�ݺ�ߣshows by User: eternaltodo

�ݺ�ߣshows by User: eternaltodo / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: eternaltodo / Sun, 07 Feb 2016 20:49:41 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: eternaltodo Travelling to the far side of Andromeda /slideshow/travelling-to-the-far-side-of-andromeda/57983440 botconfjosemiguelesparzaandromedapublic-160207204941
Talk about Andromeda at Botconf 2015. Abstract: Andromeda, also known as Gamarue by some Antivirus vendors, is a popular and modular bot active since 2011. It is normally used to spread additional malware, but sometimes, depending on the criminals, the main objective could be just stealing user credentials. After almost five years of life its development has not stopped. The people behind it keep maintaining it and adding functionalities, like new anti-analysis routines, changes in the communication encryption, new request formats, etc. This talk will not give just details about the latest changes in the Andromeda binary and control panel, but it will also respond some interesting questions about this botnet. Which are the most popular versions used nowadays? Are most of the botnets spreading malware or just using its plugins? What are the most popular plugins? How and where is Andromeda sold? Who is selling it? What criminal groups are using Andromeda? It is not just a talk about malware reversing but about the whole Andromeda ecosystem.]]>
Talk about Andromeda at Botconf 2015. Abstract: Andromeda, also known as Gamarue by some Antivirus vendors, is a popular and modular bot active since 2011. It is normally used to spread additional malware, but sometimes, depending on the criminals, the main objective could be just stealing user credentials. After almost five years of life its development has not stopped. The people behind it keep maintaining it and adding functionalities, like new anti-analysis routines, changes in the communication encryption, new request formats, etc. This talk will not give just details about the latest changes in the Andromeda binary and control panel, but it will also respond some interesting questions about this botnet. Which are the most popular versions used nowadays? Are most of the botnets spreading malware or just using its plugins? What are the most popular plugins? How and where is Andromeda sold? Who is selling it? What criminal groups are using Andromeda? It is not just a talk about malware reversing but about the whole Andromeda ecosystem.]]> Sun, 07 Feb 2016 20:49:41 GMT /slideshow/travelling-to-the-far-side-of-andromeda/57983440 eternaltodo@slideshare.net(eternaltodo) Travelling to the far side of Andromeda eternaltodo Talk about Andromeda at Botconf 2015. Abstract: Andromeda, also known as Gamarue by some Antivirus vendors, is a popular and modular bot active since 2011. It is normally used to spread additional malware, but sometimes, depending on the criminals, the main objective could be just stealing user credentials. After almost five years of life its development has not stopped. The people behind it keep maintaining it and adding functionalities, like new anti-analysis routines, changes in the communication encryption, new request formats, etc. This talk will not give just details about the latest changes in the Andromeda binary and control panel, but it will also respond some interesting questions about this botnet. Which are the most popular versions used nowadays? Are most of the botnets spreading malware or just using its plugins? What are the most popular plugins? How and where is Andromeda sold? Who is selling it? What criminal groups are using Andromeda? It is not just a talk about malware reversing but about the whole Andromeda ecosystem. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/botconfjosemiguelesparzaandromedapublic-160207204941-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Talk about Andromeda at Botconf 2015. Abstract: Andromeda, also known as Gamarue by some Antivirus vendors, is a popular and modular bot active since 2011. It is normally used to spread additional malware, but sometimes, depending on the criminals, the main objective could be just stealing user credentials. After almost five years of life its development has not stopped. The people behind it keep maintaining it and adding functionalities, like new anti-analysis routines, changes in the communication encryption, new request formats, etc. This talk will not give just details about the latest changes in the Andromeda binary and control panel, but it will also respond some interesting questions about this botnet. Which are the most popular versions used nowadays? Are most of the botnets spreading malware or just using its plugins? What are the most popular plugins? How and where is Andromeda sold? Who is selling it? What criminal groups are using Andromeda? It is not just a talk about malware reversing but about the whole Andromeda ecosystem.

