Bonded with Botnets. - SecNiche Security Labs

More documents

Recommendations

Info

• DNS Changer ─ Inside DNS hooking ● Hooking DNS API DNS Changer – Hooking DNSQuery (*) function calls in dnsapi.lib/dnsapi.dll – Implemented by creating a blacklist – Bot hijacks the DNS resolution flow by filtering all the incoming DNS requests ● Hooking DNS Cache Resolver Service – Cache resolver service is used for DNS caching – Bot hooks sendto function in ws2_32.dll to verify the origin of DNS query to validate if sendto function is called by dnsrsslvr.dll 30
Demo 31
Page 1 and 2: Bonded with Botnets Hard to Capture
Page 3 and 4: Agenda • Overview • Present-day
Page 5 and 6: Generations of Botnets • First Ge
Page 7 and 8: Malware Paradigm 7
Page 9 and 10: Obfuscated Iframes - Present-day
Page 11 and 12: BlackHole BEP • 11
Page 13 and 14: Redkit BEP 13
Page 15 and 16: Drive-by-Download Attacks • Drive
Page 17 and 18: Drive-by Frameworks 17
Page 19 and 20: Install-by-Install (IBI) • Instal
Page 21 and 22: • Malvertisement Malvertisements
Page 23 and 24: • Social Networks Exploiting Soci
Page 25 and 26: Tactics - Subverting System’s Int
Page 27 and 28: Understanding Ruskill • Inside Ru
Page 29: • DNS Changer ─ How this works?
Page 33 and 34: • Inside MitB Man-in-the-Browser
Page 35 and 36: • Web Injects Web Injects ─ Bas
Page 37 and 38: Web Injects - Real Time Cases (1) F
Page 39 and 40: • Form Grabbing Form-grabbing ─
Page 41 and 42: Form-grabbing • Harvested Data Ha
Page 43 and 44: Conclusion • Continuous war of ex
Page 45: Thanks • US-CERT GFIRST Team ●

Bonded with Botnets. - SecNiche Security Labs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?