|Sopelka VS Eurograbber - Really 36 million EUR? (RootedCON) 2013-03-07
Malware, Botnets, Hype, Mobile, ZitMo
|Sopelka botnet started life in May 2012 and was taken down by end of September of past year. This botnet was especial because it was an odd mixture of variants of the known banking trojans Tatanga, Feodo and Citadel, sending data to the same panel. Its main objective was the collection of banking credentials from European entities, mostly banks from Spain and Germany, but also The Netherlands and Italy. In addition, it made use of different mobile components for Android, BlackBerry and Symbian phones to bypass two factor authentication.
In December 2012 a "new" banking malware report was published, claiming that this trojan had stolen more than 36 million EUR from different European banks. This report and, above all, the stolen amounts were quickly published everywhere, but, in fact, this incident had a lot in common with Sopelka botnet and some details needed to be explained...really 36 million EUR?
|peepdf in Black Hat Europe Arsenal 2012 2012-03-16
|Presentation of peepdf for the Black Hat Arsenal (Europe 2012), showing new features, new commands and articles related to PDF analysis with peepdf.|
|Social Engineering in Banking Trojans (RootedCON) 2012-03-01
Social Engineering, Trojans, Bankers, Botnets, MitMo, MitB, Injects, Detection
|Social Engineering is the art of obtaining confidential information through the manipulation of the people with this knowledge. This technique is based on the fact that human beings represent the weakest link in a secure system, as somebody usually knows how to access it. The idea being that it is easier to manipulate a person than the system itself. Online banking is no exception. In this case, the most vulnerable people are the users themselves, the end clients of the banks, and the objective is to access their accounts. Cybercriminals use Social Engineering through HTML Injections to cheat on users and obtain their credentials. In this presentation a demo was performed to detect HTML Injections in web browsers.|
|Banking Fraud Evolution - New techniques in real fraud cases (Source Seattle) 2011-06-15
Trojans, Bankers, Botnets, ZeuS, SpyEye, Tatanga, MitMo, MitB
|New techniques in banking fraud are applied not only to malicious binaries, but also to how different cybercriminal groups use these binaries. Criminals always attempt to make the most of their malicious software. An example of this is the broad possibilities offered by HTML code injection. The latest injections discovered in both ZeuS and SpyEye show, once again, their continuous struggle to adapt to the changes and measures put in place to counter them. In the case of ZeuS, one of the latest strategies involves rendering useless the two-factor authentication used in numerous on-line banking operations.Similarly, in a campaign for distributing SpyEye, the group responsible for the malware injected code designed to automatically make fraudulent transfers after dynamically obtaining the destination accounts (mules) from a server. Therefore, the impact of campaigns to spread malware depends not only on the dangerousness of the malicious software itself, but also on how this software is used and the creativity of its criminal owners.|
|Obfuscation and (non-)detection of malicious PDF files (RootedCON) 2011-03-03
PDF, Vulnerabilities, Specifications, Obfuscation, Antivirus, Detection, peepdf
|Techniques to successfully create malicious PDF files with low-detection rates, showing the weak points in actual parsers. Introduction to peepdf, a new tool that covers up the holes in the analysis of these files and which also allows their modification (obfuscation).
Updated for the CARO Workshop 2011 (2011-05-06).
|PDF Overview PDF, Vulnerabilities, Specifications|
|Basics of PDF structure and vulnerabilities in a custom Pecha Kucha format (15x15).|
|Bug hunting Fuzzing, Malybuzz|
|Basics of fuzzing and introduction to Malybuzz and how it works.|