the endless wave of online threats - protecting our community
DESCRIPTION
Learn which members of the community are the most vulnerable to cybercrime and view examples of the the latest online threats - including Exploit Toolkits, Second Click Redirection, Fake AV, Ransomware and Printed Malware.TRANSCRIPT
The Endless Wave of Online Threats – Protecting our Community
Michael McKinnon – Security Advisor, AVG (AU/NZ)
An Avalanche Technology Group company
AVG.COM.AU
AVG.CO.NZ
2
Presentation Overview
• Overview of the AVG Community Protection Network
• Details and examples of the latest online threats:
• Web threats
• PC threats
• Mobile threats
• Printed malware
• Trends & issues
3
About AVG
• Best known globally for AVG Anti-Virus FREE
• Over 114 million active users, as of May 2012
• Windows based end-point security
• Consumer market
• SMB (typically up to 200)
• Mobile security product for the Android™ platform – AVG Mobilation
• Other research
• AVG Digital Diaries – www.avgdigitaldiaries.com/
In our community, who are the most vulnerable internet users?
5
Future Generations
6
Mature Generations
7
AVG Community Protection Network
8
AVG Community Protection Network
• User is asked whether they would like to opt-in during the installation process of their AVG product
• Operating since the start of 2011
9
Web Threats• Overview• Exploit Toolkits (Blackhole)• Second Click Redirect Mechanism
10
Web Threats - Overview
11
Blackhole Toolkit – What is it?
• Web based, distribution system for exploits and malware; runs on a private or compromised server
12
Blackhole Toolkit – Targets many platforms
• Allows them to target many platforms, including Mac!
13
Blackhole Toolkit – Features & Facts
• Interesting features:
• Geo-IP detection & distribution
• Built-in anti-virus scanning, re-obfuscation upon detection
• Facts:
• In Q4 2011, it accounted for 80.2% of all known toolkits being used
• Exploit toolkits account for 58% of threat activity on malicious websites
14
Second Click Redirection – What is it?
• Scripting technique for distributing malware
• User visits a site, typically with thumbnail images (video content, photos etc.)
• Cookie is set on first click, link goes to intended site
• If visitor returns, on second click, redirected to a fake anti-virus scan page – user tricked into installing fake anti-virus software (know as Fake AV)
• Subsequent clicks, link goes back to intended site
• AVG Community Protection Network detected ~8 million pages doing this, mostly from ~1700 domains
15
Second Click Redirection – Fake AV Webpage
16
Second Click Redirection – Top 25 Domains
17
Second Click Redirection – Site Owners
18
PC Threats• Fake AV – Security Shield, System Fix etc.• Ransomware
19
Fake AV – What is it?
• Our support team has been helping clean up the following Fake AVs for customers:
• Security Shield
• System Fix
• XP Antivirus 2012
• Internet Security 2012
• Let’s have a look at what they can do…
20
Fake AV – Fake “Blue Screen of Death”
21
Fake AV – Nag screens and pop-ups
22
Ransomware – What is it?
• Has been observed being served up by blackhole toolkits
• Unlike Fake AV – this malicious code just locks up your computer and demands money!
• Usually pretends to befrom the Government ora law enforcement agency
23
Ransomware – Your PC has been seized!
24
Email Scams – Still prevalent, but declining
25
Spammers are becoming Facebook scammers
• Global spam levels are decreasing
• Scammers are now using Facebook, which provides:
• Instant access to 900+ million users
• Built-in word of mouth provides viral spread
• Default “trust” with Facebook is still high
• Some people think that Facebook*is* the internet
• Gen-Y using messaging apps morethan email
26
Mobile Threats• Stolen private encryption keys for developer certificates• Premium SMS scams making money in Europe
27
Mobile Threats – Rogue Apps & Rootkits
• In Q4 2011, AVG reported the emergence of rogue “signed” applications available in the Android™ Marketplace
• Signed with stolen/leaked digital certificates
• Permission prompts on Android™ is weak – doesn’t make the user think at all
• Risks are mostly around spying and premium SMS
• Google has recently announced they are scanning apps in the Marketplace with “Bouncer”
28
Printed Malware• QR Codes
29
Printed Malware – QR Codes
30
Printed Malware – QR Codes
• Just like URL shorteners (like bit.ly for example), QR codes don’t reveal anything themselves until you use them
• In Q4 2011, we observed a QR code being used in a Russian forum website that linked to a malicious mobile app
• These are something to keep our focus on, especially with large, well-known, trusted brands starting to use them for marketing
31
Trends & Issues• Motives – data or money?• Could better reporting of cybercrime reduce it?
32
Motives – Data or Money?
• Lots of talk about information theft – protecting corporate data
• Our data, at the consumer and SMB space indicates, there are much more basic motives at play
• Money making scams:
• Digital extortion (Fake AV)
• Other fraud (banking Trojans)
• Clearly, just as there are vendors operating in different markets, there are cybercriminals also specialising in different markets
33
Can reporting cybercrime reduce it?
• Verizon DBIR 2011
• Shows large reduction of data breaches reported
• Enterprises becoming very good at reporting incidents when they occur
• Consumers and small businesses still left in the dark and MOST low-level crimes continue to go unreported
• High volume of small incidents – what do these add up to in terms of lost time/productivity?
Thank You!
34
avg.com.au
avg.co.nz
facebook.com/avgaunz
twitter.com/avgaunz
Connect with us to stay up to date with the latest news and information about online threats and scams. We also provide simple and useful security tips, designed to keep our community safe.
Come and say hello!
Copyright © 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved.