The massive expansion of the Internet and the devices that use it to communicate is slowly but inevitably changing the lives of billions of people. Social networks are at the peak of their popularity, data is moving to the Cloud and traditional computing platforms are in recess. More and more applications are being created directly for the Web - a new platform, common to all devices. This silent revolution is causing browsers to become more important than operating systems themselves.
Where there are users, there's money. Where there's money, there's crime. The Web, as a new platform, is becoming a target for cyber-attackers who abuse the OS-independent technology with malicious intentions. Anyone who uses a browser can become their victim.
This presentation shows how cybercrime actually works from social engineering tactics to how browsers can be locked down with ransom demands by visiting just a single webpage. Our goal is to make the Web more secure. Help us by knowing the techniques of the enemy, recognizing scam attempts, and making your web apps resilient to future attacks.
Presented by Pavel Šrámek, malware analyst at Avast, at the Web Expo 2014.
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was updated and presented at the FSEC conference in Croatia, September 2017.
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity).
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking.
This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser.
https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016
video demos: http://whitehatsec.com/home/assets/videos/Top10WebHacks_Webinar031711.zip
Many notable and new Web hacking techniques were revealed in 2010. During this presentation, Jeremiah Grossman will describe the technical details of the top hacks from 2010, as well as some of the prevalent security issues emerging in 2011. Attendees will be treated to a step-by-step guided tour of the newest threats targeting today's corporate websites and enterprise users.
The top attacks in 2010 include:
• 'Padding Oracle' Crypto Attack
• Evercookie
• Hacking Auto-Complete
• Attacking HTTPS with Cache Injection
• Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
• Universal XSS in IE8
• HTTP POST DoS
• JavaSnoop
• CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
• Java Applet DNS Rebinding
Mr. Grossman will then briefly identify real-world examples of each of these vulnerabilities in action, outlining how the issue occurs, and what preventative measures can be taken. With that knowledge, he will strategize what defensive solutions will have the most impact.
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages.
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications.
https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was updated and presented at the FSEC conference in Croatia, September 2017.
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity).
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking.
This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser.
https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016
video demos: http://whitehatsec.com/home/assets/videos/Top10WebHacks_Webinar031711.zip
Many notable and new Web hacking techniques were revealed in 2010. During this presentation, Jeremiah Grossman will describe the technical details of the top hacks from 2010, as well as some of the prevalent security issues emerging in 2011. Attendees will be treated to a step-by-step guided tour of the newest threats targeting today's corporate websites and enterprise users.
The top attacks in 2010 include:
• 'Padding Oracle' Crypto Attack
• Evercookie
• Hacking Auto-Complete
• Attacking HTTPS with Cache Injection
• Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
• Universal XSS in IE8
• HTTP POST DoS
• JavaSnoop
• CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
• Java Applet DNS Rebinding
Mr. Grossman will then briefly identify real-world examples of each of these vulnerabilities in action, outlining how the issue occurs, and what preventative measures can be taken. With that knowledge, he will strategize what defensive solutions will have the most impact.
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages.
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications.
https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was presented at the OWASP Belgium Chapter Meeting in May 2017.
"Web Application Security" by Lee Christense at Utah Code Camp in March 2014. Covers SQL injection(SQLi), cross-site scripting(XSS), cross-site request forgery(CSRF), and password hashing.
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
While it is quite common practice to do periodic security assessments of your local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. We have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security. The goal of my presentation is to show how security assessment of cloud infrastructure it is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show the whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the web application server hosted on EC2 instance to access its metadata. Using the assigned role, I’ll access another AWS EC2 instance to escalate privileges to the administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe another potential, cloud-specific threats, e.g. cryptojacking or ransomware in the cloud. The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of an interactive, live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.
Video recording of the talk: https://connect.ruhr-uni-bochum.de/p3g2butmrt4/
HTML5 is quickly gaining media attention and popularity among browser vendors and web developers. Having tremendous features, together with its sister specifications like Drag & Drop API, File API or Geolocation it allows developers to build rich web applications that easily blend with desktop & mobile environments.
