Malware Fighting

842 views

Published on

Published in: Technology, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
842
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
14
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Malware Fighting

  1. 1. Malware Fighting Luis Corrons PandaLabs Technical Director
  2. 2. Infection Sources Malware Fighting
  3. 3. <ul><li>Web </li></ul><ul><li>Spam </li></ul><ul><li>Social Networks </li></ul>Infection Sources
  4. 4. Social Networks Infection Sources
  5. 5. Infection Sources
  6. 6. Infection Sources
  7. 7. Spam Infection Sources
  8. 8. Infection Sources
  9. 9. Infection Sources
  10. 10. Infection Sources
  11. 11. Infection Sources
  12. 12. Infection Sources
  13. 13. Infection Sources
  14. 14. Web Infection Sources
  15. 15. Infection Sources Malware server
  16. 16. <ul><li>MPack </li></ul>Infection Sources
  17. 17. <ul><li>MPack </li></ul><ul><li>Tracking Mpack for 2 months (April & May 2007): </li></ul><ul><ul><li>41 different servers with Mpack running </li></ul></ul><ul><ul><li>366,717 web pages “iframed” </li></ul></ul><ul><ul><li>More than 1 million users infected (1,217,741) </li></ul></ul>Infection Sources
  18. 18. MPack Infection Sources
  19. 19. <ul><li>IcePack </li></ul><ul><li>Login </li></ul>Infection Sources
  20. 20. Who is behind this? Infection Sources
  21. 21. Yesterday’s Bad Guys Blaster.B Nestky / Sasser CIH 29-A Jeffrey Lee Parson Sven Jaschan Chen Ing-Hau Benny Infection Sources
  22. 22. Today’s Bad Guys Jeremy Jaynes Andrew Schwarmkoff James Ancheta Phishing Spam Spam Infection Sources
  23. 23. A Real Case Malware Fighting
  24. 24. Malware Fighting
  25. 25. The “Infected Team” Malware Fighting MPack Dream Downloader Limbo Total Investment: 1,500$
  26. 26. The “Infected Team” Malware Fighting
  27. 27. The “Infected Team” <ul><ul><li>Let’s do some maths… </li></ul></ul><ul><ul><li>China, Korea, Japan: $0.01 * 70,300 = $703 </li></ul></ul><ul><ul><li>Finland, Norway…: $0.05 * 70,300 = $3,515 </li></ul></ul><ul><ul><li>UK, France…: $0.20 * 70,300 = $14,060 </li></ul></ul><ul><ul><li>USA, Canada: $0.40 * 70,300 = $28,120 </li></ul></ul><ul><ul><li>And the same numbers in 30 days… </li></ul></ul><ul><ul><li>China, Korea, Japan: $0.01 * 70,300 * 30 = $21,090 </li></ul></ul><ul><ul><li>Finland, Norway…: $0.05 * 70,300 * 30 = $105,450 </li></ul></ul><ul><ul><li>UK, France…: $0.20 * 70,300 * 30 = $421,800 </li></ul></ul><ul><ul><li>USA, Canada: $0.40 * 70,300 * 30 = $843,600 </li></ul></ul>Malware Fighting
  28. 28. The “Infected Team” <ul><ul><li>Who’s paying the “Infected Team”? </li></ul></ul><ul><ul><li>Rogue AntiSpyware </li></ul></ul>Malware Fighting
  29. 29. Malware Fighting
  30. 30. Malware Fighting
  31. 31. How’s the money being handled? Malware Fighting
  32. 32. Malware Fighting
  33. 33. The Business of Cybercrime
  34. 34. Malware Fighting
  35. 35. Malware Fighting
  36. 36. Malware Fighting
  37. 37. Malware Fighting
  38. 38. Malware Fighting
  39. 39. Malware Fighting
  40. 40. Malware Fighting
  41. 41. Malware Fighting
  42. 42. Underground Shopping Cart Malware Fighting
  43. 43. <ul><ul><li>Stolen Accounts </li></ul></ul><ul><ul><ul><li>FTP accounts:                                   </li></ul></ul></ul><ul><ul><ul><ul><li>US$1 per account </li></ul></ul></ul></ul><ul><ul><ul><li>Icq numbers:                                     </li></ul></ul></ul><ul><ul><ul><ul><li>From US$1 to US$10 (depending on the ICQ number) </li></ul></ul></ul></ul><ul><ul><ul><li>RapidShare premium accounts:         </li></ul></ul></ul><ul><ul><ul><ul><li>1 month -  US$5 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>3 months -  US$12 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>6 months   -  US$18 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>1 year -  US$28 </li></ul></ul></ul></ul><ul><ul><ul><li>Online Shop accounts </li></ul></ul></ul><ul><ul><ul><ul><li>(megashop.ru, bolero.ru, cup.ru, etc. ALL RUSSIAN): US$50 each </li></ul></ul></ul></ul><ul><ul><ul><li>50MB of Limbo Trojan logs </li></ul></ul></ul><ul><ul><ul><ul><li>US$30 (contains email accounts, bank account numbers, credit card numbers, etc. A percentage is guaranteed) </li></ul></ul></ul></ul>Underground Shopping Cart Malware Fighting
  44. 44. <ul><ul><li>Stolen Accounts </li></ul></ul><ul><ul><ul><li>Credit Cards </li></ul></ul></ul><ul><ul><ul><ul><li>VISA / MASTERCARD </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>1 - 10 cards US$2 (per card) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>10 - 100 cards US$1.5 (per card)                                 </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>AMEX </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>1 - 10 cards US$2.5 (per card) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>10 - 100 cards US$2 (per card)                  </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Passports:                                     </li></ul></ul></ul><ul><ul><ul><ul><li>Black and white: US$2 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Color: US$5 </li></ul></ul></ul></ul>Underground Shopping Cart Malware Fighting
  45. 45. Where to buy? Malware Fighting
  46. 46. Malware Fighting
  47. 47. Malware Fighting
  48. 48. Malware Fighting
  49. 49. Malware figures Malware Fighting
  50. 50. Malware evolution Malware Fighting Source: PandaLabs
  51. 51. Malware evolution by type Malware Fighting Source: PandaLabs
  52. 52. Malware evolution by type Malware Fighting Source: PandaLabs Q3 2008 new malware
  53. 53. Malware evolution by type Malware Fighting Source: PandaLabs Q3 2008 Infections
  54. 54. Thanks! Luis Corrons [email_address] PandaLabs Blog: http://www.pandalabs.com

×