malware fighting
DESCRIPTION
TRANSCRIPT
![Page 1: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/1.jpg)
1
Malware Fighting
Luis Corrons
PandaLabs Technical Director
![Page 2: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/2.jpg)
Infection SourcesInfection Sources
Malware Fighting
![Page 3: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/3.jpg)
WebWeb
SpamSpam
Social NetworksSocial Networks
Infection Sources
![Page 4: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/4.jpg)
Social NetworksSocial Networks
Infection Sources
![Page 5: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/5.jpg)
Infection Sources
![Page 6: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/6.jpg)
Infection Sources
![Page 7: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/7.jpg)
SpamSpam
Infection Sources
![Page 8: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/8.jpg)
Infection Sources
![Page 9: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/9.jpg)
Infection Sources
![Page 10: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/10.jpg)
Infection Sources
![Page 11: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/11.jpg)
Infection Sources
![Page 12: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/12.jpg)
Infection Sources
![Page 13: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/13.jpg)
Infection Sources
![Page 14: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/14.jpg)
WebWeb
Infection Sources
![Page 15: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/15.jpg)
Infection Sources Malware server
![Page 16: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/16.jpg)
• MPack
Infection Sources
![Page 17: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/17.jpg)
• MPack
Tracking Mpack for 2 months (April & May Tracking Mpack for 2 months (April & May 2007):2007):
41 different servers with Mpack running41 different servers with Mpack running
366,717 web pages “iframed”366,717 web pages “iframed”
More than 1 million users infected (1,217,741)More than 1 million users infected (1,217,741)
Infection Sources
![Page 18: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/18.jpg)
MPack
Infection Sources
![Page 19: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/19.jpg)
• IcePack
• LoginLogin
Infection Sources
![Page 20: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/20.jpg)
Who is behind this?Who is behind this?
Infection Sources
![Page 21: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/21.jpg)
Yesterday’s Bad GuysYesterday’s Bad Guys
Blaster.B Nestky / Sasser CIH 29-A
Jeffrey Lee Parson Sven Jaschan Chen Ing-Hau Benny
Infection Sources
![Page 22: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/22.jpg)
Today’s Bad GuysToday’s Bad Guys
Jeremy JaynesAndrew SchwarmkoffJames Ancheta
Phishing SpamSpam
Infection Sources
![Page 23: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/23.jpg)
A Real CaseA Real Case
Malware Fighting
![Page 24: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/24.jpg)
Malware Fighting
![Page 25: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/25.jpg)
The “Infected Team”The “Infected Team”
Malware Fighting
MPackMPack
Dream DownloaderDream Downloader
LimboLimbo
Total Investment: 1,500$Total Investment: 1,500$
![Page 26: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/26.jpg)
The “Infected Team”The “Infected Team”
Malware Fighting
![Page 27: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/27.jpg)
The “Infected Team”The “Infected Team”
Let’s do some maths…Let’s do some maths…China, Korea, Japan:China, Korea, Japan: $0.01 * 70,300 = $703$0.01 * 70,300 = $703Finland, Norway…:Finland, Norway…: $0.05 * 70,300 = $3,515$0.05 * 70,300 = $3,515UK, France…:UK, France…: $0.20 * 70,300 = $14,060$0.20 * 70,300 = $14,060USA, Canada:USA, Canada: $0.40 * 70,300 = $28,120$0.40 * 70,300 = $28,120
And the same numbers in 30 days…And the same numbers in 30 days…China, Korea, Japan:China, Korea, Japan: $0.01 * 70,300 * 30 = $21,090$0.01 * 70,300 * 30 = $21,090Finland, Norway…:Finland, Norway…: $0.05 * 70,300 * 30 = $105,450$0.05 * 70,300 * 30 = $105,450UK, France…:UK, France…: $0.20 * 70,300 * 30 = $421,800$0.20 * 70,300 * 30 = $421,800USA, Canada:USA, Canada: $0.40 * 70,300 * 30 = $843,600$0.40 * 70,300 * 30 = $843,600
Malware Fighting
![Page 28: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/28.jpg)
The “Infected Team”The “Infected Team”
Who’s paying the “Infected Team”? Who’s paying the “Infected Team”?