The talk will be focused on finding the weakest link and combining several recent attack techniques to turn a security vulnerability into a successful exploit.
We'll show how to build a successful advanced UI-Redressing attack (also known as clickjacking), presenting the latest findings in this field, including malicious games and quizes. We'll work on file upload functionalities in current web applications and see how attackers might use HTML5 APIs for their advantage. Putting all these building blocks together will enable us to launch an attack and exploit even the otherwise unexploitable vulnerabilities.
JavaScript is the most widely used language cross platforms. This talk will analyze the security concerns from past to present with a peek to the future of this important language. This talk was presented as Keynote at CyberCamp Espana 2014.
HackAvert® is a web site security and performance management tool. HackAvert® offers a complete set of tools to protect your website to help prevent, detect and heal a wide range of hack attempts.
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
The open source TodoMVC project implements a Todo application using popular JavaScript MV* frameworks. Some of the implementations add support for compile to JavaScript languages, module loaders and real time backends. This presentation will demonstrate a TodoMVC implementation which adds support for the forthcoming W3C Web Cryptography API, as well as review some key cryptographic concepts and definitions.
Instead of storing the Todo list as plaintext in localStorage, this "secure" TodoMVC implementation encrypts Todos using a password derived key. The PBKDF2 algorithm is used for the deriveKey operation, with getRandomValues generating a cryptographically random salt. The importKey method sets up usage of AES-CBC for both encrypt and decrypt operations. The final solution helps address item "A6-Sensitive Data Exposure" from the OWASP Top 10.
With the Web Cryptography API being a recommendation in 2014, any Q&A time will likely include browser implementations and limitations, and whether JavaScript cryptography adds any value.
Keeping your web application secure is an ongoing process - new classes of vulnerabilities are discovered with surprising frequency, and if you don't keep on top of them you could be in for a nasty surprise. This talk will discuss both common and obscure vulnerabilities, with real-world examples of attacks that have worked against high profile sites in the past.
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was presented at the OWASP Belgium Chapter Meeting in May 2017.
"Web Application Security" by Lee Christense at Utah Code Camp in March 2014. Covers SQL injection(SQLi), cross-site scripting(XSS), cross-site request forgery(CSRF), and password hashing.
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
While it is quite common practice to do periodic security assessments of your local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. We have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security. The goal of my presentation is to show how security assessment of cloud infrastructure it is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show the whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the web application server hosted on EC2 instance to access its metadata. Using the assigned role, I’ll access another AWS EC2 instance to escalate privileges to the administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe another potential, cloud-specific threats, e.g. cryptojacking or ransomware in the cloud. The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of an interactive, live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.
Video recording of the talk: https://connect.ruhr-uni-bochum.de/p3g2butmrt4/
HTML5 is quickly gaining media attention and popularity among browser vendors and web developers. Having tremendous features, together with its sister specifications like Drag & Drop API, File API or Geolocation it allows developers to build rich web applications that easily blend with desktop & mobile environments.
The talk will be focused on finding the weakest link and combining several recent attack techniques to turn a security vulnerability into a successful exploit.
We'll show how to build a successful advanced UI-Redressing attack (also known as clickjacking), presenting the latest findings in this field, including malicious games and quizes. We'll work on file upload functionalities in current web applications and see how attackers might use HTML5 APIs for their advantage. Putting all these building blocks together will enable us to launch an attack and exploit even the otherwise unexploitable vulnerabilities.
JavaScript is the most widely used language cross platforms. This talk will analyze the security concerns from past to present with a peek to the future of this important language. This talk was presented as Keynote at CyberCamp Espana 2014.
HackAvert® is a web site security and performance management tool. HackAvert® offers a complete set of tools to protect your website to help prevent, detect and heal a wide range of hack attempts.
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
The open source TodoMVC project implements a Todo application using popular JavaScript MV* frameworks. Some of the implementations add support for compile to JavaScript languages, module loaders and real time backends. This presentation will demonstrate a TodoMVC implementation which adds support for the forthcoming W3C Web Cryptography API, as well as review some key cryptographic concepts and definitions.
