Threats - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Threats

Description:

Malware exploiting known vulnerabilities can spread more rapidly (Slammer / Sasser) ... Essential Security against Evolving Threats ... – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 15
Provided by: MarosM5
Category:

less

Transcript and Presenter's Notes

Title: Threats


1
Threats ThreatSense
  • InfoSecurity Moscow 2005
  • Maros Mozola, Senior VP, Eset

2
Agenda
  • The evolution of threats
  • Zero and near zero day attacks
  • Problems with update cycle approach
  • Problems with heuristic approach
  • New internet threats spyware, phishing

3
Threat evolution
1987
Boot Sector
1990
File Infector
1995
Macro Virus
1999
Email Worm
2001
Blended Threat
2003
Bots Spyware
4
(No Transcript)
5
Approaching Zero
6
Problems specific to update release cycle
  • Trade off between maximum compatibility and
    release speed
  • False alarms can be increased (less QA time)
  • Complexity of virus can affect complete detection
  • Only some parts/forms of a virus may be detected
    initially
  • Polymorphic viruses can have partial detection
  • Time to release is between 4 and 16 hours on
    average
  • Nests of unopened emails on severs in other
    time-zones can rapidly increase spread as users
    log in.
  • Malware exploiting known vulnerabilities can
    spread more rapidly (Slammer / Sasser)

7
Problems specific to heuristic approach
  • Trade off between maximum detection, and false
    positive rate
  • False alarms can be increased
  • 100 detection is not possible
  • Only some parts/forms of a virus may be detected
    initially
  • Droppers can be a problem
  • Performance can be affected depending on the
    makeup of the system under test
  • Archives and packed files increase overhead
  • Large systems can take much longer to scan

8
New malware is being released at an ever faster
rate, and is more prevalent than ever before
Criminal activity is responsible for a huge
amount of malware activity. Distributed networks
of compromised machines, or botnets give
spammers and scammers a fast delivery mechanism
for new malware.
9
Advantages specific to heuristic approach
  • Best way to ensure Zero Hour protection
  • No lag time for updates
  • Better than 90 of common malware is detectable
  • Huge customer advantage
  • Partial protection may be enough
  • Droppers if executed may drop recognizable file
  • Performance is protected as the impact of
    overhead is lower than the probable impact of the
    malware
  • Real security against evolving threats
  • Mytob, Zotob
  • Bots
  • The fact we catch so many on Zero day is proof of
    the need

10
Spyware
  • 66 of computers infected with spyware in the US
    (IDC study)
  • Much installs without consent or even user
    intervention pay per install
  • Spyware is very difficult to remove, so
    prevention is better
  • Spyware is becoming more and more sophisticated

11
Phishing
  • Distributed in short bursts
  • Platform independent threat
  • Exploits the human element, not a specific
    software vulnerability
  • The signature recognition methods can not be
    applied to detect
  • Detection by generic signatures and heuristic
    methods

12
(No Transcript)
13
New Features in V2.5
  • Early Warning System
  • Phishing detection
  • Startup check
  • Generic signatures
  • Updating profiles based on current connection
    conditions

14
Thank you
Maros Mozola
Write a Comment
User Comments (0)
About PowerShow.com