exposing the money behind malware

28
Exposing the money behind the malware October 2012 Chester Wisniewski

Upload: sophos

Post on 19-Jan-2015

420 views

Category:

Technology


1 download

DESCRIPTION

This presentation discusses how money has become the leading motivator for cybercriminals to spread malware. From social media to SEO, malware is spreading at a faster rate every year. Learn more and find out what you can do to protect yourself and your data. For more on the Money Behind Malware, visit: http://bit.ly/VnDhv4

TRANSCRIPT

Page 1: Exposing the Money Behind Malware

Exposing the money behind the malwareOctober 2012 Chester Wisniewski

Page 2: Exposing the Money Behind Malware

Who am I?

• Hacker• Speaker• Researcher

A guy with a really cool job

Page 3: Exposing the Money Behind Malware

Social network spam

Page 4: Exposing the Money Behind Malware

Social network spam trends

of social networking users reportbeing hit by spam via these services

That’s an increase of 20.3% froma year ago.

Page 5: Exposing the Money Behind Malware

Social networking malware

Page 6: Exposing the Money Behind Malware

KoobfaceWhat is it capable of?

Steal software keys Upload stored

passwords Web server/DNS proxy Search hijacking (PPC) CAPTCHA busting Fake AV Social network spam bot

Page 7: Exposing the Money Behind Malware

How do we get infected?

Page 8: Exposing the Money Behind Malware

Zbot/Zeus in the newsLaw enforcement crackdown, widely decentralized and international in nature

Image courtesy of krebsonsecurity.com

Page 9: Exposing the Money Behind Malware

SEO – How they do it

Page 10: Exposing the Money Behind Malware

SEO leads to social engineering

10

Page 11: Exposing the Money Behind Malware

11

What’s driving these activities?

Page 12: Exposing the Money Behind Malware

Brought to you by Партнерка[partnyo'rka]

Page 13: Exposing the Money Behind Malware

Pharma hosting195.95.155.13 (AS2118) MoskvaCom Ltd, RU

Page 14: Exposing the Money Behind Malware

Google search for pharma #s

Page 15: Exposing the Money Behind Malware

Average sale = $140-180 USD

Page 16: Exposing the Money Behind Malware

Map of people buying Rx

Page 17: Exposing the Money Behind Malware

Spamit/GlavMed/GlavTorg

Page 18: Exposing the Money Behind Malware

ChronopayMac fake anti-virus industry revealed

Page 19: Exposing the Money Behind Malware

Pharma affilliate profitabilityDate Orders

01 30

02 74

03 216

04 193

05 231

06 191

07 189

08 78

09 99

10 128

11 52

12 7

Average sales/day 124

This affiliate used 66 unique domains referencing his Affilliate ID

• 124 orders per day• Average sale = $160• 40% commission

124 * 160 = $19840 * 40% =

$7936/day

Page 20: Exposing the Money Behind Malware

Pharma partnyo'rka profitability

Image courtesy of krebsonsecurity.com

Page 21: Exposing the Money Behind Malware

Fake anti-virus by the numbersTopSale2.ru

Page 22: Exposing the Money Behind Malware

Fake anti-virus top affiliatesSome more successful than others

Affiliate IDAffiliate Username

Account Balance (USD)

4928 nenastniy $158,568.8656 krab $105,955.762 rstwm $95,021.164748 newforis $93,260.645016 slyers $85,220.223684 ultra $82,174.543750 cosma2k $78,824.885050 dp322 $75,631.263886 iamthevip $61,552.634048 dp32 $58,160.20

Courtesy of Secureworks.com

Page 23: Exposing the Money Behind Malware

Ransomware

Page 24: Exposing the Money Behind Malware

Complete Security

Email Data Endpoint Mobile Web Network

Clean up

Automation

Visibility Local self-help

WiFi security

Keep people working

Technical support

Access control

Intrusion prevention

Anti-malware User education

Data Control

Stop attacks and breaches

Firewall

Email encryption

Virtualization

Endpoint Web Protection

Mobile Control

Secure branch offices

Encryption for cloud

Live Protection

Mobile app security

Protect everywhere

Web ApplicationFirewall

URL Filtering

Anti-spam Patch Manager

ApplicationControl

Encryption

Device Control

Reduce attack surface

24

Page 25: Exposing the Money Behind Malware

Why you’re safer in our world

• Complete security that works better together• Defense in depth you can actually deploy

You’ll also see the benefits of consolidating your security vendors:

Consolidated licensing costs One trusted partner for support

You’ll get better threat and data protection more simply, and more cost effectively

Complete Security

WithoutComplexity

Active Protection

25

Page 26: Exposing the Money Behind Malware

@chetwisniewski on Twitter

[email protected]

App.net/chester

Chester Wisniewski on G+

http://nakedsecurity.sophos.com

http://podcasts.sophos.com

http://www.sophos.com/security

Latest News

Podcasts

Security Hub

Contact me

Page 27: Exposing the Money Behind Malware

Staying ahead of the curve

US and Canada 1-866-866-2802

[email protected]

UK and Worldwide + 44 1235 55 9933

[email protected]

http://www.sophos.com/en-us/security-news-trends/security-trends/money-behind-malware-threats.aspx

Page 28: Exposing the Money Behind Malware