Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
the underground economy and ecosystem of sms based

The Underground Economy and Ecosystem of SMS Based Cybercrime Denis - PowerPoint PPT Presentation

Nov 12, 2023 •620 likes •1.39k views

The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware Analyst, Kaspersky Lab 15.06.2011, 23 rd Annual FIRST Conference, Vienna, Austria Agenda SMS based threats Ransomware SMS Trojans The

  1. The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware Analyst, Kaspersky Lab 15.06.2011, 23 rd Annual FIRST Conference, Vienna, Austria

  2. Agenda SMS based threats • Ransomware • SMS Trojans The ecosystem Underground economy Threats round the globe What should we do? 23 rd Annual FIRST Conference PAGE 2 | | June 15, 2011

  3. Lottery 23 rd Annual FIRST Conference PAGE 3 | | June 15, 2011

  4. How much have users lost? 23 rd Annual FIRST Conference PAGE 4 | | June 15, 2011

  5. Ransomware

  6. Ransomware In a nutshell 23 rd Annual FIRST Conference PAGE 6 | | June 15, 2011

  7. Ransomware In a nutshell 23 rd Annual FIRST Conference PAGE 7 | | June 15, 2011

  8. Ransomware Variety 23 rd Annual FIRST Conference PAGE 8 | | June 15, 2011

  9. Ransomware Variety 23 rd Annual FIRST Conference PAGE 9 | | June 15, 2011

  10. Ransomware Variety 23 rd Annual FIRST Conference PAGE 10 | | June 15, 2011

  11. Ransomware Variety 23 rd Annual FIRST Conference PAGE 11 | | June 15, 2011

  12. Ransomware Variety 23 rd Annual FIRST Conference PAGE 12 | | June 15, 2011

  13. Ransomware Variety 23 rd Annual FIRST Conference PAGE 13 | | June 15, 2011

  14. Ransomware Variety 23 rd Annual FIRST Conference PAGE 14 | | June 15, 2011

  15. Ransomware Variety 23 rd Annual FIRST Conference PAGE 15 | | June 15, 2011

  16. Psychological tricks Legal prosecution threats Data corruption threats Malware infection (!) threats Annoying pop-ups 23 rd Annual FIRST Conference PAGE 16 | | June 15, 2011

  17. What do they want? 23 rd Annual FIRST Conference PAGE 17 | | June 15, 2011

  18. Deblocker 23 rd Annual FIRST Conference PAGE 18 | | June 15, 2011

  19. Deblocker 23 rd Annual FIRST Conference PAGE 19 | | June 15, 2011

  20. Deblocker service statistics Launch: January 2010 Current state: • More than 5,100,000 unique visitors • More than 19,500,000 requests • ~60,000 unique visitors per day • ~230,000 requests per day Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 20 | | June 15, 2011

  21. SMS Trojans

  22. SMS Trojans In a nutshell 23 rd Annual FIRST Conference PAGE 22 | | June 15, 2011

  23. Statistics Number of modifications per year 345 336 350 300 250 212 200 150 116 100 50 11 3 0 2006 2007 2008 2009 2010 2011 Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 23 | | June 15, 2011

  24. Statistics Platform distribution 8% 3% 5% Symbian Windows Mobile Android J2ME 84% Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 24 | | June 15, 2011

  25. Primitive: Trojan-SMS.J2ME.Konov One of the first widespread SMS Trojans: • Small (1,5 – 8 kB) • No encryption • No social engineering tricks 23 rd Annual FIRST Conference PAGE 25 | | June 15, 2011

  26. Advanced: Trojan-SMS.J2ME.VScreener ‘Faulty’ video player Must be ‘tuned’ by user • Quick left soft key pressing SMS are sent during ‘tuning’ Premium rate number and SMS text are stored in ‘ load.bin ’ file File ‘ load.bin ’ is encoded with ADD and ‘0xA’ key 23 rd Annual FIRST Conference PAGE 26 | | June 15, 2011

