affiliate webaffiliate web-based malwarebased malware · affiliate webaffiliate web-based...
TRANSCRIPT
![Page 1: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/1.jpg)
Affiliate Web based MalwareAffiliate Web-based Malware
Paul O Baccas ([email protected])
1 t O b 20081st October, 2008
![Page 2: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/2.jpg)
This talk will coverA definition of the title
A look at examplesp
A look at defences
A look at tricks
![Page 3: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/3.jpg)
What do we mean by ‘Affiliate Web-based Malware’?
Affiliate websites
Those connected via links for purpose of generating revenue
Web-based Malware
Malware that by design or exploit redirects users to sites that y g p
Install malware on the local machine
Or generate fictitious clicks on ad-sitesOr generate fictitious clicks on ad sites
![Page 4: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/4.jpg)
Installing malware on local systemsBy making use of drive-by technology
Browser exploits
Social engineering
![Page 5: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/5.jpg)
Examples – santana First line copy
Second line copy
Third line copy
Fourth line copy
![Page 6: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/6.jpg)
Example -- clickcashFirst line copy
Second line copy
Third line copy
Fourth line copy
![Page 7: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/7.jpg)
Example -- meteorxFirst line copy
Second line copy
Third line copy
Fourth line copy
![Page 8: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/8.jpg)
Example -- ActionScriptFirst line copy
Second line copy
Third line copy
Fourth line copy
![Page 9: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/9.jpg)
Example -- PoisoningExample -- Poisoning
Subverting adverts gives an instant network
![Page 10: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/10.jpg)
Example -- ClickbankAffiliated to Gpack
![Page 11: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/11.jpg)
Example -- bloghttp://www.sophos.com/security/blog/2008/09/1835.html
![Page 12: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/12.jpg)
SummaryMalware author are using these techniques
To increase coverage
To make it harder to track
And to generate revenue
Anti-malware vendors are providing solutions
![Page 13: Affiliate WebAffiliate Web-based Malwarebased Malware · Affiliate WebAffiliate Web-based Malwarebased Malware Paul O Baccas (paul.baccas@sophos.com) 1st O b 2008October, 2008. This](https://reader034.vdocuments.site/reader034/viewer/2022042210/5eadf3f6742af174f16d023c/html5/thumbnails/13.jpg)
QuestionsThank you