September 2013 Abstract The proliferation of malware in recent years has motivated the need for tools to an- alyze, classify, and understand intrusions. Current research in analyzing malware focuses either on labeling malware by its maliciousness (e.g., malicious or benign) or classifying it by the variant it belongs to. We argue that, in addition to provid- ing coarse family labels, it is useful to label malware by the capabilities they em- ploy. Capabilities can include keystroke logging, downloading a file from the internet, modifying the Master Boot Record, and trojanizing a system binary. Unfortunately, labeling malware by capability requires a descriptive, high-integrity trace of malware behavior, which is challenging given the complex stealth techniques that malware employ in order to evade analysis and detection. In this thesis, we present Dione, a flexible rule-based disk I/O monitoring and analysis infrastructure. Dione interposes between a system-under-analysis and its hard disk, intercepting disk accesses and re- constructing high-level file system and registry changes as they occur. We evaluate the accuracy and performance of Dione, and show that it can achieve 100% accuracy in reconstructing file system operations, with a performance penalty less than 2% in many cases. ii Given the trustworthy behavioral traces obtained by Dione, we convert file system- level events to high-level capabilities.
    [Show full text]
  • Malware to Crimeware
    I have surveyed over a decade of advances in delivery of malware. Over this daVid dittRich period, attackers have shifted to using complex, multi-phase attacks based on malware to crimeware: subtle social engineering tactics, advanced how far have they cryptographic techniques to defeat takeover gone, and how do and analysis, and highly targeted attacks we catch up? that are intended to fly below the radar of current technical defenses. I will show how Dave Dittrich is an affiliate information malicious technology combined with social security researcher in the University of manipulation is used against us and con- Washington’s Applied Physics Laboratory. He focuses on advanced malware threats and clude that this understanding might even the ethical and legal framework for respond- ing to computer network attacks. help us design our own combination of [email protected] technical and social mechanisms to better protect us. And ye shall know the truth, and the truth shall make you free. The late 1990s saw the advent of distributed and John 8:32 coordinated computer network attack tools, which were primarily used for the electronic equivalent of fist fighting in the streets. It only took a few years for criminal activity—extortion, click fraud, denial of service for competitive advantage—to appear, followed by mass theft of personal and financial data through quieter, yet still widespread and auto- mated, keystroke logging. Despite what law-abid- ing citizens would desire, crime does pay, and pay well. Today, the financial gain from criminal enter- prise allows investment of large sums of money in developing tools and operational capabilities that are increasingly sophisticated and highly targeted.
    [Show full text]
  • BEGIN README.TXT-- PC Media Antivirus (PCMAV)
    --BEGIN README.TXT-- PC Media Antivirus (PCMAV) 9.9.1 Copyright (c) 2006-2014 Majalah PC Media Pinpoint Publications Group ************************************************************************ MEMANFAATKAN/MENGGUNAKAN PCMAV BERARTI ANDA MENGERTI DAN SETUJU DENGAN SELURUH KETENTUAN YANG ADA DI BAGIAN "KETENTUAN PENGGUNAAN (END-USER LICENSE)" YANG TERDAPAT PADA FILE README.TXT INI. PCMAV INI DIBUAT KHUSUS DAN DIPERSEMBAHKAN BAGI "PEMBACA SETIA" PC MEDIA DAN YANG KAMI CINTAI. MAKA DARI ITU, JIKA ANDA ADALAH PENGGUNA PEMULA DAN ATAU MERASA KESULITAN MEMAHAMI ISI README.TXT INI, BAIK SEBAGIAN MAUPUN SECARA KESELURUHAN, MAKA KAMI SANGAT MENYARANKAN ANDA UNTUK BERKONSULTASI TERLEBIH DULU DENGAN REKAN ANDA YANG LEBIH BERPENGALAMAN DALAM BERKOMPUTER. ATAU DEMI KENYAMANAN ANDA, MAKA KAMI SARANKAN UNTUK TIDAK MENGGUNAKAN PCMAV SAMA SEKALI. ************************************************************************ ------------------------------ ANTIVIRUS KEBANGGAAN INDONESIA ------------------------------ Tidak ada antivirus lain yang mampu mengatasi secara tuntas virus komputer, baik lokal maupun asing, yang banyak menyebar di Indonesia sebaik dan seaman PCMAV. Umumnya antivirus yang ada hanya mampu mengenali dan menghapus file yang dideteksi bervirus. PCMAV menyempurnakannya dengan tingkat akurasi pendeteksian yang lebih tinggi, sehingga lebih handal dalam mengembalikan file, dokumen dan sistem yang menjadi sasaran serangan virus hingga pulih 100%. Dengan PCMAV, Anda akan mendapatkan antivirus yang bukan hanya sekadar mendeteksi namun daya basminya