Travelling to the far side of Andromeda from Jose Miguel Esparza

]]> 1961 8 https://cdn.slidesharecdn.com/ss_thumbnails/botconfjosemiguelesparzaandromedapublic-160207204941-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Banking Fraud Evolution - New techniques in real fraud cases /slideshow/banking-fraud-evolution-jose-miguel-esparza/25357802 bankingfraudevolution-josemiguelesparza-130818115742-phpapp02
New techniques in banking fraud are applied not only to malicious binaries, but also to how different cybercriminal groups use these binaries. Criminals always attempt to make the most of their malicious software. An example of this is the broad possibilities offered by HTML code injection. The latest injections discovered in both ZeuS and SpyEye show, once again, their continuous struggle to adapt to the changes and measures put in place to counter them. In the case of ZeuS, one of the latest strategies involves rendering useless the two-factor authentication used in numerous on-line banking operations.Similarly, in a campaign for distributing SpyEye, the group responsible for the malware injected code designed to automatically make fraudulent transfers after dynamically obtaining the destination accounts (mules) from a server. Therefore, the impact of campaigns to spread malware depends not only on the dangerousness of the malicious software itself, but also on how this software is used and the creativity of its criminal owners.]]>
New techniques in banking fraud are applied not only to malicious binaries, but also to how different cybercriminal groups use these binaries. Criminals always attempt to make the most of their malicious software. An example of this is the broad possibilities offered by HTML code injection. The latest injections discovered in both ZeuS and SpyEye show, once again, their continuous struggle to adapt to the changes and measures put in place to counter them. In the case of ZeuS, one of the latest strategies involves rendering useless the two-factor authentication used in numerous on-line banking operations.Similarly, in a campaign for distributing SpyEye, the group responsible for the malware injected code designed to automatically make fraudulent transfers after dynamically obtaining the destination accounts (mules) from a server. Therefore, the impact of campaigns to spread malware depends not only on the dangerousness of the malicious software itself, but also on how this software is used and the creativity of its criminal owners.]]> Sun, 18 Aug 2013 11:57:42 GMT /slideshow/banking-fraud-evolution-jose-miguel-esparza/25357802 eternaltodo@slideshare.net(eternaltodo) Banking Fraud Evolution - New techniques in real fraud cases eternaltodo New techniques in banking fraud are applied not only to malicious binaries, but also to how different cybercriminal groups use these binaries. Criminals always attempt to make the most of their malicious software. An example of this is the broad possibilities offered by HTML code injection. The latest injections discovered in both ZeuS and SpyEye show, once again, their continuous struggle to adapt to the changes and measures put in place to counter them. In the case of ZeuS, one of the latest strategies involves rendering useless the two-factor authentication used in numerous on-line banking operations.Similarly, in a campaign for distributing SpyEye, the group responsible for the malware injected code designed to automatically make fraudulent transfers after dynamically obtaining the destination accounts (mules) from a server. Therefore, the impact of campaigns to spread malware depends not only on the dangerousness of the malicious software itself, but also on how this software is used and the creativity of its criminal owners. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bankingfraudevolution-josemiguelesparza-130818115742-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> New techniques in banking fraud are applied not only to malicious binaries, but also to how different cybercriminal groups use these binaries. Criminals always attempt to make the most of their malicious software. An example of this is the broad possibilities offered by HTML code injection. The latest injections discovered in both ZeuS and SpyEye show, once again, their continuous struggle to adapt to the changes and measures put in place to counter them. In the case of ZeuS, one of the latest strategies involves rendering useless the two-factor authentication used in numerous on-line banking operations.Similarly, in a campaign for distributing SpyEye, the group responsible for the malware injected code designed to automatically make fraudulent transfers after dynamically obtaining the destination accounts (mules) from a server. Therefore, the impact of campaigns to spread malware depends not only on the dangerousness of the malicious software itself, but also on how this software is used and the creativity of its criminal owners.

Banking Fraud Evolution - New techniques in real fraud cases from Jose Miguel Esparza

]]> 1644 4 https://cdn.slidesharecdn.com/ss_thumbnails/bankingfraudevolution-josemiguelesparza-130818115742-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Social Engineering in Banking Trojans: attacking the weakest link /slideshow/social-engineering-in-banking-trojans-rooted-en/25357553 socialengineeringinbankingtrojansrooteden-130818115133-phpapp02
Social Engineering is the art of obtaining confidential information through the manipulation of the people with this knowledge. This technique is based on the fact that human beings represent the weakest link in a secure system, as somebody usually knows how to access it. The idea being that it is easier to manipulate a person than the system itself. Online banking is no exception. In this case, the most vulnerable people are the users themselves, the end clients of the banks, and the objective is to access their accounts. Cybercriminals use Social Engineering through HTML Injections to cheat on users and obtain their credentials. In this presentation a demo was performed to detect HTML Injections in web browsers.]]>
Social Engineering is the art of obtaining confidential information through the manipulation of the people with this knowledge. This technique is based on the fact that human beings represent the weakest link in a secure system, as somebody usually knows how to access it. The idea being that it is easier to manipulate a person than the system itself. Online banking is no exception. In this case, the most vulnerable people are the users themselves, the end clients of the banks, and the objective is to access their accounts. Cybercriminals use Social Engineering through HTML Injections to cheat on users and obtain their credentials. In this presentation a demo was performed to detect HTML Injections in web browsers.]]> Sun, 18 Aug 2013 11:51:33 GMT /slideshow/social-engineering-in-banking-trojans-rooted-en/25357553 eternaltodo@slideshare.net(eternaltodo) Social Engineering in Banking Trojans: attacking the weakest link eternaltodo Social Engineering is the art of obtaining confidential information through the manipulation of the people with this knowledge. This technique is based on the fact that human beings represent the weakest link in a secure system, as somebody usually knows how to access it. The idea being that it is easier to manipulate a person than the system itself. Online banking is no exception. In this case, the most vulnerable people are the users themselves, the end clients of the banks, and the objective is to access their accounts. Cybercriminals use Social Engineering through HTML Injections to cheat on users and obtain their credentials. In this presentation a demo was performed to detect HTML Injections in web browsers. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/socialengineeringinbankingtrojansrooteden-130818115133-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Social Engineering is the art of obtaining confidential information through the manipulation of the people with this knowledge. This technique is based on the fact that human beings represent the weakest link in a secure system, as somebody usually knows how to access it. The idea being that it is easier to manipulate a person than the system itself. Online banking is no exception. In this case, the most vulnerable people are the users themselves, the end clients of the banks, and the objective is to access their accounts. Cybercriminals use Social Engineering through HTML Injections to cheat on users and obtain their credentials. In this presentation a demo was performed to detect HTML Injections in web browsers.

