Bonded with Botnets. - SecNiche Security Labs

More documents

Recommendations

Info

Downgrading Browser <strong>Security</strong> • Removing Protections ─ Nullifying browser client side security to perform stealthy operations ─ Internet Explorer ● Tampering zone values in the registry ─ Firefox – \Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones ● Manipulating entries in user.js file – user_pref("security.warn_submit_insecure",false); » Browser does not raise an alert box when information in sent over HTTP while submitting forms – user_pref("security.warn_viewing_mixed",false); » Remove the warning of supporting mixed content over SSL OLD School trick but works very effectively. Several other techniques of subverting the browser security also exists. 32
• Inside MitB Man-in-the-Browser (MitB) ─ MitB typically refers to a userland rootkit that exploits the browser integrity 33
Page 1 and 2: Bonded with Botnets Hard to Capture
Page 3 and 4: Agenda • Overview • Present-day
Page 5 and 6: Generations of Botnets • First Ge
Page 7 and 8: Malware Paradigm 7
Page 9 and 10: Obfuscated Iframes - Present-day
Page 11 and 12: BlackHole BEP • 11
Page 13 and 14: Redkit BEP 13
Page 15 and 16: Drive-by-Download Attacks • Drive
Page 17 and 18: Drive-by Frameworks 17
Page 19 and 20: Install-by-Install (IBI) • Instal
Page 21 and 22: • Malvertisement Malvertisements
Page 23 and 24: • Social Networks Exploiting Soci
Page 25 and 26: Tactics - Subverting System’s Int
Page 27 and 28: Understanding Ruskill • Inside Ru
Page 29 and 30: • DNS Changer ─ How this works?
Page 31: Demo 31
Page 35 and 36: • Web Injects Web Injects ─ Bas
Page 37 and 38: Web Injects - Real Time Cases (1) F
Page 39 and 40: • Form Grabbing Form-grabbing ─
Page 41 and 42: Form-grabbing • Harvested Data Ha
Page 43 and 44: Conclusion • Continuous war of ex
Page 45: Thanks • US-CERT GFIRST Team ●

Bonded with Botnets. - SecNiche Security Labs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?