Bonded with Botnets. - SecNiche Security Labs

More documents

Recommendations

Info

Infecting Web Hosting Servers • Data Centers | Web Hosting - Exploitation ─ Several websites are hosted on a single server sharing IP address – DNS names are mapped virtually to the same IP ● Vulnerability in one website can seriously compromise the server – Insecure file uploading functionality » Uploading remote management shells such c99 etc » Automated iframe injector embeds malicious iframe on all webpages » Making configuration changes such as redirecting users to malicious domains – Cookie replay attacks in hosting domain website » Authentication bypass : reading customer queries on the web based management panel » Extracting credentials directly by exploiting design flaws in hosting panels 22
• Social Networks Exploiting Social Networks ● Attackers exploit the inherent design flaws in the social networks ● Use to spread malware at a large scale ─ LikeJacking (=~ClickJacking) ● Use to add malicious links on user’s profile in Facebook ● LikeJacking collaboratively used <strong>with</strong> ClickJacking ● Efficient in spreading malware 23
Page 1 and 2: Bonded with Botnets Hard to Capture
Page 3 and 4: Agenda • Overview • Present-day
Page 5 and 6: Generations of Botnets • First Ge
Page 7 and 8: Malware Paradigm 7
Page 9 and 10: Obfuscated Iframes - Present-day
Page 11 and 12: BlackHole BEP • 11
Page 13 and 14: Redkit BEP 13
Page 15 and 16: Drive-by-Download Attacks • Drive
Page 17 and 18: Drive-by Frameworks 17
Page 19 and 20: Install-by-Install (IBI) • Instal
Page 21: • Malvertisement Malvertisements
Page 25 and 26: Tactics - Subverting System’s Int
Page 27 and 28: Understanding Ruskill • Inside Ru
Page 29 and 30: • DNS Changer ─ How this works?
Page 31 and 32: Demo 31
Page 33 and 34: • Inside MitB Man-in-the-Browser
Page 35 and 36: • Web Injects Web Injects ─ Bas
Page 37 and 38: Web Injects - Real Time Cases (1) F
Page 39 and 40: • Form Grabbing Form-grabbing ─
Page 41 and 42: Form-grabbing • Harvested Data Ha
Page 43 and 44: Conclusion • Continuous war of ex
Page 45: Thanks • US-CERT GFIRST Team ●

Bonded with Botnets. - SecNiche Security Labs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?