Exposing the Money Behind Malware


Published on

This presentation discusses how money has become the leading motivator for cybercriminals to spread malware. From social media to SEO, malware is spreading at a faster rate every year. Learn more and find out what you can do to protect yourself and your data.

For more on the Money Behind Malware, visit: http://bit.ly/VnDhv4

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • PARTNERKA is a slang word known to a group of internet “professionals” and is short for “partner network” or in plain English – Russian Internet Affiliate Network
  • Complete security means we don’t just detect threats, we:Reduce the attack surface – We address the things that bring risk like vulnerabilities and applications.Protect everywhere – We make sure your users are protected wherever they are and whatever device they’re using.Stop attacks and breaches – Of course we can detect and prevent threats and data loss. But we’ve moved beyond signatures with innovations like live protection, which means we can stop new threats instantly.Crucially, we Keep people working – Both your users and the IT team. We engineer our products to simplify the tasks that take too much time today, like cleaning up infections and recovering forgotten passwords. So, as the threat and the ways that we use IT for work evolve, so does your protection. We stay on top of them, to simply give you all you need to stay secure. We engineer our products to work better together. And we look for opportunities to unify endpoint agents, gateway defenses, security policies and intelligence so it’s even easier.Agents – for every device, combining security to maximise protection and performanceAt the Gateway – virtual or hardware appliances and software options that match your protection priorities and sizeThroughPolicies - We let you create a policy once, and apply it anywhere to give you consistent protection and user experienceFrom our Labs - our experts have visibility of all aspects of security threats and use that expertise to actively fine-tune your protection for you and deliver instantly from the cloud
  • We hope you can see how complete security helps you at every point in the the threat lifecycle. And is engineered so you can actually use it. But there are other advantages too, like multi product discounts and unrivalled technical support from a single point.
  • Exposing the Money Behind Malware

    1. 1. Exposing the money behind the malwareOctober 2012 Chester Wisniewski
    2. 2. Who am I?A guy with a really cool job • Hacker • Speaker • Researcher
    3. 3. Social network spam
    4. 4. Social network spam trends of social networking users report being hit by spam via these services That’s an increase of 20.3% from a year ago.
    5. 5. Social networking malware
    6. 6. KoobfaceWhat is it capable of? Steal software keys Upload stored passwords Web server/DNS proxy Search hijacking (PPC) CAPTCHA busting Fake AV Social network spam bot
    7. 7. How do we get infected?
    8. 8. Zbot/Zeus in the newsLaw enforcement crackdown, widely decentralized and international in nature Image courtesy of krebsonsecurity.com
    9. 9. SEO – How they do it
    10. 10. SEO leads to social engineering10
    11. 11. What’s driving these activities?11
    12. 12. Brought to you by Партнерка[partnyorka]
    13. 13. Pharma hosting195.95.155.13 (AS2118) MoskvaCom Ltd, RU
    14. 14. Google search for pharma #s
    15. 15. Average sale = $140-180 USD
    16. 16. Map of people buying Rx
    17. 17. Spamit/GlavMed/GlavTorg
    18. 18. ChronopayMac fake anti-virus industry revealed
    19. 19. Pharma affilliate profitability Date OrdersThis affiliate used 66 unique domains 01 30 referencing his Affilliate ID 02 74 03 216 04 193 • 124 orders per day 05 231 • Average sale = $160 • 40% commission 06 191 07 189 08 78 124 * 160 = $19840 * 40% = 09 99 $7936/day 10 128 11 52 12 7 Average sales/day 124
    20. 20. Pharma partnyorka profitability Image courtesy of krebsonsecurity.com
    21. 21. Fake anti-virus by the numbersTopSale2.ru
    22. 22. Fake anti-virus top affiliates Some more successful than others Affiliate Account Balance Affiliate ID Username (USD) 4928 nenastniy $158,568.86 56 krab $105,955.76 2 rstwm $95,021.16 4748 newforis $93,260.64 5016 slyers $85,220.22 3684 ultra $82,174.54 3750 cosma2k $78,824.88 5050 dp322 $75,631.26 3886 iamthevip $61,552.63 4048 dp32 $58,160.20Courtesy of Secureworks.com
    23. 23. Ransomware
    24. 24. Complete Security Endpoint Web Email Data Mobile NetworkReduce attack surface Protect everywhere Stop attacks and breaches Keep people working URL Filtering Web Application Endpoint Web Encryption Data Control Access control Automation WiFi security Firewall Protection for cloud Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help Application Mobile app Clean up Technical Device Control Secure branch Intrusion Firewall Control security support offices prevention Encryption Live Protection Email encryption24
    25. 25. Why you’re safer in our worldYou’ll get better threat and data protection more simply, and more cost effectively• Complete security that works better together• Defense in depth you can actually deployYou’ll also see the benefits of consolidating your security vendors: Consolidated licensing costs One trusted partner for support Complete Without Active Security Complexity Protection25
    26. 26. Latest News http://nakedsecurity.sophos.comPodcasts http://podcasts.sophos.comSecurity Hub http://www.sophos.com/security @chetwisniewski on TwitterContact me chesterw@sophos.com App.net/chester Chester Wisniewski on G+
    27. 27. Staying ahead of the curve US and Canada 1-866-866-2802 NASales@sophos.com UK and Worldwide + 44 1235 55 9933 Sales@sophos.comhttp://www.sophos.com/en-us/security-news-trends/security-trends/money-behind-malware-threats.aspx