Fighting Malware Luis Corrons PandaLabs Technical Director 1 Who - - PowerPoint PPT Presentation

fighting malware
SMART_READER_LITE
LIVE PREVIEW

Fighting Malware Luis Corrons PandaLabs Technical Director 1 Who - - PowerPoint PPT Presentation

Mar 23, 2023 245 likes •778 views

Fighting Malware Luis Corrons PandaLabs Technical Director 1 Who is behind this? Who is behind this? Yesterday s Bad Guys s Bad Guys Yesterday Blaster.B Nestky / Sasser CIH 29-A Jeffrey Lee Parson

slide-1
SLIDE 1

1

Fighting Malware

Luis Corrons

PandaLabs Technical Director

slide-2
SLIDE 2
slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5

Who is behind this? Who is behind this?

slide-6
SLIDE 6

Yesterday Yesterday’ ’s Bad Guys s Bad Guys

Blaster.B Nestky / Sasser CIH 29-A Jeffrey Lee Parson Sven Jaschan Chen Ing-Hau Benny

slide-7
SLIDE 7

Today Today’ ’s Bad Guys s Bad Guys

Jeremy Jaynes Andrew Schwarmkoff James Ancheta Phishing Spam Spam

slide-8
SLIDE 8

Jeanson James Ancheta

Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection with Computers Penalty: 57 months in prison

slide-9
SLIDE 9

Adam Botbyl

The government claimed that the crime could have caused more than $2.5 million in damages. Penalty: 26 months in prison

slide-10
SLIDE 10

Cameron Lacroix

Plead guilty to hacking into the cell-phone account of celebrity Paris Hilton and participated in an attack on data-collection firm LexisNexis Group that exposed personal records of more than 300,000 consumers. Penalty: 11 months in a Massachusetts juvenile detention facility

slide-11
SLIDE 11

Ehud Tenenbaum

Admitted to cracking US and Israeli computers, and plead guilty to conspiracy, wrongful infiltration of computerized material, disruption of computer use and destroying evidence. Penalty: Six months of community service (in 2001) August 2009: Pleaded guilty to a single count of bank-card fraud for his role in a sophisticated computer-hacking scheme that federal officials say scored $10 million from U.S. banks.

slide-12
SLIDE 12

A Real Case A Real Case

slide-13
SLIDE 13
slide-14
SLIDE 14

The The “ “Infected Team Infected Team” ”

MPack MPack Dream Downloader Dream Downloader Limbo Limbo Total Investment: 1,500$ Total Investment: 1,500$

slide-15
SLIDE 15

The The “ “Infected Team Infected Team” ”

slide-16
SLIDE 16

The The “ “Infected Team Infected Team” ”

Let Let’ ’s do some maths s do some maths… … China, Korea, Japan: China, Korea, Japan: $0.01 * 70,300 = $703 $0.01 * 70,300 = $703 Finland, Norway Finland, Norway… …: : $0.05 * 70,300 = $3,515 $0.05 * 70,300 = $3,515 UK, France UK, France… …: : $0.20 * 70,300 = $14,060 $0.20 * 70,300 = $14,060 USA, Canada: USA, Canada: $0.40 * 70,300 = $28,120 $0.40 * 70,300 = $28,120 And the same numbers in 30 days And the same numbers in 30 days… … China, Korea, Japan: China, Korea, Japan: $0.01 * 70,300 * 30 = $21,090 $0.01 * 70,300 * 30 = $21,090 Finland, Norway Finland, Norway… …: : $0.05 * 70,300 * 30 = $105,450 $0.05 * 70,300 * 30 = $105,450 UK, France UK, France… …: : $0.20 * 70,300 * 30 = $421,800 $0.20 * 70,300 * 30 = $421,800 USA, Canada: USA, Canada: $0.40 * 70,300 * 30 = $843,600 $0.40 * 70,300 * 30 = $843,600

slide-17
SLIDE 17

The The “ “Infected Team Infected Team” ”

Who Who’ ’s paying the s paying the “ “Infected Team Infected Team” ”? ?

slide-18
SLIDE 18
slide-19
SLIDE 19
slide-20
SLIDE 20

Rogueware Infected Computers 3.50% Computers worldwide 1 billion (Forrester) 35,000,000 infected computers / monthly Phishing victims (Gartner) 3.30% 35 million computers ≠ 35 million users 557,500 rogueware buyers / monthly Let’s take just half: 17.5 million people

slide-21
SLIDE 21
slide-22
SLIDE 22

Rogueware Average Price $59.95 $59.95 * 557,000 = $34,621,125 PER MONTH $415,453,500 PER YEAR

slide-23
SLIDE 23
slide-24
SLIDE 24

$81,388 USD in 6 days!

slide-25
SLIDE 25
slide-26
SLIDE 26
slide-27
SLIDE 27
slide-28
SLIDE 28
slide-29
SLIDE 29
slide-30
SLIDE 30
slide-31
SLIDE 31
slide-32
SLIDE 32
slide-33
SLIDE 33
slide-34
SLIDE 34
slide-35
SLIDE 35
slide-36
SLIDE 36
slide-37
SLIDE 37
slide-38
SLIDE 38
slide-39
SLIDE 39

Malware figures Malware figures

slide-40
SLIDE 40
slide-41
SLIDE 41

Malware figures Malware figures

slide-42
SLIDE 42

Malware figures Malware figures

slide-43
SLIDE 43
slide-44
SLIDE 44
  • 1,000,000 malicious links indexed by Google
  • 3,000,000 legitimate search terms hijacked
  • Targeted users looking for instructions (E.g. How to loosen a tension belt)
  • Served 100 new MSAntiSpyware2009 binaries in 24 hours

SEO attack against Ford Motor Company

slide-45
SLIDE 45

Comments on Digg.com leading to Rogueware

  • 500,000+ comments leading to Rogueware
  • Comments targeted news submission title and content
slide-46
SLIDE 46

Twitter trending topics lead to Rogueware

  • Messages (tweets) targetting trending topics on Twitter.com
  • 27,000 tweets per 24 hours
  • 60 unique samples detected over 72 hour period
slide-47
SLIDE 47

Rogueware exploits Wordpress vulnerability to facilitate Blackhat SEO attack

  • Affected Ned.org and TheWorkBuzz.com
  • Targeted a security vulnerability in an old version of Wordpress
  • Redirected all links to point to Rogueware servers
slide-48
SLIDE 48
slide-49
SLIDE 49
slide-50
SLIDE 50

Conclusion Conclusion

slide-51
SLIDE 51
slide-52
SLIDE 52

52

Thanks! Thanks!

Luis Corrons luis.corrons@pandasecurity.com PandaLabs Blog: http://www.pandalabs.com