the underground economy and ecosystem of sms based
play

The Underground Economy and Ecosystem of SMS Based Cybercrime Denis - PowerPoint PPT Presentation

Nov 12, 2023 •620 likes •1.39k views

The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware Analyst, Kaspersky Lab 15.06.2011, 23 rd Annual FIRST Conference, Vienna, Austria Agenda SMS based threats Ransomware SMS Trojans The

  1. The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware Analyst, Kaspersky Lab 15.06.2011, 23 rd Annual FIRST Conference, Vienna, Austria

  2. Agenda SMS based threats • Ransomware • SMS Trojans The ecosystem Underground economy Threats round the globe What should we do? 23 rd Annual FIRST Conference PAGE 2 | | June 15, 2011

  3. Lottery 23 rd Annual FIRST Conference PAGE 3 | | June 15, 2011

  4. How much have users lost? 23 rd Annual FIRST Conference PAGE 4 | | June 15, 2011

  5. Ransomware

  6. Ransomware In a nutshell 23 rd Annual FIRST Conference PAGE 6 | | June 15, 2011

  7. Ransomware In a nutshell 23 rd Annual FIRST Conference PAGE 7 | | June 15, 2011

  8. Ransomware Variety 23 rd Annual FIRST Conference PAGE 8 | | June 15, 2011

  9. Ransomware Variety 23 rd Annual FIRST Conference PAGE 9 | | June 15, 2011

  10. Ransomware Variety 23 rd Annual FIRST Conference PAGE 10 | | June 15, 2011

  11. Ransomware Variety 23 rd Annual FIRST Conference PAGE 11 | | June 15, 2011

  12. Ransomware Variety 23 rd Annual FIRST Conference PAGE 12 | | June 15, 2011

  13. Ransomware Variety 23 rd Annual FIRST Conference PAGE 13 | | June 15, 2011

  14. Ransomware Variety 23 rd Annual FIRST Conference PAGE 14 | | June 15, 2011

  15. Ransomware Variety 23 rd Annual FIRST Conference PAGE 15 | | June 15, 2011

  16. Psychological tricks Legal prosecution threats Data corruption threats Malware infection (!) threats Annoying pop-ups 23 rd Annual FIRST Conference PAGE 16 | | June 15, 2011

  17. What do they want? 23 rd Annual FIRST Conference PAGE 17 | | June 15, 2011

  18. Deblocker 23 rd Annual FIRST Conference PAGE 18 | | June 15, 2011

  19. Deblocker 23 rd Annual FIRST Conference PAGE 19 | | June 15, 2011

  20. Deblocker service statistics Launch: January 2010 Current state: • More than 5,100,000 unique visitors • More than 19,500,000 requests • ~60,000 unique visitors per day • ~230,000 requests per day Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 20 | | June 15, 2011

  21. SMS Trojans

  22. SMS Trojans In a nutshell 23 rd Annual FIRST Conference PAGE 22 | | June 15, 2011

  23. Statistics Number of modifications per year 345 336 350 300 250 212 200 150 116 100 50 11 3 0 2006 2007 2008 2009 2010 2011 Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 23 | | June 15, 2011

  24. Statistics Platform distribution 8% 3% 5% Symbian Windows Mobile Android J2ME 84% Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 24 | | June 15, 2011

  25. Primitive: Trojan-SMS.J2ME.Konov One of the first widespread SMS Trojans: • Small (1,5 – 8 kB) • No encryption • No social engineering tricks 23 rd Annual FIRST Conference PAGE 25 | | June 15, 2011

  26. Advanced: Trojan-SMS.J2ME.VScreener ‘Faulty’ video player Must be ‘tuned’ by user • Quick left soft key pressing SMS are sent during ‘tuning’ Premium rate number and SMS text are stored in ‘ load.bin ’ file File ‘ load.bin ’ is encoded with ADD and ‘0xA’ key 23 rd Annual FIRST Conference PAGE 26 | | June 15, 2011

  27. ‘Video player’ Again 23 rd Annual FIRST Conference PAGE 27 | | June 15, 2011

  28. ‘Video player’ Again 23 rd Annual FIRST Conference PAGE 28 | | June 15, 2011

  29. SEO and mobile malware 23 rd Annual FIRST Conference PAGE 29 | | June 15, 2011

  30. SEO and mobile malware Blonde porn download 23 rd Annual FIRST Conference PAGE 30 | | June 15, 2011

  31. The ecosystem The root of all evil

  32. Trojan-SMS.J2ME.Konov 23 rd Annual FIRST Conference PAGE 32 | | June 15, 2011

  33. Trojan-SMS.J2ME.Konov $10 or $6 per SMS Mobile operator 23 rd Annual FIRST Conference PAGE 33 | | June 15, 2011

  34. Trojan-SMS.J2ME.Konov Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 34 | | June 15, 2011

  35. Trojan-SMS.J2ME.Konov Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 35 | | June 15, 2011

  36. Trojan-SMS.J2ME.Konov ‘ epbox 1290’ on Subtenant with ID 1290 4460 & 5537 ‘ epbox ’ ‘ epbox ’ on 4460 renter & 5537 Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 36 | | June 15, 2011

