2013 car browser socially engineered malware
TRANSCRIPT
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
1/18
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !
!"#$%&" %&()"*+, (#-./"/+*0& /1/2,%*%
%3456778 &9:59;;6
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
2/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 N
F*&; I31?+$ ! 7)' I31?+$ N 3..?%&+7&$ &;3% 4;7..$)1$@
L5:M
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
3/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 _
I31?+$ N %;*:% &;7& :3&;*?& T,2a &$4;)*.*1>/ T;+*=$ '$=*)%&+7&$% %3=3.7+ $55$4&39$)$%% &* Q757+3 7)' I3+$5*H@
#;$ ?%$ *5 T,2a &$4;)*.*1> 7..*:% T;+*=$ &* 7--+*74; &;$ -+*&$4&3*) +7&$% *55$+$' U)&$+)$& VH-.*+$+@M?+3)1 &;$ &$%&3)1 -$+3*'/
U)&$+)$& VH-.*+$+ !W ;7' 7 =$7) =7.:7+$
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
4/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 L
#;$ '*:).*7' -+*&$4&3*) *55$+$' T;+*=$ ;7% 4*)&3)?$' &* 3)4+$7%$@ F*&; T;+*=$ 7)' U)&$+)$&
VH-.*+$+ 5+*= 53.$ +$-?&7&3*) %>%&$=% 4*=
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
5/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 K
+6E7; 3S (39J;9JG
#N; RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR B
1%% 26EG L59=59:G RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR C
1%% 26EG ";43FF;9=6J539G RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR T
/9678G5G RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR U
"#$% &'()*+,- .*/ 0112+3#4+(, 5%164#4+(, ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 7
8#2)#'% &2(39 :%'$(';#,3% ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ?% 5%#2+4@ A$ 0112+3#4+(, 5%164#4+(, ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ( &2(39 8#2+3+(6* "+4%* ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
6/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 ^
+6E7; 3S L5:MC(+5" 4)8" L(+:#*,? T)(,*,?- ------------------------------------------------------------------------------------------------------------------------- V
0*?'(" I J >C(+5" 9)7*2*+'# 0*7" L7+2M*,?- -------------------------------------------------------------------------------------------------------------------------- V
0*?'(" W J >C(+5" B667*2)$*+, 7+'H !"#$ 0()5":+(M- ----------------------------------------------------------------------------------------- .W
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
7/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 J
,)7.>%3%#;3% +$-*+& $H7=3)$% &;$ 7 *5 539$ '355$+$)& :$< $+ *5 -+*&$4&3*) 7173)%&&;$%$ &;+$7&% .$9$+713)1 3)G&;$G4.*?'/ +$-?&7&3*)G
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
8/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 O
%6S; !G59: NGR /VV7546J539 ";VMJ6J539
#;$ 4*+$ 5?)4&3*)7.3&> *5 ecA
$)13)$$+$' =7.:7+$ '$.39$+>@ PQQ '$&$+=3)$' &;7& 0**1.$R% Q75$ F+*:%3)1 ,aU 9N 3)4.?'$% 7''3&3*)7. '*:).*7'
-+*&$4&3*) &;7& ;7%
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
9/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 ]
?-*) &;$ Q75$ F+*:%3)1 ,aU 7.*)$\ 0**1.$ ;7% 7''$' 3&% '*:).*7' -+*&$4&3*) &$4;)*.*1> &* 3)4+$7%$ &;$
-+*&$4&3*) *55$+$' T;+*=$ 7173)%& %*437..> $)13)$$+$' =7.:7+$@
L5:M
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
10/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !W
L5:M
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
11/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !!
