SlideShare a Scribd company logo

Uncovering Malware in Your Website

Sasha Nunke
Sasha Nunke

Learn the fast, online way to find malware before your customers do.

TechnologyBusiness
1 of 6
Download to read offline
Uncovering Malware in Your Website Learn the fast, online way to find it before your customers do Cecilia Zuvic Jason Kent March 19th, 2013
Some statistics 2 •Kaspersky estimates 1 in 150 legitimate websites are now serving malware •Google blacklists about 6000 sites a day •Sophos research discovered 21,000 WebPages were getting infected every day
Customer’s feedback Why? -Blacklisted -Customer request -Proactive approach - peace of mind What? -Automated -Recommendation on fixes -Alerts - Behavioral analysis 3
Malware doesn’t discriminate 4  Blind to Vertical or Size  PhotoSharing and RadioShow – I was told  Web Developer – A customer is blacklisted  La Via Celeste - But, I have virus protection  On-line retailer – I need to be ready
Why do you care? 5  Protect your company – preventing the spread of malware to customers  Protect consumers – reducing the amount in entry points (that a user can be infected with malware)  Protect Enterprises - limiting the number of infected end users  Protect your Company Brand –preventing from serving malware from their web applications  Avoid getting blacklisted = Save money, time and your company’s reputation
czuvic@qualys.com jkent@qualys.com Thank You © 1999–2013 Qualys, Inc. All rights reserved.

Recommended

Qualys
QualysQualys
Qualys
Gary Caddell
 
Windows Server 2008 Active Directory Domain Services
Windows Server 2008 Active Directory Domain ServicesWindows Server 2008 Active Directory Domain Services
Windows Server 2008 Active Directory Domain Services
Gary Caddell
 
Qualys Suite
Qualys SuiteQualys Suite
Qualys Suite
fepinette
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
Splunk
 
Ultra-scalable Architectures for Telecommunications and Web 2.0 Services
Ultra-scalable Architectures for Telecommunications and Web 2.0 ServicesUltra-scalable Architectures for Telecommunications and Web 2.0 Services
Ultra-scalable Architectures for Telecommunications and Web 2.0 Services
Mauricio Arango
 
Quality of Service in Publish/Subscribe Middleware
Quality of Service in Publish/Subscribe MiddlewareQuality of Service in Publish/Subscribe Middleware
Quality of Service in Publish/Subscribe Middleware
Angelo Corsaro
 
Microsoft
MicrosoftMicrosoft
Microsoft
Virus91
 
Sph 106 Ch 10
Sph 106 Ch 10Sph 106 Ch 10
Sph 106 Ch 10
Bryant Hall
 

Recommended

Qualys
QualysQualys
Qualys
Gary Caddell
 
Windows Server 2008 Active Directory Domain Services
Windows Server 2008 Active Directory Domain ServicesWindows Server 2008 Active Directory Domain Services
Windows Server 2008 Active Directory Domain Services
Gary Caddell
 
Qualys Suite
Qualys SuiteQualys Suite
Qualys Suite
fepinette
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
Splunk
 
Ultra-scalable Architectures for Telecommunications and Web 2.0 Services
Ultra-scalable Architectures for Telecommunications and Web 2.0 ServicesUltra-scalable Architectures for Telecommunications and Web 2.0 Services
Ultra-scalable Architectures for Telecommunications and Web 2.0 Services
Mauricio Arango
 
Quality of Service in Publish/Subscribe Middleware
Quality of Service in Publish/Subscribe MiddlewareQuality of Service in Publish/Subscribe Middleware
Quality of Service in Publish/Subscribe Middleware
Angelo Corsaro
 
Microsoft
MicrosoftMicrosoft
Microsoft
Virus91
 
Sph 106 Ch 10
Sph 106 Ch 10Sph 106 Ch 10
Sph 106 Ch 10
Bryant Hall
 
Haverhill, MA needs a fiber network
Haverhill, MA needs a fiber network Haverhill, MA needs a fiber network
Haverhill, MA needs a fiber network
John Michitson
 
Infinite Banking & Personal Economics
Infinite Banking & Personal EconomicsInfinite Banking & Personal Economics
Infinite Banking & Personal Economics
Joaquin "Duke" Wilwayco
 