Instead of storing the Todo list as plaintext in localStorage, this "secure" TodoMVC implementation encrypts Todos using a password derived key. The PBKDF2 algorithm is used for the deriveKey operation, with getRandomValues generating a cryptographically random salt. The importKey method sets up usage of AES-CBC for both encrypt and decrypt operations. The final solution helps address item "A6-Sensitive Data Exposure" from the OWASP Top 10.
With the Web Cryptography API being a recommendation in 2014, any Q&A time will likely include browser implementations and limitations, and whether JavaScript cryptography adds any value.
Keeping your web application secure is an ongoing process - new classes of vulnerabilities are discovered with surprising frequency, and if you don't keep on top of them you could be in for a nasty surprise. This talk will discuss both common and obscure vulnerabilities, with real-world examples of attacks that have worked against high profile sites in the past.
Secure Software: Action, Comedy or Drama? (2017 edition)Peter Sabev
If they made movies about the most important software security issues, they could be put into five titles: Insecure Interface, Insufficient Authentication, Security Misconfiguration, Lack of Transport Encryption and Privacy Concerns. What are the action, comedy and drama parts in software security nowadays? A talk presented on IT-Weekend event in Ruse, Bulgaria (2017)
Devouring Security Insufficient data validation risks Cross Site Scriptinggmaran23
Devouring Security: Insufficient Data Validation Risks - Cross Site Scripting (XSS)
• Risk, Stories & the news
• XSS Anatomy
• Untrusted Data Sources – Well, Where did that come from?
• Shouldn’t it be called CSS instead?
• Types of XSS
- Type 0 [DOM based]
- Type 1 [Reflected or Non-persistent XSS]
- Type 2 [Persistent or Stored XSS]
• Live Demo: XSS 101 with alert('hello XSS world')
• Live Demo: Cookie Hijacking and Privilege Escalation
- Face/Off with John Travolta and Nicolas Cage
• Live Demo: Let’s deploy some Key loggers,huh?
• Mitigations
- Input Sanitization
- Popular Libraries for .Net, Java, php
Demo: Input sanitization
- Whitelists (vs. Blackists)
- Output Encoding
Contextual
Demo: Output Encoding
- Browser Protections & bypasses
- Framework Protections & bypasses
- Content Security Policy (CSP) in brief
• Secure Code reviews: Spot an XSS, How?
• Tools: Do we have an option?
• XSS Buzz and how to Fuzz
• Renowned Cheat sheets
• Further reading & References
Similar to Where There's Money, There's Crime: Web-based Threats (20)
In the largest global study of the Internet of Things in consumers’ homes, researchers from Avast and Stanford University have shown a surprising emergence of IoT devices in consumer homes and shed light on troubling number of devices that continue to use guessable passwords.
The study provides the first large-scale empirical analysis of IoT devices by leveraging user-initiated network scans of 83 million devices in 16 million households worldwide.
The findings will be published in a paper, All Things Considered: An Analysis of IoT Devices on Home Networks, which will be appearing at USENIX Security this week. Avast researchers scanned the devices to understand the distribution of IoT devices by type and manufacturer and to understand the security profiles of various devices. The findings were validated and analyzed in collaboration with Stanford researchers.
Learn more about the research here: https://blog.avast.com/avast-and-stanford-research-shows-global-internet-of-things-avast
The Avast Threat Report provides an overview of global threat activity for Q1 2015.
Avast malware researchers and Avast customers work 24/7 to protect each other. Avast protects 230 million people worldwide in more than 186 different countries — we are present in more countries than McDonalds and protect more people than any other antivirus security provider.
The Q1 security report looks at the state of cyberthreats as it relates to Wi-Fi, PC threats, mobile threats, and the steady evolution of ransomware.
In recent years, cybernetic attacks against banks have become more and more popular. Attackers are motivated by potential profits. The number of people connecting to their bank accounts online has steadily increased, however their knowledge of computer security is often insufficient. Unaware users often become victims of phishing attacks, where they lose control of their login credentials and private data, which may eventually lead to them losing money.