    [Show full text]
  • Effective Malicious Features Extraction and Classification for Incident Handling Systems
    EFFECTIVE MALICIOUS FEATURES EXTRACTION AND CLASSIFICATION FOR INCIDENT HANDLING SYSTEMS CHO CHO SAN UNIVERSITY OF COMPUTER STUDIES, YANGON OCTOBER, 2019 Effective Malicious Features Extraction and Classification for Incident Handling Systems Cho Cho San University of Computer Studies, Yangon A thesis submitted to the University of Computer Studies, Yangon in partial fulfillment of the requirements for the degree of Doctor of Philosophy October, 2019 Statement of Originality I hereby certify that the work embodied in this thesis is the result of original research and has not been submitted for a higher degree to any other University or Institution. …..…………………………… .…………........………………………… Date Cho Cho San ACKNOWLEDGEMENTS First of all, I would like to thank Hist Excellency, the Minister for the Ministry of Education, for providing full facilities support during the Ph.D. course at the University of Computer Studies, Yangon. Secondly, my profound gratitude goes to Dr. Mie Mie Thet Thwin, Rector of the University of Computer Studies, Yangon, for allowing me to develop this research and giving me general guidance during the period of my study. I would like to express my greatest pleasure and the deepest appreciation to my supervisor, Dr. Mie Mie Su Thwin, Professor, the University of Computer Studies, Yangon, for her excellent guidance, caring, patient supervision, and providing me with excellent ideas throughout the study of this thesis. I would also like to extend my special appreciation to Dr. Khine Moe Nwe, Professor and Course-coordinator of the Ph.D. 9th Batch, the University of Computer Studies, Yangon, for her useful comments, advice, and insight which are invaluable through the process of researching and writing this dissertation.
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • 2007 Threat Report | 2008 Threat and Technology Forecast Executive Summary
    2007 Threat Report | 2008 Threat and Technology Forecast Executive Summary Last year, Trend Micro’s 2006 Annual Roundup As we highlight the threats that made rounds and 2007 Forecast (The Trend of Threats Today) in 2007, it will become clear that all of these predicted the full emergence of Web threats predictions have indeed materialized, and some as the prevailing security threat in 2007. Web in an interesting fashion. threats include a broad array of threats that The shifting threat landscape demands a move operate through the Internet, typically comprise away from the traditional concept of malicious more than one fi le component, spawn a large code. Digital threats today cover more ground number of variants, and target a relatively smaller than ever. They may come to a user through audience. This was predicted to continue the simply having a vulnerable PC, visiting trusted “high focus/low spread” themes seen by some Web sites that are silently compromised, clicking attacks in 2006. an innocent-looking link, or by belonging to a Trend Micro also predicted that the growth and network that is under attack by a Distributed expansion of botnets during 2007 would be Denial of Service attacker. mostly based on new methods, ingenious social In the following roundup, Trend Micro summarizes engineering, and the exploitation of software the threats, malware trends, and security vulnerabilities. The roundup also indicated highlights seen during 2007. Real-life victims of that crimeware would continue to increase and these security threats include interest groups, become the prevailing threat motivation in 2007 individuals, organizations, and on some occasions and onwards.
