Security @ WorksSyware, Adware, Everyware! Are you aware?

Wong Joon HoongCountry Sales Manager

Trend Micro Inc.

Copyright 2002-2003, Trend Micro, Inc. 2

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Agenda

• Ever Changing Network• Today’s Security Top Concern

- Virus- Spam- Adware/Spyware- Phishing

• Summary • Q & A

Copyright 2002-2003, Trend Micro, Inc. 3

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Ever changing network

� Broadband adoption� Wireless Network� Integrated communication devices� Information Island -> LAN -> MAN -> WAN� Internet ->Intranet -> Extranet-> Internet commerce

Copyright 2002-2003, Trend Micro, Inc. 4

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Goal of Security

Previous :

Security is to prevent losses, protect against confidentiality breaches

Today:

The goal of Security is enabling e-Business, e-e-Government

Copyright 2002-2003, Trend Micro, Inc. 5

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineVirus attack and mail spamming are the most common types of security breaches

experienced

49

3731

27

1916

15

1411

82

4

83

50

49

87

Types of security breach(es) experienced before%

Virus attackMail spamming

Employee's abuse: Downloading pornographyEmployee's abuse: Inappropriate use of e-mail system

Employee's abuse: Downloading pirated softwareDenial of service

Theft: Hardware/ ComputerHack threat/ system penetration

CDs/ Diskette stolenWebsite unauthorized access/ misuse

Sabotage of data or networkTheft: proprietary information

Website vandalismFinancial fraudActive wire tap

None of the aboveBase : All organisations 100

NISER 2003 Survey

Copyright 2002-2003, Trend Micro, Inc. 6

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineMalware, Virus Attacks GaloreAttacks Becoming More Rampant and Destructive

SasserInfected over 1 million

computers in only 2 days. The Sasser worm was so

effective it was able to infect computers even if no-

one was using it!

Copyright 2002-2003, Trend Micro, Inc. 7

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineCommon Source Of Attacks: Non-Compliant Users

What were the most common sources of automated network worm attacks?

42%

38%

31%

27%

9%

9%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Carried in on a laptop of an employee

Directly from Internet through the firewall

Carried in on a laptop of a non-employee

Through a VPN-connected home system

Don't know

Other

Source: Enterprise Strategy Group Survey (250 US responses), Jan 2005

Non-Complaint Users Must Be Blocked And Redirected

Copyright 2002-2003, Trend Micro, Inc. 8

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineTHE PROBLEM: OUTBREAKS STOP BUSINESS CONTINUITY

• Network Worm Outbreaks Have Been Severe� Estimated $3.5B1 in damages from Sasser alone� Infamous Examples: Code Red, Nimda, Slammer, Blaster, Nachi, Sasser � Estimated 1000+ Network Worms, Variants, and Exploits (as of 10/01/04)2

Sources: CNN.com, BBC.com 1- Computer Economics; 2- TrendLabs

Copyright 2002-2003, Trend Micro, Inc. 9

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Evolution of Viruses

Copyright 2002-2003, Trend Micro, Inc. 10

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

How do their multiply ?

• File Infection• Mass mailing• Shared folders /

network drives• Internet Relay Chat

(IRC)• Instant Messaging (IM)• Peer-to-peer (PSP)

connection

Copyright 2002-2003, Trend Micro, Inc. 11

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

What is Spam?

Censored!!!!

Spam “Spam” is unsolicited, commercial email.

Tends to fall into the following categories…

�Financial (“Get Rich Quick”) – Make Money Fast

� Commercial Offer

�Sexual Content - Porn

�Bulk – General spam

�“Hate” - Racial

Copyright 2002-2003, Trend Micro, Inc. 12

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineSpam can kill businesses

Copyright 2002-2003, Trend Micro, Inc. 13

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

• Virus� infect files� Corrupt files� Delete directories, hard disk� Damage motherboard

• Worm� Do not infect file� Self Propagate via email or network� Make PC hang, intermittent, and/or

reboot

• Adware� Usually load with your permission� Watch your surfing habit� Pop-up advertisement (which appeal

to you) when you surf

Malicious Software (Malware)What are they and what they do?