During March 2013, we discovered attacks targeting major Korean banks. This attack originated from a legitimate Korean website which belonged to Korea Software Property Right Council (SPC). Although some websites appear visually the same, their inner structure looks different on a clean and compromised computer.
Many users fall victims of such types of attacks when legitimate websites are compromised. In these situations they do not expect any security risk, because they consider the high reputation of the legitimate company as a measure of security.
In this presentation, we present what happens on a compromised computer of an unaware user.
Presented at AVAR 2013 by Jaromir Horejsi and Jan Sirmer, Virus Analysts & Researchers at Avast Software.
Every Click Counts (But All the Money Goes to Me)Avast
Today, social sites make up a big, open vector for people who want monetize their ideas. But sometimes those ideas are not as legitimate as one would hope. One of the more unscrupulous ways to “earn” money is to steal your identity, email accounts, and/or credit card details. Another way is to misuse your computer as a money-making machine for cybercriminals.
Presented at AVAR 2013 by Jan Sirmer and Lukas Hasik, Virus Analysts & Researchers at Avast Software.
Google-image poisoning: How hackers use images to spread malwareAvast
For quite a while now, there have been links on the internet that take the unwary user to a page with unexpected or malicious content. Most of these attempts rely on the user to click on the link to be successful. However, the latest variation has moved beyond simple text links to "Google-image poisoning" - placing malware in the middle of Google searches for images where users have traditionally had no reason to be wary.
This presentation focuses on how malware writers are able to infect the average website; detailed analyses of the PHP script used to infect sites, and SEO techniques to get infected images at the top of search results.
Presented at AVAR 2011 by Lukas Hasik, head of Quality Assurance at Avast Software, and Jan Sirmer, a Virus Analyst & Researcher at Avast’s Virus Lab.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
3. Cyber-security myths
Which of these myths have you heard?
• I can safely open this attachment because
the e-mail came from my friend
• I can protect myself from malware
by not going on porn/warez sites
• Malware is only a problem on Windows
• Malware is created by teenage geeks
simply for bragging rights
• Malware is created by antivirus vendors
326. 8. 2017 AVAST Viruslab
5. The crimeware business
Malware authors are in it for the money
• LockScreens, FakeAVs and encrypting ransomware
• Banking trojans
• Phishing, Identity theft
• Botnets offered as a service
– Spam
– DDoS
– CPU power (bitcoin mining, hash cracking, …)
All sold on black market
526. 8. 2017 AVAST Viruslab
6. Traditional infection vectors
The easiest way to infect a machine?
Convince the user to run it himself!
• social engineering
Your second best bet?
• zero day vulnerabilities – Java, Adobe reader, Flash
• out-of-date and/or pirated OS installations
• hacked websites = best free hosting
Commercial exploit kits
626. 8. 2017 AVAST Viruslab
7. 726. 8. 2017 AVAST Viruslab
Victim Compromised
server
Website content
request
Malicious JS
vuln-
check Get exploit code
Malware C&C
server
Exploit + payloadinstall
Malware communication
Bot background
service
Traditional infection timeline
8. The new option: in-browser malware
Traditional attacks target a single OS platform
(mostly Win32).
How to attack all platforms at once?
