Upload
getspjackpot
View
15
Download
0
Tags:
Embed Size (px)
Citation preview
McAfee Labs
McAfee :2013 1
McAfee : 2013 1
3
Citadel 4
4
5
6
12
13
Web 15
18
URL 19
20
20
22
24
26
DSN 27
28
28
31
32
33
McAfee Labs 35
35
3McAfee : 2013 1
McAfee Labs 2013 1 FacebookKoobface MBR 1
Citadel
Android OS 30%
1 2,800 2 Koobface MBR MBR
McAfee Global Threat IntelligenceTM IP iframe Java
Web URL12% 1 3 1 9,000 201212 2
EU European Cybercrime Centre DoS
4 McAfee : 2013 1
Citadel Citadel Zeus Citadel 2012 Citadel McAfee Labs Inside the World of the Citadel Trojan Citadel Citadel 1 2012
Zeus
Citadel Poetry Group
Citadel Citadel Citadel McAfee Labs 2013 Citadel Citadel
zoo 50,926 2013 28% 2011 792
100 APK Android McAfee Labs
0
10,000
20,000
30,000
40,000
50,000
60,000
2013201220112010200920082007200620052004
5McAfee : 2013 1
Android/Ssucl.A SMS Dropbox Google Ssucl.A autorun.inf PC
Android Android/Chuli.A SMS
Android/Smsilence.A SMS Smsilence.A
Android
Symbian
Java ME
Others
( )
Android
0
2,000
4,000
6,000
8,000
10,000
12,000
14,000
16,000
18,000
2011Q1
2011Q2
2011Q3
2011Q4
2012Q1
2013Q1
2012Q2
2012Q3
2012Q4
6 McAfee : 2013 1
Android/Fakejoboffer.A Fakejoboffer.A
Android/Fksite.A mTAN mTAN mTAN Android/Fksite.A mTAN
2 zoo 1 2,800
McAfee Labs
0
20,000,000
40,000,000
60,000,000
80,000,000
100,000,000
120,000,000
140,000,000
20124 5 6
20131 2 37 8 9 10 11 12
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
7McAfee : 2013 1
1 2 3
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
Koutodoor
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
180,000
200,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
8 McAfee : 2013 1
USB 2 170 Facebook Koobface 3 2009 4 2
TDSS
0
50,000
100,000
150,000
200,000
250,000
300,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
ZeroAccess
0
50,000
100,000
150,000
200,000
250,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
9McAfee : 2013 1
AutoRun
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
1,600,000
1,800,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
AV
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
Koobface
0
20,000
40,000
60,000
80,000
100,000
120,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
10 McAfee : 2013 1
4 2
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
1,600,000
1,800,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
201211 21 31
201211 21 3141 51 61 71 81 91 101111121
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
2011Q3
2011Q4
2012Q1
2012Q2
2012Q3
2012Q4
2013Q1
11McAfee : 2013 1
Mac 3 PC Mac
MBR MBR mebroot Tidserv CidoxShamoon 2
Mac
0
100
200
300
400
500
600
700
800
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
MBR
0
100,000
200,000
300,000
400,000
500,000
600,000
700,000
800,000
900,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
MBR
MBR
12 McAfee : 2013 1
25 2
Citadel Lyposit
0
50,000
100,000
150,000
200,000
250,000
300,000
2010Q1 Q2 Q3 Q4
2011Q1 Q2 Q3 Q4
2012Q1
2013Q1Q2 Q3 Q4
13McAfee : 2013 1
McAfee Global Threat IntelligenceTM SQL 2 3
Web SQL 2
SQL
SQL
14 McAfee : 2013 1
1 2 3
SQL
15McAfee : 2013 1
35% PDF 1 5 11% 2
WebWebWeb IP URL Web
3 McAfee Labs URL 6,430 412%URL2,7706% URL
URL
16 McAfee : 2013 1
47 1 260 URL 2012 2 3
URL 94% 2.5% 1.8%
URL
0
2,000,000
4,000,000
6,000,000
8,000,000
10000,000
12,000,000
14,000,000
16,000,000
2012Q2 2012Q3 2012Q4 2013Q1
URL
URL
URL
URL
URL
17McAfee : 2013 1
URL
1 2
/
/
/
18 McAfee : 2013 1
URL 50%
URL
URL
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
20122 20123 20124 20131
URL
URL
19McAfee : 2013 1
80% 5% 3%
Amazon
