Bonded with Botnets. - SecNiche Security Labs

More documents

Recommendations

Info

Browser Exploit Packs (BEPs) • Browser Exploit Pack ─ BlackHole is running on fire ● Techniques – User-agent based fingerprinting – Plugin detector capability for scrutinizing the plugins – Serving exploit once per IP Address – Java exploits are used heavily for spreading infections – Support for other exploits such as PDF, Flash etc Refer, our previous research on BlackHole presented at Virus Bulletin Conference, 2011 • http://www.secniche.org/papers/VB_2011_BRW_EXP_PACKS_AKS_RJE.pdf • http://www.slideshare.net/adityaks/virus-bulletin-2011-conference-browser-exploitpacks-death-by-bundled-exploits 8
Obfuscated Iframes – Present-day • Obfuscated pattern ─ Taken during analysis of AT&T Phishing Campaign 9
Page 1 and 2: Bonded with Botnets Hard to Capture
Page 3 and 4: Agenda • Overview • Present-day
Page 5 and 6: Generations of Botnets • First Ge
Page 7: Malware Paradigm 7
Page 11 and 12: BlackHole BEP • 11
Page 13 and 14: Redkit BEP 13
Page 15 and 16: Drive-by-Download Attacks • Drive
Page 17 and 18: Drive-by Frameworks 17
Page 19 and 20: Install-by-Install (IBI) • Instal
Page 21 and 22: • Malvertisement Malvertisements
Page 23 and 24: • Social Networks Exploiting Soci
Page 25 and 26: Tactics - Subverting System’s Int
Page 27 and 28: Understanding Ruskill • Inside Ru
Page 29 and 30: • DNS Changer ─ How this works?
Page 31 and 32: Demo 31
Page 33 and 34: • Inside MitB Man-in-the-Browser
Page 35 and 36: • Web Injects Web Injects ─ Bas
Page 37 and 38: Web Injects - Real Time Cases (1) F
Page 39 and 40: • Form Grabbing Form-grabbing ─
Page 41 and 42: Form-grabbing • Harvested Data Ha
Page 43 and 44: Conclusion • Continuous war of ex
Page 45: Thanks • US-CERT GFIRST Team ●

Bonded with Botnets. - SecNiche Security Labs

Create successful ePaper yourself

Delete template?

Save as template?