  37. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ renter ‘ epbox 1290’ subtenant 23 rd Annual FIRST Conference PAGE 37 | | June 15, 2011

  38. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ Affiliate network renter owner(s) Affiliate A ‘ epbox 1290’ subtenant 23 rd Annual FIRST Conference PAGE 38 | | June 15, 2011

  39. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ Affiliate network renter owner(s) Affiliate A Affiliate B Affiliate C ‘ epbox 1290’ ‘ epbox M’ ‘ epbox N’ subtenant subtenant subtenant 23 rd Annual FIRST Conference PAGE 39 | | June 15, 2011

  40. The root of all evil Affiliate network registration form 23 rd Annual FIRST Conference PAGE 40 | | June 15, 2011

  41. The root of all evil Affiliate network registration form Name Email Website URL Website name WMZ and WMR ICQ (optional) 23 rd Annual FIRST Conference PAGE 41 | | June 15, 2011

  42. The root of all evil Affiliate network registration form No sensitive data! Name Email Website URL Affiliate ID ‘ epbox 1290’ Website name WMZ and WMR ICQ (optional) 23 rd Annual FIRST Conference PAGE 42 | | June 15, 2011

  43. Typical affiliate website 23 rd Annual FIRST Conference PAGE 43 | | June 15, 2011

  44. Typical affiliate website 23 rd Annual FIRST Conference PAGE 44 | | June 15, 2011

  45. Typical affiliate website Referrer check Remote server Affiliate ID 23 rd Annual FIRST Conference PAGE 45 | | June 15, 2011

  46. Typical affiliate website Referrer check Remote server Affiliate ID JAR constructor SMS Trojan with affiliate ID 23 rd Annual FIRST Conference PAGE 46 | | June 15, 2011

  47. Typical affiliate website Referrer check Remote server Affiliate ID JAR constructor SMS Trojan with affiliate ID Thousands of websites! 23 rd Annual FIRST Conference PAGE 47 | | June 15, 2011

  48. Ransomware Same situation 23 rd Annual FIRST Conference PAGE 48 | | June 15, 2011

  49. Ransomware Same situation 23 rd Annual FIRST Conference PAGE 49 | | June 15, 2011

  50. Underground economy …and lottery results :)

  51. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 51 | | June 15, 2011

  52. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) SMS 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 52 | | June 15, 2011

  53. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) 1-5% of SMS SMS price 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 53 | | June 15, 2011

  54. Underground economy Revenue sharing 1-5% of SMS price The Infected affiliate Affiliate phone/PC owner(s) 1-5% of SMS 40-67% of SMS price SMS price 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 54 | | June 15, 2011

  55. $$$ 23 rd Annual FIRST Conference PAGE 55 | | June 15, 2011

  56. $$$ ‘…10 people were arrested…’ ‘…malware which blocks PC…’ 23 rd Annual FIRST Conference PAGE 56 | | June 15, 2011

  57. $$$ ‘…10 people ‘…half a year…’ were arrested…’ ‘…malware ‘…SMS as which blocks ransom…’ PC…’ 23 rd Annual FIRST Conference PAGE 57 | | June 15, 2011

  58. $$$ ‘…10 people ‘…half a year…’ were arrested…’ ‘…1 billion rubles…’ ‘…malware ‘…SMS as which blocks ransom…’ PC…’ 23 rd Annual FIRST Conference PAGE 58 | | June 15, 2011

  59. Calculations 1,000,000,000 rubles ~ $30,000,000 $30,000,000/6 ~ $5,000,000 per month 23 rd Annual FIRST Conference PAGE 59 | | June 15, 2011

  60. ‘Death penalty’ Largest mobile affiliate network was fined: The fine was equal to 25% of the affiliate network weekly income: • 1,590,000 rubles ~ $53,000 • Weekly income ~ $212,000 • Monthly income ~ $850,000 People were losing at least $1,200,000 per month 23 rd Annual FIRST Conference PAGE 60 | | June 15, 2011

