370 likes | 530 Views
Beyond Virus, Trojan and Worm- New Threats and Appropriate Responses. David Perry Director of Virus Education, Trend Micro Inc. What is a computer virus … ?. The original computer virus was not located on a pc It was not on an apple It was not on a mini or mainframe
E N D
Beyond Virus, Trojan and Worm-New Threats and Appropriate Responses David Perry Director of Virus Education, Trend Micro Inc.
What is a computer virus…? • The original computer virus was not located on a pc • It was not on an apple • It was not on a mini or mainframe • It was not located on computer hardware or software of any kind
What is a computer virus…? • It was in a work of fiction!
Fred Cohen, PhD, first theorized viruses VIRUS RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
Robert Morris wrote the internet worm in 1988 WORM RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line VIRUS
Trojan Horse programs come from the Odyssey! WORM TROJAN VIRUS RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line
What is a computer virus…? • Today, viruses are only one type of a whole menagerie of computer ills that are collectively known as malware • From spam to spyware, Trend Micro detects, prevents and protects against all kinds of content security ills
The Computer Virus Timeline Melissa Jerusalem B Dark Avenger (MtE) Loveletter Pakistani Brain Kornikova Michelangelo Word Concept MS-DOS WIN 3.X WIN 9X WIN 2k Simple String Scanning & Integrity Checking Advanced Encryption and Polymorphic Scanning Emulation and Decryption Mail Server and Gateway/Proxy Scanning Heuristic Detection & File Server Based Scanning Broadband & Wireless/PDA Detection WITH NOTES ON ANTIVIRUS TECHNOLOGY
TODAY Virus prehistory Elk cloner, etc Virus du Jour 1987 Boot Sector 1990 File Infector 1995 Macro Virus Email Worm 1999 Blended Threat 2001
MS04-011 4/13, 2004 5/1, 2004 17 D • Current solution cannot stop network viruses. • VA • IDS • VPN SASSER MS03-026 7/16, 2003 8/11, 2003 • FireWall • AV 26 D MSBLAST MS02-039 7/24, 2002 1/25, 2003 185 D SQLP MS00-078 10/17, 2000 9/18, 2001 336 D NIMDA Zero day attack brought by network virus is coming? SASSER MSBLAST NACHI Days required viruses to appear after vulnerability announced. NIMDA CodeRed SQLP Internet
HOW MANY VIRUSES???? • 122,000? • 2,000? • 260?
HOW MANY VIRUSES???? • 122,000!—all viruses ever discovered including zoo (never infected anyone) samples. • 2,000!—viruses discovered or reported in the wild (actually infecting computer systems) • 260!—mean number of viruses in circulation at any given month • 5!—number of viruses active on any single day
HOW MANY VIRUSES???? WHY AM I TELLING YOU THIS? It has taken fifteen years for there to have ever been 1,100 ITW viruses. In a little less than two years, there are more than TWENTY THOUSAND spyware. That is the difference that profit motivation makes.
Can you spot the wildlist founders in the photo? X X X Joe Wells and Sara Gordon
Spyware-Adware Detection • What is Spyware? • Software application that monitors a user’s computing habits and personal information, and sends this information to third parties without the user’s authorizationor knowledge • Key loggers, event loggers, cookies, screen captures or a combination of these forms • What is Adware? • Software application that displays advertising banners while the program is running • Gray Area • Some users view them as useful tools or utilities, while others view them as malicious applications that should be detected. • Some companies that make Adware have attempted to sue AV companies that categorize their software as Spyware or a virus.
Anti-spyware Capability of Trend Micro IWSS • Detects and blocks malicious/illicit spyware via standard virus pattern file • Can be set by administrator to block legitimate but unwanted spyware, adware, remote access tools, hacking tools and more - via a separate spyware pattern file • Anti-phishing feature can also block communication to spyware related URLs
This Is Nigeria. Sir, First, I must solicit your strictest confidence in this transaction, this is by virtue of its nature as being utterly confidential and top secret as you were introduced to us in confidence through the Nigerian Chamber of Commerce, foreign trade division. We are top officials from the Federal Ministry of Works and Housing (FMW&H), Federal Ministry of Finance and the Presidency, making up the Contract Review Panel (CRP) set up by the Federal Government of Nigeria to review contracts awarded by the past military administrations.
How Can We Eliminate SPAM 100% Switch to another medium of communications?
Anti-spam heuristic application acts on messages in real-time as they flow through the system • MIME parts, including message content exposed to spam detection routines • Message Parser scores each message based on statistical analysis and filter configuration and write score into message header • MTA sorts messages based on spam score and routes based on organizational policy 1 2 3 4 Trend Micro SPS Trend Micro Spam Prevention Service Admin Tools & Integration APIs Postini Anti-Spam Engine Message Parser & Decoder Rule Weighting file and Engine downloads 2 Content Analysis Trend Micro Gateway Product Header Analysis 1 3 4 Internal Mail Server Sending Mail Servers End User Machines
PHISHING is a CRIME! • Phishing combines an ordinary spam confidence job with a technological ‘back end’ that can harvest passwords, credit card numbers, account numbers and more!
PHISHING is a CRIME! • By using the actual logos, typefaces and ‘spoofed’ return addresses of the actual agencies, users are misled into divulging important information
PHISHING is a CRIME! • Phishing is SPAM, it arrives as mass email • Phishing is a Trojan Horse, it defrauds the victim • Phishing is spoofed, like spam and viruses • Phishing is not a virus, it is a bona fide crime! • How can we guard against Phishing, in the enterprise network, and at home…
Anti-phishing Capability • Complements more traditional inbound detection of phishing-related spam in Trend’s Spam Prevention Solution • Lenient sensitivity settings or tag/deliver and quarantine rules may still allow suspected phishing messages to reach the end user • Blocks outbound transmission to malicious URLs • Phishing related sites, malicious code distribution sites, spyware sites • Helps protect against identity theft and theft of confidential company data
New threats coming... • Cell phone viruses • Threats against Windows embedded devices like POS terminal, ATM and more… • Any network enabled devices is facing threats of malware.
Antivirus for Windows embedded devices MVP Appliance ◆MVP Appliancewill protect Windows embedded devices from network viruses . It’ll reside outside of these devices as separate box. MVP appliance will monitor packets and detect/eliminate network viruses before these get to these devices. Once it detects network virus infected packets, it'll block them to avoid virus outbreak. KIOSK terminal POS Clean Packet ATM MFP
Trend Micro EPS SERVICE BASED AV
Enterprise Protection Strategy: Proactive Outbreak Lifecycle Management Vulnerability Discovered Malicious Code Attack Malicious Code Eliminated Outbreak Prevention Virus Response Vulnerability Prevention Assessment and Restoration Centralized Outbreak Management Outbreak Mgmt. Trend Micro Vulnerability Assessment Outbreak Prevention Services Virus Response Services Damage Cleanup Services Security Policy Enforcement Application Layer Trend Micro Antivirus and Content Security Products Vulnerability Isolation Network Outbreak Monitoring and Prevention Network Virus Detection Infection Locator Automated Cleanup Our Approch Trend Micro Antivirus and Content Security Products Network Layer Centralized Management = LIFECYCLE management, deployment, and reporting
TrendLabs-400 researchers and growing! Business Unit