BONES FESTES
BONES FESTESBONES FESTES
BONES FESTES
mariasun
 
Trail Of Tears
Trail Of TearsTrail Of Tears
Trail Of Tears
guest47b6d27
 
ikd312-08-fd
ikd312-08-fdikd312-08-fd
ikd312-08-fd
Anung Ariwibowo
 
Cyberpolitics 2009 W10
Cyberpolitics 2009 W10Cyberpolitics 2009 W10
Cyberpolitics 2009 W10
oiwan
 
Vagrant
VagrantVagrant
Vagrant
Ba Thanh Huynh
 
Real-Time Marketing With Twitter
Real-Time Marketing With TwitterReal-Time Marketing With Twitter
Real-Time Marketing With Twitter
Asfaq Tapia
 
Plan Your Retirement & Not Uncle Sam's
Plan Your Retirement & Not Uncle Sam'sPlan Your Retirement & Not Uncle Sam's
Plan Your Retirement & Not Uncle Sam's
Joaquin "Duke" Wilwayco
 
Sph 107 Ch 15
Sph 107 Ch 15Sph 107 Ch 15
Sph 107 Ch 15
Bryant Hall
 
Presentation 12.19
Presentation 12.19Presentation 12.19
Presentation 12.19
SponderEdTech
 
Planetario 2º ciclo 2013
Planetario 2º ciclo 2013Planetario 2º ciclo 2013
Planetario 2º ciclo 2013
XXX XXX
 
Facebook for Business (Creating Fan Pages)
Facebook for Business (Creating Fan Pages)Facebook for Business (Creating Fan Pages)
Facebook for Business (Creating Fan Pages)
CreAgent Marketing
 
Baile alumnado 2º ciclo 2013
Baile alumnado 2º ciclo 2013Baile alumnado 2º ciclo 2013
Baile alumnado 2º ciclo 2013
XXX XXX
 
Focus 1 - construirea unui software functional, utilizabil si intuitiv
Focus 1 - construirea unui software functional, utilizabil si intuitivFocus 1 - construirea unui software functional, utilizabil si intuitiv
Focus 1 - construirea unui software functional, utilizabil si intuitiv
Valentin Bora
 
Lxb Attest
Lxb AttestLxb Attest
Lxb Attest
André Bouchard
 
Portfolio
PortfolioPortfolio
Portfolio
Hendr346
 
Office 365 + Windows Azure (del 2)
Office 365 + Windows Azure (del 2)Office 365 + Windows Azure (del 2)
Office 365 + Windows Azure (del 2)
Wictor Wilén
 
Naresh
NareshNaresh
Naresh
guest3bc901
 
Facebook
FacebookFacebook
Facebook
tuominii
 
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App SecurityDon’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Sasha Nunke
 
Cost-effective approach to full-cycle vulnerability management
Cost-effective approach to full-cycle vulnerability managementCost-effective approach to full-cycle vulnerability management
Cost-effective approach to full-cycle vulnerability management
Sasha Nunke
 

More Related Content

Viewers also liked

Cyberpolitics 2009 W10
Cyberpolitics 2009 W10Cyberpolitics 2009 W10
Cyberpolitics 2009 W10
oiwan
 
Planetario 2º ciclo 2013
Planetario 2º ciclo 2013Planetario 2º ciclo 2013
Planetario 2º ciclo 2013
XXX XXX
 
Baile alumnado 2º ciclo 2013
Baile alumnado 2º ciclo 2013Baile alumnado 2º ciclo 2013
Baile alumnado 2º ciclo 2013
XXX XXX
 

Viewers also liked (20)

Haverhill, MA needs a fiber network
Haverhill, MA needs a fiber network Haverhill, MA needs a fiber network
Haverhill, MA needs a fiber network
 
Infinite Banking & Personal Economics
Infinite Banking & Personal EconomicsInfinite Banking & Personal Economics
Infinite Banking & Personal Economics
 
BONES FESTES
BONES FESTESBONES FESTES
BONES FESTES
 
Trail Of Tears
Trail Of TearsTrail Of Tears
Trail Of Tears
 
ikd312-08-fd
ikd312-08-fdikd312-08-fd
ikd312-08-fd
 
Cyberpolitics 2009 W10
Cyberpolitics 2009 W10Cyberpolitics 2009 W10
Cyberpolitics 2009 W10
 
Vagrant
VagrantVagrant
Vagrant
 
Real-Time Marketing With Twitter
Real-Time Marketing With TwitterReal-Time Marketing With Twitter
Real-Time Marketing With Twitter
 
Plan Your Retirement & Not Uncle Sam's
Plan Your Retirement & Not Uncle Sam'sPlan Your Retirement & Not Uncle Sam's
Plan Your Retirement & Not Uncle Sam's
 
