the endless wave of online threats - protecting our community

The Endless Wave of Online Threats – Protecting our Community

Michael McKinnon – Security Advisor, AVG (AU/NZ)

An Avalanche Technology Group company

AVG.COM.AU

AVG.CO.NZ

2

Presentation Overview

• Overview of the AVG Community Protection Network

• Details and examples of the latest online threats:

• Web threats

• PC threats

• Mobile threats

• Printed malware

• Trends & issues

3

About AVG

• Best known globally for AVG Anti-Virus FREE

• Over 114 million active users, as of May 2012

• Windows based end-point security

• Consumer market

• SMB (typically up to 200)

• Mobile security product for the Android™ platform – AVG Mobilation

• Other research

• AVG Digital Diaries – www.avgdigitaldiaries.com/

In our community, who are the most vulnerable internet users?

5

Future Generations

6

Mature Generations

7

AVG Community Protection Network

8

AVG Community Protection Network

• User is asked whether they would like to opt-in during the installation process of their AVG product

• Operating since the start of 2011

9

Web Threats• Overview• Exploit Toolkits (Blackhole)• Second Click Redirect Mechanism

10

Web Threats - Overview

11

Blackhole Toolkit – What is it?

• Web based, distribution system for exploits and malware; runs on a private or compromised server

12

Blackhole Toolkit – Targets many platforms

• Allows them to target many platforms, including Mac!

13

Blackhole Toolkit – Features & Facts

• Interesting features:

• Geo-IP detection & distribution

• Built-in anti-virus scanning, re-obfuscation upon detection

• Facts:

• In Q4 2011, it accounted for 80.2% of all known toolkits being used

• Exploit toolkits account for 58% of threat activity on malicious websites

14

Second Click Redirection – What is it?

• Scripting technique for distributing malware

• User visits a site, typically with thumbnail images (video content, photos etc.)

• Cookie is set on first click, link goes to intended site

• If visitor returns, on second click, redirected to a fake anti-virus scan page – user tricked into installing fake anti-virus software (know as Fake AV)

• Subsequent clicks, link goes back to intended site

• AVG Community Protection Network detected ~8 million pages doing this, mostly from ~1700 domains

15

Second Click Redirection – Fake AV Webpage

16

Second Click Redirection – Top 25 Domains

17

Second Click Redirection – Site Owners

18

PC Threats• Fake AV – Security Shield, System Fix etc.• Ransomware

19

Fake AV – What is it?

• Our support team has been helping clean up the following Fake AVs for customers:

• Security Shield

• System Fix

• XP Antivirus 2012

• Internet Security 2012

• Let’s have a look at what they can do…

20

Fake AV – Fake “Blue Screen of Death”

21

Fake AV – Nag screens and pop-ups

22

Ransomware – What is it?

• Has been observed being served up by blackhole toolkits

• Unlike Fake AV – this malicious code just locks up your computer and demands money!

• Usually pretends to befrom the Government ora law enforcement agency

23

Ransomware – Your PC has been seized!

24

Email Scams – Still prevalent, but declining

25

Spammers are becoming Facebook scammers

• Global spam levels are decreasing

• Scammers are now using Facebook, which provides:

• Instant access to 900+ million users

• Built-in word of mouth provides viral spread

• Default “trust” with Facebook is still high

• Some people think that Facebook*is* the internet

• Gen-Y using messaging apps morethan email

26

Mobile Threats• Stolen private encryption keys for developer certificates• Premium SMS scams making money in Europe

27

Mobile Threats – Rogue Apps & Rootkits

• In Q4 2011, AVG reported the emergence of rogue “signed” applications available in the Android™ Marketplace

• Signed with stolen/leaked digital certificates

• Permission prompts on Android™ is weak – doesn’t make the user think at all

• Risks are mostly around spying and premium SMS

• Google has recently announced they are scanning apps in the Marketplace with “Bouncer”

28

Printed Malware• QR Codes

29

Printed Malware – QR Codes

30

Printed Malware – QR Codes

• Just like URL shorteners (like bit.ly for example), QR codes don’t reveal anything themselves until you use them

• In Q4 2011, we observed a QR code being used in a Russian forum website that linked to a malicious mobile app

• These are something to keep our focus on, especially with large, well-known, trusted brands starting to use them for marketing

31

Trends & Issues• Motives – data or money?• Could better reporting of cybercrime reduce it?

32

Motives – Data or Money?

• Lots of talk about information theft – protecting corporate data

• Our data, at the consumer and SMB space indicates, there are much more basic motives at play

• Money making scams:

• Digital extortion (Fake AV)

• Other fraud (banking Trojans)

• Clearly, just as there are vendors operating in different markets, there are cybercriminals also specialising in different markets

33

Can reporting cybercrime reduce it?

• Verizon DBIR 2011

• Shows large reduction of data breaches reported

• Enterprises becoming very good at reporting incidents when they occur

• Consumers and small businesses still left in the dark and MOST low-level crimes continue to go unreported

• High volume of small incidents – what do these add up to in terms of lost time/productivity?

Thank You!

34

avg.com.au

avg.co.nz

facebook.com/avgaunz

twitter.com/avgaunz

Connect with us to stay up to date with the latest news and information about online threats and scams. We also provide simple and useful security tips, designed to keep our community safe.

Come and say hello!

Copyright © 2012 AVG (AU/NZ) Pty Ltd, an Avalanche Technology Group company. All rights reserved.