The Final Course

Analytical Research
Eugene Kolesnik
D E M O N S T R A T I O N

Antivirus Software
Key Challenges of research
has done:
Highlight the results of tests, which check
personal antiviruses for their capacity to detect
and remove malware successfully (without
interfering with operation system operability) after
it penetrated into your computer, started acting
and hid its activity.
Antivirus Software Set
Antivirus products by 17 vendors took part
in the test, including:
The Selection of Scumware
The test was performed on the selected
malware applications:
The Results of Testing of Antiviruses for The
Treatment of Active Infections (1st Part)
Avira BitDefende
Avast! AVG Anti- Comodo Dr.Web Anti-
AntiVir r Antivirus
Professional Virus & Anti- Antivirus Virus
Antivirus \ Malware PE 2010
Edition Spyware 3.13.121240.57 5.00.10.1126
Premium 13.0.18.34
4.8.1229 9.0.716 4 0
9.0.0.75 5
AdWare.Virtumonde
+ + + + + +
(Vundo)
Rustock (NewRest) + - - - - +
Sinowal (Mebroot) - - - - - -
Email-Worm.Scano
- - - - - +
(Areses)
TDL (TDSS, Alureon,
+ + - - - +
Tidserv)
TDL2 (TDSS, Alureon,
- + - - - -
Tidserv)
Srizbi + - - + - +
Rootkit.Podnuha (Boaxxe) + - - - - +
Rootkit.Pakes
+ + + - + +
(synsenddrv)
Rootkit.Protector (Cutwail,
+ - + - - +
Pandex)
Virus.Protector (Kobcka,
- - - - - +
Neprodoor)
Xorpix (Eterok) + - + - - +
Trojan-Spy.Zbot + + + + - +
Win32/Glaze + - - + - -
SubSys (Trojan.Okuks) - - - - - +
TDL3 (TDSS, Alureon,
- - - - - +
Tidserv)
Disinfected / Total 10/16 5/16 5/16 4/16 2/16 13/16
The Results of Testing of Antiviruses for The
Treatment of Active Infections (2st Part)
Norton
McAfee Microsoft Outpost Antivirus Panda
AntiVirus Sophos
VirusScan Security Pro 2009 Antivirus
Antivirus \ Malware 2010 Anti-Virus
Plus 2010 Essentials (6.7.1.2983.450.0714 2010
(17.0.0.136 9.0.0
(13.15.113) 1.0.1611.0 ) (9.01.00)
)
AdWare.Virtumonde
+ + + + + +
(Vundo)
Rustock (NewRest) - + + - + -
Sinowal (Mebroot) - - - - - -
Email-Worm.Scano (Areses) - - + - - -
TDL (TDSS, Alureon,
- - + - - +
Tidserv)
TDL2 (TDSS, Alureon,
- + + - - -
Tidserv)
Srizbi - - - - - -
Rootkit.Podnuha (Boaxxe) - + - - - -
Rootkit.Pakes (synsenddrv) - + + - + +
Rootkit.Protector (Cutwail,
- + - - - -
Pandex)
Virus.Protector (Kobcka,
- + - - - -
Neprodoor)
Xorpix (Eterok) - + + - + -
Trojan-Spy.Zbot + + + - + +
Win32/Glaze - + + + + -
SubSys (Trojan.Okuks) + - - - - +
TDL3 (TDSS, Alureon,
- - - - - -
Tidserv)
Disinfected / Total 3/16 10/16 9'/16 2/16 6/16 5/16
The Results of Testing of Antiviruses for The
Treatment of Active Infections (3st Part)
Trend Micro
Kaspersky
Antivirus
Eset NOD32 F-Secure Anti- Anti-Virus VBA32
  plus
Antivirus Virus 2010 10.00 2010 Antivirus
Antivirus \ Malware Antispywar
4.0.474.0 build 246 (9.0.0.736 3.12.12.0
e 2010
(a.b))
(17.50.1366)

AdWare.Virtumonde (Vundo) + + + + -
Rustock (NewRest) - - - - -
Sinowal (Mebroot) - - - - -
Email-Worm.Scano (Areses) - + - - -
TDL (TDSS, Alureon, Tidserv) - + + + -
TDL2 (TDSS, Alureon, Tidserv) - - + - -
Srizbi - - + - -
Rootkit.Podnuha (Boaxxe) - - + - -
Rootkit.Pakes (synsenddrv) + + + + -
Rootkit.Protector (Cutwail, Pandex) - - + - -
Virus.Protector (Kobcka,
- - + - -
Neprodoor)
Xorpix (Eterok) + + + - -
Trojan-Spy.Zbot + + + + -
Win32/Glaze - + + + +
SubSys (Trojan.Okuks)   - + - -
TDL3 (TDSS, Alureon, Tidserv) - - + - -
Disinfected / Total 4/16 7/16 13/16 5/16 1/16
Inferences Has Got from Test
Results
• Dr.Web and Kaspersky Antivirus showed the
best testing results as they healed the system
correctly in 13 of 16 cases and deservedly has
got first lines on list of recommended
antiviruses