Blizzard Entertainment
eBay
Internal Revenue Service
J.P. Morgan Chase
PayPal
Wells Fargo
Barclays
HM Revenue & Customs
HSBC
Lloyds TSB
Natwest
Royal Bank of Scotland
Banco Bradesco
Banco do Brasil
Banco Itau
Intesa Sanpaolo
Posteitaliane
UniCredit
ANZ (Australia and New Zealand Banking Group)
Westpac Bank
URLURL Web URL 3 4 5 URL
MPG
URL
20 McAfee : 2013 1
2012 7 1020115
540% 150% 41% 58% 54% 53%
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
30,000,000
0
10,000,000
20,000,000
30,000,000
40,000,000
50,000,000
60,000,000
70,000,000
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
18,000,000
20124 5 6
20131 2 37 8 9 10 11 12
20124 5 6
20131 2 37 8 9 10 11 12
20124 5 6
20131 2 37 8 9 10 11 12
20124 5 6
20131 2 37 8 9 10 11 12
2.0
1.8
1.6
1.4
1.2
1.0
0.8
0.6
0.4
0.2
02012
42013
15 6 7 8 9 10 11 12 2 3
1
21McAfee : 2013 1
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
1,400,000
1,600,000
1,800,000
2,000,000
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
0
10,000,000
20,000,000
30,000,000
40,000,000
50,000,000
60,000,000
70,000,000
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
30,000,000
35,000,000
40,000,000
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
22 McAfee : 2013 1
2012 5 2011 4 1 3
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
20124
201315 6 7 8 9 10 11 12 2 3
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
16,000,000
0
50,000,000
100,000,000
150,000,000
200,000,000
250,000,000
0
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
14,000,000
23McAfee : 2013 1
Waledac Lethic Kelihos Slenfbot Cutwail Festi 4
Cutwail
Festi
Slenfbot
Kelihos
Maazben
0
500,000
100,000
1,500,000
2,000,000
2,500,000
20121 2 3 4 5 6 7 8 9 10 11 12
20131 2 3
CUTWAIL
FESTI
SLENFBOT
KELIHOS
MAAZBEN
24 McAfee : 2013 1
420% 270% 160% 145% 60% 50%
0
10,000
20,000
30,000
40,000
50,000
60,000
0
25,000
50,000
75,000
100,000
125,000
150,000
175,000
200,000
0
50,000100,000
150,000
200,000
250,000
300,000
350,000
400,000
450,000
500,000
0
10,000
20,000
30,000
40,000
50,000
60,000
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
0
5,000
10,000
15,000
20,000
25,000
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
40,000
45,000
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
25McAfee : 2013 1
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
0
100,000
200,000
300,000
400,000
500,000
600,000
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
20124
201315 6 7 8 9 10 11 12 2 3
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
0
20,000
40,000
60,000
80,000
100,000
0
10,000
20,000
30,000
40,000
50,000
0
10,000
20,000
30,000
40,000
50,000
60,000
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
90,000
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
26 McAfee : 2013 1
5 Cutwail Festi
Darkmailer
Cutwail
Festi
Slenfbot
Cutwail
Darkmailer2
Festi
Kelihos
Maazben
Slenfbot
27McAfee : 2013 1
DSN DSN DSN 1
ISP IP pump and dump
DSN
28 McAfee : 2013 1
CVE-2013-0422 (CButton): Oracle Java Runtime Environment setSecurityManager() Blackhole Nuclear Cool Sakura Sweet Orange
CVE-2013-0431 (MBeanInstantiator): Oracle Java SE Java Runtime Environment JMX III BlackholeNuclearCoolSakuraStyxSweet Orange
CVE-2013-0437: Oracle Java SE Java Runtime Environment 2D 1
CVE-2013-0634: Adobe Flash Player Malformed Regular Expressions Gong Da Fiesta
CVE-2013-1493: Oracle Java JVM Process Styx
Exploit Pack Vulnerabilities
Gong Da 1.33
(January) CVE-2011-3544: Java Rhino
CVE-2012-0507: Java Atomic
CVE-2012-1535
CVE-2012-1723: Java Applet Field
CVE-2012-1889: MS XML Core
