exposing the money behind malware

Click here to load reader

Download Exposing the Money Behind Malware

Post on 19-Jan-2015




1 download

Embed Size (px)


This presentation discusses how money has become the leading motivator for cybercriminals to spread malware. From social media to SEO, malware is spreading at a faster rate every year. Learn more and find out what you can do to protect yourself and your data. For more on the Money Behind Malware, visit: http://bit.ly/VnDhv4


  • 1. Exposing the money behind the malwareOctober 2012Chester Wisniewski

2. Who am I?A guy with a really cool job Hacker Speaker Researcher 3. Social network spam 4. Social network spam trends of social networking users report being hit by spam via these services Thats an increase of 20.3% from a year ago. 5. Social networking malware 6. KoobfaceWhat is it capable of? Steal software keys Upload stored passwords Web server/DNS proxy Search hijacking (PPC) CAPTCHA busting Fake AV Social network spam bot 7. How do we get infected? 8. Zbot/Zeus in the newsLaw enforcement crackdown, widely decentralized and international in nature Image courtesy of krebsonsecurity.com 9. SEO How they do it 10. SEO leads to social engineering10 11. Whats driving these activities?11 12. Brought to you by [partnyorka] 13. Pharma hosting195.95.155.13 (AS2118) MoskvaCom Ltd, RU 14. Google search for pharma #s 15. Average sale = $140-180 USD 16. Map of people buying Rx 17. Spamit/GlavMed/GlavTorg 18. ChronopayMac fake anti-virus industry revealed 19. Pharma affilliate profitabilityDateOrdersThis affiliate used 66 unique domains 0130referencing his Affilliate ID 02740321604193 124 orders per day05231 Average sale = $160 40% commission 06191071890878124 * 160 = $19840 * 40% =0999 $7936/day101281152127Average sales/day 124 20. Pharma partnyorka profitability Image courtesy of krebsonsecurity.com 21. Fake anti-virus by the numbersTopSale2.ru 22. Fake anti-virus top affiliatesSome more successful than others Affiliate Account BalanceAffiliate ID Username(USD)4928 nenastniy $158,568.8656 krab$105,955.762rstwm $95,021.164748 newforis$93,260.645016 slyers$85,220.223684 ultra $82,174.543750 cosma2k $78,824.885050 dp322 $75,631.263886 iamthevip $61,552.634048 dp32$58,160.20Courtesy of Secureworks.com 23. Ransomware 24. Complete SecurityEndpointWeb Email Data Mobile NetworkReduce attack surface Protect everywhere Stop attacks and breachesKeep people working URL FilteringWeb Application Endpoint WebEncryption Data Control Access controlAutomation WiFi security FirewallProtectionfor cloud Anti-spamPatch Manager Mobile ControlVirtualization Anti-malware User education Visibility Local self-helpApplicationMobile appClean upTechnical Device Control Secure branch IntrusionFirewall Controlsecuritysupport officesprevention Encryption Live Protection Emailencryption24 25. Why youre safer in our worldYoull get better threat and data protection more simply, and more cost effectively Complete security that works better together Defense in depth you can actually deployYoull also see the benefits of consolidating your security vendors: Consolidated licensing costs One trusted partner for support CompleteWithoutActive Security ComplexityProtection25 26. Latest Newshttp://nakedsecurity.sophos.comPodcasts http://podcasts.sophos.comSecurity Hub http://www.sophos.com/security @chetwisniewski on TwitterContact me chesterw@sophos.com App.net/chester Chester Wisniewski on G+ 27. Staying ahead of the curveUS and Canada1-866-866-2802 NASales@sophos.com UK and Worldwide + 44 1235 55 9933Sales@sophos.comhttp://www.sophos.com/en-us/security-news-trends/security-trends/money-behind-malware-threats.aspx