spam, malware and cybercrime...levine canto aug 2014 6 attacking your users adware: shows annoying...
TRANSCRIPT
Levine CANTO Aug 2014 2
Spam
● Fake drugs
● Porn
● One Million Dollars
● ...
Levine CANTO Aug 2014 3
Spam Web
● Click on this link for ...
● Fake drugs
● Phishing
● Porn
● ...
Levine CANTO Aug 2014 4
Spam Web Malware
● Malicious or hacked site
● Installs malware
Levine CANTO Aug 2014 5
Phishing
Levine CANTO Aug 2014 6
Attacking your users
● Adware: shows annoying ads
● May replace legit ads
● Clickware: fake clicks
● “Man in Browser” clicks on ads
● Credential theft: online accounts
● Steal mail and web logins
● Send spam as your user
Levine CANTO Aug 2014 7
Attacking your users
● Credential theft: financial accounts
● Steal banking credentials
● Insert fake transactions with real ones
Levine CANTO Aug 2014 8
Botnets
Levine CANTO Aug 2014 9
Botnets
● Hijack computer to send spam
● Provokes complains
● Wastes your bandwidth
● Gets your network blocked
● Hijack computer for Denial of Service
● Wastes a lot of bandwidth
● May get you blocked
Levine CANTO Aug 2014 10
Botnets
● Hijack computer as malware host
● Temporary or proxy web server
● Wastes your bandwidth
● Considered antisocial
● Hijack computer for other purposes
● This month's special: Bitcoin mining
Levine CANTO Aug 2014 11
Countermeasures
● Stop outgoing spam
● Cooperate to detect and stop abuse
● Share data
● Build capacity
Levine CANTO Aug 2014 12
Filtering
Authentication
Outgoing spam
Levine CANTO Aug 2014 13
Best Current Practices
Feedback loops
Data providers
Ad-hoc groups
Trade associations
Cooperation
Levine CANTO Aug 2014 14
Port management
Botnet mitigation
Acceptable User Policies (AUP)
Best current practices (BCP)
Levine CANTO Aug 2014 15
Tell senders about their spam
User reports
Spam traps
Feedback loops
Levine CANTO Aug 2014 16
Spamhaus
–Shares with trusted providers
Specialists
–Team Cymru
–Return Path
–Etc.
Data providers
Levine CANTO Aug 2014 17
Fight specific issues
Trust-based Communities
–Conficker Working Group
–Torpig Working Group
–Mariposa Working Group
–DNS Changer Working Group
Ad-hoc groups
Levine CANTO Aug 2014 18
Public/Private initiatives
● Convened by FCC in the United States
● Mostly private members
● Recommendations not binding but persuasive
Levine CANTO Aug 2014 19
Intergovernmental groups
● London Action Plan
● ICPEN
● Interpol
Levine CANTO Aug 2014 20
CERTs
● Computer Emergency Response Team
● Generally national or regional
● Some public, some private
● Tend to have interesting meetings
Levine CANTO Aug 2014 21
Spam, Malware and Cybercrime
John R. Levine
CAUCE North America
CANTO August 2014