fighting malware - raid symposium · jeanson james ancheta plead guilty to four felony charges of...
TRANSCRIPT
1
Fighting Malware
Luis CorronsPandaLabs Technical Director
Who is behind this?Who is behind this?
YesterdayYesterday’’s Bad Guyss Bad GuysBlaster.B Nestky / Sasser CIH 29-A
Jeffrey Lee Parson Sven Jaschan Chen Ing-Hau Benny
TodayToday’’s Bad Guyss Bad Guys
Jeremy JaynesAndrew SchwarmkoffJames Ancheta
Phishing SpamSpam
Jeanson James Ancheta
Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection with Computers
Penalty:57 months in prison
Adam Botbyl
The government claimed that the crime could have caused more than $2.5 million in damages.
Penalty:26 months in prison
Cameron Lacroix
Plead guilty to hacking into the cell-phone account of celebrity Paris Hilton and participated in an attack on data-collection firm LexisNexis Group that exposed personal records of more than 300,000 consumers.
Penalty:11 months in a Massachusetts juvenile detention facility
Ehud Tenenbaum
Admitted to cracking US and Israeli computers, and plead guilty to conspiracy, wrongful infiltration of computerized material, disruption of computer use and destroying evidence.
Penalty:Six months of community service(in 2001)
August 2009:Pleaded guilty to a single count ofbank-card fraud for his role in asophisticated computer-hacking scheme that federal officials say scored $10 million from U.S. banks.
A Real CaseA Real Case
The The ““Infected TeamInfected Team””MPackMPack
Dream DownloaderDream Downloader
LimboLimbo
Total Investment: 1,500$Total Investment: 1,500$
The The ““Infected TeamInfected Team””
The The ““Infected TeamInfected Team””
LetLet’’s do some mathss do some maths……China, Korea, Japan:China, Korea, Japan: $0.01 * 70,300 = $703$0.01 * 70,300 = $703Finland, NorwayFinland, Norway……:: $0.05 * 70,300 = $3,515$0.05 * 70,300 = $3,515UK, FranceUK, France……:: $0.20 * 70,300 = $14,060$0.20 * 70,300 = $14,060USA, Canada:USA, Canada: $0.40 * 70,300 = $28,120$0.40 * 70,300 = $28,120
And the same numbers in 30 daysAnd the same numbers in 30 days……China, Korea, Japan:China, Korea, Japan: $0.01 * 70,300 * 30 = $21,090$0.01 * 70,300 * 30 = $21,090Finland, NorwayFinland, Norway……:: $0.05 * 70,300 * 30 = $105,450$0.05 * 70,300 * 30 = $105,450UK, FranceUK, France……:: $0.20 * 70,300 * 30 = $421,800$0.20 * 70,300 * 30 = $421,800USA, Canada:USA, Canada: $0.40 * 70,300 * 30 = $843,600$0.40 * 70,300 * 30 = $843,600
The The ““Infected TeamInfected Team””
WhoWho’’s paying the s paying the ““Infected TeamInfected Team””? ?
Rogueware Infected Computers 3.50%Computers worldwide 1 billion (Forrester)
35,000,000 infected computers / monthly
Phishing victims (Gartner) 3.30%
35 million computers ≠ 35 million users
557,500 rogueware buyers / monthly
Let’s take just half: 17.5 million people
Rogueware Average Price $59.95
$59.95 * 557,000 = $34,621,125 PER MONTH
$415,453,500 PER YEAR
$81,388 USD in 6 days!
Malware figuresMalware figures
Malware figuresMalware figures
Malware figuresMalware figures
• 1,000,000 malicious links indexed by Google• 3,000,000 legitimate search terms hijacked• Targeted users looking for instructions (E.g. How to loosen a tension belt)• Served 100 new MSAntiSpyware2009 binaries in 24 hours
SEO attack against Ford Motor Company
Comments on Digg.com leading to Rogueware
• 500,000+ comments leading to Rogueware• Comments targeted news submission title and content
Twitter trending topics lead to Rogueware
• Messages (tweets) targetting trending topics on Twitter.com• 27,000 tweets per 24 hours• 60 unique samples detected over 72 hour period
Rogueware exploits Wordpress vulnerability to facilitate Blackhat SEO attack
• Affected Ned.org and TheWorkBuzz.com• Targeted a security vulnerability in an old version of Wordpress• Redirected all links to point to Rogueware servers
ConclusionConclusion