85 &;$ &;+$$ *)$ &* 7.%* ?&3.36$ 0**1.$R% =7.343*?%
'*:).*7' &$4;)*.*1>\ &;3% &$4;)*.*1> 7&&$=-&% &* *5 &;$ :3&;3) U)&$+)$& VH-.*+$+ 3% Q=7+&Q4+$$)/ :;34; -+*93'$% ecAG O_X@ Z*:$9$+/ T;+*=$ +$.3$% *) &;$ 7+1?7 .$%%
+$.37
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
12/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !N
+5F; +3 !734? -675453MG %5J;G
Y;$) )$: *).3)$ 7&&74B% 7+$ 4+$7&$' 7)' '$-.*>$'/ 3& 3% 93&7. &;7& &;$> 7+$ '$&$4&$' 7% S?34B.> 7% -*%%3%3% 3) &;$ NW!N PQQ+$-*+&/ JK4=A,94 (90?458C E=D 7.%* -.7> 7 +*.$ 3) &;$ %;7+- 3)4+$7%$ 3) -+*&$4&3*) !\ ;*:$9$+/ U)&$+)$& VH-.*+$+R%
3=-.$=$)&7&3*) *5 ,-- c$- '$=*)%&+7&$% &;7& +$-?&7&3*) 3% 7 =*+$ $55$4&39$ &$4;)*.*1> &;7)
74&?7. =7.:7+$ '$&$4&3*)@ #;$+$ 7+$ 7''G*)% 5*+ I3+$5*H 7)' Q757+3 &;7& ;$.- &* 3=-+*9$ %$4?+3&>
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
13/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !_
,--$)'3H , [ 2$&;*'*.*1>
(75;9J P3GJ ^;G4@ F+*:%$+% :$+$139$) 5?.. 744$%% &* &;$ U)&$+)$& &* $)7@ ,% 7 )$: 9$+%3*) *5 7 / &;$+$ 3% 7 4*)531?+7
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
14/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !L
+;GJ M%@ #;+*?1;*?& &;$ &$%&/ )$: ecA% :$+$ 7''$' 7% &;$>
:$+$ '3%4*9$+$'@
+;GJ L %3H ;*?+%@ c$17+'.$%% *5 %?44$%% *+
573.?+$/ PQQ 4*)&3)?$' &* 7&&$=-& &* '*:).*7' 7 =7.:7+$ %7=-.$ :3&; &;$ :$<
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
15/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !K
#;$ ?.&3=7&$ '$&$+=3)7)& *5 :;$&;$+ *+ )*& 7 =7.343*?% ecA 3% 3)4.?'$' 3) &;3% &$%& 3% 3&% -7+&343-7&3*) 3) 7 =7.:7+$
47=-731) &7+1$&3)1 ?%$+%@ #;$ ?%$ *5 7 =7.343*?% ecA 3) 7 47=-731) &7+1$&3)1 7) ,%37Ga743534 *+ 7 P*+&; ,=$+347)
?%$+ '*$% )*& )$4$%%7+3.> -+$4.?'$ 3&% ?%$ 3) *&;$+ 47=-731)% &7+1$&3)1 ?%$+% 5+*= *&;$+ +$13*)%@
VH-.*3&% 4*)&73)3)1 =7.:7+$ -7>.*7'% $H-.*3&% -.?% =7.:7+$b/ 7.%* B)*:) 7% D4.34BC74B3)1E *+ D'+39$G'*:).*7'%/E 7+$ $H4.?'$' 5+*= &;$ &$%&@ V9$+> $55*+& 3% =7'$ &* 4*)%3'$+ %?
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
16/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !^
L657M
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
17/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+,- ./01 233 45678, 49,94:9;1 !J
1%% 26EG +;GJ &9N5)$&%@ a*&$)&37. &;+$7&% 7+$ %4+$$)$' 7.1*+3&;=347..>
%3H ;*?+% 7)' %&7+&% :3&; 97.3'7&3*) *5 &;$ %3&$R% $H3%&$)4$ 7)' 4*)5*+=7)4$ &* &;$ &$%& '$53)3&3*)@
,.. &$%&% 7+$ $H$4?&$' 3) 7 ;31;.> 4*)&+*..$' =7))$+/ 7)' +$%?.&% 7+$ +$4*+'$' 7)' 7+4;39$' 7& $74; 3)&$+97.@
L5:M
-
8/13/2019 2013 CAR Browser Socially Engineered Malware
18/18
PQQ A7 T*=-7+7&39$ ,)7.>%3% [ Q*437..> V)13)$$+$' 27.:7+$ F.*4B3)1
! #$%& '(( )*+, ./0 233 45678, 49,94:9; !O
m NW!_ PQQ A7