Monday, July 13, 2009
Please feel free to join us for a free Stanford Webinar tomorrow-- you still have 24 hours remaining to sign up! We've got a lot of people signed up already, but the great thing about webinars is that we don't have to limit based upon the amount of space in a physical room!
Click here to sign up:
Title: The Spread of Web-Based Malware and New Defenses
Abstract: Web sites and web pages have become the new frontier for malware distribution. Over the past two years, there has been a fundamental shift in how malware is distributed -- while teenagers used to write viruses which required users to click on email attachments to propagate, financially motivated cybercriminals now plant malware on legitimate web pages that result in drive-by-downloads when web pages are simply loaded.
In this talk, I will present newly researched data and statistics surrounding the recent distribution trends of web-based malware. I will talk about what trends mean for information technology professionals and engineers, and the process of building and running web applications. Also, I will discuss a variety of existing and novel defenses and their pros and cons, with a focus on how they can be used to prevent, detect, diagnose, and quarantine infections of web applications.
See you then!
Tuesday, June 16, 2009
If you've been following our blog, you'll know that we've been talking quite a bit about the latest security threats on the web. One of the threats we've been focusing on specifically is web-based malware. This kind of attack -- in which hackers compromise a legitimate site and turn it into a delivery vehicle for drive-by malware downloads -- has long been regarded as an emerging threat.
But one look at the numbers makes it clear that this threat has officially arrived: In the last two years, there's been a 600% increase in the number of malware-infected webpages, and 80% of those pages are legitimate. Google first reported the problem of malware-infected pages exploding from April 2007 to January 2008. Microsoft estimated in an April 2009 report that the total number of legitimate webpages being compromised per month is more than 1 million. And now that search engines like Google and Yahoo; browsers like IE8, Firefox, and Chrome; and desktop AV providers like Norton and McAfee are blacklisting compromised sites, those sites are seeing double-digit losses in traffic and revenue and taking significant hits to their reputation.
Those are just some of the reasons we're proud to be opening up our Dasient Web Anti-Malware service to a broader audience today. Dasient Web Anti-Malware -- or "WAM," as we like to call it -- is the world's first complete anti-malware solution for websites. Dasient WAM monitors, automatically identifies, and quarantines malware on websites, before those sites suffer significant losses in traffic, revenue, and reputation.
We're making the monitoring and diagnostic elements of WAM openly available in public beta today, and making the quarantining element available in private beta. WAM is available both to site owners and to web hosting providers interested in offering their customers protection against web-based malware. If you want to learn more, jump down to the full text of our news release, which we've included below. If you're ready to get started right away, head here to sign up for free blacklist monitoring for your site.
We're excited to be bringing these necessary protections to the web, and are looking forward to your feedback. Stay tuned to this space for more news on Dasient WAM and further insights on the development of new web-based threats.
Here is the press release:
Dasient Introduces First Web Anti-Malware Service
Addresses Growing Need for Protection From New Web-Based Attacks
PALO ALTO, June 16, 2009 – Dasient today introduced the industry's first service to protect companies against a fast-growing class of web-based attacks that compromise legitimate websites and then use them to spread malware to the sites' visitors. Dasient's new Web Anti-Malware (WAM) service continually monitors websites, diagnoses any infections, and helps businesses address the infections, before the sites suffer significant losses in traffic, revenue, and reputation.
"In the last two years, we've seen a fundamental shift in the way malware is spread," said Dasient co-founder Dr. Neil Daswani. "Hackers are using highly automated and mutable attacks to turn websites into delivery vehicles for malicious software. This is a web problem at its core, and it requires a solution that can function at web speed and web scale. That's exactly what we had in mind when we designed the Dasient WAM service."
Sharp Increase in Malware-Infected Webpages
Each day, thousands of legitimate websites are infected with malicious code, often without their knowledge. The speed, scale, and complexity of these attacks makes it extremely difficult for website owners to identify and fix the resulting infections, and in some cases to even know they've occurred.