Sph 107 Ch 15
Sph 107 Ch 15Sph 107 Ch 15
Sph 107 Ch 15
 
Presentation 12.19
Presentation 12.19Presentation 12.19
Presentation 12.19
 
Planetario 2º ciclo 2013
Planetario 2º ciclo 2013Planetario 2º ciclo 2013
Planetario 2º ciclo 2013
 
Facebook for Business (Creating Fan Pages)
Facebook for Business (Creating Fan Pages)Facebook for Business (Creating Fan Pages)
Facebook for Business (Creating Fan Pages)
 
Baile alumnado 2º ciclo 2013
Baile alumnado 2º ciclo 2013Baile alumnado 2º ciclo 2013
Baile alumnado 2º ciclo 2013
 
Focus 1 - construirea unui software functional, utilizabil si intuitiv
Focus 1 - construirea unui software functional, utilizabil si intuitivFocus 1 - construirea unui software functional, utilizabil si intuitiv
Focus 1 - construirea unui software functional, utilizabil si intuitiv
 
Lxb Attest
Lxb AttestLxb Attest
Lxb Attest
 
Portfolio
PortfolioPortfolio
Portfolio
 
Office 365 + Windows Azure (del 2)
Office 365 + Windows Azure (del 2)Office 365 + Windows Azure (del 2)
Office 365 + Windows Azure (del 2)
 
Naresh
NareshNaresh
Naresh
 
Facebook
FacebookFacebook
Facebook
 

More from Sasha Nunke

Don’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App SecurityDon’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App Security
Sasha Nunke
 
Cost-effective approach to full-cycle vulnerability management
Cost-effective approach to full-cycle vulnerability managementCost-effective approach to full-cycle vulnerability management
Cost-effective approach to full-cycle vulnerability management
Sasha Nunke
 
Web Application Security For Small and Medium Businesses
Web Application Security For Small and Medium BusinessesWeb Application Security For Small and Medium Businesses
Web Application Security For Small and Medium Businesses
Sasha Nunke
 

More from Sasha Nunke (10)

Don’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App SecurityDon’t let Your Website Spread Malware – a New Approach to Web App Security
Don’t let Your Website Spread Malware – a New Approach to Web App Security
 
Cost-effective approach to full-cycle vulnerability management
Cost-effective approach to full-cycle vulnerability managementCost-effective approach to full-cycle vulnerability management
Cost-effective approach to full-cycle vulnerability management
 
Web Application Security For Small and Medium Businesses
Web Application Security For Small and Medium BusinessesWeb Application Security For Small and Medium Businesses
Web Application Security For Small and Medium Businesses
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
 
ABC's of Securing Educational Networks
ABC's of Securing Educational NetworksABC's of Securing Educational Networks
ABC's of Securing Educational Networks
 
PCI Myths
PCI MythsPCI Myths
PCI Myths
 
Web Application Scanning 101
Web Application Scanning 101Web Application Scanning 101
Web Application Scanning 101
 
Automating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceAutomating Policy Compliance and IT Governance
Automating Policy Compliance and IT Governance
 
PCI Compliance: What You Need to Know
PCI Compliance: What You Need to KnowPCI Compliance: What You Need to Know
PCI Compliance: What You Need to Know
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Uncovering Malware in Your Website

  • 1. Uncovering Malware in Your Website Learn the fast, online way to find it before your customers do Cecilia Zuvic Jason Kent March 19th, 2013
  • 2. Some statistics 2 •Kaspersky estimates 1 in 150 legitimate websites are now serving malware •Google blacklists about 6000 sites a day •Sophos research discovered 21,000 WebPages were getting infected every day
  • 3. Customer’s feedback Why? -Blacklisted -Customer request -Proactive approach - peace of mind What? -Automated -Recommendation on fixes -Alerts - Behavioral analysis 3
  • 4. Malware doesn’t discriminate 4  Blind to Vertical or Size  PhotoSharing and RadioShow – I was told  Web Developer – A customer is blacklisted  La Via Celeste - But, I have virus protection  On-line retailer – I need to be ready
  • 5. Why do you care? 5  Protect your company – preventing the spread of malware to customers  Protect consumers – reducing the amount in entry points (that a user can be infected with malware)  Protect Enterprises - limiting the number of infected end users  Protect your Company Brand –preventing from serving malware from their web applications  Avoid getting blacklisted = Save money, time and your company’s reputation