Upload
nicholaskeuning
View
345
Download
0
Embed Size (px)
DESCRIPTION
SunbeltLabs
Citation preview
Presents a Quarterly Briefing:
Turn the Tables on the Bad Guys, Malware Unmasked
Agenda
• Current threats, what's prevalentSome of the most dangerous and complicated threats in the wild
• How application vulnerabilities leaves the door openMalicious PDFs & rogue AV
• Best Practices‐Protection and RemediationHow to protect your networkUsing tools like Sunbelt’s CWSandbox™ as part of a cyberdefense strategy for your enterprise
• Q & A
Dodi Glenn, Malware Response Manager Brian Jack, Lead Security Analyst
Current Threats
• In Q4 2009, 80% of in the wild exploits were from PDFs¹
• 20 Software Flaws (CVE) issued for Adobe Reader for the past 3 months²
Significant rise in PDF Exploits
¹ ScanSafe²Nist.Gov
Current Threats
Source: F‐Secure
Target attacks 2009
Zero‐day Detections
0
2000
4000
6000
8000
10000
12000
14000
16000
18000
1 2 3 4
Day
Samples
Total Daily Detections
Detected Using CWSandbox
Detected By AV Scanners
SunbeltLabs Daily Detections
Current Threats
• “Drive‐by”Infections are becoming more prevalent
• Tools to create malicious PDFs
Readily available online
• Exploit kitsYES, Eleonore, and NeosploitPurchasing on black market & require little to no programming skills to operate
Distribution Vectors
Current ThreatsWhat is the typical payload?
• PDF exploitsDrops rogue AV downloaders or backdoors ie. Zbot
• Specific roguesAntispyware Soft and Digital Protection are distributed by malicious PDFs
• Antispyware Soft changes proxy settings
Routing traffic to malware’s C & C
Best Practices
• Application SecurityDisable JavaScript support in Adobe Reader
Disable “PDF in Browser”
• OS SecurityMachines are updated and patched
• Use Anti‐virusAV software is installed and updated
Layered Security
Turn the Tables
• Free Sunbelt ToolsPublic sandboxhttp://SunbeltSandbox.com
VIPRE Rescue
http://live.sunbeltsoftware.com
• SunbeltLabs Licensed ToolsCWSandbox‐in house analysis
ThreatTrack™‐data feeds
Resources
Non‐Executables Executables•pdf•doc •xls•ppt•mdb
•gif•mp3•wmv•avi
•Flash•HTML•JavaScript•JavaApplets•URLs
•exe•bat•dll•com
Malware UnmaskedCWSandbox can analyze almost any file
Extensive logging and reporting of all analysis data:
Analyst• Multiple Applications • Multiple Reports• ½ Hour – Days per Sample
Analyst vs. CWSandboxCWSandbox
• 1 Application • 1 Report• Parseable reports• Multiple Platform Comparisons• 1 – 3 Minutes per Sample• Searchable Repository
© 2010 Sunbelt Software Inc. All rights reserved. Other product and company namesmentioned herein may be trademarks and/or registered trademarks of their respective companies.
Sunbelt Software: http://www.sunbeltsoftware.comCWSandbox: http://www.sunbeltsandbox.com
Contact Us: [email protected]