Exposing the money behind the malwareOctober 2012 Chester Wisniewski
Who am I?
• Hacker• Speaker• Researcher
A guy with a really cool job
Social network spam
Social network spam trends
of social networking users reportbeing hit by spam via these services
That’s an increase of 20.3% froma year ago.
Social networking malware
KoobfaceWhat is it capable of?
Steal software keys Upload stored
passwords Web server/DNS proxy Search hijacking (PPC) CAPTCHA busting Fake AV Social network spam bot
How do we get infected?
Zbot/Zeus in the newsLaw enforcement crackdown, widely decentralized and international in nature
Image courtesy of krebsonsecurity.com
SEO – How they do it
SEO leads to social engineering
10
11
What’s driving these activities?
Brought to you by Партнерка[partnyo'rka]
Pharma hosting195.95.155.13 (AS2118) MoskvaCom Ltd, RU
Google search for pharma #s
Average sale = $140-180 USD
Map of people buying Rx
Spamit/GlavMed/GlavTorg
ChronopayMac fake anti-virus industry revealed
Pharma affilliate profitabilityDate Orders
01 30
02 74
03 216
04 193
05 231
06 191
07 189
08 78
09 99
10 128
11 52
12 7
Average sales/day 124
This affiliate used 66 unique domains referencing his Affilliate ID
• 124 orders per day• Average sale = $160• 40% commission
124 * 160 = $19840 * 40% =
$7936/day
Pharma partnyo'rka profitability
Image courtesy of krebsonsecurity.com
Fake anti-virus by the numbersTopSale2.ru
Fake anti-virus top affiliatesSome more successful than others
Affiliate IDAffiliate Username
Account Balance (USD)
4928 nenastniy $158,568.8656 krab $105,955.762 rstwm $95,021.164748 newforis $93,260.645016 slyers $85,220.223684 ultra $82,174.543750 cosma2k $78,824.885050 dp322 $75,631.263886 iamthevip $61,552.634048 dp32 $58,160.20
Courtesy of Secureworks.com
Ransomware
Complete Security
Email Data Endpoint Mobile Web Network
Clean up
Automation
Visibility Local self-help
WiFi security
Keep people working
Technical support
Access control
Intrusion prevention
Anti-malware User education
Data Control
Stop attacks and breaches
Firewall
Email encryption
Virtualization
Endpoint Web Protection
Mobile Control
Secure branch offices
Encryption for cloud
Live Protection
Mobile app security
Protect everywhere
Web ApplicationFirewall
URL Filtering
Anti-spam Patch Manager
ApplicationControl
Encryption
Device Control
Reduce attack surface
24
Why you’re safer in our world
• Complete security that works better together• Defense in depth you can actually deploy
You’ll also see the benefits of consolidating your security vendors:
Consolidated licensing costs One trusted partner for support
You’ll get better threat and data protection more simply, and more cost effectively
Complete Security
WithoutComplexity
Active Protection
25
@chetwisniewski on Twitter
App.net/chester
Chester Wisniewski on G+
http://nakedsecurity.sophos.com
http://podcasts.sophos.com
http://www.sophos.com/security
Latest News
Podcasts
Security Hub
Contact me
Staying ahead of the curve
US and Canada 1-866-866-2802
UK and Worldwide + 44 1235 55 9933
http://www.sophos.com/en-us/security-news-trends/security-trends/money-behind-malware-threats.aspx
Top Related