1 / 35

From AV to Internetized Security Solution

From AV to Internetized Security Solution. --- The Analysis Report of Malware Technology in China in 2005. 马杰 Jeffrey Beijing Rising Tech. Co., Ltd. Travel. Agenda. Background Overview of the security industry Overview situation of viruses and spam Changes of viruses

Download Presentation

From AV to Internetized Security Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. From AV to Internetized Security Solution --- The Analysis Report of Malware Technology in China in 2005 马杰 Jeffrey Beijing Rising Tech. Co., Ltd.

  2. Travel

  3. Agenda • Background • Overview of the security industry • Overview situation of viruses and spam • Changes of viruses • Changes of purpose • Changes if anti-detection • Other threats on the internet • Unauthorized software (Rogue software) • Summary

  4. Internet Statistics Data from: CNNIC

  5. Security Industry Revenue Data from: CCID Consulting

  6. Product Dispersal Data from: CCID Consulting

  7. AV Market Share Distribution Data from: IDC 2005

  8. Agenda • Background • Overview of the security industry • Overview situation of viruses and spam • Changes of viruses • Changes of purpose • Changes if anti-detection • Other threats on the internet • Unauthorized software (Rogue software) • Summary

  9. Virus Statistics • 45059 new definitions added to virus database • From Jan. 1st to Nov. 15th, 2005 Data from: RISING

  10. Most Active Top 10 Data from: RISING

  11. Top 10 Worst Spam Countries (Jan. 19 2005) http://www.spamhaus.org

  12. Top 10 Worst Spam Countries (Nov. 11 2005) http://www.spamhaus.org

  13. Agenda • Background • Overview of the security industry • Overview situation of viruses • Changes of viruses • Changes of purpose • Changes if anti-detection • Other threats on the internet • Unauthorized software (Rogue software) • Summary

  14. Gain Economic Benefits Show off Skills Changes of the purpose of virus creation • Gain economic benefits • Virtual property • Bank accounts • Increase website hits

  15. Viruses have an Economic Purposes • Total: 4163 found till Nov. 15th, 2005 Data from: RISING

  16. Agenda • Background • Overview of the security industry • Overview situation of viruses • Changes of viruses • Changes of purpose • Changes if anti-detection • Other threats on the internet • Unauthorized software (Rogue software) • Summary

  17. Changes to Anti-Detection • The economic benefits by improving anti-detection technology • Methods used for anti-detection • Root Kit • Entry Point Obscuring • Source code level morphing

  18. Root Kits • Hooks Native API Hides Processes – ZwQuerySystemInformation() Hides Files – ZwQueryDirectoryFile() etc… • Many Open Source Code www.rootkit.com

  19. The Viruses Using Root Kit Technology Viruses using root kit technology found in 2005: 325 Data from: RISING

  20. Agenda • Background • Overview of the security industry • Overview situation of viruses • Changes of viruses • Changes of purpose • Changes if anti-detection • Other threats on the internet • Unauthorized software (Rogue software) • Summary

  21. Other Threats • Rogue software • Ad-ware • Spy-ware • Browser hijack and ActiveX controls • Track-ware • Malicious shareware • … • Fishing • etc…

  22. Rogue software Data from: UNB

  23. How Rogue Software Avoid Being Deleted? • Make themselves automatically launch • Install drivers to get a higher privilege • Create mutually protecting threads • Inject DLLs or threads into another process • Rubbish Files

  24. To remove or not to remove… It’s hard to make the decision. • To remove: • Annoys the users. • Not to remove: • Free • Provides some useful features.

  25. Agenda • Background • Overview of the security industry • Overview situation of viruses • Changes of viruses • Changes of purpose • Changes if anti-detection • Other threats on the internet • Unauthorized software (Rogue software) • Summary

  26. The situation of viruses in 2005 • Economic purposes significantly lead to the increase of new viruses and virus technologies. • Weaknesses of a system is the major reason of virus infection. • Network is still the most commonly used media though which viruses spread. • IM tools are utilized by viruses to spread over internet. • New platforms are becoming the target of viruses • mobile phones • PDAs • and etc… • Open source is still the origin of lots of viruses

  27. Diary

  28. Job

  29. File System openomy project

  30. earth

  31. People Internetized • A lot of things around us getting internetized • Job • E-mail • Web office • Instance Message • Life • Blog • Online Game • Online Movie

  32. Threats Internetized Attack on internet Threats Gain from internet

  33. Protection Needs to be Internetized! • Virus • Spam • Hack • Spy-ware • Browser hijack • Fishing

  34. Protect Users Online Security • An internetized security solution provides: • Antivirus • Anti-spam • Firewall • Password protect • Anti browser hijack • Anti fishing

  35. The Hardest Part I wish that I could work it out … Thank you! Jeffrey@rising.com.cn

More Related