cybercrime & solutions for home users and small businesses kl cybe… · avar (association of...
TRANSCRIPT
Cybercrime & solutions for
Home users and Small
Businesses
Copyright by Kaspersky Lab
BusinessesEddy Willems
Security EvangelistEICAR Director Information & Press
Agenda
� About Kaspersky Lab
� History
� Cyber Crime ...
Copyright by Kaspersky Lab
� Cyber Crime ...
� Future
About Kaspersky Lab
� International leader in internet security, visionary part
Gartner quadrant
� Advanced antivirus, antispyware, antispam and firewall
� More than 250 million protected users worldwide
� 10 R&D and virus labs worldwide
Copyright by Kaspersky Lab
� 10 R&D and virus labs worldwide
� Over 1400 employees, 450 developers & engineers
� Local sales, marketing and technical support
� Local virus detection by Benelux virus lab
� Fast reaction time and automatic hourly updates
Leading IT security players worldwide
Copyright by Kaspersky Lab
Have Chosen Kaspersky Lab TechnologyHave Chosen Kaspersky Lab Technology
Antivirus experts and virus analysts
� AVIEN (Anti-Virus Information
Exchange Network)
� CARO (Computer Antivirus
Research Organization)
� ICSA (International Computer
The Kaspersky Virus Lab The Kaspersky Virus Lab -- sharing knowledge through malware researchsharing knowledge through malware research
� Industry-leading knowledge resource – http://www.viruslist.com
� Our team of virus analysts is active in
Copyright by Kaspersky Lab
� ICSA (International Computer
Security Association)
� AVAR (Association of Antivirus
Asia Researchers)
� IMPACT (international partnership
dedicated to combating terrorist
activities in the area of information
technology)
� EICAR (European Institute for
Computer AntiVirus Research)
TIME
Copyright by Kaspersky Lab
TIME
Some History: The old days !
Copyright by Kaspersky Lab
SPAM
Some years ago ...
Virus
Copyright by Kaspersky Lab
SPAM
Worm
Trojan
SPAM
Today’s Threats …
Virus
Spyware
AdwareBot R
emo
te
Co
ntro
l Ag
ent
Root-kitsPhishing
Copyright by Kaspersky Lab
Trojan
Worm
Bot
Zombie
Pharming
Keystroke
logger
Rem
ote-
Co
ntro
l Ag
ent
Screen
grabberPassword
grabber
Premium-
Rate Dialer
What are the real threats ?
VirusesWorms Spyware
PeerToPeer
attacks
Data Theft
Copyright by Kaspersky Lab
Bad StuffAdware
Exploits
User Phishing
Spam
attacks
DoS
Identity Theft
DDoS Mailers
External
HackerInternal
Hacker
Vulnerabilities
The end of global epidemics
10
15
20
25Epidemics
Copyright by Kaspersky Lab
Source: Kaspersky Lab
0
5
10
Quarters
Epidemics
2002 2003 2004 2005 2006 2007
Increasing Numbers
1.000.000
1.200.000
1.400.000
1.600.000KL records
Copyright by Kaspersky Lab
0
200.000
400.000
600.000
800.000
1.000.000
Source: Kaspersky Lab
98 99 00 01 02 03 04 05 06 07 08
� Types of malware in daily updates
Cyber crime
300
400
500 Cyber vandalism
Petty fraud
Cyber crime
Copyright by Kaspersky Lab
Source: Kaspersky Lab
0
100
200
300
1998 1999 2000 2001 2002 2003 2004 2005 2006 2007
The Ecosystem
VictimsE-Criminals
Copyright by Kaspersky Lab
Police ITTP Industry
The Rogues’ Gallery – The Script Kiddies
Copyright by Kaspersky Lab
Jeffrey Lee Parson Jeffrey Lee Parson ––1818 –– (USA)(USA)Arrested August Arrested August 2929,, 2003 2003
for the Lovesanfor the Lovesan..b virusb virus
Sven Jaschan Sven Jaschan –– 18 18 ––(Germany)(Germany)Arrested May Arrested May 77,, 2004 2004 for for
NetSkyNetSky andand Sasser virusesSasser viruses
Chen IngChen Ing--Hau Hau –– 24 24 (Taiwan)(Taiwan)Arrested September Arrested September 2121,,
2000 2000 for the CIH virusfor the CIH virus
The Rogues’ Gallery – Binary Thieves
Copyright by Kaspersky Lab
Jeanson James Jeanson James Ancheta Ancheta –– 2020 (USA)(USA)Arrested November Arrested November 33,, 2005 2005
for creating zombie for creating zombie
networksnetworks and leasing them and leasing them
for spam mailing and DDoS for spam mailing and DDoS
attacks on websitesattacks on websites
Farid Essebar Farid Essebar --18 (Morocco), Atilla Ekici 18 (Morocco), Atilla Ekici –– 21 21 (Turkey)(Turkey)Arrested on August Arrested on August 2626,, 2005 2005 for creating zombie for creating zombie
networksnetworks using Mytob andusing Mytob and Zotob Zotob ((BozoriBozori)) wormsworms
Today we are fighting these!
Copyright by Kaspersky Lab
� Jeremy Jaynes
Millionaire,
and a spammer
� Jay Echouafni
CEO,
and a DDoS attacker
� Andrew Schwarmkoff
Member of Russian
mob, and a phisher
One of the big problems: Botnets
Copyright by Kaspersky Lab
One of the big problems: Botnets
What is a botnet ? part 1
Copyright by Kaspersky Lab
What is a botnet ? part 2
Copyright by Kaspersky Lab
What is a botnet ? part 3
Copyright by Kaspersky Lab
What can you see ?
