Threat Chaos: Cyber Crime Turns to Targeted Attacks Webroot Software

1
Threat Chaos Cyber Crime Turns to Targeted
Attacks Webroot Software
2
Richard Stiennon
3
Defining Spyware
System Monitors Range in capabilities and may record some or all of the following keystrokes, e-mails, chat room conversations, instant messages, Web sites visited, programs run, time spent on Web sites or using programs, and even usernames and passwords. The information is transmitted via remote access or sent by e-mail.
Trojans A Trojan horse is a malicious program disguised as a harmless software program. Trojans do not replicate themselves like viruses, but spread through e-mail attachments and Web downloads.
Adware Monitors and profiles web usage and directs pop up ads. Most peer-to-peer file sharing programs come bundled with Adware and the user is only notified in the fine print of the End User License Agreement or not at all.
Cookies Pieces of information generated by a Web server and stored in the user's computer, to record user data. Cookies are embedded in the HTML information flowing back and forth between the user's computer and the servers.
4
Tips for avoiding spyware

• Just say No! to free software
• Use Mozilla FireFox
• Use a Mac
• Avoid questionable sites
• Be very suspicious of email
• Use public kiosks with extreme caution
• Use a firewall and AV
• Use an anti-spyware product

5
Top-Level Report Findings

• More than 80 of enterprise desktops infected
• Number of known spy traces doubled in the first
  half of 2005
• Number of known spyware distribution sites have
  quadrupled this year (gt300,000 sites)
• In Q2, more than a dozen incidents involving loss
  of corporate data for customers and employees
  occurred
• Legislative activity on the rise passage of HR
  29 and HR744, and introduction of S.687 and
  S.1004 12 states proposed new spyware laws and
  an additional 19 bills still active and pending
  in 10 states

6
Case Study
Software Name Total Count Iwon 973 Hotbar 735
WebSearch Toolbar 368 Gator (GAIN) 363 CWS-AboutB
lank 300 Apropos 219 nCase 211 vx2
(Transponder) 197 ShopAtHomeSelect 194 Adlogix 1
93 WinAd 180 InternetOptimizer 171 IEPlugin 1
64 Comet Cursor 149 SaveNow - WhenUSave 133 Bonzi
Buddy 124 Ezula iLookup 124 Websearch.com
Hijacker 120

• 8,008 pieces of adware discovered
• 10 Keystroke Loggers
• 144 dialers
• 146 Trojans

7
The Three Axes of Evil
Vectors
Email Browsing File shares Server to server IM RSS
Vulnerabilities
Actions
Unicode traversal SQL Server ByteVerify Cisco
SNMP RPC DCOM JPEG IFRAME
Browser Hijacking Spam relay Search
re-direct Pop-up Trojan Bots for Dos Network
Sniffer
Vectors
Vulnerabilities
Actions
8
The Adware economy
E-commerce Sites
Affiliate Web Sites Software parasites Worms Virus
es Spam Infected Desktops ADware
Hit Stats Popularity- Stats Brokers Webrings
9
The Adware economy
E-commerce Sites
Affiliate Web Sites Software parasites Worms Virus
es Spam Infected Desktops ADware
Hit Stats Popularity- Stats Brokers Webrings
10
At Risk in Israel
11
Threat hierarchy is a timeline!

• Experimentation
• Vandalism
• Hactivism
• CyberCrime
• Information Warfare

12
Spyware In The News
February Choice Point identity theft 145,000 individuals affected
March BJ Wholesale credit card info stolen 8m customers affected
April Lexis Nexis passwords compromised 312,000 individuals affected
April Sumitomo Bank keystroke logger 220m compromised
May Israeli Trojan horse High-profile companies indicted -- confidential data stolen
June Card Systems systems hacked 40m individuals affected
July eBank Co., Mizuho Bank and Japan Net Bank Ltd. spyware Illegal Money transfers of over 9M Yen
August Titan Rain keystroke logger email attacks Dept. of State, Homeland Security, Energy and Defense.
13
Going Forward

• Incidents of spyware will continue to rise driven
  by monetary gain potential. WMF case in point.
• Spyware becomes more sophisticated to avoid
  detection and removal
• Legislation is picking up steam (27 states) but
  ultimately it will not solve the problem -- but
  it will increase awareness
• Insiders become savvy. What do you do when every
  employee could be a hacker?