    [Show full text]
  • Combating Spyware in the Enterprise.Pdf
    www.dbebooks.com - Free Books & magazines Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you will find an assortment of value-added features such as free e-booklets related to the topic of this book, URLs of related Web site, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE EBOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These eBooks are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our ebooks onto servers in corporations, educational institutions, and large organizations.
    [Show full text]
  • (IN)SECURE Magazine Contacts
    It’s February and the perfect time for another issue of (IN)SECURE. This time around we bring you the opinions of some of the most important people in the anti-malware industry, a fresh outlook on social engineering, fraud mitigation, security visualization, insider threat and much more. We’ll be attending InfosecWorld in Orlando, Black Hat in Amsterdam and the RSA Conference in San Francisco. In case you want to show us your products or just grab a drink do get in touch. Expect coverage from these events in the April issue. I’m happy to report that since issue 14 was released we’ve had many new subscribers and that clearly means that we’re headed in the right direction. We’re always on the lookout for new material so if you’d like to present yourself to a large audience drop me an e-mail. Mirko Zorz Chief Editor Visit the magazine website at www.insecuremag.com (IN)SECURE Magazine contacts Feedback and contributions: Mirko Zorz, Chief Editor - [email protected] Marketing: Berislav Kucan, Director of Marketing - [email protected] Distribution (IN)SECURE Magazine can be freely distributed in the form of the original, non modified PDF document. Distribution of modified versions of (IN)SECURE Magazine content is prohibited without the explicit permission from the editor. Copyright HNS Consulting Ltd. 2008. www.insecuremag.com Qualys releases QualysGuard PCI 2.0 Qualys announced the availability of QualysGuard PCI 2.0, the second generation of its On Demand PCI Platform. It dramatically streamlines the PCI compliance process and adds new capabilities for large corporations to facilitate PCI compliance on a global scale.
    [Show full text]
  • G Data Malwarereport Half-Yearly Report July
    G Data MalwareReport Half-yearly report July - December 2010 Ralf Benzmüller & Sabrina Berkenkopf G Data SecurityLabs 2010 - MalwareReport_2 Go safe. Go safer. G Data. G Data MalwareReport 2/2010 Contents At a Glance ............................................................................................................................................ 2 Malware: Facts and Figures ................................................................................................................. 3 The end of the growth? ........................................................................................................................................... 3 Malware categories ................................................................................................................................................... 4 Malware families ........................................................................................................................................................ 4 Platforms: Windows and Web ............................................................................................................................... 6 Trends for 2011 ........................................................................................................................................................... 7 Top subjects for the second half of 2010 ............................................................................................ 7 WikiLeaks brings 'Hacktivists' into the arena ..................................................................................................
    [Show full text]
  • What Are Kernel-Mode Rootkits?
    www.it-ebooks.info Hacking Exposed™ Malware & Rootkits Reviews “Accessible but not dumbed-down, this latest addition to the Hacking Exposed series is a stellar example of why this series remains one of the best-selling security franchises out there. System administrators and Average Joe computer users alike need to come to grips with the sophistication and stealth of modern malware, and this book calmly and clearly explains the threat.” —Brian Krebs, Reporter for The Washington Post and author of the Security Fix Blog “A harrowing guide to where the bad guys hide, and how you can find them.” —Dan Kaminsky, Director of Penetration Testing, IOActive, Inc. “The authors tackle malware, a deep and diverse issue in computer security, with common terms and relevant examples. Malware is a cold deadly tool in hacking; the authors address it openly, showing its capabilities with direct technical insight. The result is a good read that moves quickly, filling in the gaps even for the knowledgeable reader.” —Christopher Jordan, VP, Threat Intelligence, McAfee; Principal Investigator to DHS Botnet Research “Remember the end-of-semester review sessions where the instructor would go over everything from the whole term in just enough detail so you would understand all the key points, but also leave you with enough references to dig deeper where you wanted? Hacking Exposed Malware & Rootkits resembles this! A top-notch reference for novices and security professionals alike, this book provides just enough detail to explain the topics being presented, but not too much to dissuade those new to security.” —LTC Ron Dodge, U.S.
    [Show full text]