SunbeltLabs Quarterly Briefing Malware Unmasked
-
Upload
nicholaskeuning -
Category
Technology
-
view
345 -
download
0
description
Transcript of SunbeltLabs Quarterly Briefing Malware Unmasked
![Page 1: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/1.jpg)
Presents a Quarterly Briefing:
Turn the Tables on the Bad Guys, Malware Unmasked
![Page 2: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/2.jpg)
Agenda
• Current threats, what's prevalentSome of the most dangerous and complicated threats in the wild
• How application vulnerabilities leaves the door openMalicious PDFs & rogue AV
• Best Practices‐Protection and RemediationHow to protect your networkUsing tools like Sunbelt’s CWSandbox™ as part of a cyberdefense strategy for your enterprise
• Q & A
Dodi Glenn, Malware Response Manager Brian Jack, Lead Security Analyst
![Page 3: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/3.jpg)
Current Threats
• In Q4 2009, 80% of in the wild exploits were from PDFs¹
• 20 Software Flaws (CVE) issued for Adobe Reader for the past 3 months²
Significant rise in PDF Exploits
¹ ScanSafe²Nist.Gov
![Page 4: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/4.jpg)
Current Threats
Source: F‐Secure
Target attacks 2009
![Page 5: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/5.jpg)
Zero‐day Detections
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
1 2 3 4
Day
Samples
Total Daily Detections
Detected Using CWSandbox
Detected By AV Scanners
SunbeltLabs Daily Detections
![Page 6: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/6.jpg)
Current Threats
• “Drive‐by”Infections are becoming more prevalent
• Tools to create malicious PDFs
Readily available online
• Exploit kitsYES, Eleonore, and NeosploitPurchasing on black market & require little to no programming skills to operate
Distribution Vectors
![Page 7: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/7.jpg)
Current ThreatsWhat is the typical payload?
• PDF exploitsDrops rogue AV downloaders or backdoors ie. Zbot
• Specific roguesAntispyware Soft and Digital Protection are distributed by malicious PDFs
• Antispyware Soft changes proxy settings
Routing traffic to malware’s C & C
![Page 8: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/8.jpg)
Best Practices
• Application SecurityDisable JavaScript support in Adobe Reader
Disable “PDF in Browser”
• OS SecurityMachines are updated and patched
• Use Anti‐virusAV software is installed and updated
Layered Security
![Page 9: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/9.jpg)
Turn the Tables
• Free Sunbelt ToolsPublic sandboxhttp://SunbeltSandbox.com
VIPRE Rescue
http://live.sunbeltsoftware.com
• SunbeltLabs Licensed ToolsCWSandbox‐in house analysis
ThreatTrack™‐data feeds
Resources
![Page 10: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/10.jpg)
Non‐Executables Executables•pdf•doc •xls•ppt•mdb
•gif•mp3•wmv•avi
•Flash•HTML•JavaScript•JavaApplets•URLs
•exe•bat•dll•com
Malware UnmaskedCWSandbox can analyze almost any file
Extensive logging and reporting of all analysis data:
![Page 11: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/11.jpg)
Analyst• Multiple Applications • Multiple Reports• ½ Hour – Days per Sample
Analyst vs. CWSandboxCWSandbox
• 1 Application • 1 Report• Parseable reports• Multiple Platform Comparisons• 1 – 3 Minutes per Sample• Searchable Repository
![Page 12: SunbeltLabs Quarterly Briefing Malware Unmasked](https://reader033.fdocuments.in/reader033/viewer/2022052222/555e4368d8b42aad058b554f/html5/thumbnails/12.jpg)
© 2010 Sunbelt Software Inc. All rights reserved. Other product and company namesmentioned herein may be trademarks and/or registered trademarks of their respective companies.
Sunbelt Software: http://www.sunbeltsoftware.comCWSandbox: http://www.sunbeltsandbox.com
Contact Us: [email protected]