If you receive errors when attempting to view this white paper, please install the latest version of
Adobe Reader.
"MessageLabs Hosted Web Security and Content Filtering
service operates at the Internet level, intercepting viruses, and spyware. The service
will also provide protection from other web-borne threats before they enter your network.
Our service also allows you to block access to inappropriate websites by URL filtering,
keeping your employees productive while enforcing acceptable usage policies."
Source: Symantec
The Tangled Web: Silent Threats and Invisible Enemies
Web Security Software is also known as :
Symantec Hosted Services Web Security,
Symantec Hosted Services,
Content Filtering Services,
Malware,
Intercepting Viruses,
Virus Protection,
Tangled Web,
Security Software,
Silent Threats,
Network Threats,
Web Protection,
Spam,
Web Protection Software Removal,
Block Access to Inappropriate Websites,
Best Antivirus Program,
Web-borne Threats,
Scams,
Botnets,
Spyware Software,
Invisible Enemies,
Cyber Criminals,
Avoid Computer Viruses,
Symantec Antivirus Corporate Edition,
Robot Network,
Delivery of Malware Through Weblinks,
Web Viruses,
Network of Computers.
The Silent War
In the not so distant past, businesses used a simple technique to avoid computer
viruses or malware: They cautioned their employees to "not-click" on dubious
looking
email attachments. Those days are long gone. Today companies face
network threats that are often unseen, narrowly targeted and much more
difficult to detect.
Anonymity, deceit and subterfuge are now well-established weapons in the
arsenal of cyber-criminals. These criminals target organizations with a variety
of covert malware, spam and scams that drain employee productivity, steal
sensitive data and negatively impact the corporate brand.
Techniques such as the use of rich media (flash and streaming content),
open-source platforms, Web 2.0 collaboration tools, social-networking sites
and highly available criminal "toolkits" are deployed to infiltrate corporate
networks.
One widely used tactic is the delivery of malware through Weblinks to
compromised Websites embedded in email attachments. When these links are
followed by the user, malware is installed to their system and their network
security is compromised. This mode of entry is proving to be a more efficient
(and ultimately more lucrative) way for criminals to infiltrate corporate
networks and bypass traditional scanners.
As users are being victimized by these Web-borne threats, they aren't aware
that it is happening, usually because they simply visited a harmless-looking
website.
In a 2009 report, MessageLabs Intelligence revealed that an average of
3,618 new Websites per day were identified as harboring malware and other
potentially unwanted programs such as spyware and adware.
This Symantec Hosted Services - MessageLabs white paper focuses on the
emergence of covert information theft as a key tactic of malware propagators.
Most importantly, the paper highlights the crucial danger points for any business
that doesn't defend itself against viruses which operate in the background.
Spyware
Perhaps the best-known undercover threat is spyware, which first appeared in
2005. Spyware is software that infiltrates a computer's hard drive without the
user's knowledge.
Spyware usually gains access to a computer by camouflaging itself among
other software (e.g. a free screen saver or a music file) which the user has
agreed to download. Ironically, spyware is often concealed in downloadable
software claimed to be "spyware-free" or "adware-free"—and even in many
"anti-spyware" applications.
Once installed, the spyware secretly tracks the user's Web-browsing and
Website-visiting behavior, and then passes this information on to advertisers.
The user's computer then finds itself deluged with pop-up advertisements
related to their browsing behavior. All the while, the user remains oblivious to
the fact that their machine has been infected.
"Spyware continues to be both a security and a system-management
nightmare," says IDC Security Analyst, Brian Burke. "Theft of confidential
information, loss of productivity, consumption of large amounts of bandwidth,
corruption of desktops, and a spike in the number of help-desk calls related to
spyware are overwhelming many IT departments."
Botnets
A robot network, or "botnet," is a network of computers that are infected with
a malicious program that lets cyber-criminals control the machines remotely
without the users' knowledge.
Typically, computers are "recruited" to botnets when users innocently click
on an infected Web link or an email attachment containing a virus. Though
nothing seems to happen, a malware program secretly downloads itself to the
computer's hard drive. This enables the botnet controller or "herder"—often a
member of an international criminal gang—to take control of the computer
whenever they please.
Using sophisticated malware, botnet gangs can easily breach corporate defenses
and compromise business-based computers. Affected companies see corporate
bandwidth over utilized and their networks operating sluggishly. They also find
themselves helplessly involved in spamming and illegal activities that afflict
Internet users worldwide. Infected machines may fall prey to threats that leak
confidential, business-critical data, which can erode a company's competitive
edge.
