Avira Social Network Protection - Avira | Antivirus Solutions
MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick...
-
Upload
jeremy-collinge -
Category
Documents
-
view
219 -
download
0
Transcript of MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick...
![Page 1: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/1.jpg)
MUTEMalware URL Tracking and Exchange
:-xCostin Raiu – Kaspersky
Jong Purisima – GFINick Bilogorskiy – Facebook
Philipp Wolf – AviraTony Lee – Microsoft
![Page 2: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/2.jpg)
Agenda
• Non-technical stuff• Technical stuff• Followed by non-technical stuff• Live demo = 10 min of your lunch break
![Page 3: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/3.jpg)
History
Hey, how about URL Sharing?
![Page 4: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/4.jpg)
Charter
• Mission:– is to minimize the exposure of end users from
computing threats through timely tracking and exchanging of URLs (malicious, grey & clean).
• Objectives:– Share quality URLs faster– Simplify the exchange process– Combine all data for better reporting
![Page 5: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/5.jpg)
Organization
• Communication Medium– Discussion List– Exchange List (or system)– Board List
• Members– 17 members, 11 companies
• Advisory Board– Founding members
![Page 6: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/6.jpg)
Sharing Principles
• NO Leechers!• Main metrics:– Share often (Frequency)– Share only the “good” stuff (Quality)– Share as many as you can (Quantity)
• No re-share• No re-sell
![Page 7: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/7.jpg)
URL Sharing Challenges
• URL Time-To-Live (TTL) is short and critical.• Costly to set-up exchange– Set-up outgoing servers– Different formats for incoming shares
(Email, FTP, HTTPS, hxxp, h__p, etc)
– Set-up incoming shares’ access and parsers• Managing new relationships (!=File-based shares)
![Page 8: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/8.jpg)
Files vs URLsFiles URLs
Threat object potency As long as the OS or App Couple of hours / daysAverage Size 450KB/sample < 1KB/sampleTransport requirements PGP, archive
w/passwordHxxP / H__P
Storage Persistence Yes Not necessarily (TTL)Most Used Sharing Scheme 1:nBest Sharing Scheme Norman Sharing
Framework??????
• Voldemort?
![Page 9: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/9.jpg)
Why Centralization?
• All the information in one place– Easy one-time fetch– Single interface– Larger set of statistics
• No need for a participant to setup and host a server.
• Why not?
![Page 10: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/10.jpg)
Centralization ChallengesNon-Technical Technical
Who will build and maintain the system?
Requirements and Features
Who will host the system? Architecture and InfrastructureWho will pay for Server/System/Bandwidth Costs?
Development Language to use
“I don’t share with everyone” Development/Maintenance effort“I share differently depending on the sharing partner”
Testing
“No one should have all that control”
Release Lifecycle
![Page 11: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/11.jpg)
Addressing the Non-TechnicalNon-Technical Solution
Who will build and maintain the system?
Shared by each member
Who will host the system? 3rd Party or neutral groupWho will pay for Server/System/Bandwidth Costs?
Shared by each member
“I don’t share with everyone”“I share differently depending on the sharing partner”“No one should have all that control” :-x
![Page 12: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/12.jpg)
Solve the Technical issues first
• Avira offered their Web Dev guys for dev• Use Open Source so can still be hosted and
maintained by other members in the future, if necessary.
![Page 13: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/13.jpg)
Requirements
![Page 14: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/14.jpg)
Requirements V0.2
+
![Page 15: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/15.jpg)
Requirements V0.7
++ +
![Page 16: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/16.jpg)
Requirements final(ly)
++ + +
![Page 17: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/17.jpg)
Development
![Page 18: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/18.jpg)
MUTE Backend Logic
MUTE Web Interface
MUTE Database
MUTEUser
MUTEUser
Submit
and downlo
ad URL
Submit
and downlo
ad URL
Submit
and downlo
ad URL
MUTEUser
Process URL’s
ScriptScriptScript
• Submitting• Gathering
• Reporting• Searching
![Page 19: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/19.jpg)
Submit URLs: using web interface
![Page 20: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/20.jpg)
C client
API available for all languages
Submit URLs: using API
![Page 21: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/21.jpg)
Review your submission(s)
![Page 22: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/22.jpg)
Download URLs: using API
![Page 23: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/23.jpg)
![Page 24: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/24.jpg)
Search for URLs
![Page 25: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/25.jpg)
Search for URLs
download your search result in XML
![Page 26: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/26.jpg)
View History for each URL
![Page 27: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/27.jpg)
Whitelist
![Page 28: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/28.jpg)
Whitelist
![Page 29: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/29.jpg)
Malware Families
RegEx
![Page 30: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/30.jpg)
![Page 31: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/31.jpg)
Statistics
![Page 32: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/32.jpg)
Future Considerations
• Mute System– Auto Monitoring – kicks out bad users.– Get out of Beta – Launching MUTE
• Organization– Prepare for a bigger membership– Board needs to be refreshed regularly
![Page 33: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/33.jpg)
Questions? Malware URL Tracking and Exchange
One Beer – One Answer
![Page 34: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/34.jpg)
END
![Page 35: MUTE Malware URL Tracking and Exchange :-x Costin Raiu – Kaspersky Jong Purisima – GFI Nick Bilogorskiy – Facebook Philipp Wolf – Avira Tony Lee – Microsoft.](https://reader036.fdocuments.in/reader036/viewer/2022062803/56649ca65503460f949682e2/html5/thumbnails/35.jpg)
Backup-Memberships
• Founders as initial members• Added a few more for the discussion list• Individual Membership• Affiliations can be declared• Must be nominated by a member• Member nomination, Zero ‘NO’ vote to get in• Expenses are shared by all members equally