• Avast! Professional Edition and Microsoft

Security Essentials that won ”Silver” sight of
done test
 D E M O N S T R A T I O N

Anti Social Engineering

Key Topics
The Understanding of the
Entity of Venerability
The goal of social engineer is to trick someone
into giving them what they want. The social
engineer preys on qualities of human nature,
such as:
• The desire to be helpful
• A tendency to trust people
• The fear of getting into trouble
• The willingness to cut corners
Essential practices
Practices are needed to be establish at the
enterprise:
• Require anyone there to perform service to
show proper identification
• Establish a standard that passwords are never
to be spoken over the phone
• Implement a standard that forbids passwords
from being left lying about.
• Implement caller ID technology for the Help
Desk and other support functions
• Invest in shredders and have one on every
floor
Essential practices
Policies, procedures and standards are an
important part of an overall anti-social
engineering campaign:
• It should not contain standards or directives that may
not be attainable
• They should stress what can be done and stay away
from isn't allowed as much as possible.
• They should be brief and concise
• Need to be reviewed on a regular basis and kept
current
• The message and standards should be easily
attainable by the employees and available
D E M O N S T R A T I O N

Phishing Protection
Ant Phishing Protection
Guidance
For best protection, these security
technologies and techniques must be
deployed at two logical layers:

• The Client-side – this includes the

users PC
• Enterprise Level – distributed
technologies and third-party
management services
The Client-Side Representation
At the client-side, protection against Phishing
can be afforded by:

• Desktop protection technologies

• Utilization of appropriate less
sophisticated communication settings
• User application-level monitoring
solutions
• Locking-down browser capabilities
• Digital signing and validation of email
• General security awareness
Desktop Protection Technology
Ideally, desktop systems should be
configured to use multiple desktop protection
agents (even if this functionality duplicates
any corporate perimeter protection services),
and be capable of performing the custom ant
phishing services
Email Sophistication
Many of the email applications corporate
users and customers use to access Internet
resources provide an increasing level of
functionality and sophistication. In particular
the ability to obfuscate the true destination of
links, the ability to embed scripting elements
and the automatic rendering of embedded (or
linked) multimedia elements
Browser Capabilities
To help prevent many Phishing attack vectors, web
browser users should:

•Disable all window pop-up functionality

•Disable Java runtime support
•Disable ActiveX support
•Disable all multimedia and auto-execute extensions
•Prevent the storage of non-secure cookies
•Ensure that any downloads cannot be automatically run
from the browser, and must instead be downloaded into a
directory for anti-virus inspection
Digitally Signed Email
It is possible to use Public Key cryptography
systems to digitally sign an email. This
signing can be used to verify the integrity of
the messages content – thereby identifying
whether the message content has been
altered during transit. A signed message can
be attributed to a specific users (or
organisational) public key.
Solution of Awareness of
Enterprise-Side
At the Enterprise-Side, protection against Phishing
can be afforded by:
• Improving customer awareness
• Providing validation information for official
communications
• Ensuring that the Internet web application is
securely developed and doesn’t include easily
exploitable attack vectors
• Using strong token-based authentication systems
• Keeping naming systems simple and
understandable
D E M O N S T R A T I O N

Physical Security
Physical Protection Essential
References
Physical security refers to the protection of
building sites and equipment (and
information and software contained therein)
from theft, vandalism, natural and manmade
disasters, and accidental damage

After analyze of methods which are existed

of the marked, have realized 3 typical plans
for physical protection of IT equipment
Minimum Security Option
Description
Place computing equipment in
a locked physical location
with low visibility.  Train
employees to challenge
unfamiliar individuals. Use
surge protectors for electricity
spikes and drops.
Optimum Security Option
 Description
Computing equipment shall be
placed in a physically
controlled environment with
access limited to personnel
who are responsible for
administering the equipment.
The room shall have proper
environmental controls.
Benefits Disadvantages
Low cost (requires Does not provide effective
only some employee physical security or
education and a environmental protection of
discrete and locked the computing equipment.
hardware location). 
Benefits Disadvantages
Provides increased More costly than minimum-
physical and security option but
environmental improves computer physical
computer access and environmental
protections. controls significantly.
 Maximum Security Option
Optimal Option +
 Description Benefits Disadvantages
Computing equipment shall be Maximum physical Increased costs associated
placed in a physically security and with implementing much
controlled environment with environmental improved computer
access limited to personnel controls provided. environmental and physical
who are responsible for controls.
administering the equipment.
The room shall have proper
environmental controls.  In
addition, controls such as
physical access logs and video
camera monitoring will be
implemented. 
Q&
A
QUESTIONS
ANSWERS