CVE-2012-4681: Java Gondvv
CVE-2012-5076: JAX-WS
CVE-2013-0422: CButton
Gong Da 1.44
(February) Same as Gong Da 1.3 with two exceptions:
CVE-2012-1535 (Removed) CVE-2013-0634 (Added)
WhiteHole5
(January) CVE-2011-3544: Java Rhino
CVE-2012-1723: Java Applet Field
CVE-2012-4681: Java Gondvv
CVE-2012-5076: JAX-WS
CVE-2013-0422: CButton
Neutrino6
(March) CVE-2012-1723: Java Applet Field
CVE-2013-0431
29McAfee : 2013 1
Vector Bot 1,000 Liberty Reserve
30 McAfee : 2013 1
Namtar Bot 1.0Zeus 2.0.8.9 1,500
DDoS : 350
Socks : 120
HOSTS File Modifi er : 50
Backconnect Socks : 380
Groupe-IB CERT-GIB Dump Memory Grabber Chase Capital OneCitibankUnion Bank of California 7POS ATM Track1 Track2 2,000
31McAfee : 2013 1
VSkimmer Windows Winodws 8 3 2012 6,000 vSkimmer Web 600
EU 111 EC3 FBI EC3 EC3 EU EU 9
EC3
1 FBI 3 24 200 10 Brian Krebs Zeus bx1 11
1FBIGozi3 12 100 NASA 4 Gozi
2 EC3 Operation Ransom 13 1 1001127 201212 UAE 10 6 2 2
3 EC3 2 15,000 7 14
32 McAfee : 2013 1
3 5 2012 25 200 15
3 EC3 44 Pandra Storm 400 82 44 16 36,000
McAfee Labs - DDoS 16 1 We the People Web DoS 17 25,000 6,000 18
111 AnonymousOperation Last Resort Anonymous 4,000 Anonymous COO VP .govWebPastebin Twitter Facebook Anonymous 19
#OpIsrael 2012 11 Anonymous Web DDoSWeb 2 Excel The Red Hack Sektor 404 DoS
33McAfee : 2013 1
Tal Pavel Web 20 2
- McAfee Labs
3xp1r3 Cyber Army: 1 600Web 21
Afghan Cyber Army: 1 34Web 22
Alarakai Cyber Army: 23
Armenian Cyber Army: 1915 2 Web 24
Bangladesh Cyber Army: 25
Brazilian Cyber Army: 2 Web 26
Indian Cyber Army: Pakistan Cyber Army 2012 Anonymous
Iranian Cyber Army: 27 3Web 28
Muslim Liberation Army: 2012Web 2 25Web 29
Pakistan Cyber Army: 2 Web 30
Philippine Cyber Army: 3175Web 31 Anonymous
Syrian Electronic Army: 2011 6 Electronic Army 32 2 AFP Twitter 33 3 34
Tunisian Cyber Army: 3 #opBlackSummer Web 35 Al-Qaeda Electronic Cyber Army
Turkey Cyber Army: Facebook
34 McAfee : 2013 1
Reporters Without Borders World Press Freedom Index 1 179 36 100 13 9 138176
www.mcafee.com/jp
150-0043 1- 12- 1 20F TEL 03-5428-1100 FAX 03-5428-1480 460-0002 3-20-17 3F TEL 052-954-9551 FAX 052-954-9552 530- 0003 2-2-2 18F TEL 06-6344-1511 FAX 06-6344-1517 810- 0801 5-3-8 5F TEL 092-287-9674 FAX 092-287-9675
1 http://www.mcafee.com/us/resources/white-papers/wp-citadel-trojan.pdf2 http://home.mcafee.com/virusinfo/global-virus-map3 http://eromang.zataz.com/2013/01/13/gong-da-gondad-exploit-pack-add-java-cve-2013-0422-support/4 http://eromang.zataz.com/2012/12/02/cool-exploit-kit-remove-support-of-java-cve-2012-1723/5 http://malware.dontneedcoffee.com/2013/02/briefl y-wave-whitehole-exploit-kit-hello.html6 http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more-exploit-kit.html7 http://www.securityweek.com/exclusive-new-malware-targeting-pos-systems-atms-hits-major-us-banks8 https://blogs.mcafee.com/mcafee-labs/vskimmer-botnet-targets-credit-card-payment-terminals9 http://europa.eu/rapid/press-release_IP-13-13_en.htm10 http://www.security-faqs.com/alleged-algerian-bank-hacker-arrested-by-fbi-in-thailand.html11 http://krebsonsecurity.com/2013/01/police-arrest-alleged-zeus-botmaster-bx1/12 http://www.justice.gov/usao/nys/pressreleases/January13/GoziVirusPR.php13 https://www.europol.europa.eu/content/police-dismantle-prolifi c-ransomware-cybercriminal-network14 https://www.europol.europa.eu/content/international-network-line-card-fraudsters-dismantled-newsletter15 http://www.cert.si/obvestila/obvestilo/article/slovenian-police-cracks-down-on-a-gang-netting-almost-2-million-EUR-from-companies-via-e-banking-hac.
