Stormy Weather

•

0 j'aime•282 vues

This document analyzes the Storm botnet threat in 2007. It describes how Storm infects computers through malicious email attachments and website visits, turning the computers into remotely controlled "botnets". The botnets are then rented out to generate spam emails and launch denial-of-service attacks. Storm also sells personal data mined from infected computers. To avoid detection, Storm uses rootkits, regular code updates, and techniques like decentralized control and frequent code replacement. The document lists several Storm outbreaks in 2007 and includes graphs showing spam volume and the country of origin for Storm-infected IP addresses.

Technologie Actualités & Politique

Stormy Weather
A quantitative assessment of the Storm web threat in 2007
q

Raimund Genes, Anthony Arrott, and David Sancho
Trend Micro

VB2008 - Ottawa October 2008

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

Storm activity by country of IP source

VB2008 - Ottawa October 2008 2 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

How does Storm infect computers?
• Users open executable email attachments
(e.g. ‘Full Story.exe’)

or

• Users visit infected websites
(e.g. ‘click_for_full_story’)

• Either way, user click results in becoming a remotely-controlled
botnet zombie

VB2008 - Ottawa October 2008 3 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

What does Storm do to make money for its perpetrators?

• ‘Botnets for rent’ in underground economy

• Rented botnets used:
– as spam engines
– in denial of service attacks

• Sell mined zombie data (e.g. address book contents)

VB2008 - Ottawa October 2008 4 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

How does Storm protect itself from detection & removal?
• Infects host zombies with rootkits

• Provides periodic updates of malware code

• Botnets configured
– decentralized control
– rotating activation
– enhanced encryption
encr ption
– frequent code replacement

VB2008 - Ottawa October 2008 5 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

Storm outbreaks in 2007
– 17 Jan 07 – “European Storm” Spam
– 12 Apr 07 – “Worm Alert” Spam
– 27 Jun 07 – “E-card” (applet.exe)
– 4 July 07 – “231st B-day”
– 2 Sep 07 – “Labor Day” (labor.exe)
– 5 Sep 07 – “Tor Proxy”
Tor Proxy
– 10 Sep 07 – “NFL Tracker”
– 17 S 07 – “A d G
Sep “Arcade Games”
”

Adopted from: Porras Saidi & Yagneswaran
Porras,

VB2008 - Ottawa October 2008 6 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

spam

VB2008 - Ottawa October 2008 7 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

source: Trend Micro

VB2008 - Ottawa October 2008 8 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

spam volume

VB2008 - Ottawa October 2008 9 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

VB2008 - Ottawa October 2008 10 Copyright 2008 - Trend Micro Inc.

Stormy Weather
A quantitative assessment of the Storm web threat in 2007

?

VB2008 - Ottawa October 2008 11 Copyright 2008 - Trend Micro Inc.

Contenu connexe

Similaire à Stormy Weather

Introduction - The Smart Protection Network

Andrew Wong

Seguridad en Capas: Smart & Actionable Data

Cristian Garcia G.

Radware - DSS @Vilnius 2010

Andris Soroka

Botnets & DDoS Introduction

Kae Hsu

20111214 iisf shinoda_

Directorate of Information Security | Ditjen Aptika

Stormy Weather

Anthony Arrott

Security breaches have become a normal part of our lives over the past decade, but each hack comes with its own complications and ramifications. In this webinar, Teleport Tech Writer Virag Mody will dive deep into the details of 10 notable hacks of the past decade, how they happened, and their effects on how we approach cybersecurity. This will include kickstarting new models, turning cybersecurity into a national-security issue, and forcing a conversation around data privacy. The presentation will include breaches from: Solarwinds Panama Papers Operation Aurora Equifax Capital One Cambridge Analytica Virag Mody

Top 10 Hacks of the Last Decade

Teleport

McAfee Vulnerability Manager

Dragos Lungu

The polls are closed, votes are in, and we have ten winners making up the Top Ten Web Hacks of 2007! The competition was fierce. The information security community put 80 of the newest and most innovative Web hacking techniques to the test. The voting process saw even some attempts at ballot stuffing, but to no avail, and very few techniques received zero votes. The winners though stood head and shoulders above the rest. Thanks to everyone who helped building the list of links, took the time to vote, and especially the researchers whose work we all rely upon. Congratulations! http://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html

Top Ten Hacks of 2007

Jeremiah Grossman

StoneGate_Конкурс продуктов портала VirtualizationSecurityGroup.Ru_продукт пр...

VirtSGR

Atelier Technique ARBOR NETWORKS ACSS 2018

African Cyber Security Summit

Infosecurity - CDMX 2018

Miguel Hernández y López

STUXNET_

bueno buono good

Volume of threat: the AV update deployment bottleneck Wei Yan Trend Micro Anthony Arrott Trend Micro As cyber criminals continue to advance their malware development skills, the security industry has responded with new technologies to combat the new threats. Most recently, however, the cyber criminals have exploited an inherent weakness in the traditional security industry approach to AV protection. As AV solution vendors discover new threats and develop countermeasures, newly acquired threat knowledge must be deployed to all the protected computers and networks. In the last two years, the perpetrators of digital threats have increasingly automated the processes of producing new unique threat variants. On average, over 2,000 new unique malware threats are introduced to the Internet every hour. It now takes less than a week to produce the entire malware output of 2005. As the flow of new threats increases, the timely deployment of AV pattern files to protected systems all over the world is becoming overwhelmed. Various responses by AV solution vendors to this assault are examined and compared, especially with respect to minimizing deployment delays and network resource utilization costs.