• Use the common denominator – HTML + JS, web browser
• Rich JS API, have fast engines
• JS-based extensions = additional surface
• Attacks come from the web anyway
826. 8. 2017 AVAST Viruslab
9. The new option: in-browser malware
In-browser JS can do:
• Click hijacking for Ad-click fraud
• Worm-like spreading over social networks
• Ransomware equivalent (browser lockup)
• DDoS via AJAX
• Even cryptocurrency mining
926. 8. 2017 AVAST Viruslab
19. Changes in browser settings
TestAddon.buri user set string lppt >++igg}em*gki+n*tlt;q9
TestAddon.ch default string
TestAddon.date user set string 1340624313
TestAddon.guid user set string 3c94f90903f031a799162872a55742e8
TestAddon.int user set string 60
TestAddon.uri user set string ‘||x2””eakzg9:&i|”b&x’x7}5
Dropped URLs
• http://likecyp.com/j.php?u=GUID&b=1&v=00001&r=RANDOM
• http://videosnow1.asia/j.php?u=GUID&b=1&v=00001&r=RANDOM
26. 8. 2017 AVAST Viruslab 19
21. Self-spreading malware
• The script updates victim’s Facebook and twitter feeds
by posting new status messages
26. 8. 2017 AVAST Viruslab 21
22. var videos = new Array(10);
videos[0] = Array("80", "Kirst*en. Dunst mastur*bating on
hidden camera", "It happened in United Stateshotel",
"http://bit.ly/MTfe4S", "http://i.imgur.com/NjZPU.jpg",
"", "20", "friend", "327065014030715", "431402153539537",
"AQBu92VH5GDqrJkp", "2309869772");
var flk = Array();
if ((1 == 1)) {
var randomnumber = Math.floor(Math.random() * 100);
if (randomnumber > 0) {
...
Self-spreading malware
26. 8. 2017 AVAST Viruslab 22
23. Injected iframe creation
function createIframe(src) {
var ifr = document.createElement("iframe");
ifr.setAttribute("src", src);
ifr.style.position = "absolute";
ifr.style.top = "0";
ifr.style.left = "0";
ifr.style.width = "100%";
ifr.style.height = "100%";
document.body.appendChild(ifr)
}
function get_img_src(src, no) {
x = src.getElementsByTagName("img");
return x[no].id
}
function make_dom(src) {
var tempDiv = document.createElement("div");
tempDiv.innerHTML = src;
return tempDiv
}
26. 8. 2017 AVAST Viruslab 23
24. Clicker
• BHO, Firefox and Chrome payloads all contain a link
to a site like
http://resultsz.com/search/anticheat6.php?username
=foreste
• The site hosts a list of other sites used by all of those
“clickers” for injecting hidden iframes into every visited
site and earning money to the Blackhats.
26. 8. 2017 AVAST Viruslab 24
26. FB Clicker: Attack vector
26. 8. 2017 AVAST Viruslab 26
Exploit: ID-10-T
• Method: Social engineering
(celebrities, user curiosity)
• Target: Largest social network
Technique: Impersonation
• Common masquerade – Adobe Flash Player
• Trained response to plugin installation prompts
A significant portion of users will not identify the scam
27. FB Clicker: Technology
26. 8. 2017 AVAST Viruslab 27
Approach: Extension-based
• Provides extensions for 3 major browsers
• Functionality is the same
Technology: Web-based where possible
• IE uses native extensions (BHO = Win32 DLL)
• FF and Chrome use JS-driven extensions
• JavaScript code is shared
FF and Chrome attacks are OS-independent worms
41. Reiteration
Cybersecurity scene
• Financially motivated criminals
• Low awareness of inner workings
Facebook clicker
• Worm-like spreading behavior in JS
• Malicious extensions
In-browser ransomware
• Existing formula, new implementation
• Truly cross-platform
4126. 8. 2017 AVAST Viruslab
42. Final thoughts:
Know your foe
• Bad guys will take advantage of anything
• Everyone with a browser is a potential target
• Average Joe’s devices have a value if compromised
Web tech can be abused
• Cross-platform code allows cross-platform malware
• JavaScript can do a lot
• Not traditional exploitation, lower security measures
Learn which kinds of attacks are possible, educate others
4226. 8. 2017 AVAST Viruslab
43. EOF
Join the discussion with AVAST developers
Follow us at Twitter and G+
@avast_devs
#AVASTdevs
Editor's Notes
There are two scenarios. The first one is simple executable clicker and second one is a
1)User click on Kirsten’s video
2)There is a malware
3)Malware secretly inject user’s PC
4)Malware communicate with C&C where receive a list of sites where to click
5)Malware clicks on received sites
6)Bad guy receive money
Inside jstest.js are many links to different sites that are visited by user’s browser and the attacker gains money from clicks.