Copyright by Kaspersky Lab
Using botnet
� DDoS for fun and glory
� Sending spam, making spamlists
� Phishing
� Stealing private data
Copyright by Kaspersky Lab
� Stealing private data
� Ransoming
� Botnet renting
New territories: Social Networking
�Blogs, forums
�Wiki
�MySpace, YouTube
�Other online communities:
Copyright by Kaspersky Lab
Who’s on Facebook?
�� ProfitabilityProfitability
�� Easy to doEasy to do
((technically and morallytechnically and morally))
CyberCrime is Big Business
Copyright by Kaspersky Lab
�� Low risk businessLow risk business
�� New services that are New services that are
profitable to attackprofitable to attack
Today’s Networks Lack Clear, Crisp Boundaries
� Internal/External network
� Individual Users connect from
multiple locations
� Managed/Unmanaged devicesCCCCoooonnnnttttrrrraaaacccc
TelecommTelecommTelecommTelecomm
utersutersutersuters
Copyright by Kaspersky Lab
Internet
� Managed/Unmanaged devices
� Individual devices operate both
inside the network, and on public
networks
� New Devices on the Network
eg. SmartPhones, etc ….
CCCCoooonnnnttttrrrraaaacccc
Mobile Mobile Mobile Mobile
UsersUsersUsersUsers
Network
WirelessWirelessWirelessWireless
UsersUsersUsersUsers
Top 10: Safe Internet Security Tips
� 1. Make backups
� 2. Update software regularly and check this
� 3. Use upgraded anti-virus/spyware software and update regularly and
check this
� 4. Use a personal desktop firewall
Copyright by Kaspersky Lab
� 5. Use difficult passwords
� 6. Be very carefull with unknown files or programs
� 7. Surf sure and browse logically
� 8. Thnik twice when leaving personal data somewhere
� 9. do not react on SPAM
� 10. Use common sense
What do we really need ?
VirusesWorms Spyware
PeerToPeer
attacks
Data Theft
Copyright by Kaspersky Lab
Bad StuffAdware
Exploits
User Phishing
Spam
attacks
DoS
Identity Theft
DDoS Mailers
External
HackerInternal
Hacker
Vulnerabilities
Thank you
Copyright by Kaspersky Lab
KOSS
Copyright by Kaspersky Lab
KOSS
Kaspersky Open Space Security
Copyright by Kaspersky Lab
A perfect combination of ….� Legendary good detection with very quick reaction time� New improved scanning engine with rootkit cleaning
� Improved Heuristic scanner
(emulation+sandbox)
So what do we have?
Copyright by Kaspersky Lab
(emulation+sandbox)
� Behaviour blocker + HIPS
(proactive detection)
� An easy firewall
� Anti-Spam� Vulnerability Scanner
� Web control and Device control
� Within one easy package !!!
Don’t forget
Copyright by Kaspersky Lab
KMS
Kaspersky Anti-Virus Mobile
� On-access monitor intercepts all data channels
� On-demand monitor for manual scan
� SMS spam filtering and other value-add features
� Firewall
� Anti-theft: SMS Block, SMS Clean, SIM Watch : Unique feature
Copyright by Kaspersky Lab
� Anti-theft: SMS Block, SMS Clean, SIM Watch : Unique feature
� Digitally signed updates via WAP, HTTP or from PC folder
� Minimal amount of system resources used
� Flexible customization options for OEMs, mobile operators, device vendors and content providers
� Supports all popular devices, including SonyEricsson, NOKIA, Siemens, Samsung, Panasonic, Sendo and other vendors
� Available for Symbian, Windows Mobile
A different view ...
Copyright by Kaspersky Lab
KHSS
KasperskyKaspersky
Hosted Mail Hosted Mail
SecuritySecurity
KasperskyKaspersky
Hosted Web Hosted Web
Security Security
KasperskyKaspersky
Hosted IM Hosted IM
Security Security
Cascaded Virus Cascaded Virus protectionprotection
Comprehensive Spam Comprehensive Spam protectionprotection
What do we offer?
Virus Virus protectionprotection
Content Content ControlControl
URLURL--FilterFilter
Virus Virus protectionprotection
SPIM SPIM protectionprotection
Content Content ControlControl
Copyright by Kaspersky Lab
protectionprotection
Content Content ControlControl
InboundInbound andand OutboundOutbound
ScalableScalable
ReportingReporting
ScalableScalable
ReportingReporting
ScalableScalable
ReportingReporting
Consumer v2009
Copyright by Kaspersky Lab
KAV & KIS
New Technologies in v2009KAV / KIS v2009 (8.0) : AV signatures + PDM + Emulator +
Improved Heuristics
- Behaviour control {Security Rating, WhiteListing, Rules
engine} => Improved HIPS
- Vulnerability Checker
- Virtual Keyboard
- In-the Cloud protection: Kaspersky Security Network
Copyright by Kaspersky Lab
- In-the Cloud protection: Kaspersky Security Network
- Online Check + Rescue Disk Image
- Improved Anti-Rootkit
- Improved Firewall
- Improved Parental Control
- Easier Wizards
� First Hybrid Technology Product in the world
Automatic Classification of Applications
Copyright by Kaspersky Lab
Avantages : Each
application is
automatically
categorized based on
criteria managed by KIS
2009
Much less user
interaction needed while
less false postives
Copyright by Kaspersky Lab