Volume of Threat: The AV update deployment bottleneck

Anthony Arrott

This presentation provides a personal vision of cybersecurity trends for the coming 10 years and beyond! We begin with some historical relics and the discovery of the Antikythera Mechanism almost 2000 years ago (Cyber Year ZERO!). We rapidly move to our cyber society - 2018 - and some recent massive cyber hacks & attacks related both to cybercrime, cyberterror and emerging cyber and information warfare. We briefly discuss the TOP 10 Cyber attack and means of defence. These include Advanced Persistent Threat (APT), Stealth Monitoring, Toxic eMail, Custom Bots (Stuxnet), DDoS, Ransomware and Toxic Cookies/Proxy & DNS Hacks & Attacks. After briefing exploring Blockchains, "Internet of Things" & Integrated Security Dashboards we present a sequence of cyber scenarios for 2019 (Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber Intelligent) and 2040 (Neural Security). We provide examples of cyber tools already available that deploy machine learning, AI and Deep Learning to protect business and governments around the world. We provide some warnings from the late Stephen Hawking on both the risks and rewards or the widespread deployment of artificial intelligence based solutions in both business, government & open society! Finally we wrap up with a quick review of future cyber tools and suggestions for your own Business Action Plan & RoadMap! Enjoy!

CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!

Dr David Probert

Kaspersky - 07apr2011

Agora Group

Whether you patch monthly or every six months, the time and resource overhead is significant.... And are you even secure? In this real-life patch test, one of our Solution Architects put a simple virtual machine through it’s paces, with fascinating results. Understand more about typical vulnerabilities and security updates found in even the most simple of servers, learn about the typical decisions being faced by organisations trying to balance operational efficiency with security and see how you can implement same-day protection for vulnerabilities in critical systems, even without patching or during a change freeze.

Real-life patch test - vulnerabilities found in one simple server in 6 months

Trend Micro (EMEA) Limited

I Heart Stuxnet

Gil Megidish

BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality

BlueHat Security Conference

Future of Destructive Malware

Greg Foss

Similaire à Stormy Weather (20)

Introduction - The Smart Protection Network

Seguridad en Capas: Smart & Actionable Data

Radware - DSS @Vilnius 2010

Botnets & DDoS Introduction

20111214 iisf shinoda_

Stormy Weather

Top 10 Hacks of the Last Decade

McAfee Vulnerability Manager

Top Ten Hacks of 2007

StoneGate_Конкурс продуктов портала VirtualizationSecurityGroup.Ru_продукт пр...

Atelier Technique ARBOR NETWORKS ACSS 2018

Infosecurity - CDMX 2018

STUXNET_

Volume of Threat: The AV update deployment bottleneck

CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!

Kaspersky - 07apr2011

Real-life patch test - vulnerabilities found in one simple server in 6 months

I Heart Stuxnet

BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality

Future of Destructive Malware

Dernier

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Architecting Cloud Native Applications

WSO2

Dernier (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

WSO2's API Vision: Unifying Control, Empowering Developers

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

AWS Community Day CPH - Three problems of Terraform

How to Troubleshoot Apps for the Modern Connected Worker

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Six Myths about Ontologies: The Basics of Formal Ontology

presentation ICT roal in 21st century education

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Introduction to Multilingual Retrieval Augmented Generation (RAG)

CNIC Information System with Pakdata Cf In Pakistan

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Artificial Intelligence Chap.5 : Uncertainty

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Corporate and higher education May webinar.pptx

Architecting Cloud Native Applications

Stormy Weather

1. Stormy Weather A quantitative assessment of the Storm web threat in 2007 q Raimund Genes, Anthony Arrott, and David Sancho Trend Micro VB2008 - Ottawa October 2008

3. Stormy Weather A quantitative assessment of the Storm web threat in 2007 How does Storm infect computers? • Users open executable email attachments (e.g. ‘Full Story.exe’) or • Users visit infected websites (e.g. ‘click_for_full_story’) • Either way, user click results in becoming a remotely-controlled botnet zombie VB2008 - Ottawa October 2008 3 Copyright 2008 - Trend Micro Inc.

4. Stormy Weather A quantitative assessment of the Storm web threat in 2007 What does Storm do to make money for its perpetrators? • ‘Botnets for rent’ in underground economy • Rented botnets used: – as spam engines – in denial of service attacks • Sell mined zombie data (e.g. address book contents) VB2008 - Ottawa October 2008 4 Copyright 2008 - Trend Micro Inc.

5. Stormy Weather A quantitative assessment of the Storm web threat in 2007 How does Storm protect itself from detection & removal? • Infects host zombies with rootkits • Provides periodic updates of malware code • Botnets configured – decentralized control – rotating activation – enhanced encryption encr ption – frequent code replacement VB2008 - Ottawa October 2008 5 Copyright 2008 - Trend Micro Inc.

6. Stormy Weather A quantitative assessment of the Storm web threat in 2007 Storm outbreaks in 2007 – 17 Jan 07 – “European Storm” Spam – 12 Apr 07 – “Worm Alert” Spam – 27 Jun 07 – “E-card” (applet.exe) – 4 July 07 – “231st B-day” – 2 Sep 07 – “Labor Day” (labor.exe) – 5 Sep 07 – “Tor Proxy” Tor Proxy – 10 Sep 07 – “NFL Tracker” – 17 S 07 – “A d G Sep “Arcade Games” ” Adopted from: Porras Saidi & Yagneswaran Porras, VB2008 - Ottawa October 2008 6 Copyright 2008 - Trend Micro Inc.

12. Thank you VB2008 - Ottawa October 2008

Stormy Weather

Recommandé

Recommandé

Contenu connexe

Similaire à Stormy Weather

Similaire à Stormy Weather (20)

Dernier

Dernier (20)

Stormy Weather