  61. Final score $6,200,000 per month 23 rd Annual FIRST Conference PAGE 61 | | June 15, 2011

  62. Threats round the globe

  63. Ransomware 23 rd Annual FIRST Conference PAGE 63 | | June 15, 2011

  64. Ransomware 23 rd Annual FIRST Conference PAGE 64 | | June 15, 2011

  65. Ransomware 23 rd Annual FIRST Conference PAGE 65 | | June 15, 2011

  66. A long time ago… 23 rd Annual FIRST Conference PAGE 66 | | June 15, 2011

  67. Porn SMS senders ‘ Nooit spijt ’ case 23 rd Annual FIRST Conference PAGE 67 | | June 15, 2011

  68. Porn SMS senders ‘ Nooit spijt ’ case 23 rd Annual FIRST Conference PAGE 68 | | June 15, 2011

  69. ‘Dating’ apps If you are from UK 23 rd Annual FIRST Conference PAGE 69 | | June 15, 2011

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ecosystem Services: Private Sector Investment and Markets Oceans Economy and Ecosystem Services

Ecosystem Services: Private Sector Investment and Markets Oceans Economy and Ecosystem Services

Conserving Marine Ecosystem Services: Private Sector Investment and Markets Oceans Economy and Ecosystem Services CBD COP-13 Side Event December 5, 2016 State of the Oceans and Marine Biodiversity Many people know about degradation of the

978 views • 20 slides
5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

Se minar 5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application Speaker Adam Davis Dave Batker Dr. Ben Guillon Ricardo Bayon 2011 ECOSYSTEM SERVICES SEMINAR SERIES Ecosystem Services Seminar

745 views • 35 slides
Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 16,

445 views • 19 slides
Development of advice towards ecosystem based fisheries management - ICES advice and ecosystem

Development of advice towards ecosystem based fisheries management - ICES advice and ecosystem

Development of advice towards ecosystem based fisheries management - ICES advice and ecosystem based fisheries management Towards Ecosystem Based Fisheries Management in the Bal7c Sea 16 - 17 June 2016 Eskild Kirkegaard ACOM Chair Common

386 views • 19 slides
Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September

Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September

1 Coalition Against Unsolicited Commercial Email Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September 2013 2 Where is everything? These Slides : http://www.taugh.com/ue13/ Resources :

942 views • 91 slides
Pace Layers The social economy ecosystem has many layers, all of which change at different

Pace Layers The social economy ecosystem has many layers, all of which change at different

Pace Layers The social economy ecosystem has many layers, all of which change at different rates, the outer layers moving faster than the inner Source: Stewart Brand, The Clock of the Long Now 1 | Confidential & Proprietary 2 |

421 views • 4 slides
MORPHotype EcOSystem design remote definition based on big data morphology and use ecosystem

MORPHotype EcOSystem design remote definition based on big data morphology and use ecosystem

MORPHotype EcOSystem design remote definition based on big data morphology and use ecosystem for creative industries Alessandro Canepa alessandro@i-dealsrl.com +39 338 6426165 https://www.youtube.com/watch?v=9AFWaKUTxn4 Consortium The

216 views • 19 slides
The political economy of water security, ecosystem services and livelihoods in the western

The political economy of water security, ecosystem services and livelihoods in the western

The political economy of water security, ecosystem services and livelihoods in the western Himalayas ESPA 2013 PROJECT, REFERENCE NE/ L001365/ 1 Project team University of Cambridge Bhaskar Vira Centre for Development and Research

264 views • 11 slides
Circular economy interaction with climate policies, ecosystem services, biodiversity, and human

Circular economy interaction with climate policies, ecosystem services, biodiversity, and human

Circular economy interaction with climate policies, ecosystem services, biodiversity, and human health: Insights from GEO-6 and GRO 2019 Presentation to the LCS-RNet 11 TH Annual Meeting Paul Ekins Professor of Resources and Environmental

845 views • 37 slides
Ecosystem Services in the Greater Houston Region Based on Ecosystem Services Primer Deborah

Ecosystem Services in the Greater Houston Region Based on Ecosystem Services Primer Deborah

Ecosystem Services in the Greater Houston Region Based on Ecosystem Services Primer Deborah January-Bevers February/March 2019 Houston is an Ecologically Diverse Region Ecoregions: Big Thicket Piney Woods Trinity Bottomlands

346 views • 31 slides
Circular Economy Project Driving towards circularity International workshop on Circular Economy

Circular Economy Project Driving towards circularity International workshop on Circular Economy

Circular Economy Project Driving towards circularity International workshop on Circular Economy in the Automotive Industry Massimiano Tellini, Global Head - Circular Economy Project 6-7 November 2017, Bratislava 1 Ecosystem Growth Innovative

633 views • 20 slides
Ecosystem based management: why try to herd cats? Mark Dickey-Collas @DickeyCollas Why

Ecosystem based management: why try to herd cats? Mark Dickey-Collas @DickeyCollas Why

Ecosystem based management: why try to herd cats? Mark Dickey-Collas @DickeyCollas Why ecosystem based management? to promote biodiversity conservation, and explore consequences of trade-offs in the management of marine ecosystems Marshak