How do botnet owners earn money from infected computers? There are many
ways for a botnet to perform multiple, simultaneous attacks such as: distributed
denial of service (DDoS) attacks, , spam, spim (phony communications that
appear during instant messaging and steal IM user names), phishing, SEO
spam, click fraud and distribution of adware and malicious programs. Any of
these tactics can bring a cyber-criminal confidential data or allow them to
offer criminal services that can be sold in the underground economy for big
bucks.
"Botnets are a powerful tool for hackers . They can be used to send spam ,
harvest data and conduct distributed denial - of-service attacks against
Websites . And the malicious software infecting PCs that are part of botnets is
continuously being developed for other evil purposes ."
—Jeremy Kirk,
Computerworld.com
Phishing
Phishing email messages—as well as variations called "pharming" or
"whaling"—are schemes that trick people into sending money or providing
personal information (e.g., name, address, user names, passwords, credit card
details) that will be used for identity theft. A cyber-criminal who sends emails
that contain authentic information about the user or their company greatly
increases the odds of getting a "bite."
Phishing reels in unsuspecting users when a hacker sends an e-mail with an
embedded Weblink inside and an invitation to go to a Website which the thief
portrays as a well-known or trustworthy site.
Legitimate businesses that have been online for many years are often targeted
for phishing attacks. By taking control of companies' domain name service
(DNS) database records, phishers take advantage of the good reputation of
these domains.
The number of phishing scams is on the rise. They adversely affect businesses of
all types including retail establishments, banks and other financial institutions,
U.S. courts, the U.S. Internal Revenue Service (IRS), the U.S. Federal Bureau of
Investigation (FBI) and other government agencies.
"Some 5 million U.S. adults over the age of 18 lost money to phishing during the
12 months ending in September 2008, representing a 39.8% increase over the
number of victims a year before, according to a recent Gartner survey. Many
security measures implemented to stem phishing are not yet adopted widely enough
to reverse this tide, and their effectiveness is partial, the degree of which
depends on the solution."
Social Networking
Social networking sites, once considered to be strictly consumer applications,
are now thriving in the corporate environment. Companies rely on social
networking to spread the word about their businesses, community events
they sponsor and worthy causes they support. Corporate executives run blog
postings on social media sites to voice their opinions or describe why their
products are the best on the market.
Cyber-criminals use social media websites for a very different reason. These
sites give them a new, effective way to infect corporate users' computers with
malware. One popular approach is to create a fake profile on a social media
website and use it to post malicious links that "phish" for corporate users.
In this form of phishing, spammers post blog comments on other members'
pages; obtain the unsuspecting members' account information; then send
messages from the phished accounts to other contacts. These messages
distribute spam, including links to fake Websites such as online pharmacies,
casinos, financial-services firms and phony online colleges that offer worthless
degrees.
Organizations must balance the business value of social media websites with
the risks of many non-secure social media environments. The advances in Web
2.0 technologies demand a new generation of Web-security tools that go well
beyond traditional URL filtering.
A 2009 IDC report states, "Corporations that effectively deploy social media
will enjoy a significant competitive advantage. Still, questions remain about
how to securely incorporate social media applications into the enterprise."
"Corporations that
effectively deploy
social media will
enjoy a significant
competitive
advantage .
Still , questions
remain about
how to securely
in corporate
social media
applications into the enterprise ."
IDC,
Brian E. Burke
Program Director
Security Products
Converged Threats
A converged threat consists of a combination of viruses, spyware, phishing,
spam and other methods of attack that can disrupt networks or lead to theft
of sensitive information. Converged threats don't come from a single mode of
delivery—they can come from email, Web, instant messaging and even voiceover
IP applications and environments.
An obvious solution to converged threats is to sever all ties with the Internet—
disallowing employee Internet access reduces exposure to threat and attack.
But since companies can't function without Internet access, the connection to
the digital world must be maintained and protected.
Proper protection for converged threats includes maintaining a global
awareness of the threat landscape from moment to moment; an ability to block
or avoid potential threats; and quick reactions to new threats. Using proactive
technologies to evaluate potential threats and block dangerous behaviors is
important for managing a threat landscape in real time.
The Anatomy of an Attack
A cyber-criminal conceals malware inside a website to take control of a user's
computer without them knowing it. Once this has been achieved, the ways in
which criminals can exploit the infected computer and its unfortunate owner
are nearly unlimited.
Any Web-based attack is comprised of three key components: the set-up, the
hit and the aftermath.