• Trojan� Show 1 thing do another� Hide in your computer� Launch virus, worm, spyware, adware,

keystrokes logger, password stealer, mass mailing worm, backdoor, joke

� Launch attacks such as DOS (denial of service) on other computers

� Hacking

• Joke� Make fun of other computer users,

e.g. jerking screen, uncontrollable cursor, moving OK button

� No infection, No direct damage� Difficult to halt or terminate

• Spyware� Tracks your actions and/or your

Internet use. � Capture what you type on your

keyword, including passwords, and send it to the spyware creator

� Can allow control of PC by remote party.

Copyright 2002-2003, Trend Micro, Inc. 14

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

What is Phishing ?

• Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as � credit card details� account usernames� passwords� ATM PIN, etc.

Copyright 2002-2003, Trend Micro, Inc. 15

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 linePhishing (Pronounced as “fishing”)

Why is this phishing problem receiving increased attention

from both the private sector and governments in recent months?

Simple! For those who phish, it is lucrative and relatively easy way

to make money from it !

Copyright 2002-2003, Trend Micro, Inc. 16

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineSome reports on Phishing

Copyright 2002-2003, Trend Micro, Inc. 17

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineWhere does Phishing attack comes from ?

Source: AntiPhishing Working Group

Copyright 2002-2003, Trend Micro, Inc. 18

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineHow is Phishing like ?

Source: AntiPhishing Working Group

Copyright 2002-2003, Trend Micro, Inc. 19

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Happened to eBay as well

Source: AntiPhishing Working Group

Copyright 2002-2003, Trend Micro, Inc. 20

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Spyware Adware Everyware

Spyware/Adware is a major public concern as

it violates the privacy on the Internet user

Copyright 2002-2003, Trend Micro, Inc. 21

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineHow Many Are There In Your Computer ?

EarthLink found that each of the 1 million subscribers scanned is infected with more

than than 29.5 million spyware

The US National Cyber Security Alliance estimates that 91% of all

PCs are infected with Spyware

Copyright 2002-2003, Trend Micro, Inc. 22

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Spyware is a software that monitors a user’s keyboard activities and transmits this information back to the spyware creator without the user’s knowledge.

This is a major cause for public concern as it violates the privacy on the Internet user

What is a Spyware ?

Spyware

Backdoor KeystrokeLogger

PasswordStealer

Copyright 2002-2003, Trend Micro, Inc. 23

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

SERIOUS IMPACT FROM SPYWARE

• Loss of confidential personal or corporate information• Lower computer system performance • More frequent system- and browser-related crashes • Loss of network bandwidth• Increased remote access costs • Decreased employee productivity• Higher risk of legal liability

Copyright 2002-2003, Trend Micro, Inc. 24

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Summary

• Network and security landscape ever changing

• Virus/Worn and Spam making use of social engineering delivery mixed threat attack, traditional way of handling virus/spam is no longer effective

• Antispam : 2/3 of today spam email is 1st time spam and hybrid behaviour. Need heuristic antispam approach and integration of AV + Content Filtering + Antispam as solution.

• Internal : Enforce Security policy, practice secure computing, Management involvement and support in IT security decision

• External : Deployed proactive, centrally managed, precise security mixed threat defense solution instead of point product or suite product

• Let the security system work for you instead!

Copyright 2002-2003, Trend Micro, Inc. 25

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Fastest growing antivirus vendor in the world.*

� Founded in the US in 1988. Corporate headquarters in Tokyo, Japan. Publicly traded on NASDAQ and NIKKEI exchanges

� Antivirus and content security software and services provider toenterprise, small and medium business, and consumer segments

� Transnational company with 1800+ employees across 30 business units worldwide

� First and only security solution provider pioneering end-to-end proactive outbreak life cycle management

*Antivirus Software 2002: A Segmentation of the Market (IDC)

Trend Micro Overview

Copyright 2002-2003, Trend Micro, Inc. 26

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineArchitectural Evolution - From the Server to the

Network Access Point

���������� �������������

WANRouter

����� ��� ��

L3Switch

L3Switch

��� �� ��

eMailServers

FileServers

�� � �

Internet/ISP

�� � �

����������� �� �

� �

� ������

� ���� ���

� ��� ����� �� �

� ��

� ��� ��

� � � � � �

! ������

����

Manage and Coordinate Outbreak Security Actions

Outbreak Prevention

Virus Response

Assessment and Restoration

VulnerabilityPrevention

��"#� �

$ %%���� ���&�����

THANK YOU

www.trendmicro.com