692 views • 39 slides
ecosystem services in a Swaziland savanna ecosystem EMILY RUNNION Insect Pollination What is

ecosystem services in a Swaziland savanna ecosystem EMILY RUNNION Insect Pollination What is

The effects of landscape heterogeneity on pollination ecosystem services in a Swaziland savanna ecosystem EMILY RUNNION Insect Pollination What is insect pollination? Global Impacts Food Economy Mountain Aloe (Aloe marlothii

1.77k views • 7 slides
Possible Analytical Approach for Developing Ecosystem based Adaptation Master plan Dave

Possible Analytical Approach for Developing Ecosystem based Adaptation Master plan Dave

Possible Analytical Approach for Developing Ecosystem based Adaptation Master plan Dave Loubser PEBACC Country Manager Vanuatu Ecosystem and Socio economic Resilience Analysis and Mapping 2 Habitat Stability to Climate Change

764 views • 14 slides
The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

July 26 th , 2017 To: Landmarks Preservation Board From: Ron Taylor/Structural Engineer Re. Answers to the questions: Going underground is not practical or feasible The construction challenges of going underground are not unusual. Many museums

533 views • 6 slides
Ju July ly Ecosystem em Enrich ichmen ent: t: Reso esources ces for a a Rec ecover

Ju July ly Ecosystem em Enrich ichmen ent: t: Reso esources ces for a a Rec ecover

Ju July ly Ecosystem em Enrich ichmen ent: t: Reso esources ces for a a Rec ecover erin ing g Ec Economy The session is being recorded, the PowerPoint will be sent out after the session. Info from past Ecosystem Enrichments

483 views • 47 slides
EDA: Tasks, Tools, Principles Natalia Andrienko & Gennady Andrienko Fraunhofer Institute AIS

EDA: Tasks, Tools, Principles Natalia Andrienko & Gennady Andrienko Fraunhofer Institute AIS

EDA: Tasks, Tools, Principles Natalia Andrienko & Gennady Andrienko Fraunhofer Institute AIS Sankt Augustin Germany http://www.ais.fraunhofer.de/and Potsdam, 27.09.2005 Presentation Plan Introduction What is EDA? Examples of

442 views • 20 slides
Privacy, Standards and Anti-Patterns Peter Snyder, Privacy Researcher, pes@brave.com

Privacy, Standards and Anti-Patterns Peter Snyder, Privacy Researcher, pes@brave.com

Privacy, Standards and Anti-Patterns Peter Snyder, Privacy Researcher, pes@brave.com Overview Standards as a privacy focused implementor How the standards process makes privacy difficult (and how it can be fixed)

467 views • 46 slides
ADHD: Practical Guidelines for Diagnosis and Treatment By Kara Martinez, MD Learning Objectives

ADHD: Practical Guidelines for Diagnosis and Treatment By Kara Martinez, MD Learning Objectives

ADHD: Practical Guidelines for Diagnosis and Treatment By Kara Martinez, MD Learning Objectives 1. Describe common signs and symptoms of ADHD in the child & adolescent population. 2. Summarize changes in diagnostic criteria in DSM 5

460 views • 27 slides
14 Strategies to Get Referrals Marketing Director Certification Program: Lesson 11 with

14 Strategies to Get Referrals Marketing Director Certification Program: Lesson 11 with

Youre about to discover 14 Strategies to Get Referrals Marketing Director Certification Program: Lesson 11 with Ken Hardison The Authority on Legal Marketing Referral Rule 20% of people will refer your business even if you do

669 views • 36 slides
Security Management and Engineering Is this product/technique/service secure? Simple Yes/No

Security Management and Engineering Is this product/technique/service secure? Simple Yes/No

Security Management and Engineering Is this product/technique/service secure? Simple Yes/No answers are often wanted, but typically inappropriate. Security of an item depends much on the context in which it is used. Complex

770 views • 57 slides
Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Testing That Digs Deeper Penetration testing is about attempting to exploit as much as possible

516 views • 18 slides
The Irrelevance of Turing machines to AI (and maybe to computers as we know them) Aaron Sloman

The Irrelevance of Turing machines to AI (and maybe to computers as we know them) Aaron Sloman

School of Computer Science Theory seminar Birmingham Friday 28th Feb 2003 Also University of Nevada at Reno 20 March 2003 The Irrelevance of Turing machines to AI (and maybe to computers as we know them) Aaron Sloman

805 views • 45 slides
Contemplating a future Internet David D. Clark MIT CSAIL July 2007 What I want to talk about

Contemplating a future Internet David D. Clark MIT CSAIL July 2007 What I want to talk about

Contemplating a future Internet David D. Clark MIT CSAIL July 2007 What I want to talk about Process and program structure Just a little Some research ideas The major topic. First, the why The research challenge

733 views • 37 slides

More recommend