The Set-Up
After the attacker chooses the reason for gaining access to users' computers
(e.g., to steal sensitive data; to track browsing habits; or to recruit the machine
to a botnet), they obtain the malware that they want to employ in the scam
and place it on the Internet, often on an authentic, newly registered domain.
The Hit
Next, the attacker entices potential victims to download the malware. For this
to happen, the victim must visit the infected website. They might arrive there
during their normal Web browsing or be led there by phony advertisements,
links in spam emails, instant messages, social networking sites, blogs or
malicious links that appear on search-engine results.
In many cases, the victim is then lured into taking a action to unwittingly
download the malware. These include a "click here to install" button; a "you're
infected—click here to remove the virus" pop-up alert; or malicious files in
areas where the victim intends to download music, software or movies.
In other instances, no action by the user is required for the malware to
download itself. One example of this is a "drive-by download" in which a
concealed malware program automatically installs itself on a computer simply
because the user visited an infected website.
- Hacker inserts malicious URL.
- User visits good website.
- User re-directed to bad website.
- Bad website sends obfuscated exploit for vulnerability on user's system.
- Malware is installed without the user noticing.
The Aftermath
Once the malware has installed itself on the victim's machine, it performs the
tasks for which it was designed. This could happen immediately or the malware
may lay dormant, ready to be activated later in response to commands sent
by the cyber-criminal.
When it begins its misdeeds, the downloaded program can collect personal data,
open ports that allow the attacker further access to the infected computer,
change registry values, edit and/or move files, or modify settings for email,
Web browser and other software.
These actions open up a range of options for the attacker. They can hold the
victim hostage by locking them out of their own computer and demanding
cash for a password to unlock it. They can recruit the computer to a botnet and
command it to send spam, steal credit-card data or perform distributed denial of-
service attacks. Or they can edit files so that when users visit frequently
browsed Web pages they are redirected to malware-distributing websites.
Whatever the covert tactic used by cyber-criminals, the end result is the
same—the user and the company they work for endure hardship in the form
of security breaches, reduced productivity and loss of income.
The Advantages of the Hosted Security
Model
According to Osterman Research, using on-premise Web-security solutions
means high costs for infrastructure, high labor costs for managing the security
system and many hours of training for IT staff. Also, bandwidth is consumed
by the requirements of the system and employee confidence in on-premise
solutions is low. A hosted web-security service, however, can provide a
number of advantages for organizations of all sizes.
Reduced Management Costs — Companies often underestimate the amount
of labor required to manage an on-premise security system. Using an off-site
hosted service allows IT staff to generate more value for their organization by
performing business-related tasks instead of managing the system.
Less Complexity and Uncertainty — A hosted solution can reduce the
complexity and uncertainty caused by new threats and growing volumes of
spam and spyware. Because hosted providers handle these problems and have
a greater set of capabilities than most companies can maintain in-house,
hosted-service clients are better insulated from the growing array of attacks
launched against them.
Maximum Levels of Protection — A hosted provider can provide the highest
levels of protection against malware because the provider updates its capabilities
on a near-real-time basis and deploys a broad range of technologies. A hosted
provider uses multiple anti-virus scanners and URL filters and can invest more
resources into its infrastructure than most client companies can.
Using a Single Source — Deploying an assortment of solutions from different
vendors is more expensive than using a single vendor's solution with the same
capabilities. Also, managing multiple vendor solutions and relationships with
several vendors is more cumbersome and time-consuming than a relationship
with a single vendor with centralized management tools and support.
"A hosted web - security service
can offer a number
of advantages for
organizations of
all sizes ."
—Osterman Research
Symantec Hosted Services Web Security
and Content Filtering Services
Symantec Hosted Services – MessageLabs Web Security and Content Filtering
services operate at the Internet level to intercept Web-borne viruses, spyware
and phishing threats. The service controls Web traffic through URL filtering,
which enables companies to enforce Web and email Acceptable-Use Policies.
Symantec Hosted Services uses multiple signature-scanning engines
plus proprietary SkepticTM technology to provide 100% protection from
sophisticated and targeted Web-based threats.
Symantec Hosted Services Web Security and Content Filtering services are
delivered through a global infrastructure and include 24/7/365 customer
support. The service is designed to meet the needs of small-to-medium sized
businesses as well as large corporations and it works seamlessly with
Symantec Hosted services - MessageLabs Email Antivirus, Email AntiSpam and
Email Encryption services.
To learn more about Symantec Hosted Services Web Security and Content
Filtering service, please visit us at
www.messagelabs.com/products/web-security-services/
To arrange for a free trial of Symantec Hosted Services Web Security and
Content Filtering service, please visit us at
www.messagelabs.com/trials/free_web