Social Engineering in Banking Trojans: attacking the weakest link from Jose Miguel Esparza

]]> 803 2 https://cdn.slidesharecdn.com/ss_thumbnails/socialengineeringinbankingtrojansrooteden-130818115133-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Sopelka VS Eurograbber - Really 36 million EUR? /slideshow/sopelka-vs-eurograbber-really-36-million-eur/25357010 sopelkavseurograbber-really36millioneur-130818113647-phpapp02
Sopelka botnet started life in May 2012 and was taken down by end of September of past year. This botnet was especial because it was an odd mixture of variants of the known banking trojans Tatanga, Feodo and Citadel, sending data to the same panel. Its main objective was the collection of banking credentials from European entities, mostly banks from Spain and Germany, but also The Netherlands and Italy. In addition, it made use of different mobile components for Android, BlackBerry and Symbian phones to bypass two factor authentication. In December 2012 a "new" banking malware report was published, claiming that this trojan had stolen more than 36 million EUR from different European banks. This report and, above all, the stolen amounts were quickly published everywhere, but, in fact, this incident had a lot in common with Sopelka botnet and some details needed to be explained...really 36 million EUR?]]>
Sopelka botnet started life in May 2012 and was taken down by end of September of past year. This botnet was especial because it was an odd mixture of variants of the known banking trojans Tatanga, Feodo and Citadel, sending data to the same panel. Its main objective was the collection of banking credentials from European entities, mostly banks from Spain and Germany, but also The Netherlands and Italy. In addition, it made use of different mobile components for Android, BlackBerry and Symbian phones to bypass two factor authentication. In December 2012 a "new" banking malware report was published, claiming that this trojan had stolen more than 36 million EUR from different European banks. This report and, above all, the stolen amounts were quickly published everywhere, but, in fact, this incident had a lot in common with Sopelka botnet and some details needed to be explained...really 36 million EUR?]]> Sun, 18 Aug 2013 11:36:47 GMT /slideshow/sopelka-vs-eurograbber-really-36-million-eur/25357010 eternaltodo@slideshare.net(eternaltodo) Sopelka VS Eurograbber - Really 36 million EUR? eternaltodo Sopelka botnet started life in May 2012 and was taken down by end of September of past year. This botnet was especial because it was an odd mixture of variants of the known banking trojans Tatanga, Feodo and Citadel, sending data to the same panel. Its main objective was the collection of banking credentials from European entities, mostly banks from Spain and Germany, but also The Netherlands and Italy. In addition, it made use of different mobile components for Android, BlackBerry and Symbian phones to bypass two factor authentication. In December 2012 a "new" banking malware report was published, claiming that this trojan had stolen more than 36 million EUR from different European banks. This report and, above all, the stolen amounts were quickly published everywhere, but, in fact, this incident had a lot in common with Sopelka botnet and some details needed to be explained...really 36 million EUR? <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sopelkavseurograbber-really36millioneur-130818113647-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Sopelka botnet started life in May 2012 and was taken down by end of September of past year. This botnet was especial because it was an odd mixture of variants of the known banking trojans Tatanga, Feodo and Citadel, sending data to the same panel. Its main objective was the collection of banking credentials from European entities, mostly banks from Spain and Germany, but also The Netherlands and Italy. In addition, it made use of different mobile components for Android, BlackBerry and Symbian phones to bypass two factor authentication. In December 2012 a "new" banking malware report was published, claiming that this trojan had stolen more than 36 million EUR from different European banks. This report and, above all, the stolen amounts were quickly published everywhere, but, in fact, this incident had a lot in common with Sopelka botnet and some details needed to be explained...really 36 million EUR?

Sopelka VS Eurograbber - Really 36 million EUR? from Jose Miguel Esparza

]]> 7700 3 https://cdn.slidesharecdn.com/ss_thumbnails/sopelkavseurograbber-really36millioneur-130818113647-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://public.slidesharecdn.com/v2/images/profile-picture.png eternal-todo.com https://cdn.slidesharecdn.com/ss_thumbnails/botconfjosemiguelesparzaandromedapublic-160207204941-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/travelling-to-the-far-side-of-andromeda/57983440 Travelling to the far ... https://cdn.slidesharecdn.com/ss_thumbnails/bankingfraudevolution-josemiguelesparza-130818115742-phpapp02-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/banking-fraud-evolution-jose-miguel-esparza/25357802 Banking Fraud Evolutio... https://cdn.slidesharecdn.com/ss_thumbnails/socialengineeringinbankingtrojansrooteden-130818115133-phpapp02-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/social-engineering-in-banking-trojans-rooted-en/25357553 Social Engineering in ...