Rogue AntiSpywareRogue AntiSpyware
Malware Fighting
![Page 30: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/30.jpg)
Malware Fighting
![Page 31: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/31.jpg)
How’s the money being handled?How’s the money being handled?
Malware Fighting
![Page 32: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/32.jpg)
Malware Fighting
![Page 33: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/33.jpg)
The Business of Cybercrime
![Page 34: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/34.jpg)
Malware Fighting
![Page 35: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/35.jpg)
Malware Fighting
![Page 36: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/36.jpg)
Malware Fighting
![Page 37: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/37.jpg)
Malware Fighting
![Page 38: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/38.jpg)
Malware Fighting
![Page 39: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/39.jpg)
Malware Fighting
![Page 40: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/40.jpg)
Malware Fighting
![Page 41: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/41.jpg)
Malware Fighting
![Page 42: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/42.jpg)
Underground Shopping CartUnderground Shopping Cart
Malware Fighting
![Page 43: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/43.jpg)
Underground Shopping CartUnderground Shopping Cart
– Stolen AccountsStolen Accounts• FTP accounts: FTP accounts:
– US$1 per account US$1 per account
• Icq numbers: Icq numbers: – From US$1 to US$10 (depending on the ICQ number)From US$1 to US$10 (depending on the ICQ number)
• RapidShare premium accounts: RapidShare premium accounts: – 1 month1 month - US$5- US$5– 3 months3 months - US$12- US$12– 6 months 6 months - US$18- US$18– 1 year1 year - US$28- US$28
• Online Shop accounts Online Shop accounts – (megashop.ru, bolero.ru, cup.ru, etc. ALL RUSSIAN): US$50 each(megashop.ru, bolero.ru, cup.ru, etc. ALL RUSSIAN): US$50 each
• 50MB of Limbo Trojan logs 50MB of Limbo Trojan logs – US$30 (contains email accounts, bank account numbers, credit card US$30 (contains email accounts, bank account numbers, credit card
numbers, etc. A percentage is guaranteed)numbers, etc. A percentage is guaranteed)
Malware Fighting
![Page 44: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/44.jpg)
Underground Shopping CartUnderground Shopping Cart
– Stolen AccountsStolen Accounts• Credit CardsCredit Cards
– VISA / MASTERCARDVISA / MASTERCARD» 1 - 10 cards1 - 10 cards US$2 (per card)US$2 (per card)
» 10 - 100 cards10 - 100 cards US$1.5 (per card) US$1.5 (per card)
– AMEXAMEX» 1 - 10 cards1 - 10 cards US$2.5 (per card)US$2.5 (per card)
» 10 - 100 cards10 - 100 cards US$2 (per card) US$2 (per card)
• Passports: Passports: – Black and white:Black and white: US$2US$2– Color:Color: US$5 US$5
Malware Fighting
![Page 45: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/45.jpg)
Where to buy?Where to buy?
Malware Fighting
![Page 46: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/46.jpg)
Malware Fighting
![Page 47: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/47.jpg)
Malware Fighting
![Page 48: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/48.jpg)
Malware Fighting
![Page 49: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/49.jpg)
Malware figuresMalware figures
Malware Fighting
![Page 50: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/50.jpg)
Malware evolutionMalware evolution
Malware Fighting
Source: PandaLabs
![Page 51: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/51.jpg)
Malware evolution by typeMalware evolution by type
Malware Fighting
Source: PandaLabs
![Page 52: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/52.jpg)
Malware evolution by typeMalware evolution by type
Malware Fighting
Source: PandaLabs
Q3 2008 new malware
![Page 53: Malware Fighting](https://reader033.vdocument.in/reader033/viewer/2022061120/546c3317af795976298b4efe/html5/thumbnails/53.jpg)
Malware evolution by typeMalware evolution by type
Malware Fighting
Source: PandaLabs
Q3 2008 Infections