  27. ‘Video player’ Again 23 rd Annual FIRST Conference PAGE 27 | | June 15, 2011

  28. ‘Video player’ Again 23 rd Annual FIRST Conference PAGE 28 | | June 15, 2011

  29. SEO and mobile malware 23 rd Annual FIRST Conference PAGE 29 | | June 15, 2011

  30. SEO and mobile malware Blonde porn download 23 rd Annual FIRST Conference PAGE 30 | | June 15, 2011

  31. The ecosystem The root of all evil

  32. Trojan-SMS.J2ME.Konov 23 rd Annual FIRST Conference PAGE 32 | | June 15, 2011

  33. Trojan-SMS.J2ME.Konov $10 or $6 per SMS Mobile operator 23 rd Annual FIRST Conference PAGE 33 | | June 15, 2011

  34. Trojan-SMS.J2ME.Konov Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 34 | | June 15, 2011

  35. Trojan-SMS.J2ME.Konov Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 35 | | June 15, 2011

  36. Trojan-SMS.J2ME.Konov ‘ epbox 1290’ on Subtenant with ID 1290 4460 & 5537 ‘ epbox ’ ‘ epbox ’ on 4460 renter & 5537 Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 36 | | June 15, 2011

  37. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ renter ‘ epbox 1290’ subtenant 23 rd Annual FIRST Conference PAGE 37 | | June 15, 2011

  38. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ Affiliate network renter owner(s) Affiliate A ‘ epbox 1290’ subtenant 23 rd Annual FIRST Conference PAGE 38 | | June 15, 2011

  39. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ Affiliate network renter owner(s) Affiliate A Affiliate B Affiliate C ‘ epbox 1290’ ‘ epbox M’ ‘ epbox N’ subtenant subtenant subtenant 23 rd Annual FIRST Conference PAGE 39 | | June 15, 2011

  40. The root of all evil Affiliate network registration form 23 rd Annual FIRST Conference PAGE 40 | | June 15, 2011

  41. The root of all evil Affiliate network registration form Name Email Website URL Website name WMZ and WMR ICQ (optional) 23 rd Annual FIRST Conference PAGE 41 | | June 15, 2011

  42. The root of all evil Affiliate network registration form No sensitive data! Name Email Website URL Affiliate ID ‘ epbox 1290’ Website name WMZ and WMR ICQ (optional) 23 rd Annual FIRST Conference PAGE 42 | | June 15, 2011

  43. Typical affiliate website 23 rd Annual FIRST Conference PAGE 43 | | June 15, 2011

  44. Typical affiliate website 23 rd Annual FIRST Conference PAGE 44 | | June 15, 2011

  45. Typical affiliate website Referrer check Remote server Affiliate ID 23 rd Annual FIRST Conference PAGE 45 | | June 15, 2011

  46. Typical affiliate website Referrer check Remote server Affiliate ID JAR constructor SMS Trojan with affiliate ID 23 rd Annual FIRST Conference PAGE 46 | | June 15, 2011

  47. Typical affiliate website Referrer check Remote server Affiliate ID JAR constructor SMS Trojan with affiliate ID Thousands of websites! 23 rd Annual FIRST Conference PAGE 47 | | June 15, 2011

  48. Ransomware Same situation 23 rd Annual FIRST Conference PAGE 48 | | June 15, 2011

  49. Ransomware Same situation 23 rd Annual FIRST Conference PAGE 49 | | June 15, 2011

  50. Underground economy …and lottery results :)

  51. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 51 | | June 15, 2011

  52. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) SMS 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 52 | | June 15, 2011

  53. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) 1-5% of SMS SMS price 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 53 | | June 15, 2011

  54. Underground economy Revenue sharing 1-5% of SMS price The Infected affiliate Affiliate phone/PC owner(s) 1-5% of SMS 40-67% of SMS price SMS price 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 54 | | June 15, 2011

  55. $$$ 23 rd Annual FIRST Conference PAGE 55 | | June 15, 2011

  56. $$$ ‘…10 people were arrested…’ ‘…malware which blocks PC…’ 23 rd Annual FIRST Conference PAGE 56 | | June 15, 2011

