Security Threat Report 2008:What you need to know

Christopher Vernon

Senior Sales Engineer, Sophos

2

Agenda

Malware – The size and shape of the problem

Spam – China and beyond

Phishing – Socializing

Web – The threat to your reputation

Not just a Microsoft problem

Summary

3

Malware – The Size and Shape

20,000 new suspicious files sent to SophosLabs every day -

that’s 1 every 4 seconds

Most are Trojans designed to silent steal information, or

compromise PCs

AV-Test.org estimates that there are over 11 million unique

samples of malware in existence

The web is clearly the major vector for attack

One new infected webpage discovered every 5 seconds - over

90% are legitimate websites that have been hit by attacks such

as SQL Injection

4

Shift in Delivery

Only 1 in 2500 emails

have malware

attachments

Down from 1 in 332 in

same 2007 period

Shifted to ‘links in email’

Long tail of ‘Old’ malware

PushDo – new malware,

old technique

5

Spam – China and Beyond

96.5% of email is spam - only one in 28 business emails is

legitimate

New spam web page every 20 seconds

Moving to Chinese domains

Harder to get information

Easier to register

Backscatter

Non-delivery reports of spamDo you click on spam?

1 in every 530 page requests were to spam

URLs

6

Pump and Dump Done?

Volumes have dropped from 30+ % of all spam to less than 1%

Very few stock symbols being ‘spamvertised’

Market slowdown? SEC crackdown?

Moving to “short selling”

“Amazon having troubles”

7

Phishing - Socializing

Not just financial

Banks

Tax payers

Auction

Payment sites

Also Social

Facebook

8

Social Targets

Social networking sites increasingly targeted

Spam

Scam

Adware

9

Spear Phishing

Very targeted activity

Use Facebook, LinkedIn, etc. to identify

targets

University of Waterloo

Oak Ridge National Lab

University of Minnesota

Can also be used to target malware

Subpoena CEO = Install keylogger

Remember Phishing

works on all platforms!

10

Web – The Threat to Your Reputation

16,173 new malicious web pages a day!

Major brands affected

Euro 2008 soccer tournament

UK broadcaster ITV

Cambridge University Press

Lawn Tennis Association

Trend Micro

Sony PlayStation

11

SQL Injection Attacks

Mal/BadSrc – 29% of infections in June ’08

Simple attack method

Search for vulnerable servers

Target attack

Inserts iframe snippets into every page

Variety of payloads

Including ‘scareware’

12

Not Just a Microsoft Problem

Nearly 60% of compromised web sites

are running Apache

Websites must be properly

“hardened” to prevent

hackers from taking

advantage

13

What about Apple?

Small amount of malware being written for Apple Macs

Increasingly Mac malware is financially-motivated

The Hovdy Trojan turned off security, firewalls, and gave remote

access to hackers

High level of complacency amongst Mac users may make

Apple Macs a “soft target” in the future

Record sales of Apple hardware, mean its marketshare is

growing

14

What about Mobile?

Malware – Very Low Threat

No single platform, and mostly written by enthusiasts

A single proof-of-concept Apple iPhone Trojan was found

Spam

Internet-enabled phones like the iPhone are vulnerable to

phishing attacks

SMS text message spam is limited in the West, but..

353.8 Billion ‘spam’ messages sent via SMS in China - 600 a

year for every mobile phone owner

438,668 complaints in one month alone

15

What About Linux?

70% of attacks on Linux honeypot,

infected with a 6 year old virus

Linux servers used as command

and control for botnets

Analysis shows RST-B is a global

problem, with thousands of

compromised servers

16

SophosLabs global network of expertsSophosLabs™ Knows Threats Better Than Anyone

17

Summary

Malware growth continuesProactive detection is critical

Financial motivation for most threats including spamSpam still makes money!

Web represents biggest threatTo users, and your corporate reputation

Don’t forget other platformsMac increasingly targeted

Linux could be your ‘typhoid Mary’

18

Staying ahead of the curve

Get the latest breaking news about new malware, spam,

security threats, and arrests straight to your desktop at

www.sophos.com/feeds

Get daily updates from SophosLabs Blog, which provides

insight into the most interesting and widespread threats

www.sophos.com/blog

19

Thank you

Call Worldwide:

+ 44 1235 55 9933

Sales@sophos.com