html16 Page 32. http://www.mcafee.com/us/resources/white-papers/wp-hacktivism.pdf17 http://news.cnet.com/8301-1009_3-57563188-83/anonymous-petitions-u.s-to-see-ddos-attacks-as-legal-protest/18 http://njtoday.net/2013/02/06/petition-to-have-white-house-recognize-ddos-as-legitimate-protest-unlikely-to-draw-response/19 http://www.zdnet.com/anonymous-posts-over-4000-u-s-bank-executive-credentials-7000010740/20 http://www.timesofi srael.com/dont-believe-hack-claims-against-mossads-website-expert-says/21 http://news.softpedia.com/news/Over-600-Indian-Websites-Defaced-by-3xp1r3-Cyber-Army-Hacker-318967.shtml22 http://www.thehackerspost.com/2013/01/34-pakistan-sites-hacked-defaced-by.html23 http://www.cyber-expertz.net/2013/01/68-italy-sites-include-3-govt-hacked-by.html24 http://www.armenews.com/article.php3?id_article=8775425 http://news.softpedia.com/news/Bangladesh-Cyber-Army-Attacks-Indian-Sites-in-Memory-of-15-Year-Old-Girl-Video-319234.shtml26 http://www.ehackingnews.com/2013/02/sierra-leone-police-website-hacked-by.html27 http://www.popsci.com/technology/article/2013-03/how-iran-censors-internet-infographic28 http://www.innsalzach24.de/innsalzach/waldkraiburg/waldkraiburg/waldkraiburg-homepage-realschule-ziel-eines-hacker-angriffs-innsalzach24-2783344.
html29 http://www.thehackerspost.com/2013/02/israeli-server-hacked-by-hitcher-from.html30 http://hackread.com/bangalore-city-police-website-hacked-defaced-by-pakistan-cyber-army/31 http://www.malaysia-chronicle.com/index.php?option=com_k2&view=item&id=64242:sabah-crisis-sparks-cyberwar&Itemid=232 http://www.npr.org/2011/09/25/140746510/pro-assad-army-wages-cyberwar-in-syria33 http://www.esecurityplanet.com/hackers/afp-twitter-feed-hacked-by-syrian-electronic-army.html34 http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/syria-rebel-hackers-syrian-electronic-army-anonymous-support35 http://hackread.com/tunisian-cyber-army-founds-xss-vulnerability-on-pentagon-website/36 http://fr.rsf.org/IMG/pdf/classement_2013_gb-bd.pdf
McAfee McAfee McAfee Global Threat IntelligenceMcAfee, Inc. 2013 McAfee, Inc. All Rights Reserved. MCARPT-1306-MC
McAfee LabsMcAfee Labs McAfee Web McAfee Labs McAfee Global Threat Intelligence
30McAfee Labs 500 www.mcafee.com/labs
NASDAQINTC Security Connected Global Threat Intelligence http://www.mcafee.com/jp/ web http://www.mcafee.com/japan/security/publication.asp