  57. $$$ ‘…10 people ‘…half a year…’ were arrested…’ ‘…malware ‘…SMS as which blocks ransom…’ PC…’ 23 rd Annual FIRST Conference PAGE 57 | | June 15, 2011

  58. $$$ ‘…10 people ‘…half a year…’ were arrested…’ ‘…1 billion rubles…’ ‘…malware ‘…SMS as which blocks ransom…’ PC…’ 23 rd Annual FIRST Conference PAGE 58 | | June 15, 2011

  59. Calculations 1,000,000,000 rubles ~ $30,000,000 $30,000,000/6 ~ $5,000,000 per month 23 rd Annual FIRST Conference PAGE 59 | | June 15, 2011

  60. ‘Death penalty’ Largest mobile affiliate network was fined: The fine was equal to 25% of the affiliate network weekly income: • 1,590,000 rubles ~ $53,000 • Weekly income ~ $212,000 • Monthly income ~ $850,000 People were losing at least $1,200,000 per month 23 rd Annual FIRST Conference PAGE 60 | | June 15, 2011

  61. Final score $6,200,000 per month 23 rd Annual FIRST Conference PAGE 61 | | June 15, 2011

  62. Threats round the globe

  63. Ransomware 23 rd Annual FIRST Conference PAGE 63 | | June 15, 2011

  64. Ransomware 23 rd Annual FIRST Conference PAGE 64 | | June 15, 2011

  65. Ransomware 23 rd Annual FIRST Conference PAGE 65 | | June 15, 2011

  66. A long time ago… 23 rd Annual FIRST Conference PAGE 66 | | June 15, 2011

  67. Porn SMS senders ‘ Nooit spijt ’ case 23 rd Annual FIRST Conference PAGE 67 | | June 15, 2011

  68. Porn SMS senders ‘ Nooit spijt ’ case 23 rd Annual FIRST Conference PAGE 68 | | June 15, 2011

  69. ‘Dating’ apps If you are from UK 23 rd Annual FIRST Conference PAGE 69 | | June 15, 2011

Recommend

SMS Utility paym ent SMS Utility paym ent Gasana Jeff General Manager SMS Media Rw anda SMS

SMS Utility paym ent SMS Utility paym ent Gasana Jeff General Manager SMS Media Rw anda SMS

SMS Utility paym ent SMS Utility paym ent Gasana Jeff General Manager SMS Media Rw anda SMS Media Rw anda EAPIC 2008, 16-18 September, Nairobi, Kenya Com pany Profile Com pany Profile SMS Media is mobile media company specializing in SMS

711 views • 14 slides
Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways Bradley Reaves , Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, Kevin R. B. Butler Florida Institute of Cyber Security (FICS) SMS Ecosystem Cell

406 views • 14 slides
SMS switching and billing suite Break through your data SMS switching and billing suite

SMS switching and billing suite Break through your data SMS switching and billing suite

SMS switching and billing suite Break through your data SMS switching and billing suite components SMS switch - a stable and robust platform fully SMS switch developed by 5g Future 5g Future, no opensource code used. Dynamic or static

128 views • 11 slides
SMS And ICT4D Connecting to People Trevor Perrier February 11, 2015 Why SMS Or: Where There Is

SMS And ICT4D Connecting to People Trevor Perrier February 11, 2015 Why SMS Or: Where There Is

SMS And ICT4D Connecting to People Trevor Perrier February 11, 2015 Why SMS Or: Where There Is No App Advantages of SMS Disadvantages Ubiquitous No structure No Install Limited bandwidth Low cost Complex syntax

431 views • 26 slides
SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel

SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel

SMS Messaging for Marketing Success SMS Messaging for Marketing Success Esendex Multichannel Solutions What are we covering off today? Who we are - communigator relationship Power of using SMS What does good look like? What is

343 views • 19 slides
The Safety Measurement System (SMS) Methodology Enhancements and SMS Preview Fall 2016