The most immediate result of web malware infection is blacklisting by search engines like Google and Yahoo; browsers like Internet Explorer, Firefox, and Chrome; and desktop anti-virus providers like Norton and McAfee. When blacklisted, a website's visitors are redirected to a warning that the site they're about to visit might be dangerous. In many cases, being blacklisted causes a sharp drop in traffic to the site, depriving the site owner of advertising or e-commerce revenue, damaging the site's brand, and spurring additional support costs.
Dasient Identifies and Contains Malware That Can Infect Site Visitors
Today Dasient is announcing the following updates to its patent-pending Web Anti-Malware service, which has been in alpha testing with thousands of websites since early this year:
- Free Blacklist Monitoring: Regularly monitors blacklists from search engines, browsers, and desktop anti-virus companies and provides customers with instant alerts if they've been flagged by those providers. The WAM Blacklist Monitoring service is now in public beta, and is available for free to direct customers and web hosting providers.
- Premium Monitoring and Diagnosis: Continuously monitors customer websites for malicious code that can be distributed by web applications, user-generated content, third-party widgets, advertisements, and other vulnerable site elements. When an infection is identified, customers are notified and provided with detailed diagnostic information, including all malicious source code and infected URLs. The WAM Premium Monitoring service is now in public beta, and is available on a subscription basis to direct customers and web hosting providers.
- Quarantining: Used in conjunction with the Premium Monitoring service, Dasient's quarantining technology automatically contains infections as soon as they're diagnosed, serving the webpages in question but not the malicious code. Quarantining prevents the site from spreading malware broadly to its visitors and keeps it from being flagged by blacklist providers. The WAM Quarantining service is now in private beta, and direct customers and web hosting providers can sign up to join the beta on the Dasient site.
The Dasient WAM monitoring and diagnostic services are built on a set of behavioral analysis technologies that continually crawl customer sites and the web, identifying new web-based malware infections. The monitoring and diagnostic tools are provided to customers as a web service, and the quarantining technology is made available as a web server module that can be installed by customers or web hosting providers.
More information about the Dasient WAM service and pricing can be found at www.dasient.com.
Dasient is an Internet security company that protects businesses from web-based malware attacks. It is the first to develop a complete Web Anti-Malware service that can monitor, automatically identify, and quarantine malware on websites before it can infect visitors and cause a loss of traffic, reputation, and revenue. Dasient was founded by former Google engineers Neil Daswani and Shariq Rizvi and former McKinsey strategy consultant Ameet Ranadive. They are backed by a group of seed investors who also invested in VeriSign, Citrix, Twitter, Digg, Tumbleweed, Finjan, and more. More information about Dasient can be found at www.dasient.com.
Tuesday, June 2, 2009
Traditional defense contractors have done an amazing job of building systems that have helped us defend in the physical world. That said, the New York Times has reported that cybersecurity is a fairly new area to such contractors. Universities, along with many smaller private sector companies, are where much of the technical expertise lies. In addition, in my past experience at Google, I learned that there is a big difference between simply having security expertise and incorporating that security expertise into large-scale, automated systems that can defend large parts of the Internet at a time.
My hope indeed is that taxpayer cybersecurity dollars go toward building large-scale, automated defense systems that can defend large parts of the Internet at a time. Employing large numbers of human "hacker soldiers" is not an approach that can work and scale up against automated attack systems that include million-machine botnets and malware variant generators that produced more malware in 2007 than the world saw in the twenty years prior to that. The nature of web security has changed, and our defense strategies need to change with it -- at the very least, our defenses need to work at web speed and web scale.
I am thrilled that the Obama administration seems to be taking a more aggressive approach to cybersecurity than any previous administration, and over the next few years I look forward to working together with businesses, universities, and (now more than ever) the government to help the Internet continue to grow as a platform that enables us to safely communicate, collaborate, and conduct commerce.
Neil Daswani, PhD
Wednesday, May 27, 2009