The Safety Measurement System (SMS) Methodology Enhancements and SMS Preview Fall 2016

The Safety Measurement System (SMS) Methodology Enhancements and SMS Preview Fall 2016 Todays Presenters Dave Yessen Monica Lanos Transportation Specialist Transportation Specialist FMCSA Office of Enforcement and Compliance FMCSA Office

720 views • 48 slides
Secure SMS messaging using Quasigroup encryption and Java SMS API Marko Hassinen, Smile Markovski

Secure SMS messaging using Quasigroup encryption and Java SMS API Marko Hassinen, Smile Markovski

Secure SMS messaging using Quasigroup encryption and Java SMS API Marko Hassinen, Smile Markovski Marko.Hassinen@cs.uku.fi, smile@ii.edu.mk University of Kuopio, Finland SS Cyril and Methodius University, Republic of Macedonia SPLST 2003

601 views • 38 slides
VoIP/SMS monitoring suite Break through your data A typical screen Why do you need 5gVision?

VoIP/SMS monitoring suite Break through your data A typical screen Why do you need 5gVision?

VoIP/SMS monitoring suite Break through your data A typical screen Why do you need 5gVision? 5gVision is a visual VoIP/SMS/SNMP 5gVision is a visual VoIP/SMS/SNMP monitoring and log collection suite monitoring and log collection suite

464 views • 21 slides
CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY

CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY

CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY OPERATOR DATA MVNO OTTs Services that 100% guarantee reliable and lucrative partnerships lead to absolute success. premier global communications

332 views • 7 slides
Presentation of SMS: Sandbukta-Moss-Sstad By Jarle Rasmussen The SMS Team Jarle Midjs

Presentation of SMS: Sandbukta-Moss-Sstad By Jarle Rasmussen The SMS Team Jarle Midjs

Presentation of SMS: Sandbukta-Moss-Sstad By Jarle Rasmussen The SMS Team Jarle Midjs Rasmussen Trygve Srb Kvarme Jan Nondal Prosjektsjef Prosjektleder offentlig plan Prosjekteringsleder Project Manager Planning Manager

492 views • 31 slides
SMS/ SMS/Inn nntopia pia Best t Pr Prac ac2c 2ces s Discussion Discussio Carson Foerster

SMS/ SMS/Inn nntopia pia Best t Pr Prac ac2c 2ces s Discussion Discussio Carson Foerster

SMS/ SMS/Inn nntopia pia Best t Pr Prac ac2c 2ces s Discussion Discussio Carson Foerster Springer-Miller Systems Brian Campbell Springer-Miller Systems Susie Thiele Stra:on Mountain Resort Ashley Fay - Inntopia John Spencer

357 views • 7 slides
Safety Management System Next step to safety The ICAO SMS framework toolkit Including Quality

Safety Management System Next step to safety The ICAO SMS framework toolkit Including Quality

Safety Management System Next step to safety The ICAO SMS framework toolkit Including Quality System The SMS solution for value creation Designed per the specifications of the ICAO SMS framework Client / server architecture entirely Delivered

115 views • 10 slides
Attacking SMS BlackHat USA 2009 Zane Lackey (zane@isecpartners.com) Luis Miras

Attacking SMS BlackHat USA 2009 Zane Lackey (zane@isecpartners.com) Luis Miras

Attacking SMS BlackHat USA 2009 Zane Lackey (zane@isecpartners.com) Luis Miras (luis@ringzero.net) RingZero https://luis.ringzero.net Agenda SMS Background Overview SMS in mobile security Testing Challenges

877 views • 66 slides
5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

Se minar 5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application Speaker Adam Davis Dave Batker Dr. Ben Guillon Ricardo Bayon 2011 ECOSYSTEM SERVICES SEMINAR SERIES Ecosystem Services Seminar

750 views • 35 slides
SMS: An Important Cost Savings and Revenue Generation Tool Sonali Shah Director, Corporate

SMS: An Important Cost Savings and Revenue Generation Tool Sonali Shah Director, Corporate

SMS: An Important Cost Savings and Revenue Generation Tool Sonali Shah Director, Corporate Development & Strategy Intuits Mobile Ecosystem Summit October 12, 2009 Objectives & Agenda Objectives: + Examine SMS market trends

568 views • 15 slides
4 Policy and Management Tools for Ecosystem Services Speaker Pavan Sukhdev 2011 ECOSYSTEM

4 Policy and Management Tools for Ecosystem Services Speaker Pavan Sukhdev 2011 ECOSYSTEM

Se minar 4 Policy and Management Tools for Ecosystem Services Speaker Pavan Sukhdev 2011 ECOSYSTEM SERVICES SEMINAR SERIES Ecosystem Services Seminar 4: Policy and Management Tools for Ecosystem Services Presentation and Discussion Notes

1.18k views • 75 slides
EDA: Tasks, Tools, Principles Natalia Andrienko & Gennady Andrienko Fraunhofer Institute AIS

EDA: Tasks, Tools, Principles Natalia Andrienko & Gennady Andrienko Fraunhofer Institute AIS

EDA: Tasks, Tools, Principles Natalia Andrienko & Gennady Andrienko Fraunhofer Institute AIS Sankt Augustin Germany http://www.ais.fraunhofer.de/and Potsdam, 27.09.2005 Presentation Plan Introduction What is EDA? Examples of

443 views • 20 slides
Privacy, Standards and Anti-Patterns Peter Snyder, Privacy Researcher, pes@brave.com

Privacy, Standards and Anti-Patterns Peter Snyder, Privacy Researcher, pes@brave.com

Privacy, Standards and Anti-Patterns Peter Snyder, Privacy Researcher, pes@brave.com Overview Standards as a privacy focused implementor How the standards process makes privacy difficult (and how it can be fixed)

467 views • 46 slides
ADHD: Practical Guidelines for Diagnosis and Treatment By Kara Martinez, MD Learning Objectives

ADHD: Practical Guidelines for Diagnosis and Treatment By Kara Martinez, MD Learning Objectives

ADHD: Practical Guidelines for Diagnosis and Treatment By Kara Martinez, MD Learning Objectives 1. Describe common signs and symptoms of ADHD in the child & adolescent population. 2. Summarize changes in diagnostic criteria in DSM 5

467 views • 27 slides
14 Strategies to Get Referrals Marketing Director Certification Program: Lesson 11 with

14 Strategies to Get Referrals Marketing Director Certification Program: Lesson 11 with

Youre about to discover 14 Strategies to Get Referrals Marketing Director Certification Program: Lesson 11 with Ken Hardison The Authority on Legal Marketing Referral Rule 20% of people will refer your business even if you do

669 views • 36 slides
Security Management and Engineering Is this product/technique/service secure? Simple Yes/No

Security Management and Engineering Is this product/technique/service secure? Simple Yes/No

Security Management and Engineering Is this product/technique/service secure? Simple Yes/No answers are often wanted, but typically inappropriate. Security of an item depends much on the context in which it is used. Complex

772 views • 57 slides
Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Testing That Digs Deeper Penetration testing is about attempting to exploit as much as possible

519 views • 18 slides
The Irrelevance of Turing machines to AI (and maybe to computers as we know them) Aaron Sloman

The Irrelevance of Turing machines to AI (and maybe to computers as we know them) Aaron Sloman

School of Computer Science Theory seminar Birmingham Friday 28th Feb 2003 Also University of Nevada at Reno 20 March 2003 The Irrelevance of Turing machines to AI (and maybe to computers as we know them) Aaron Sloman

807 views • 45 slides
Contemplating a future Internet David D. Clark MIT CSAIL July 2007 What I want to talk about

Contemplating a future Internet David D. Clark MIT CSAIL July 2007 What I want to talk about

Contemplating a future Internet David D. Clark MIT CSAIL July 2007 What I want to talk about Process and program structure Just a little Some research ideas The major topic. First, the why The research challenge

737 views • 37 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.